201608strategicriskaustralia 379683

www.strategic-risk-global.com
> ARE YOU BEING PAID ENOUGH?
> TRANSFORMING TELSTRA
> HOW BROKERS JLT ARE SMASHING
MARSH AND AON’S DUOPOLY
WALLABY PHIL KEARNS’ CHALLENGE
THE SCOTLAND YARD MAN WHO’S ONE
STEP AHEAD OF THE TERRORISTSRisk and corporate governance intelligence

Our Australian risk managers’ survey
is clear. Increased competition and a
failure to innovate have the nation’s
businesses worried p4
YOU CAN
GO YOUR
OWN WAY
2016AUSTRALIA EDITION IUS$25

You know your business inside out. You know your markets, your customers, your competitors. Above all,
you know the risks facing your business. At Swiss Re Corporate Solutions, we have the capabilities and the
financial strength to meet the risk transfer needs of businesses worldwide. But that’s only half the story.
Whether your risk is basic or complex, whether the solution is off-the-shelf or highly customised, we
believe that there’s only one way to arrive at the right solution. And that’s to work together and combine
your experience with our expertise and your strengths with our skills. Long-term relationships bring
long-term benefits. We’re smarter together.
swissre.com/cs
Swiss Re Corporate Solutions offers the above products through carriers that are allowed to operate in the relevant type of insurance or reinsurance in individual jurisdictions.
Availability of products varies by jurisdiction. This communication is not intended as a solicitation to purchase (re)insurance. ©Swiss Re 2016. All rights reserved.
Your
insights
Top-class
protection around
the world
Our
strengths and
expertise

EDITOR
Asia-Pacific
JessicaReid
EXECUTIVE EDITOR
Asia-Pacific
SeanMooney
EDITOR -IN-CHIEF
MikeJones
ASSISTANT EDITOR
Europe
IlonkaOudenampsen
COMMERCIAL DIRECTOR
Asia-Pacific
AdamJordan
HEAD OF SALES
AndyStone
GLOBAL INSIGHTS MANAGER
MarcusLochner
SENIOR DATA ANALYST
FayezShriwardhankar
PUBLISHING MANAGER
TomByford
PUBLISHER
JackGrocott
EXECUTIVE PUBLISHER
Asia-Pacific
WilliamSanders
MANAGING DIRECTOR
TimWhitehouse
email:firstname.surname@nqsm.com
CoverimageShutterstock
ISSN1470-8167
PUBLISHED BY
NewsquestSpecialistMediaLtd
ASIA-PACIFIC OFFICE
3/50CarringtonStreet,Sydney,
NSW2000,Australia
tel:+61(0)282967611
HONG KONG OFFICE
Suite1003,43-55WyndhamStreet,
Central,HongKong
LONDON OFFICE
30CannonStreet,LondonEC4M6YJ
tel:+44(0)2076183456
fax:+44(0)2076183420(editorial)
+44(0)2076183400(advertising)
email:strategic.risk@nqsm.com
Forallsubscriptionenquiriesplease
contact:william.sanders@nqsm.com
PrintedbyWarnersMidlandsPlc
©NewsquestSpecialistMediaLtd2015
AUSTRALIA 2016
COMPLAINTS – WHO TO CONTACT
StrategicRisk adheres to the Editors’ Code of
Practice (which you can find at
www.ipso.co.uk.)
We are regulated by the Independent Press
Standards Organisation. Complaints about
stories should be referred firstly to the
editor-in-chief by email at:
complaints@strategic-risk-global.com or by
post at Mike Jones, Strategic Risk,
30 Cannon Street, London EC4M 6YJ.
Itisessentialthatyouremailorletterisheaded
“Complaint”inthesubjectlineandcontains
thefollowinginformation:
•Yourname,emailaddress,postaladdress
anddaytimetelephonenumber.
•Thenewspapertitleorwebsite,preferablya
copyofthestoryoratleastthedate,page
numberorwebsiteaddressofthearticleand
anyheadline.
•Afullexplanationofyourcomplaintby
referencetotheEditors’Code.
Ifyoudonotprovideanyoftheinformation
abovethismaydelayorpreventusdealing
withyourcomplaint.Yourpersonaldetailswill
onlybeusedforadministrationpurposes.
Ifwecannotreacharesolutionbetweenus
thenyoucancontactIPSObyemailat
complaints@ipso.co.ukorbypostat
IPSO,c/oHaltonHouse,20-23Holborn,
LondonEC1N2JD.
www.strategic-risk-global.com
Talk among Australian
risk managers turns to
two looming – and linked
– potential threats
Storming up
the risk list
T
he Australian risk management
and insurance industry is more
dynamic than many assume.
Take our annual risk survey as
an example.
Last year cyber, reputation and
the economy topped the list of worries most
likely to keep Australian risk managers awake
at night. This year, the economy is still a key
concern, but failure to innovate and increased
competition are also causing sleepless nights
(see page 4).
The two risks go hand in hand: fail to innovate
and keep ahead of the curve in today’s fast-
paced world of start-ups and disruptors and
you’ll find yourself quickly left behind as more
nimble competitors take your place.
Perhaps the survey results are also a sign of
progress when it comes to the risk management
role, illustrating a shift in focus from operational
risks to more strategic ones.
Risk managers that I speak to are increasingly
being asked to help their boards and executive
teams navigate this growing threat of failing
to innovate and to scan the horizon for
emerging threats.
Failure to innovate was also something that
came up a lot in my interview with Telstra chief
risk officer Kate Hughes (see page 22).
It’s one of the top strategic risks on the
company’s radar as it transitions from a
traditional Australian telecommunications
company into a global technology firm.
Kate is intrinsically embedded in helping the
business navigate this period of massive change
and sees the risk management function as
crucial to its success or failure.
She’s one of the most forward-thinking
risk managers I’ve spoken to and a wonderful
advocate for the profession.
I hope you enjoy this first ever Australian issue
of StrategicRISK. If you have any feedback, I’d
love to hear it.
EMAIL jessica.reid@nqsm.com
This year we’ve taken the results
of our Australian risk management
survey online, and created an
interactive version of the graph
you’ll see on page 5 of this issue.
Visit www.strategic-risk-global.com/
AustraliaTopRisks and have a play.
You can isolate specific groups of
risks that are relevant to your
business or sector, and see all
35 risks’ year-on-year movement.
HAVE A CHART
www.strategic-risk-global.com 2016 AUSTRALIA EDITION StrategicRISK 1
LEADER

