Tag Archives: risk management

CISOs, Risk Managers: Better Together

Not so long ago, many chief information security officers (CISO) and other information-security professionals were offended by suggestions that their organizations should buy cyber insurance. After all, CISOs reasoned, if they did their jobs well, insurance would be unnecessary.

Fast forward to 2021. There probably isn’t a single CISO who believes that their organization is immune to potentially devastating cyberattacks. Recent news of alleged Russian penetration of well-protected government agencies and major corporations is one more reminder that any and every organization is vulnerable. Still, many CISOs are skeptical of insurance’s benefits and often are only tangentially involved in cyber insurance decisions.

CISOs are often concerned about perceived gaps in insurance coverage, about underwriting criteria that are misaligned with an organization’s security policies and procedures and about the willingness of insurers to pay claims. Some concerns are valid. For example, if an organization’s hardware is damaged by a malware attack, not every policy provides “bricking coverage,” which pays to replace impaired equipment. However, many CISOs’ concerns are based on now-outdated policy language and underwriting and claims practices. As cyber insurance has matured, underwriters are offering broader coverage with less burdensome underwriting requirements. Rather than avoiding claims, insurers are often trusted partners in responding to cyber events and managing their consequences.

Cyber insurance coverage may be more expansive now, but insurance buyers must still ensure that the protection they purchase is adequate and appropriate for their organization and its specific risk profile. In most large organizations, the risk manager buys cyber insurance. However, risk managers are rarely experts in network security and may not fully understand their organization’s cyber risk profile and control environment. This may result in purchasing insurance that does not adequately cover significant exposures, while over-insuring low-priority or well-managed risks. To ensure that cyber insurance aligns with the organization’s risk management needs, risk managers need to work with a broker who specializes in this type of coverage offering. Additionally, the risk manager and the broker need to include the CISO in the buying process. 

CISOs and risk managers have a common mission — to protect the assets of their organization. In many organizations, they haven’t effectively collaborated — along with their broker and carrier partners — to achieve their common goals. Even when insurance is recognized as an essential part of the overall cyber risk management strategy, organizational silos, the lack of a common risk vocabulary and differences in risk management frameworks can impede cooperation.

According to a SANS Institute report, Bridging the Insurance/Infosec Gap, “InfoSec and insurance professionals acknowledge they do not speak the same language when defining and quantifying risk, leading to different expectations, actions and justification for outcomes.”

The SANS Institute does not offer a one-size-fits-all solution for closing the gap. Within an organization, successful coordination and cooperation depend on corporate culture, institutional obstacles and how motivated CISOs and risk managers are to cooperate on their common goal.

See also: How Risk Managers Must Adapt to COVID

A coordinated approach is more essential today than ever before. With so many employees working from home during the COVID-19 pandemic, using their personal networks and often their own equipment, IT departments and security professionals struggle to ensure network security. A survey of 250 CISOs by Resilience (named Arceo at the time of the study) found that cloud usage, personal devices usage and unvetted apps or platforms posed the most significant threats during this period of increased telework. 

With so many factors outside the direct control of IT and information-security professionals, insurance becomes essential. But cyber insurance policies can materially vary, and not all insurers offer enough of the right coverage to satisfy an organization’s risk-transfer requirements. Once the corporate risk management and information-security functions are aligned, a broker can help navigate the universe of cyber insurance and help the client understand nuances in policy language to satisfy the organization’s risk-transfer requirements.

The outcome is an integrated program where insurance from secure and knowledgeable carriers is fully aligned with the organization’s risk profile and information-security strategy.

COVID-19 Trio Tops Global Business Risks

A trio of COVID-19-related risks heads up the Allianz Risk Barometer 2021, reflecting potential disruption and loss scenarios that companies are facing in the wake of the pandemic. Business interruption (with 41% of respondents citing it as a risk) and pandemic outbreak (at 40%) are this year’s top business risks, with cyber incidents (40%) ranking a close third. The 10th annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS) incorporates the views of 2,769 experts in 92 countries and territories, including CEOs, risk managers, brokers and insurance experts. 

