Crisis 2030: Are we ready? An interview with Ms Eugenie Molyneux, Chief Risk Officer of Commercial Insurance, Zurich Insurance Group AG. She speaks about crisis management, risk management, incident management, future crisis, have a human and holistic approach to crisis response and crisis preparedness.
What will crisis look like in 2030?
I think it will be an exponential development from where we are today. I think we're beginning to get a taste of what crisis 2030 might look like. I mean, you just look at this month, fires in North America, fires in Australia, floods in Venice, floods in the UK, you know, and actually, in many respects, all of them unusual in timing or scale, you know, a very different world to the world we’ve had in the past, so I think we're getting a taster now, I don't think it represents what 2030 will look like
International Standards in Crisis Management
I actually think it's great that we're working on international standards. I actually think, no, we're not shooting ourselves in the foot. In fact, so often, you see that standards come as a response and well after the fact. So frankly, it's quite nice to get a little bit onto the front foot on something like this. What might happen over time is that they would naturally develop, but you're not starting from zero when you hit 2030. And I think there's a lot of existing frameworks, existing standards that we can leverage. But when you're looking at the cross border aspect of doing that, that will take time to make that cross border element work. You know, it's very easy at the moment to apply a standard or a framework locally or to a specific entity. It's much harder when you've got to get multiple interests aligned. So I think we're going to need the time to get that piece done.
Cross Border Impact in Crisis
I think quite strongly that each part of the community needs to play its role. So governments need to play their role in relation to regulation. And frankly, we'll need to come together cross border, because some of the topics like cyber, like climate change can only be addressed globally. They really can't be addressed just locally. Then the corporate sector needs to do its bit. So we need to be assisting, shall we say, the transition to a low carbon economy, for example, in relation to climate change, you know, looking at the ethical use of AI, for example, in cyberspace. And then last but not least, the consumer, the individual have to do their bit as well. You know, they they have choices to make, are they making climate-wise choices? For example, you know, if all things ccare equal between two companies, and one is, shall we say, better on climate change? One is worse on climate change, are they making that choice? So I do believe that each party needs to play its role, and corporates within that space as well.
Crisis 360: A holistic perspective
Yep. Look, that's a really good question because it all depends. On the scale, if you're talking about an individual risk, you know, that has very few into connectivities. And there are very few of those types of risks around these days. But if you're talking about that kind of risk, that does tend to be easier, it's not to say the response in the risk management assessment would be perfect. It's just to say that it's easier than when you've got multiple interconnections to other risks that you then also have to manage. Also, whether it's local versus global, will make a big difference to that. So if I use as an example, we were talking earlier about bushfires, but I'm going to use that as an example, something like that to buildings and people at risk. It's typically limited to a particular location, and it typically doesn't necessarily go cross border. I mean, I guess we could see fires go cross border between Canada and the US, but largely, it doesn't go across borders. So you then don't tend to have geopolitical issues that come into play or border issues that come into play. So that's easier and frameworks already exist to manage those kinds of events. So in some respects, you'd say that exists today. Cyber, on the other hand, which is truly global. Do we have enough of framework? No, not really. I mean, we've got things like NIST in North America, but is that a global standard? NIST are a cyber security framework that the US came up with. And there are other frameworks out there. But what I would say is, so for us, we would follow one of those standards. We're not following both we basically picked so for us, Zurich, we’ve picked the better one, in our view and we follow that, but we follow that. The small company, you know, the Mom and Pop, you know, store won't be following either of those standards of just mentioned. Yeah. And yet they pose a weakness in the overall cyber security. Because if you can attack through them, then unfortunately, whether it's, you know, hacking attempt or whether it's a virus, whether it's, you know, other forms of cyber security threats, unfortunately, they can permeate through the global system. Yeah. And so that's where you sit and say, well, there's a bit more of a need for a global framework to be applicable to all.
Crisis 360: The Human Factor
One particular thing that I think we often lose sight of, we often talk about the human impact, you know. So that's people at risk. What we probably need to talk a little bit more about in all these frameworks is the human element. So what do I mean by that? I mean, the biases that prevent us from actually developing a good crisis response, or a good risk management mitigation plan. So bias will stop us from seeing the bigger picture. And then similarly, on the other side of the equation, it’s, what is the human response going to be to a particular event that actually can often be quite a cultural response. And we've seen that previously, in reactions to things like the financial crisis, for example, you know, the reactions differed slightly by country because there are sort of cultural norms in there that influence the human behaviour. So that's the element of feeling The frameworks often miss and we need to bring in.