All part of the job
AUSTRALIA’S TOP FIVE RISKS
StrategicRISK surveyed Australia risk managers
to name their current risk priorities (see page 4).
Below are the top risks cited and key reasons
they rated so highly.
1
INCREASED COMPETITION
“In the insurance industry I believe there’s
a level of control over competition, when
you’re competing in areas where you believe you
have the expertise... That’s why specialisation
is so important for us and we’ve got to remain
looking for areas where the competition isn’t
as high,” said John French, president of Chubb
Australia New Zealand.
2
ECONOMIC CONDITIONS
The overall risk rating for economic
conditions, as rated by Australian risk
managers, has remained unchanged for the past
two years with a score of 3.16 out of five. It was
bumped off the top spot only because of the
rapid rise of ‘increased competition’.
3
FAILURE TO INNOVATE
“If your rate of transformation is slower
than the industry that you are in, you are
in real trouble, you are on borrowed time. Risk
professionals have a real role to play in dealing
with this,” said Marco Ciobo, managing director
and leader of the Technology Strategy practice
(ANZ) at Accenture Strategy.
4
TARGETED CYBER ATTACK
“[Cyber] is such an incredibly difficult area
to understand and there’s new attacks and
new ways of attacking coming out every single
day. The key is the resilience behind it: how do you
accept that you’re going to be attacked and put
something in place to enable you to cope?” said
Giles Crowley, Zurich’s executive general manager,
global corporate, Australia and New Zealand.
5
POLITICAL RISK
With Brexit, the Australian Federal elections
and the US elections dominating headlines,
it’s a wonder this risk isn’t higher. “A change of
government will inadvertently lead to changes
in regulations, bureaucracy and, to some extent,
how the financial system will be managed,” one
Australian-based risk manager said.
7%The drop in QBE’s share price
after the insurance giant said it
may have to revise its approach
to business in Europe following
the Brexit vote
353The number of man-made and
natural catastrophes globally
in 2015, according to a report
from Swiss Re
16The number of awards up for grabs
at the new StrategicRISK Asia-
Pacific Risk and Insurance Awards,
being held in Singapore next May
£21.6mThe Australian arm of global
broking giant JLT contributed
£21.6m in underlying trading profit
to the group’s result for the first
six months of this year
5The number of partners in Zurich
Australia’s new DigitalResolve
solution, which helps firms recover
from a cyber attack. They are
Crawford Company, Control Risks,
Norton Rose Fulbright, Fleishman
Hillard and Mandiant/FireEye.
IN NUMBERS
News, events and numerical data from
Australia’s risk and insurance world
“AS A RISK
MANAGER,
YOU’VE GOT TO BE
REALLY GOOD AT
UNDERSTANDING
YOUR
STAKEHOLDERS
AND BUILDING
RELATIONSHIPS.
IF WE ARE NOT
ENHANCING HOW
BUSINESS LEADERS
CAN MAKE A
DECISION THEN
I DON’T SEE ANY
VALUE FOR RISK
MANAGEMENT.”
John Holland group
general manager, risk
management
Bronwyn Friday
2 StrategicRISK 2016 AUSTRALIA EDITION www.strategic-risk-global.com
NEWS AND ANALYSIS

WHO, WHAT, WHERE
Meetings and developments
worth noting
SYDNEY
A weekend of wild
weather in June saw the
east coast of Australia
battered by severe
winds, record rainfalls
and surging king tides.
Waves ripped parts of
the coast into the sea
and left beachfront
properties in Sydney
teetering on the edge
of an eroded coastline.
During the deluge, more
than 300 flood rescues
were carried out. In the
aftermath, more than
30,000 insurance claims,
worth a combined
$235m, were lodged.
MELBOURNE
Australian risk and insurance professionals will
gather in Melbourne on 22-23 August for the
country’s annual RIMS conference. Held at The
Crown, the two-day event features an impressive
line-up of speakers. For previews of some of the
highlights, turn to page 16
BRISBANE
More than 2,000 risk and insurance
professionals converged on the
Brisbane Convention Exhibition
Centre in April for the annual three-
day Steadfast Convention. The 2016
event marked 20 years since the broker
network organisation was formed.
Source:Marsh’sCreditPoliticalRiskPractice
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
$2.5
$2.0
$1.5
$1.0
$0.5
$0.77 $0.78 $0.79
$0.83
$0.88
$1.1
$1.2
$1.3 $1.3
$1.4
$1.7
$2.2
$2.4
RISING DEMAND FOR POLITICAL INSURANCE
Political risk insurance market capacity, 2000-2015 ($bn)

