Securing the future

Today, technology has become both a transformative force and a potential source of new risk. As companies eagerly adopt tools like AI, blockchain, and cloud computing, they must also navigate a complex maze of challenges and uncertainties.

Many insurers are currently investing heavily in AI capabilities. By providing comprehensive training to employees and establishing robust governance frameworks, these companies seek to harness the power of AI-driven models and decision- making processes. However, the path to AI adoption is not without obstacles.

According to a 2024 KPMG survey on GenAI across industries, cybersecurity (79%) and data quality (66%) are key areas of risk mitigation. From a technology risk perspective, insurance companies are investing in governance, risk, and compliance (GRC) platforms to be used across the first, second, and third lines of defense. This enables identifying risks quickly across the company.

One of the most daunting challenges in this context is the risk of systemic cyber catastrophes. The growing consolidation of technology services and platforms means that a single cyberattack or outage can have cascading effects across sectors. Insurers must therefore understand and mitigate the potential aggregation risk stemming from interconnected systems. This requires managing not only third-party risks but also “nth party” risks associated with the extended network of third-party relationships.

The rapid growth of the cyber insurance market presents both an opportunity and a challenge for insurers. While this market offers growth potential, insurers need a thorough understanding of the underlying risks and exposures. They must balance the need to provide comprehensive coverage with the necessity of managing the risk exposure in the face of constantly evolving cyber threats.

The role of risk management in the insurance industry is undergoing a remarkable shift, transitioning from a primarily compliance-oriented function to a strategic partner in decision-making. This transformation is driven by the increasing recognition that effective risk management is essential not only for meeting regulatory requirements but also for driving business success.

To achieve this strategic role, risk management teams are working to gain senior management buy-in by demonstrating their value in enabling informed decisions. This involves developing lean but influential teams with direct reporting lines to the CEO and translating complex risk concepts into business-friendly metrics that resonate with senior management.

Keeping pace with the constantly evolving regulations across multiple jurisdictions is a crucial challenge. Regulatory compliance is the second-highest rated risk for insurance companies after cyber/data privacy. Even seemingly immaterial countries/jurisdictions can cause an exponential increase in regulatory compliance workloads. However, by leveraging technology and streamlining processes, risk teams can efficiently meet these requirements while also focusing on strategic initiatives.

Climate risk has emerged as a critical area of focus, with insurers assessing and mitigating both physical and transition risks, which are the risks related to the global shift towards a low-carbon economy (e.g., regulatory risks, reputational risks, etc.). On the asset side related to climate risk, insurers have differing views on investing in fossil fuel assets vs. divesting. US insurers are still lagging in this area compared to insurers in Europe and Asia. Risk management teams play a vital role in helping businesses build climate resilience through innovative insurance solutions and expertise in risk mitigation strategies.

As the risk management function evolves, insurance companies are recognizing the importance of embedding a risk-aware culture throughout the organization. This means a proactive approach to risk identification, assessment, and management. The function continues to play a key role in insurance M&A—assessing risks of entering new markets/ products, evaluating risk correlations, understanding concentration or diversification risks of acquisitions, and integrating risk frameworks of acquired entities.