Year In Risk 2024 with Morgan O’Rourke and Hilary Tuttle

RIMScast

The Risk and Insurance Management Society, Inc., The Risk, and Insurance Management Society द्वारा प्रदान की गई सामग्री. एपिसोड, ग्राफिक्स और पॉडकास्ट विवरण सहित सभी पॉडकास्ट सामग्री The Risk and Insurance Management Society, Inc., The Risk, and Insurance Management Society या उनके पॉडकास्ट प्लेटफ़ॉर्म पार्टनर द्वारा सीधे अपलोड और प्रदान की जाती है। यदि आपको लगता है कि कोई आपकी अनुमति के बिना आपके कॉपीराइट किए गए कार्य का उपयोग कर रहा है, तो आप यहां बताई गई प्रक्रिया का पालन कर सकते हैं https://hi.player.fm/legal।

22d ago 48:47

MP3•एपिसोड होम

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.

In this episode, Justin interviews Morgan O’Rourke and Hilary Tuttle of RIMS Risk Management Magazine for the Q4 Edition Risk Year in Review. They discuss the biggest risk events we’ve seen in 2024, including natural disasters following climate change and even the recent murder of the UHC CEO. They give their forecasts for 2025, with cybersecurity being an expanding area of risk, combined with AI, and regulatory changes likely under the new administration.

Listen for categories of risk your organization is sure to face in the coming year.

Key Takeaways:

[:01] About RIMS.

[:14] Public registration is open for RISKWORLD 2025! RIMS wants you to engage today and embrace tomorrow in Chicago from May 4th through May 7th! Register at RIMS.org/RISKWORLD and the link in this episode’s notes.

[:30] About this episode, coming to you from RIMS headquarters in New York. This episode is our special 2024 finale! Hilary Tuttle and Morgan O’Rourke of RIMS Risk Management Magazine will join us to discuss the top trends and stories from 2024 and what to expect in 2025.

[:58] RIMS-CRMP Virtual Workshops On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year.

[1:20] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode’s show notes.

[1:36] RIMS Virtual Workshops! Gail Kiyomura of The ART of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025.

[1:50] We’ve got ERM on our minds. On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. The “Managing Data for ERM” course will be hosted by Pat Saporito, starting on March 12th, 2025.

[2:12] A link to the full schedule of virtual workshops can be found through the RIMS.org/education/online-learning pages. A link is also in this episode’s show notes.

[2:25] Interview! The Q4 edition of RIMS Risk Management Magazine is my favorite of the year! It is The Year in Risk edition. We’ll have a chance to revisit all the risk highlights from 2024.

[2:42] Here to discuss what made the cut and trends we need to look out for in 2025 are RIMS Director of Publications and Risk Management Magazine Editor in Chief, Morgan O’Rourke and Risk Management Magazine Managing Editor, Hilary Tuttle.

[3:01] There is so much to discuss from cyber security to executive safety. As a show of appreciation to the RIMScast audience and subscribers worldwide, we’ve got so much great content in one huge episode, as opposed to spreading it out over two episodes.

[3:18] You don’t have to wait, it’s all here for you at once! Let’s get to it!

[3:30] Morgan O’Rourke and Hilary Tuttle, Welcome back to RIMScast!

[3:39] Morgan and Hilary are here to discuss The Year in Risk, which is the title of the Q4 edition of RIMS Risk Management Magazine. How does 2024 stand out from other years?

[4:04] Morgan starts looking back at the year’s events in October. He recalls the bridge collapse in Baltimore in March. There are always going to be hurricanes and natural disasters. There are always going to be cyber attacks. It’s just a matter of what flavor they are this year.

[5:15] Morgan categorizes big risk events. There are accidents, like the bridge in Baltimore that affect shipping, and natural disasters, including storms, earthquakes, and record heat. 2024 is the hottest year on record, with the hottest day in recorded history, July 22.