Political risk, failure to innovate and increased
competition were the biggest movers in this year’s
Australian risk management survey. The three risks have
increased markedly since the 2015 StrategicRISK survey
of Australian corporate risk and insurance managers,
and all appear in this year’s top 10 (see table below).
The risk of increased competition, which ranked
fifth in 2015, topped the poll. Coming in second was
economic conditions, last year’s premier risk; while
failure to innovate shot from ninth place to third.
XL Catlin Australia boss Robin Johnson said these
three, and targeted cyber attack in fourth place,
were linked. He said low interest rates had enabled
businesses in almost all sectors to build out capacity.
“You’ve effectively seen supply increase in pretty
much every industry. But demand has been much
slower to increase. It’s stubbornly resistant to stimulus...
You’ve got supply growing faster than demand and, as
a result, competition is becoming more intense and
technology is exacerbating this dynamic.”
Innovators and disrupters are adding to the
competitive dynamic. “People talk about Uber
and Airbnb, but they’re just the poster childs for
innovation. I think in most industries the disruption
that we’re seeing has been much longer coming,”
Johnson said. “I think it’s an irrefutable fact that as
Competition, politics and lagging behind the times
pose a growing challenge. Are they connected?
Australian risk managers
rate their prime concerns
SURVEY
companies become more reliant on technology,
then technology risks become more important.”
RIMS Australasia board member and risk
manager Cathy Murray agreed that some of the
top 10 were closely linked. “The number-one
risk of increased competition is quite interesting,
particularly because some of the other top risks
identified can influence the level of market
competition,” she said. “Failure to innovate
should also be high [on any risk register] because
if you’re not changing and looking at what your
competitors are doing, communicating with your
customers and looking at what you can do better,
you’re not going to be a sustainable business.”
BPAY group risk manager Francesca Dickson
said the results were likely due to the pace of
change and the speed of innovation facing
companies: “A lot of these developments,
particularly in the digital and IT space, have been
happening for quite a few years but I think there’s
been a lot more awareness in the last year or two.”
She said ‘increased competition’ topping the
list could be down to a shift in risk managers’ roles:
“As risk management in general moves from more
operational risks to strategic risks, we are starting
to look more at competition.”
METHODOLOGY
Respondents were asked
to rate 35 different risks by
the likelihood of each one
occurring in the next 12
months and the estimated
financial impact this would
have on their business. They
were asked to rate each risk
event by both likelihood and
financial impact on a scale of
1-5 (1 being very low, 2 being
low, 3 being medium, 4 being
high and 5 being very high).
To plot the scatter graph,
the average likelihood and
financial impact score was
calculated for each risk and
plotted along the x-axis and
y-axis, respectively. The
scatter graph also displays
the average likelihood and
financial impact scores
across all risks.
To identify the risks
of highest concern (that
is, those most likely
to occur and with the
highest financial impact),
a combined average score
was calculated for both
likelihood and financial
impact for each risk and
ranked in order of size. The
higher the score, the more
likely a risk is to occur and
have a high financial impact.
Risk Overall Movement
on 2015
1 Increased competition 3.18 (5)
2 Economic conditions 3.16 (1)
3 Failure to innovate 3.10 (9)
4
Targeted cyber attack
(internal and external)
3.07 (2)
5 Political risk 3.05 (12)
6
Damage to company
reputation/brand
3.01 (3)
7 Contractual risk 2.86 (4)
8
Attracting and retaining
talented workforce
2.85 (11)
9 Failure of critical IT systems 2.81 (6)
10
Tightening and changing
regulation
2.78 (7)
TOP 10 RISKS – OVERALL
Risk Likelihood
1 Increased competition 3.09
2 Economic conditions 3.09
3 Political risk 3.02
4
2.98
5
Attracting and retaining
talented workforce
2.91
6 Failure to innovate 2.85
7 Contractual risk 2.74
8
Tightening and changing
regulation
2.68
9 Failure of critical IT systems 2.49
10 Supply chain risk 2.47
TOP 10 RISKS – MOST LIKELY TO OCCUR TOP 10 RISKS – FINANCIAL IMPACT
Risk Likelihood
1
Damage to company
reputation/brand
3.54
2 Failure to innovate 3.35
3 Increased competition 3.27
4 Economic conditions 3.23
5
3.17
6 Failure of critical IT systems 3.13
7 Political risk 3.09
8 Contractual risk 2.98
9 Terrorist attack 2.96
10 Natural catastrophe 2.96

