Managing risk is a combined leadership effort; not limited to IT manager

The India Risk Management Awards, organised jointly by ICICI Lombard General Insurance Co and CNBC-TV18, held an insightful master class on new-age risks and their management, with industry veterans and thought leaders coming together under one roof to decode how businesses can de-risk themselves in an age characterized by technological disruption. 

Not too long ago, traditional risks relating to property, employee health, accidents and equipment were the biggest threats to businesses. However, the risk landscape has witnessed a seismic shift in recent years as businesses enter into the digital world with concerns relating to compliance, data theft, privacy and cybersecurity gaining increased prominence. Seven out of ten companies now say new age risks are more significant to their operations than traditional ones.

Lending insight on the subject were top minds including Lalit Malik, CFO, Dabur India; Shrikant Shrivastava, Chief Risk Officer, India Mortgage Guarantee Corporation; Deepak Ahluwalia, Vice President & Global Head of Governance, Risk and Compliance, Zomato; Deepak Matai, Country CEO – India, Malaysia & Bangladesh, CPP Group; and Sandeep Goradia, Head – Corporate Solution Group, ICICI Lombard.

“Risk management is not only an issue for an IT manager or a technology manager’s job; it runs across the organisation,” noted Zomato’s Deepak Ahluwalia. “Every business leader as well as functional leader is responsible for risk management, for ensuring that they are considering the risks in whatever part they are playing in the entire process.”

While the merits of a company-wide risk-aware culture cannot be overstated, this should extend to vendors and partners as well. “Today’s IT processes are a sum of parts,” said IMGC’s Shrikant Shrivastava, highlighting that even the most effective risk management practices are destined to fail if they aren’t followed across the supply chain. It’s no surprise, then, that mitigating third-party risks – which are evolving at a breakneck pace – is ranking high on the list of CXOs’ priorities.

CPP’s Deepak Matai noted till just a few years ago, the group’s consumer card protection services were primarily called for physical loss of credit cards. Today, the bulk of operations are focused on safeguarding customers’ data against phishing efforts. “The data that lies with the bank and might be lying with a call center or collection agency is, I think, the biggest risk our business really faces today,” he said.

Hence, organisations need to opt for preventive risk management structure than curative measures. Lalit Malik noted that while preparing strategy to deal with emerging risks, Dabur India looked at the likelihood and impact of each risk, its nature, time frame, the options at the business’ disposal and the cost of managing it. He stressed upon the importance of periodically reviewing these efforts in both top-down and bottom-up manner to stay ahead of the curve.

While companies undoubtedly should go all-out on mitigating risks, Cyber Insurance is one weapon that can protect a company against loss, if any. ICICI Lombard’s Sandeep Goradia revealed Cyber Insurance has become one of their highest-selling products right now. The insurer is leaving no stone unturned to collaborate with clients and create bespoke solutions that are changing the perception of insurance from mere ‘risk transfer’ to ‘risk solution’.

Prevention is indeed better than cure when it comes to managing new age threats. While each company needs to find the most effective way to do this, there is no substitute for hedging and devising a clear, yet flexible plan. After all, not managing risks well is the most risky business.