The COVID-19 crisis continues to represent an immediate threat to both individual safety and businesses, reflecting why pandemic outbreak has rocketed 15 positions up to #2 in the rankings at the expense of other risks. Prior to 2021, it had never finished higher than #16, a clearly underestimated risk. However, in 2021, it’s the #1 risk in 16 countries and among the three biggest risks across all continents and in 35 out of the 38 countries that qualify for a top 10 risks analysis. Japan, South Korea and Ghana are the only exceptions. 

Market developments (#4, at 19%) also climbs, reflecting the risk of rising insolvency rates following the pandemic. According to Euler Hermes, the bulk of insolvencies will come in 2021. The trade credit insurer’s global insolvency index is expected to hit a record for bankruptcies, up 35% by the end of 2021, with top increases expected in the U.S., Brazil, China and core European countries. 

Further, COVID-19 will likely spark a period of innovation and market disruption, accelerating the adoption of technology, hastening the demise of incumbents and traditional sectors and giving rise to new competitors. Other risers include macroeconomic developments (#8, at 13%) and political risks and violence (#10, with 11%), which are, in large part, a consequence of the coronavirus outbreak, too. Fallers in this year’s survey include changes in legislation and regulation (#5, with 19%), natural catastrophes (#6, with 17%), fire/explosion (#7, with 16%) and climate change (#9, with 13%), all clearly superseded by pandemic concerns.

Pandemic drives disruption — now and in the future

Prior to the COVID-19 outbreak, business interruption (BI) had already finished at the top of the Allianz Risk Barometer seven times, and it returns to the top spot after being replaced by cyber incidents in 2020. The pandemic shows that extreme, global-scale BI events are not just theoretical but a real possibility, causing loss of revenue and disruption to production, operations and supply chains. 59% of respondents highlight the pandemic as the main cause of BI in 2021, followed by cyber incidents (46%) and natural catastrophes and fire and explosion (around 30% each).

In response to heightened BI vulnerabilities, many companies are aiming to build more resilient operations and to de-risk their supply chains. According to Allianz Risk Barometer respondents, improving business continuity management is the main action companies are taking (62%), followed by developing alternative or multiple suppliers (45%), investing in digital supply chains (32%) and improving supplier selection and auditing (31%). According to AGCS experts, many companies found their plans were quickly overwhelmed by the pace of the pandemic. Business continuity planning needs to become more holistic, cross-functional and dynamic; monitor and measure emerging or extreme loss scenarios; and be constantly updated and tested and embedded into an organization’s strategy. 

Cyber perils intensify

Cyber incidents may have slipped to #3 but remain a key peril, with more respondents citing it than in 2020 and still ranking as a top three risk in many countries, including Brazil, France, Germany, India, Italy, Japan, South Africa, Spain, the U.K. and the U.S. The acceleration toward greater digitalization and remote working driven by the pandemic is also intensifying IT vulnerabilities. At the peak of the first wave of lockdowns, in April, the FBI reported a 300% increase in incidents alone, while cybercrime is now estimated to cost the global economy over $1 trillion, up 50% from two years ago. Already high in frequency, ransomware incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands, as highlighted in the recent AGCS cyber risk trends report

See also: 3-Step Framework to Manage COVID Risk

Risers and fallers 

Macroeconomic developments is up to #8, and political risks and violence (#10) returns to the top 10 for the first time since 2018, reflecting the fact that civil unrest, protests and riots now challenge terrorism as the main exposure for companies. The number, scale and duration of many recent events, including Black Lives Matter protests, anti-lockdown demonstrations and unrest around the U.S. presidential election, have been exceptional. As the socioeconomic fallout from COVID-19 mounts, further political and social unrest is likely, with many countries expected to experience an increase in activity in 2021 and beyond, particularly in Europe and the Americas.