Socioeconomic
• Economic conditions
• Political risk
• Pandemic
• Terrorist attack
• Social unrest
• Piracy
Environmental
• Natural catastrophe
• Water shortages
• Environmental risk
• Man-made disaster
• Climate change
Technology
• Targeted cyber attack
• Failure of critical IT systems
• Non malicious loss of
critical/customer data
Operational
• Attracting and retaining talented
workforce
• Ageing workforce
• Injury to workers
• Fire or damage to property
• Supply chain disruption
• Product defect/recall
• Strikes/industrial relations
Business and strategic
• Increased competition
• Damage to company
reputation/brand
• MA
• Failure to innovate
• Theft/protection of IP
Governance
• Tightening and changing regulation
• Fraud and corruption
• DO liability
• Neglect of social responsibility
Financial
• Price of materials/commodities
• Currency fluctuation/FX risk
• Contractual risk
• Interest rate risk
• Availability of credit
Question: Rate the likelihood and financial impact of the following risks on your business in the next 12 months. Respondents were asked to rate each risk by likelihood and financial
impact on a scale of 1-5 (1 being very low, 2 being low, 3 being medium, 4 being high and 5 being very high). Risks were grouped into seven categories: social-economic; business
strategy; governance; financial; technology; operational and environment (see below).
RISKS BY LIKELIHOOD AND FINANCIAL IMPACT: 2016
Average
Average
Financialimpact
3.5
Likelihood
3
2.5
2
1.5 2.0 2.5 3.0 3.5
Environmental risk
PiracyWater shortages
Product defect/recall
Fraud and corruption
DO
Supply chain disruption
Man-made disaster
Fire or damage to property
Terrorist attack
Economic conditions
Price of materials/
commodities
Currency/FX risk
Interest rate risk
Theft/protection of IP
Strikes/industrial relations
Political risk
Cyber attack
Increased competition
Tightening changing regulation
Attracting/retaining talent
Damage to company reputation/brand
MA
Social unrest
Nat cats
Failure of critical IT systems
Non-malicious loss of critical/customer data
Contractual risk
Pandemic
Failure to innovate
Climate change
Availability of credit
Ageing workforce
Injury to workers
Neglect of social responsibility
Plot area
1 2 3 4 5 6
6
5
4
3
2
1
Socioeconomic
• Political risk
• Pandemic
• Social unrest
• Piracy
Environmental
• Water shortages
• Climate change
Technology
• Failure of critical IT systems
• Non malicious loss of
Operational
• Attracting and retaining talented
workforce
• Fire or damage to property
reputation/brand
• MA
Governance
• Tightening and changing regulation
• DO liability
• Neglect of social responsibility
Financial
• Price of materials/commodities
• Currency fluctuation/FX risk
strategy; governance; financial; technology; operational and environment (see below).
BIG MOVERS: 2016 VS. 2015
Average
Average
Financialimpact
3.5
Likelihood
3
2.5
2
1.5 2.0 2.5 3.0 3.5
Political risk
Increased competition
Attracting/retaining talent
Failure to innovate
Availability of credit
Plot area
▲
▲ ▲
▲
▲
1 2 3 4 5 6
6
5
4
3
2
1
RISKS BY LIKELIHOOD AND FINANCIAL IMPACT: 2016
strategy; governance; financial; technology; operational; and environmental (see below).
Socioeconomic
• Political risk
• Pandemic
• Social unrest
• Piracy
Environmental
• Water shortages
• Climate change
Technology
• Failure of critical IT
systems
• Non-malicious loss of
Operational
• Attracting and retaining
talented workforce
• Fire or damage to
property
reputation/brand
• MA
Governance
• Tightening and changing
regulation
• DO liability
• Neglect of social
responsibility
Financial
• Price of materials/
commodities
• Currency fluctuation
/FX risk
BIG MOVERS: 2016 vs 2015
Likelihood
TO VIEW an interactive version of these graphs, visit www.strategic-risk-global.com

