Employee benefits and cyber risks are areas of concern for Swiss risk managers, according to Sabrina Hartusch, president of the Swiss Association of Insurance and Risk Managers (SIRM) and global head of insurance at fashion firm Triumph
What are the main factors driving Swiss risk managers’ concern with cyber risks?
Swiss risk managers are concerned about cyber risks, as they rapidly appear, and, compared to other risks, little is known about them, when it comes to quantifying the size and the magnitude of such incidents. It’s their sheer breadth which makes Swiss risk managers alert, and where they know cyber risk engineering must evolve over time.
Of course, also Swiss companies have recently been targeted by cyber-attacks of all forms, so it is more than known and understood that is of global concern (at least for global companies; still some work must be undertaken when it comes to the SME or smaller markets).
Still, a lot more work and fundamental dialogue has to be made amongst all participants in this topic to get a proper handle of it. Of course, the GDPR is also of concern to Swiss risk managers as a large amount of Swiss companies is also doing business with EU-individuals. Switzerland’s own data protection regulation and the update of that one is of major concern to risk managers here.
If risk managers could get one message across to cyber risk insurance partners, what would it be?
Talk to each other, understand the real needs and concerns on both sides and don’t operate in silos. Meet risk managers and conduct with them a lot of risk scenario models, one after the other, to bring this topic further in the interest of everybody, for the insurance company to stay relevant and for a business to equally stay in business.
Do not forget the board as it is there where it all starts. it should be well understood at that level that any cyber incident can substantially endanger business plans, budgets and target achievements. A vast amount of risk managers cannot yet put their hand in the fire in front of the board saying that all cyber risks are risk transferred in the best way possible and that nothing better can be achieved. There is work to be done.
Why are employee benefits an important area of concern to you?
Some risk managers also do take care of personnel insurances and pension schemes and lead on those topics internally in their company. I regard all those insurances as one, and I don’t support any internal silo approach in separating the two (i.e. company insurances vs. personnel insurances). By personnel insurances I mean for example: pension schemes, life insurance, accident insurance and workers’ compensation, disability and death insurance, travel insurances and assistance services, medical insurances, expat solutions, etc.
When, for example, you consider pensions, you will find that this is a topic with a real long-term interest and concern. Those pension schemes need to be set up very well from companies and managed well from various angles i.e. from a financial risk aspect on the balance sheet when it comes to defined benefit plans, from the appropriateness of coverage for employees and what a company envisions to give its staff, from how risk transfer is conducted, etc.