Changes in legislation and regulation drops from #3 to #5 year-on-year. Natural catastrophes falls to #6 from #4, reflecting the fact that, although aggregated losses from multiple smaller events such as wildfires or tornadoes still led to widespread devastation and considerable insured losses in 2020, it was also the third consecutive year without a single large event, such as Hurricane Harvey in 2017. Climate change also falls to #9. However, the need to combat climate change remains as high as ever, given that 2020 was the hottest year ever recorded. 

To learn more about this year’s findings, please visit Allianz Risk Barometer 2021.

20 Issues to Watch in 2021

Out Front Ideas with Kimberly and Mark kicks off every year with our popular 20 Issues to Watch webinar. While there are certainly more than 20 issues to discuss after the unprecedented events of 2020, we focused on the high-impact issues relating to workers’ compensation, healthcare and risk management. These are all important issues for every risk manager and insurance professional to monitor in 2021. 

1. Healthcare Watch

President Biden’s healthcare plan has been referred to as ACA 2.0, as his approach is expected to build on the Affordable Care Act. As a longtime supporter of public options, President Biden will likely give consumers access to Medicare-style health plans, along with an option to continue private insurance. In keeping with the ACA, expect to see the return of the individual mandate and associated penalty removed in 2017.

For most of 2020, there was a significant decrease in employer healthcare spending due to limited in-person care caused by COVID-19. Many employers spent less than in 2019, with average savings around .5% to 2%. Ambulatory care settings and hospital admissions accounted for the largest areas of decreased spending. However, pharmaceutical costs, as projected, increased roughly 6% due to the pandemic. 

Telehealth continues to rise in popularity, with its ever-increasing accessibility. Its long-term use remains unknown due to dependence on government regulations, but expect its continued use in the short term from health providers accustomed to its use. 

2. Political Polarization

With Democrats holding a narrow majority in the House and controlling the split Senate, it is uncertain whether there will be a sweeping or incremental change, especially because President Biden has historically been a political moderate. The secretary of Labor nominee, Marty Walsh, was a former union leader and strong supporter of organized labor, so expect potential Department of Labor policy changes, especially in Occupational Safety and Health Administration (OSHA) enforcement and independent contractor classification.

Political polarization has created continued conflicts for much of our history. There is much work to be done to restore public trust, reduce conflicts and provide a better path forward for our country. 

3. COVID-19 Vaccine Considerations for Employers

Employers are currently assessing their options for requiring employee vaccinations. While employers that primarily have employees working from home have fewer concerns than those working directly with the public, all employers have questions regarding a mandatory vaccine policy. Updated Equal Employment Opportunity Commission (EEOC) guidelines published Dec. 16 state that employers can require workers to be vaccinated, with some limitations, including:

  • Title VII religious exemptions
  • Americans with Disabilities Act accommodations 
  • Any additional rights that apply to either EEO laws or federal, state and local authorities

Like all employment law, expect there may be litigation over employer mandates to require the vaccine. In developing policies, employers will be considering not only their workforce but the expectations from the general public they interact with. 

4. Supply Chain Diversification

COVID-19 caused significant disruption in the U.S. drug supply chain because 80% of the necessary components used in pharmaceutical manufacturing for the country come from China and India. China is also responsible for around 80% of the essential elements used in personal protective equipment (PPE), leading to a shortage during the start of the pandemic. 

These supply chain disruptions were widespread and illustrated the need to diversify sources and not rely on imported goods for critical components. Diversification will make companies more resilient to unexpected events such as natural disasters, political unrest, trade sanctions and other pandemics. 

5. Public Health Policy

Over the decades, public health achievements have included childhood vaccination programs, fluoridation of drinking water and the global commitment to eradicating HIV/AIDS. There are many public health services we should be able to rely on, including preparedness and response capabilities, addressing and diagnosing health hazards, informing and educating the public and strengthening and mobilizing communities, to name a few.

However, a lack of coordination between the federal government and state public health officials led to poor planning and response to the pandemic. Successful public health initiatives rely on people’s trust in public health, but poor communication, mixed messaging and inconsistency in applications and expectations only furthered challenges. 