Are you being
paid enough?
If you’re a head of risk management or insurance in
Australia and being paid less than $214,000 a year, it
might be time to talk to your boss about a pay rise.
This was the average salary for ‘heads of’ risk
professionals in the country, according to the
StrategicRISK Australia 2016 risk management survey.
The average salary for risk managers was lower, at
$165,625 a year.
At the other end of the scale, all chief risk officers
(CRO) in Australia who responded to the survey
reported earning more than $250,000 a year. This is
in stark contrast to the average CRO salary across
the Asia-Pacific region as a whole, where only 56%
reported an annual take-home pay of more than
$250,000, according to the 2015 Asia Risk Report.
But Australian risk professionals looking for a pay
rise in the next 12 months might find themselves
disappointed.
Recruiters that StrategicRISK spoke to said they
didn’t expect risk salaries to increase by much in the
next year.
According to Hays research, most employers
(56%) in the financial services sector are expecting
to increase salaries by less than 3% in the year to
come. A further 12% have no plans to offer any
increase whatsoever.
“Salaries within the risk space as a whole have
reflected that,” says Hays business director Carl
Piesse. “A lot of organisations are still very cost-
conscious at the moment and they’re doing a lot more
around additional benefits, such as flexible working
environments.
“That’s becoming more important to candidates
as well, and that’s a big appeal for a lot of the large
organisations.”
Compliance and Risk Management Recruitment’s
associate director, David Bakes, says the salaries for
some risk roles could even go backwards, reflecting an
oversupply of candidates.
But in certain sectors, the demand – not to
mention remuneration – for quality risk professionals
is on the increase. These include superannuation
“SOMEONE WITH
A STRONG CYBER
SECURITY RISK
BACKGROUND
IS THE TYPE OF
CANDIDATE THAT
WILL BE ABLE
TO DEMAND
SIGNIFICANT PAY
INCREASES”
Hays business director
Carl Piesse
StrategicRISK’s survey lifts the lid on
what the country’s risk professionals
are earning and examines the likelihood
of a decent pay rise in the year ahead
and the wealth sector, financial crime, IT, cyber risk
and security.
“There’s a big push in the market for candidates
[in these sectors] and all of this tends to raise salaries
even more,” Bakes says.
Piesse agrees: “Someone with a strong cyber
security risk background is the type of candidate that
will be able to demand significant pay increases.”
That’s not to say that salaries for risk professionals
outside of those industries are set in stone, however.
“The top 20% of candidates will always defy the
medium and they will always command a premium in
any market,” Bakes says.
So, what are hiring managers looking for in today’s
risk professionals?
“Interpersonal skills and a sense of humour,”
says Bakes.
“Risk and compliance frameworks have, in most
companies, been developed and built. We’re at a
stage now in the market where companies are trying
to take that framework out through the business
SURVEY

and they’re looking for candidates that can actually
explain that to the business in simple English. So
a relationship-management skillset is starting to
become very important.
“The new risk managers will need to be change
agents – they’re influencers of change in the
organisation, be it a change in process, change in
attitude, or change in culture,” he says.
THE NEXT MOVE
Both recruiters said many of their candidates today
tend to focus on the short-term benefits of a new role
and go for the money.
Instead, Bakes recommends candidates look more
holistically at a job offer and ask how it would help
them achieve their long-term career goals.
He recommends candidates consider who their
manager would be, the skills they would gain from
the role, the work-life balance of the organisation,
and if the risk function operates in a collegiate or
dysfunctional way.
“THE NEW RISK
MANAGERS WILL
NEED TO BE
CHANGE AGENTS”
Compliance and Risk
Management Recruitment
associate director
David Bakes
“Also consider what the brand image is in the
market and what that could do for your career in
the future,” he says.
The positive side to all of this is that opportunities
for risk managers are more abundant than ever.
Piesse says: “If you go back a few years, risk wasn’t
necessarily seen as a career that you wanted to get
into – it was something that you fell into. Whereas
now it’s very much a career path and there’s a lot
more opportunities opening up.”
And if you do want to have that conversation with
your manager about how much you’re taking home,
make sure you go in prepared.
Piesse says: “You need to have a clear
understanding of what the expectations on you in
the role are and what the deliverables are, and then
you’ve got to be able to demonstrate that you are
achieving those and adding value to the bigger team
around you.
“You have to be prepared to have a very frank and
open conversation with your manager.”
ANOTHER DAY, ANOTHER DOLLAR
I would rather
not provide this
information
Risk, insurance
or audit manager
Head of risk,
insurance or audit
Chief risk
officer
$100-150K
$150-200K$200-250K
$250K +
What is your annual salary (Australian $).
Please note all responses are strictly anonymous
Average salary by role
$100,000
0 50 100 150 200 250
$165,625
$214,130
$250,000+

Widespread gloom
over cyber defences
In the StrategicRISK Australian survey, risk managers
were asked to rate their companies’ resilience to
a selection of 35 risks. Bottom of the list – in the
unenviable spot of ‘least resilient’ – was targeted
cyber attack.
In other words, risk managers feel less prepared
and able to mitigate and manage a cyber attack
than they do a pandemic or a terrorist attack, which
ranked 31st and 32nd respectively.
These results surprised RIMS Australasia board
member and former chief risk officer for Scentre
Group, Eamonn Cunningham. “I would’ve thought
that most organisations would be much more
resilient to a targeted cyber attack than they would
to a broad-based pandemic situation, and if they’re
not, they certainly should be,” he said.
“To some extent that correlates with the low take-
up thus far of cyber insurance,” he added.
But XL Catlin Australia boss Robin Johnson said
cyber’s lowly position showed that companies
were finally taking the risk seriously. “That’s quite
reassuring in a strange way because if you talked
to clients at board level several years ago, or
even a couple of years ago, they would not have
understood how open they were to cyber attacks.
“Risk managers were being told that it wasn’t
really their area, that it was IT that should be
responsible for it. The fact that it’s now being much
more actively managed by the risk department
is extremely positive. It’s a boardroom issue now
and directors are ensuring that they ask the right
questions to get a handle on how they deal with it.”
According to The Cranfield School of
Management, resilient companies have “exceptional
radars that help the organisation consider risks in
aggregate, collate different types of information and
respond effectively in a controlled and considered
manner”. Using this definition, Australian risk
managers feel most resilient about their corporate
social responsibility programme.
Coming close behind in the resilience list were
product defect/recall, injury to workers, fire or
damage to property and directors’ liability. Each of
these risks is typically covered by insurance.
“THAT’S QUITE
REASSURING IN
A STRANGE WAY
BECAUSE IF YOU
TALKED TO CLIENTS
AT BOARD LEVEL
FIVE YEARS AGO,
THEY WOULD NOT
HAVE UNDERSTOOD
HOW OPEN THEY
WERE TO CYBER
ATTACKS”
XL Catlin Australia boss
Robin Johnson
Australian risk managers feel less
resilient to a targeted cyber attack than
to a pandemic or terrorist outrage
The full results
of the Australian
risk management
survey will appear
in the Asia Risk
Report, out in
December 2016
FEEL CONFIDENT?
Neglect of corporate social
responsibility
3.93
Product defect/recall 3.91
Injury to workers 3.89
Fire or damage to property 3.87
Executive/directors liability 3.84
MOST RESILIENT
(SCORE OUT OF FIVE)
Targeted cyber attack (internal and
external)
2.87
Failure to innovate 3.09
Non malicious loss of critical/
customer data
3.18
Terrorist attack 3.22
Pandemic 3.23
LEAST RESILIENT
SURVEY