[6:38] The AXA Future Risks Report lists climate change as the number one risk. Climate change brings natural disasters to places that don’t normally see them, like wildfires in the Northeast.

[7:55] Hilary says there were a few hundred fires in New York City this year. The NYFD had to put together its first brush fire task force. In the first two weeks of November, they had 271 fires. Canada has had a terrible year for fires, continuing from its 2023 fire season.

[9:25] Climate change puts everybody at risk. The risk landscape expands so that everybody’s in the game. Paraphrasing Flannery O’Connor, Hilary says 2024 was a disaster in truth everywhere. Disasters are not new but they are occurring in different places and times than before.

[10:22] There were 11,000 fires in the Northeast this year, largely in October and November. It’s a different season and in a different region. The traditional risk models are thrown out the window.

[10:49] Morgan comments that this year we saw the earliest category 5 hurricane formed: Beryl in June. We’re starting to throw out more of the parameters for when you need to be prepared for something.

[11:21] We are seeing more geopolitical conflict, supply chain issues, and risks that didn’t seem impactful in regions that seemed stable and reliable. Thirty percent of shipping goes through the Red Sea. Shipping is 90% of the supply chain.

[11:55] Hilary says in the last year and a half, shipping through the Red Sea has become an untenable and sometimes uninsurable risk. Our standard expectations for doing business are going out the window or being upended. This has become more of a problem this year.

[12:42] There are risks we itemize as the things that are causing problems. Then there are bigger-picture risks you don’t necessarily identify when you’re thinking about your problems.

[13:01] You’re thinking about supply chain disruption and natural catastrophes and business interruption, but not about the climate change that may cause them.

[13:42] Morgan says people have to focus on the problem that’s in front of them. You have to deal with the acute issues before you can deal with the systematic ones. It’s hard to solve systematic problems.

[14:28] Morgan sees polycrisis as interconnected risks. Hilary sees the word as an easy way to allude to something that has been happening for a long time. She can’t think of a time in which you truly faced only one risk without having to think of multiple interconnected risks.

[17:35] Morgan edited the new RIMS Executive Report, “Understanding Interconnected Risks” authored by RIMS Strategic and Enterprise Risk Management Council members Michael Zuraw and Tom Easthope.

[17:48] The paper is available only for members until February 12th, 2025. Then it will be publicly accessible.

[18:16] Morgan says the key for the paper is in its practicality about how you should go about prioritizing risks and understanding where they connect within your operations to communicate with departments and executives and implement risk mitigation. It’s actionable.

[19:30] Morgan considers that the value of RIMS membership and Risk Management Magazine is in learning what to do about risks.

[20:02] Hillary objects to the term polycrisis. It over-intellectualizes a problem to the detriment of focusing on how to solve it or what to do about it.

[20:58] Plug Time! RIMS Webinars! Hub International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”.

[21:23] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members.

[21:34] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing.

[21:54] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award.

[22:32] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview’s show notes.

[22:40] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes.

[22:51] Back to our Year in Risk Interview with Morgan O’Rourke and Hilary Tuttle of RIMS Risk Management Magazine!

[23:16] Justin brings up the recent shooting and killing of the UHC CEO. Morgan was at the same hotel but didn’t hear about it until he had walked to the office.

[23:46] If RIMS Risk Management Magazine had been a print publication, this event would not have been included. Being a digital publication, Risk Management Magazine was able to cover it.

[23:59] Hilary starts with executive safety and employee safety. She speaks of reputation risk and monitoring social media discussion. For most who commented on social media, this murder was no surprise. UHC had a tremendous failure of reputation risk and public listening.

[25:28] Hilary was saddened but not surprised by the incident. She calls privatized health insurance in the United States a horror show. You can’t let cashing those executive incentive checks blind you to public response.

[26:27] Morgan says it’s amazing to see that public sentiment was decidedly unsympathetic, but it’s not unexpected. Hilary mentions the rates of medical debt in the U.S. Hilary saw an outpouring of approval of the murder, which is an awful response to have.