Public health in the U.S. has generally struggled to make a clear and compelling case for prevention and non-medical approaches to health and well-being. Public health would benefit from leaders focusing on building trust and connecting with communities’ shared values, inspiring participation and active listening.

See also: Don’t Go Into Recovery Mode in 2021; Reset

6. COVID-19 Claims Development

The workers’ compensation industry has seen tens of thousands of COVID-19 claims. According to industry data, the vast majority of those claims are small, with average paid figures just over $1,000. However, the industry has also seen many claims over $1 million incurred on cases that resulted in death or had an extended ICU hospitalization. There could be additional development on these claims as long-term health consequences from COVID-19 become apparent.  

Businesses are seeing COVID-19 related litigation in other areas, including business interruption, employers’ liability, general liability, employment practices liability and even directors and officers coverage.

7. Evolving Employee Benefits

In 2021, expect more employer emphasis on addressing mental health and well-being in the workplace. There are more employer offerings with telehealth’s continued use, like mental health apps and videos with on-demand options. The Center for Workplace Mental Health provides a wealth of employer support for workplace well-being, like the new program Notice. Talk. Act, which offers training for company leaders to improve their understanding of mental health on employees and the organization.

Understanding financial health is a primary concern for employees across the country because the pandemic left many unemployed. Many employers have partnered with their 401K providers to provide webinars and online tools to assist their employees with budgeting and forecasting expenses. Group health solutions are also assisting employees in better understanding copays, deductibles and high-quality care options, ultimately driving down costs and improving healing times.

Flexible work schedules and time away programs are being altered for 2021. Split schedules or starting earlier or later are options many employers are adopting as workers are challenged with their children’s online learning needs or caregiving opportunities. Additionally, the pandemic has caused financial problems for many, adding to stress and anxiety for workers. Allowing and encouraging time away from work is necessary to create a healthier, more productive workforce.

8. Redefining Workers’ Compensation

Presumptions for COVID-19 are just the latest example of how workers’ compensation continues to expand beyond its original design of covering only traumatic accidents in the workplace. As more conditions and diseases are deemed work-related, and more presumption laws are passed, the line between workers’ compensation and group health continues to blur. 

9. COVID-19 as a Comorbidity

While we still know very little about the long-term effects of COVID-19, we know that there is an increasing number of patients experiencing new symptoms months after recovery. These symptoms range from blood clots to neurological symptoms, like brain fog and confusion, to continued respiratory challenges, like shortness of breath. There have also been reported psychosocial effects like anxiety, hopelessness, depression and post-traumatic stress disorder (PTSD), especially in healthcare workers and ICU patients. 

If a large percentage of COVID-19 patients develop long-term physical and mental side effects from the disease, it could increase claims for years to come and even have the potential to be comparable to existing comorbidities such as obesity or diabetes. 

10. Post-COVID-19 Analytics and Benchmarking

The insurance industry and risk managers rely heavily on actuarial models and benchmarks to analyze performance and predict future exposures. One of the core assumptions of analytics and benchmarking is that most analysis components are under conditions similar to the past. However, the pandemic introduced several variables into the analysis that raise questions about the validity of those models in the future. 

In workers’ compensation, frequency models have been disrupted, and there have been delays in medical treatment, litigation and return to work. Carriers are also having to develop new risk models that take into account the potential impact of future pandemics.

11. Employers Addressing Caregiving

Caregiving challenges were mounting for employers in advance of the pandemic. They were magnified because of work from home, school closures, after-school programs, day care and elder care programs. Supporting employees who are also caregivers means first understanding the impact of caregiving on your workforce, then implementing policies, programs and benefits that offer them tools to assist. These may include offerings to support balancing work and caregiving and case management support to coordinate or find caregivers. Employers that are advancing programs such as these use employee peer groups to partner with human resources and business leaders to create programs and offer a feedback loop regarding effectiveness.