Companies don’t peer
too far into the future
“THINGS MOVE SO
QUICKLY... IN TERMS
OF RISK, I THINK
THREE YEARS IS
CORRECT”
BPAY group risk manager
Francesca Dickson
Emerging risks are a vital issue, but few
risk professionals are expected to look
more than three or four years ahead
HOW MANY YEARS IN THE FUTURE DO
YOU LOOK (FOR EMERGING RISKS)?
Most Australian risk managers are asked to look at
emerging risks for their senior management, but few
look further than three years out.
Some 83% of respondents to the StrategicRISK
Australia risk management survey said reporting
emerging risks was part of their remit. But when
asked how many years into the future they were
required to look, 78% chose four years or less. A hefty
36% chose three years (see table, below).
Berkshire Hathaway Specialty Insurance (BHSI)
Australasia president Chris Colahan wasn’t surprised.
“There’s no doubt that the focus [for emerging risks]
is going to be aligned to the financial timetable
that an organisation manages itself to,” he said. “It’s
very rare that you’d find an organisation that has
investors and stakeholder groups that are interested
in any more than a three-year time horizon.”
BPAY risk manager Francesca Dickson agreed.
“Things move so quickly,” she said. “That’s not to say
that companies can’t have longer-term plans if they
think it’s relevant, but in terms of risk, I think [three
years] is correct.”
In a recent report, Swiss Re group chief risk
officer Patrick Raaflaub said: “Risk management is
not just about managing risks in the present. It is
about anticipating future ones.” The insurer, which
identified 21 new emerging risks, said that in the next
three years, those likely to have the greatest impact
on business are the emerging market crisis and the
“great monetary experiment”.
Beyond this, the report suggested internet
fragmentation could have the most severe impact.
It noted: “International negotiations are currently
under way to agree on how the internet should be
governed, but no consensus or international treaty
has emerged yet. While the debate is still under way,
there is a chance that disconnected national and
regional nets will become more common.”
BHSI’s Colahan said the insurance industry had
an opportunity to deliver more long-term solutions
for emerging risks: “If there was a greater supply
of long-term risk transfer solutions, there might
be more demand. The longest policy period we’ve
written since we came into the market is 21 years.”
Aussie risk managers tell StrategicRISK
how insurers and brokers can stay
relevant to them
“Get creative! Ultimately, it is
about balance sheet risk; so
forget the silos and start to
partner with clients.”
“Move away from the renewal
cycle to a regular interaction
and constantly deepening
relationship.”
“Keep in touch with
corporations to understand
exactly what their needs are, to
tailor insurance accordingly.”
“Hold scenario workshops.”
“Start from a sustainability
mindset – tailor a risk
programme to ensure
sustainability over a long term.”
“Think holistically – not a
single-line product push.”
WHAT THEY SAID
One year
Two years
Three years
Four years
Five years
Seven years
10 years More than
10 years
8%
17%
36%
17%
8%
0%
6% 8%

WE ARE
GLOBAL.
WE DESIGN SOLUTIONS FOR YOUR
LOCAL AND GLOBAL CLIENTS
HDI has both the global capability and local expertise to provide flexible,
tailored insurance solutions for your local and international corporate clients.
Contact one of our underwriting experts in Property, Casualty, Engineering,
Marine Cargo, Directors and Officers, Kidnap, Ransom Extortion and
Contaminated Products Insurance to find out more.
www.hdi.global

