The challenges of doing business across borders and the growing spectre of cyber risk were on the menu at this new ‘dining and discussion’ event

Held at the JW Marriott Hotel yesterday, the AIG-sponsored clinic featured an outstanding line-up of panellists engaging in free and frank discussion in front of an audience of more than 40 risk and insurance professionals.

Moderated by StrategicRISK’s Asia editor Sean Mooney, the first panel discussion was titled ‘New Frontiers: How to manage the risks of operating across international borders’.

The panellists were Trent Cannings, AIG’s head of global property Hong Kong and regional energy and engineered risk; Tom Cohen, head of group risk management at Swire Pacific; Vincent Polizatto, the International Finance Corporation’s chief risk officer, Asia Pacific; Iain Wink, group risk and opportunity manager at Gammon Construction; and Ben Wootliff, general manager of Control Risks Hong Kong.

The discussion kicked off with an overview of the main risks faced by Hong Kong-based businesses operating across international borders, with a particular focus on the influence of mainland China.

An examination of some of the practical tools companies are using to spread a risk culture across international operations saw the panel touch upon the threat of Ebola and other pandemics. The importance of risk awareness within organisations was highlighted in this context.

Also on the agenda were the regulatory challenges affecting this sphere, how firms were dealing with escalating political risk both in Hong Kong and abroad, and whether companies should be reviewing their business travel policies to high-risk countries.

When it came to the issue of insurance, panellists were asked to explain how their firms were utilising multinational insurance solutions to mitigate some of the cross-border risks they faced.

When challenged to predict how the risk landscape was likely to change in the future in terms of multinational operations, panellists raised issues such as pipeline project risk, demographics, commodity scarcity and climate change, among others.

It was also pointed out that “all was not doom and gloom”, as these emerging risks also created many opportunities in areas such as environmental management, aged care and others.

Misused and misunderstood?

It was soon time for the second group of panellists to discuss how firms were going about developing practical cyber risk management programmes. The panellists were Dale Johnstone, chief information security officer at the Hospital Authority; Declan McDaid, partner at Norton Rose Fulbright Hong Kong; David Ralph, senior vice president, risk management at PCCW; and Cynthia Sze, head of financial lines at AIG Hong Kong.

With the opening minutes dedicated to defining cyber risk, it was generally agreed that the word ‘cyber’ was often misused and perhaps even misunderstood, and much of the discussion involved what it actually meant to companies in terms of risk.

The panellists touched on how cyber risk related to areas such as intellectual property, privacy and reputation, before talk turned to the perceived disconnect between boards and the risk function in terms of general knowledge of cyber risks.

It was suggested that simulations could give boards a realistic feel of how cyber events could create very broad impacts that the c-suite might not have expected.

However, this idea was presented with the caveat that such exercises should be specific rather than generic, the later being seen as “useless as a PowerPoint presentation in cementing the tone at the top”, as one panellist put it.

The weakest link

The risks involved in the ‘embedded technology’ found in everything from medical equipment to construction projects were raised, as was the concept of people being a firm’s weakest link – often through inadvertent mistakes but also through the malicious actions of employees.

The rise of ‘bring your own devices’ (BYODs), working from home and the ‘internet of things’ (that is, the increasing connectivity of everything) were also on the agenda.

It was suggested that the scope of insurance coverage was increasing in this sphere, yet there appeared to be a general reluctance towards buying policies. Insurance in this area was seen by some as “residual risk transfer”, as one panellist referred to it.

The discussion ended with some consideration of the emerging cyber threats risk managers need to start thinking about right now.

This was followed by a networking lunch that saw further discussion of some of the topics raised in the panel discussions.

The Hong Kong risk management clinic was the first in a series of StrategicRISK events, the remainder of which are scheduled to be held across the region in 2015.