12. Expanding Regulatory Burden

Amid the pandemic, regulators released new regulations regarding claims reporting, COVID-19 tracking, premium collection and job classifications. Systems had to be modified to collect the latest information, and already stretched resources needed to adjust to fulfill these additional requirements. 

All these regulatory changes were made with little input from stakeholders, and the increased requirements added additional administrative costs for everyone involved, including employers, third-party administrators (TPAs) and carriers. Temporary emergency rules and regulations are continually expanding and show no signs of letting up.

13. Workforce Evolution

Companies have adjusted their approach when addressing performance, productivity and workplace safety after a major shift to work from home in March 2020. Employee engagement and technology were just a few of the many impacts of this shift. Social distancing and office redesign coupled with consistent communication have proven successful for companies that brought their employees back to the office full- or part-time.

For companies opting to continue work from home policies, there are many unanswered questions regarding when to bring employees back. Whether or not employees are comfortable returning, if vaccines will be mandated or even just waiting until the surge subsides are all considerations for a potential return to the office. Regardless of when return to work becomes a viable option, expect the expansion of remote work opportunities post-pandemic.

14. Economic Recovery

The pandemic has caused significant unemployment increases, with lower-wage workers in service industries being affected the most. Brick-and-mortar retailers were already struggling before the pandemic, and 29 major retailers closed more than 10,000 stores nationwide in 2020. Industries like travel and hospitality are not expecting to see 2019 revenues return until at least 2022. Because these industries rely heavily on business travel, there may never be a full return, as companies are reevaluating the necessity of travel expenses.

While government aid packages could be expanded, they are a temporary fix. Ultimately, the economy will not fully recover until we get people back to work, meaning there will need to be widespread vaccine distribution, removal of government restrictions and new job opportunities for permanently displaced employees.

15. Insurance Innovation

New models for claims processing, including automation, will continue to emerge in 2021 and 2022, widening the gap between the innovators and legacy providers. The consumer journey and engagement will begin to evolve in a material way, driving on-demand tools and solutions. With an added emphasis on customer experience, organizations must rethink their design around support models to assist with consumer education, planning, decision-making and coordination of services. 

With the advancement of technology and the emergence of models not offered previously, expect pricing models to be adjusted. Early adopters wanting to engage in new models will help shape the learnings and performance of the innovation and engage in transparent discussions around value and pricing.

See also: 2021, We Can’t Wait to Get Going!

16. Insurance Market Challenges

In 2020, businesses saw significant price increases across multiple lines of coverage and carriers reducing policy limits in an attempt to reduce their exposure to losses that have been both historic and difficult to predict. Reinsurers reported significant price increases for 1/1 renewals with contract language changed to eliminate ambiguity around underwriting intent and reinforce exclusions. Exclusion of pandemic losses from workers’ compensation treaties means carriers will not have reinsurance available for those losses.

Workers’ compensation is the one line of commercial insurance that has been relatively stable in the last year. Due to drops in employer payroll, overall premiums and claims dropped in 2020. Several factors are putting pressure on carriers to adjust pricing, including historically low interest rates that lower carrier investment income and discounting on long-term claim payouts. There are also significant differences between the guaranteed cost market, which is drive by claim frequency, and the retention market, which is driven by claim severity. The costs of catastrophic injury claims has continued to climb at rates well above medical inflation.  

Risk managers should expect more of the same this year. As losses continue to grow in multiple lines of coverage, carriers are trying to find the correct pricing to make these lines profitable. Additionally, coverage gaps are developing as carriers tighten up policy language to avoid unintended claims. For example, many policies and reinsurance contracts added tight exclusions for infectious diseases, excluding coverage for conditions like Legionnaires disease, which had been previously available.

17. Cyber Risks

Deepfake videos, increased phishing and ransomware attacks and more vulnerable remote workforces have all contributed to record cyber threats. Any vulnerabilities could leave an organization open to million-dollar ransoms, data leaks and irreparable reputation damage. As hackers become more sophisticated and organized, it is vital to remain vigilant, and training employees cannot be overlooked.