XL Catlin has its sights set on
growing its footprint in the Australian
marketplace.
The insurer’s country boss Robin
Johnson told StrategicRISK that the
group “certainly sees Australia as a
market where we’d like to expand”.
“We have a very small market share
in Australia and it’s an attractive
market,” Johnson said.
“We’ve been successful because
we’ve spent a lot of time with clients
developing solutions that are bespoke
to them and they like that.
“It is a different approach.”
StrategicRISK understands that the
insurer has won some major property
and casualty accounts recently
including Aristocrat, Dexus and Mirvac.
It has also hired a number of new
staff. In January, the insurer launched
a new office in Brisbane, with Jayson
Symonds the latest hire in the office,
heading up the city’s financial lines
business. Symonds previously led
national financial lines at Dual, where
he also established corporate risk and
financial institutions teams.
The insurer is also looking to grow
its accident and health (AH) business
globally. In May, it appointed Patrick
Corbett to lead the book of business.
Corbett’s first hire was in Australia,
with Nicole Yates being appointed the
country’s head of AH in July.
Johnson also said that there were
new products in the pipeline.
“Globally we’ve launched a first-
of-its-kind insurance policy for Bitcoin
theft and that’s something we’re
going to look to bring to Australia,”
he explained.
XL Catlin spies growth opportunities
BHSI’s expansion
steps up a gear
Berkshire Hathaway Specialty Insurance (BHSI) has
continued its aggressive expansion in Australasia,
launching a suite of new products and making a series
of key staff hires.
In July, it announced a number of new accident
and health (AH) insurance products and a cyber
insurance product to offer its growing customer base.
Launched in February 2015, the insurer now has
60 staff across four offices: in Sydney, Melbourne and
Brisbane in Australia, and Auckland, New Zealand.
“We’ve opened more offices and hired more people
than we intended,” BHSI Australasia president Chris
Colahan told StrategicRISK.
The new AH line includes: corporate travel
insurance, group personal accident insurance,
expatriate insurance, inpatriate insurance, journey
insurance and voluntary workers insurance.
As a key selling point, the latest product launches
include partnerships with external specialists as
part of their offering. For it’s AH products BHSI
has contracted emergency management company
Dynamiq to provide emergency travel, medical and
security assistance services and access to concierge
services “that help employees address emergencies
they face while traveling or that impact their home or
family while they are away”.
For its cyber product, BHSI has partnered with IT
security company Symantec. “We’ll use [Symantec]
for education with our customers about what their
cyber risks are … for proactive risk management
and for emergency response,” Colahan said. “We’ve
spent a lot of time talking to brokers and customers
about what they want [in a cyber insurance product]
and I’d say with our combined product and service
offering we are bringing something that’s different and
hopefully useful and meaningful to our customers.”
The product also includes legal and public
relations support for companies that need to respond
to a cyber breach. Colahan added: “Cyber’s on most
customers’ minds. It’s a relatively small part of the
overall insurance market, and it will be relatively small
for a long time, but it’s important to customers.”
To support its increased products, the insurer has
hired Daniel Kenny as head of accident and health
and Shaun Higgerson as senior underwriter, accident
and health.
Kenny joined BHSI with more than 20 years’
experience in the industry and was previously national
manager, broker market, accident and health at
Chubb. Higgerson also joined BHSI from Chubb, where
he was most recently senior development underwriter.
The insurer invested in more offices and
staff than planned, says country boss
INSURANCE NEWS

J
LT’s ebullient, outspoken chief executive,
Dominic Burke, has repeatedly maintained
that his company is taking market share
from rivals Aon, Marsh and Willis. In Australia,
certainly, all the signs are that this is more
than just boasting.
Five years ago, the country’s corporate broking
landscape was dominated by Marsh and Aon. Fast-
forward to today, however, and JLT has well and truly
shaken up the duopoly, representing 13 of the top 50
companies on the Australian stock exchange.
But this wasn’t always the case.
The JLT of Australia today is vastly different from
what it was a few years ago, according to the country’s
chief executive, Leo Demer, and deputy chief executive
Nick Harris.
The British broker has had a presence in Australia
for nearly 40 years but, by Demer’s own admission,
was not “recognised as a real player in the high-end
corporate” space.
That changed in 2012 when it established a new
national placement division, its goal being to boost
the broker’s corporate book of business.
Hiring former Aon stalwarts Bob Mann and David
Stanborough – regarded by many as two of the
country’s top placement brokers – was key.
Mann is now chairman of the specialty and
national placement divisions and Stanborough is the
latter’s managing director.
The pair have been key in securing some of
JLT’s largest corporate wins, including GrainCorp,
one of Australia’s largest agribusinesses; leading
international law firm King Wood Mallesons; and
Australian real estate group Mirvac.
Other heavyweight clients include Caltex,
Wesfarmers, Visy, CIMIC and Aristocrat.
The firm was also invited to tender recently –
unsuccessfully, as it turned out – for the Rio Tinto
account. “Five years ago they would’ve said: ‘Who the
hell’s JLT’?’” notes Demer. “But things have changed.”
Insurers that StrategicRISK spoke to were vocal
about the rise of JLT in the corporate space.
Five years ago, Britain’s JLT was a
relatively small player in Australia. Now it’s
challenging the status quo, beating giants
Aon and Marsh to high-profile contracts
The brokers who
broke the mould
Stefan Feldmann, managing director at HDI Global
ASEAN Australasia, said: “For many years, the
broker of choice for large corporate clients has been
dominated by Aon and Marsh. JLT are now truly on
the map as a credible alternative for both clients and
insurers alike.
“My perception is that JLT were not invited to
tender for many corporate accounts, [but] that has
changed completely. Nowadays you wouldn’t leave
JLT off your request for tenders. It has introduced
more competitive dynamics in the marketplace, which
can only be a benefit for our clients in the long term.”
Chris Colahan, president of Berkshire Hathaway
Specialty Insurance Australasia, agreed.
He said: “We talk a lot as an industry about a
tripartite working relationship and how that ultimately
leads to the best outcomes for customers.
“I really do see Bob and his crew as being a
benchmark for that commitment to, and consistency
with, a tripartite approach.”
Mann’s client relationships were “extraordinary”,
Colahan added.
“Following the arrival of Bob, there has been a
concerted effort to target and win large corporate
accounts. They have been very successful and, in my
opinion, this is down to the strong relationships they
have had with a number of these clients in past years.
“Additionally, and very importantly, is how they
have selected talent from their competitors at all
levels, matching the needs of the clients they are
targeting.”
ORGANIC GROWTH
The financials are also impressive.
Last year, the country’s organic revenues grew by
6%. This good run stumbled in the first half of 2016,
however, when it reported organic growth of just 1%.
This was put down to the significant decline in the
region’s insurance rates.
Company reports over the past four years show a
largely steady contribution from Australia and New
Zealand’s risk and insurance businesses of about 12%
to overall group revenues, and underlying trading
profits that have wavered between £32m (AU$56m)
and £36m.
The real story, however, is the growth in the
region’s employee benefits (EB) businesses.
The division reported organic revenue growth of
18% and total revenues of £20.3m last year. Just three
years ago, they were £5.1m.
This impressive growth is largely attributable to
“THERE’S A WHOLE
HEAP OF PEOPLE
OUTSIDE WAITING
FOR YOU TO FAIL
AND WAITING FOR
YOU TO DROP THE
BALL SOMEHOW”
Chief executive,
JLT Australia
Leo Demer
INSURANCE NEWS

