The business landscape has changed drastically over the past two years as the pandemic has accelerated technological advances. According to a McKinsey Global Survey, companies have increased the proportion of digital or digitally enabled products in their portfolios by a whopping seven years since Covid-19 became a global phenomenon. They are embracing emerging technologies in areas such as cloud computing, cybersecurity, artificial intelligence (AI), telemedicine, tools to support decentralized or remote workforces, and robotics.
So far in 2022, the digital economy has only continued to grow. IDC predicts that by the end of this year, 65 percent of global GDP will be digitized, with nearly $7 trillion in investment flowing into the IT sector by 2023.
What does this trend mean for corporate risk and treasury teams? The financial impact of technological risk can be significant. Corporate treasury and risk professionals today must make a concerted effort to understand and prepare for how the new technologies their organizations are adopting should impact their organizational risk management.
Technological advances can open companies to lawsuits
In the case of telemedicine, telecommunications and information technologies are now making it possible to deliver clinical healthcare remotely. Many medical practices have taken advantage of this opportunity during the pandemic to continue operating with less risk to patients and providers.
This approach provided convenience and helped healthcare facilities maintain revenue levels during a difficult time, but it was not without its drawbacks. In Hageseth v. Superior Court, a Colorado psychiatrist who prescribed medication based on a questionnaire rather than assessing the patient’s needs through a meeting with him was sued for medical malpractice. This example shows that while telemedicine is viable, practitioners are also faced with new risks related to misdiagnosis and malpractice. Telemedicine companies also face new regulatory risks and privacy and consent concerns.
Businesses in almost every industry face these types of threats. Take the automotive industry, for example, whose manufacturers continue to introduce self-driving cars. In 2020, an incident involving an Uber self-driving car resulted in the death of a pedestrian. Although Uber was not held criminally responsible for the death, the company reached a legal settlement with the victim’s family.
The Uber incident sheds light on the complexities of liability associated with artificial intelligence. If AI fails to address safety measures in a driverless car, or medical software AI fails to properly diagnose a patient, then who is legally responsible? The courts are still in the early stages of clarifying such questions. However, as AI technology becomes more widespread and integrated into more and more aspects of daily life, there will be an increase in AI-related disputes in the years to come.
Potential dangers and risks in robotics
Using robotics to automate routine tasks—particularly in manufacturing—offers not only cost savings benefits, but also higher quality and more consistent products, increased employee productivity, and reduced labor costs. However, the use of robotics can also introduce a number of new risks.
Like other technological advances, industrial robots can raise concerns about human safety. Another important issue is that mechanical failures can significantly affect operation. According to Erik Brynjolfsson, director of Stanford University’s Digital Economy Lab, experiments in robotics can lead to big mistakes as companies test products and push concepts forward. Boeing, for example, abandoned its costly and ambitious investment in robots for the 777 assembly line and returned to a more traditional production process to improve operational safety. When robots don’t perform as expected, the business can be exposed to myriad risks related to human safety, damaged products, and business interruption.
Cybercrime continues to escalate
No wonder the frequency of cyberattacks nearly doubled between 2019 and 2021, according to a report by Cybersecurity Ventures. Technological advances allowed companies to respond to the pandemic by enabling entire teams to work remotely. This model has obvious advantages and has enabled many companies to survive in the Covid-19 era.
At the same time, the widespread adoption of remote working increased the potential exposure of organizations to cyber threats. Organizations today are primarily exposed to attacks based on human error. Employees can work with sensitive data while on public Wi-Fi, fail to protect their various passwords, forget to back up important data, fall victim to phishing scams, download unauthorized software, or connect to the corporate network with unsecured personal devices . All of these risks may explain why a recent Forrester report found that 74 percent of organizations attribute recent cyberattacks to vulnerabilities in technology created during the pandemic.
How to Harden Corporate Defenses
However, as advances in technology impact organizations across all industries and around the world, many are still unprepared to manage and mitigate the associated risks. A 2021 report by Embroker found that most small and medium-sized businesses are unprepared for the modern risks their businesses are most likely to face.
Throughout 2022, enterprise risk and treasury teams will need to incorporate the impact of new technologies into their enterprise risk assessments. It is helpful to start with the following steps:
- Conduct a technology risk assessment to determine what risks your organization is most likely to face. Calculate both the probability and potential impact of each significant risk.
- Check the company’s insurance policies to determine which of these risks are covered and where the company may be uninsured or underinsured for certain risks.
- Analyze your organization’s security measures in each area. Ensure appropriate procedures are in place to mitigate the technology risks that pose the greatest threat to the organization.
- Implement a disaster recovery and business continuity plan if the organization does not already have one. Conversely, if a disaster recovery plan already exists, review it for required updates.
Going through these four steps for every technological risk your business may face will, at worst, put your business on a better footing. You may find that your organization needs to revise risk mitigation and planning processes for specific types of risk.
You may also find that these activities alone are not enough to protect your business. For example, insurance policies that cover damage caused by cybercrime often have exclusions. You may not pay claims stemming from human error – which can be devastating for organizations since most cyberattacks stem from vulnerabilities created by employee error. Also, the complex and ever-changing nature of technology means even the best plans can fail.
In such cases, companies should consider captive insurance. A report by Aon found that cyber risk coverage in captives has increased by 650 percent over the past five years. A benefit of this approach in the rapidly changing technology landscape is that a company that owns its insurer can provide more comprehensive policies that cover a broader range of technological threats and better ensure claims are paid.
Technology will undoubtedly continue to advance and companies are expected to continue to embrace new and emerging innovations. That means risk management teams will continue to break new ground. But with the right measures, they can minimize the financial impact of technology-related damage.
Randy Sadler began his risk management career as an officer in the US Army, where he was responsible for the training and safety of hundreds of soldiers and more than 150 wheeled and tracked vehicles. He graduated from the US Military Academy at West Point with a degree in international and strategic history. For the past seven years he has served as a director at CIC Services LLC. In this role, Sadler advises business owners, CEOs and CFOs on the formation of proprietary insurance programs.