18. Public Sector Challenges

The economic recession caused by the pandemic resulted in municipalities receiving significantly lower tax revenues from areas like sales tax, hotel taxes and income taxes. The public sector faced increased costs from public health expenses and the costs associated with operating in a pandemic environment. Additionally, civil unrest and riots in larger cities resulted in billions of dollars in public property damage and thousands of injuries to law enforcement officers. 

Law enforcement agencies face additional challenges due to decreased staffing and recruiting and an increase in retirements. Amid all of these obstacles, pensions remain significantly underfunded, and, as retirements accelerate, these pensions could run out. Ultimately, the events of 2020 will increase the costs faced by public entities, which will increase the burden on taxpayers to pay for all these costs.  

19. Lessons on Industry Engagement

In 2020, most conferences evolved to host their first virtual events. While many industry stakeholders have voiced concern with virtual fatigue and are anxious to get back to in-person events, the value of conferences before the pandemic is in question. As companies have adapted to online certifications, prospecting virtually and partnering with clients outside of these events, organizations question the return on investment of these conferences. While there will be a return to in-person events eventually, expect to see smaller booths, fewer attendees and a larger focus on local and regional participation. 

20. Litigation Management

Pandemic restrictions have forced courts across the country to postpone significant portions of their dockets, causing delays in litigation in both workers’ compensation administrative courts and civil litigation. These delays can cause claims exposures to escalate along with administrative costs associated with the litigation. In dealing with these delays, it may be best to be selective about what is litigated. 

To listen to the archive of our complete Issues to Watch webinar, please visit https://www.outfrontideas.com/. Follow @outfrontideas on Twitter and Out Front Ideas with Kimberly and Mark on LinkedIn for more information about coming events and webinars.

3 Practical Uses for AI in Risk Management

Every year, financial crime becomes more sophisticated, new malware emerges and fraud losses rise. Top that problem up with continuously evolving regulations and hefty non-compliance penalties, and financial institutions are facing an increasingly complex risk landscape.

To compete in the new environment, banks, insurance companies, asset managers and other industry players need to rethink how they approach financial risk management. That’s where artificial intelligence can lend a helping hand. With advanced analytical capabilities, AI can augment human-led risk management activities to drive better outcomes much faster. It is estimated that through better decision-making and improved risk management, AI could generate more than $250 billion in the banking industry.

Insurance companies, banks and fintech startups alike are starting to integrate AI-driven analytics into their financial risk management software. Here’s a roundup of three practical use cases to give you the idea of AI potential.

Accurate fraud detection

The complexity and visibility into multi-channel fraud prevention is a major challenge for financial institutions. Scammers are getting more sophisticated and quickly find creative ways to steal from banks and their customers. Each year, fraud costs over $5 trillion, a sum more than 80% greater than the U.K.’s entire GDP.

To stay agile and quickly respond to threats, banks are augmenting their fraud detection toolkit with machine learning capabilities. The idea behind ML-driven fraud analytics is that fraudulent transactions have telltale signs that algorithms can uncover much more effectively than rule-based monitoring systems. By processing customer, transactional and even geospatial data, they can even spot patterns that seem unrelated and simply go unnoticed by human data analytics.

As a rule, ML algorithms leverage supervised or unsupervised learning techniques for fraud detection. The difference between these two types is that supervised learning-based algorithms heavily rely on explicit labels, meaning that machines need to be repeatedly trained on what a legitimate versus fraudulent transaction is. Unsupervised learning models, in contrast, do not need prior labeling to recognize abnormal activity, so they can continuously update their datasets and detect even previously unknown fraud and abuses.

Credit risk prediction

In simple terms, credit risk refers to the risk of financial loss when a borrower fails to meet financial commitments. And as these non-performing assets continue to grow, it has become imperative for banks to find better and more robust mechanisms to manage default risks.