[27:15] If you’re in a position where that is the public sentiment around your organization, you need to fire your PR firm and think very seriously, not only about how you’re conducting business but about how you’re communicating with the public. That is a huge reputation failure.

[27:47] Some health insurance companies have trimmed down or removed their executive team pages to make them less identifiable in public. It’s a safety issue. You want to be very careful about how much you post about individual people.

[28:43] From a cyber security perspective, nothing you put on the internet is private or innocuous. If you are an insurance executive who likes to go hiking at Mount Whatever, maybe that’s not information you want to put on the internet.

[29:31] Hilary sees this situation as reminiscent of Big Tobacco as an industry. She believes there is an awareness that there is a certain amount of evil being done among executives in this industry. She says perhaps there is a social reckoning to be had in that.

[30:06] Plug for The Spencer Educational Foundation! Spencer’s goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada.

[30:24] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer’s 2026 application process will open on May 1st, 2025, and close on July 30th, 2025.

[30:48] General grant awardees are typically notified at the end of October. Learn more about Spencer’s general grants through the programs tab of SpencerEd.org.

[30:59] Let’s Return to the Conclusion of my Interview with RIMS Risk Management Magazine’s Morgan O’Rourke and Hilary Tuttle!

[31:11] Justin asks about AI and cyber security in 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has noted that there will be an increase in breaches and the creativity of attacks.

[31:38] They have a revised Revised National Cyber Incident Response Plan that is available for public comment. Hilary agrees that there will be more AI embedded in cyber attacks in 2025. It is already being used to power attacks and in the detection of attacks.

[32:01] AI is also being used effectively in different forms of exploiting humans with ChatGPT and better phishing emails. It is being used to write better malware that is harder to detect.

[32:25] Moody’s Outlook expects a significant intensification of cyber risk in 2025, from the number of cyber incidents that are occurring and the sophistication and impact of cyber risk. Companies are getting better at detecting cyber attacks and doing basic cyber security.

[33:19] Cyber criminals are getting better, too. The attacks will be harder to detect or more severe in scope. Hilary calls social engineering an interesting art. Like journalism, you have to find the approach that successfully gets the information you are looking for out of humans.

[34:38] Morgan describes an old social engineering attack with a recording of a baby crying in the background, and a “harried mom” trying to get into an account without her password, trying to craft a persuasive argument. Gen AI might do all this in one step and be relatively successful.

[36:01] Hilary mentions that at the DEF CON hacker’s conference, there is a social engineering village. Their “Capture the Flag” is a contest to do just what Morgan described. There are bulleted lists of the types of information you are trying to get in an allotted time.

[37:02] Morgan says it’s not like the fast-typing hackers seen in the movies. You get the information through conversation.

[38:05] Hilary says one of the downsides of automation is the tremendous proliferation in the number of attacks that are being launched. Ransomware attacks grew 70% last year and are on track to double their 2022 levels by the end of 2024.

[38:29] Moody’s and QB Canada both came out with reports anticipating 5,200 ransomware attacks around the world in 2025, from 2,500 in 2022. It’s easier to launch attacks at scale against multiple organizations at once. The attacks are more sophisticated and damaging.

[39:01] The ransomware attacks are asking for significantly more money. Fewer companies are paying ransoms because they have backups and plans in place. Average ransomware payments are going up. Last year, ransomware payments passed $1.1 billion for the first time.

[39:26] The companies that pay ransom are feeling more compelled and are in a tougher spot so they are paying larger ransoms.

[39:48] Morgan points out that paying the ransom doesn’t solve the problem. Change Healthcare had the largest healthcare data breach in U.S. history. They paid $22 million in ransom but didn’t get the data back. Some attackers will keep extorting you or just take your money and run.

[40:36] The FBI has said don’t pay ransomware. You can’t trust criminals.