Advanced ML-driven analytics can do just that. By analyzing a vast amount of financial and non-financial data, trained machine learning algorithms can model credit risk and predict default with a much higher degree of accuracy than traditional methods.

See also: Claims and Effective Risk Management

There is no shortage in up-and-coming startups that work on AI-powered credit scoring solutions to help the financial industry fight high delinquency rates. One such example is British startup SPIN Analytics, which has developed its RiskRobot to optimize credit decisions. The solution leverages advanced analytics to forecast credit behavior and credit losses of individual customers and entire credit portfolios.

Effective regulatory compliance

Over the years, the number of rules and regulations that banks and financial organizations need to adhere to has multiplied — EMIR, SFTR, MiFID II/MiFIR, MMF, GDPR. With this raft of regulatory bodies, updates are issued every seven minutes. And, with hefty fines and penalties, non-compliance is not an option.

Handling the overwhelming volume of regulatory change is no easy feat. But recent advancements in natural language processing (NLP), an AI subfield, are bringing us closer to effectively solving the compliance puzzle. With the ability to understand the human language, NLP-based solutions can scan and analyze millions of lines in regulatory content, including legal documents, commentary, guidance, legal cases, to spot applicable requirements much faster — that’s what London-based Waymark offers its corporate clients.

Another prominent regtech player is IBM, which offers its cognitive computing platform Watson to drive down regulatory compliance costs. Trained with the help of Promontory, Watson identifies and tags obligations, guides and controls to facilitate regulatory change management.

The bottom line

The financial risk landscape is changing fast. Staying on top of emerging fraud threats, credit risk and rapid regulatory changes requires a superhuman effort.

AI can augment human intelligence with rich analytics and pattern prediction capabilities to drive fraud and credit risk detection with higher accuracy and at a larger scale. In the regtech space, AI-fueled analytics solutions can significantly accelerate compliance procedures while reducing the costs.

Risks Facing the Tokyo Olympics

Since the revival of the modern Games in 1896, the Olympics have had to cope with a range of risks, from financial, security, sporting and reputational risks to diplomatic incidents and war. In 2020, that list expanded when the Tokyo Games was postponed due to COVID-19.

Any catastrophe affecting the Olympic Games could result in high-impact, long-term consequences for the cities that host them. People, infrastructure and entire supply chains are at stake. Forcing the Tokyo Olympics to be postponed by a year, the COVID-19 pandemic has stolen the risk limelight, but it remains as vital as ever to remember the wider risk landscape.

People risks 

Olympic Games typically involve a large population influx from various countries to a city, in this case Tokyo, already one of the largest cities in the world. How will this work in a COVID-19 world, where physical distancing is set to be recommended for a long time? 

A recent government survey showed only 0.1% of Tokyo residents have coronavirus antibodies. That is much lower than 14% in the state of New York in April, and 7% in Stockholm. The citizens of Tokyo may not want to accept the risk of an influx of people on top of managing their own national situation. The pandemic has also reduced the enthusiasm of residents to host the event, with a recent poll showing that only 24% in Japan look forward to the Olympics. 

There are other people risks to consider. Ever since the 1972 Munich Olympics, where terrorists kidnapped and killed Israeli athletes, crowded spaces like sporting and entertainment venues have become targets for international and domestic terrorists. In the latest Cambridge Centre for Risk Studies City Risk index, Tokyo comes out on top by risk exposure, with interstate conflict listed as the top potential loss driver. 

The multiple layers of security (including police, military and private security) will rely heavily on technology, not least to coordinate their activities. These will be the first Olympics to make use of facial recognition technology to assist with risk management and identification.

Technology risks

With such a high-profile event, security must be ultra-tight, and cybersecurity in particular is a major concern. Due to their operational requirements, scale and scope, Olympic events have the potential to trigger complex second-order effects, and cyber-attackers have grown increasingly ambitious as organizers have embraced digitalization. At the 2018 Pyeongchang Winter Olympics, suspected state-sponsored hackers carried out extensive campaigns, with TV signals disrupted, the games website crashing and ticket sales disrupted. Russia was thought to be involved in those attacks, and earlier this year Japan’s National Intelligence Agency issued a stark warning on the possibilities of state-sponsored attack at the Summer Games. 

Earthquake risks

Earthquake risk is a top concern for Tokyo. The region sits at the intersection of the Pacific and Philippine Sea tectonic plates being pushed under Eurasia and forming the Itoigawa-Shizuoka Tectonic Line (ISTL). Given the structural dynamics, megathrust earthquakes along these boundaries are a common driver of risk discussions for the region. However, recent swarm activity in the Tokyo area can be interpreted in two ways. A simple view is that an increase in smaller earthquake activity leads to higher chances of a big one. However, a seismic creep could also be an indication that fault stress is being reduced in the region. Whatever the impact, the immediate response strategy remains the same. 

Japan already has strict building codes governing construction and engineering and many Olympic venues will sport earthquake-ready designs aimed at decreasing damage by spreading the shock to a building across seismic isolation bearings. Drills and evacuation exercises aimed at supporting fast and efficient emergency plans have been held, and extra time should allow organizers to identify further improvements in response strategies. 

See also: How Risk Managers Must Adapt to COVID

Weather and climate risks

The first Olympics to experience heat stress issues were the 1912 Stockholm Games, where temperatures reached 32 degrees Celsius (90 degrees Fahrenheit) in the shade and resulted in half the marathon runners failing to complete the race. Only two years ago, record-breaking summer heatwaves led to the deaths of over 1,000 people in Japan. Similar heatwaves from that year have been studied in the U.K., with research suggesting that record-breaking temperatures are now increasingly likely due to human-induced global warming. 

Japan’s average temperatures are virtually certain to be rising at a rate of 1.21 degrees Celsius per century, compared with the global rate of 0.73 degrees Celsius per century (calculated by the Japan Meteorological Agency). While fine and sunny weather will help the Games run smoothly, this increased risk of serious and deadly heatwaves is an important consideration to add to other weather and climate risks such as typhoons and extreme rainfall. Whether contingency plans must be enacted due to heatwaves, or whether extreme weather leads to damage to infrastructure or venues, there could be a substantial financial impact, and risk transfer options will have been considered.

Flood risks

During the 2012 London Olympics, the tube link to Stratford in east London was closed after a water main flooded the tracks of the Central line, which connects the West End and City to the Olympic Park, raising concerns about the resilience of London’s transport network. Flooding issues were also seen in Russia in the run-up to the Sochi Winter Olympics, when flash floods caused massive disruption to the preparations. An estimated 2,000 workers were required to clean up the mess.

Japan has committed to large infrastructure projects, hoping that the Tokyo Olympic Games leave a long-lasting legacy. The first time Japan hosted the Olympics, in 1964, prompted the operations of the first Japanese bullet trains. The government has built several state-of-the art flood control structures in the Greater Tokyo Metropolitan area, home to more than 37 million people and the most populated megacity in the world. Super levees around the Arakawa River provide protection against major floods, and the massive underground storm water storage facility that forms part of the Metropolitan Area Outer Underground Discharge Channel is the biggest in the world. 

Stakeholders across the board are going to need to challenge their thinking and decision-making styles as these Games break from the regulated cycle of audits and check-ins. The reputation risks for all involved have never been higher, and, while organizers are already looking at options to simplify the Games, there may come a point where the risks exceed the appetite. 

See also: 3-Step Framework to Manage COVID Risk


It is still unclear whether the Tokyo Olympics will indeed happen in 2021. The current climate has reminded us that we should always expect the unexpected.

Taking extreme events and stress-testing them, whether through quantitative modeling or qualitative scenarios, is one way to build resilience to global, complex risks and decide what to do next. As COVID-19 has demonstrated, society has developed in such a way that the impacts of past events are no longer a certain guide for the future, and this event presents an opportunity for all to make changes beyond the organization of these Games and leverage insights from science to increase their resilience.