[40:43] Hilary mentions three ransomware threats: holding a network captive, holding data captive, and holding sensitive information captive. This is triple extortion. If you are the victim of a ransomware attack, go in with the expectation that that is the situation.

[41:55] Hilary forecasts that 2025 will be a colorful year. There is a tremendous amount of uncertainty in pretty much everything. It will be an interesting year, politically. It will be a very interesting four years, from a regulatory perspective.

[42:22] In terms of severe weather, disasters, and cyber, it feels like there will be more, and more, and more events.

[42:51] Morgan thinks the biggest thing is the change in administration and the priorities. ESG has been downscaled. A lot of companies are moving off of DEI initiatives, based on the shift in administration and the feeling that DEI will not be as popular.

[43:16] The regulations concerning a lot of ESG may no longer be in play. The federal guidelines are not going to be what they were in any aspect.

[43:39] President Biden in 2023 issued an Executive Order with guidelines and restrictions on AI. Donald Trump has said he’ll probably rescind that. Donald Trump seems to be aligned with a lot of the tech companies for less regulation of AI. Fingers crossed it doesn’t make things worse!

[44:33] Hilary knows several organizations are particularly concerned about some of the potential risk impacts of taking away many of the consumer protections and other regulations that do a tremendous amount to curb risk. That could increase the risk landscape for many.

[44:55] CISA has cautioned that this could have a disastrous impact on cyber security. A lot of regulations that keep organizations safer are potentially on the chopping block under the new administration. Hilary thinks that’s probably true in some other industries. It will get risky.

[45:30] It has been a pleasure to see you both! I appreciate your time. The RIMS Risk Management Magazine Year in Review is now available at RMMagazine.com. Quick Plug! We’re looking for submissions from the risk profession. See the contribution guidelines.

[46:01] Reach out to Hilary and Morgan. Especially if you’re a risk professional, we want to hear your ideas. Morgan says we’re only as strong as our contributors in the risk management community. Give us what you’ve got!

[46:21] Special thanks again, as always, to Morgan O’Rourke and Hilary Tuttle of RIMS Risk Management Magazine for joining us here on RIMScast! The Risk Management Year in Review Edition is now live at RMMagazine.com. A link is in this episode’s show notes.

[46:41] We look forward to checking back with Morgan and Hilary for the mid-year update in 2025.

[46:48] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information.

[47:35] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information.

[47:52] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.

[48:09] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management.

[48:23] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org.

[48:30] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!

Mentioned in this Episode:

RIMS Risk Management Magazine

RIMS DEI Council Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025)

Nominations for the Donald M. Stuart Award

Spencer Educational Foundation — General Grants 2026 — Application Dates

Contribute to RIMS Risk Management Magazine / Submission Guidelines

“RIMS Executive Report: Understanding Interconnected Risks”

RIMS-Certified Risk Management Professional (RIMS-CRMP)

RIMS Webinars:

RIMS.org/Webinars

“Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025

Upcoming Virtual Workshops:

“Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter

February 19‒20, 2025 | Instructor: Chris Mandel

“Applying and Integrating ERM” | Feb. 26‒27

“Managing Data for ERM” | March 12, 2025

“Fundamentals of Insurance” | Feb. 19‒20, 2025

See the full calendar of RIMS Virtual Workshops

RIMS-CRMP Prep Workshops

Related RIMScast Episodes:

“Big Shifts with John Hagel, RIMS ERM Conference Keynote”

“2024 Mid-Year Risk Update with Morgan O’Rourke and Hilary Tuttle”

“2023 Risk Year In Review with Morgan O’Rourke and Hilary Tuttle”

“Live from the ERM Conference 2024 in Boston!”“Maintaining an Award-Winning ERM Program with Michael Zuraw”

“Applying ERM Theory with Elise Farnham”

“On Risk Appetite and Tolerance”

Year In Risk 2024 with Morgan O’Rourke and Hilary Tuttle

RIMScast

13 subscribers

published 22d ago

साझा करें