the broker’s focus on the return-to-work sector, and
its recent acquisitions of rehabilitation providers
Recovre and Alpha. The combined group is now one
of the largest rehabilitation groups in the country,
processing about 120,000 cases a year.
“The real aspect of that is not just the rehab,” says
Harris. “It’s about the amount of information and
data that we now have about what’s going on in the
market. We can go to clients and say, ‘Here’s what
happening now, here’s a glimpse of the future, this is
how you address the issues and here are the products
we can bespoke and build for you.’”
For example, the data showed a lot of stress-
related illnesses among lawyers, so the broker went
to market with a bespoke product to address that risk.
This has been picked up by some of the largest law
firms in Australia.
People risk as a whole is something that the broker
is looking to focus on.
“We’re trying to fill that gap and we’re linking all
aspects of people risk together, so whether it be a
workers’ comp risk, or an income protection risk, or a
healthcare risk, or an absentee risk, it’s all the same
thing,” says Harris.
“So we’re going to focus on that and we’ll definitely
be looking to grow that.”
More acquisitions may also be on the cards. In
Australia, says Demer, the firm is always talking to at
least half a dozen organisations.
“For us, culture is really important. We have
done some deals despite the culture and we learned
that that’s not the way to do it,” he adds.
“You find out during the negotiation process
whether it’s going to fit.”
GOOD NEIGHBOURS
All of the growth means that the team has outgrown
its office space and will be moving to level 38 at
Sydney’s Grosvenor Place early in the new year.
One of their new neighbours will be Chubb,
which is also moving into the building – on levels
36 and 37.
The insurer’s Australia and New Zealand president,
John French, says he’s looking forward to being in the
same building as the broker, which he describes as
“aggressive” and “professional”.
“They’ve got some highly innovative thinkers
within their management group, extremely passionate
about who they work for and the future of the
company, and they have been really successful in the
implementation of their strategy,” says French.
“The proof’s in the pudding – their numbers are
quite impressive.”
For their part, Harris and Demer are somewhat
wary of how the market has perceived JLT’s rise.
Demer says: “There’s a danger of perception there
– you change your business model, you bought in all
of the best people – there’s a whole heap of people
outside waiting for you to fail and waiting for you to
drop the ball somehow.
“So it’s really important that we just continue to
deliver all the things that we said we would do.”
And in today’s market, there’ll be no shortage of
brokers ready to pick up the ball if they do.
“WE’RE LINKING
ALL ASPECTS
OF PEOPLE RISK
TOGETHER, SO
WHETHER IT BE
A WORKERS’
COMP RISK,
OR AN INCOME
PROTECTION RISK,
OR A HEALTHCARE
RISK, OR AN
ABSENTEE RISK,
IT’S ALL THE
SAME THING”
Deputy chief executive,
JLT Australia
Nick Harris
Recent JLT Australia wins from Aon and Marsh include:
BIG HITTERS
Victoria and South
Australia Power Networks
Aristocrat
GrainCorp
Qube Logistics
RCR Tomlinson
Beech Energy
Mirvac
Vic Water Boards
JLT’S TURNOVER BY
LOCATION OF CLIENT
Source: Jardine Lloyd Thompson Group plc Annual Report 2015
Turnover = Revenue excluding investment income
UK
Americas
Asia
Australia
New
Zealand
Europe
Rest of the
World
32%
£1.16bn
29%
15%
12%
8%
4%

ACE and Chubb merger
nearly complete
The co-location of insurers ACE and Chubb in
Australia and New Zealand will be complete by the
end of November, according to country president
John French.
The ACE name disappeared in January after the
company completed its $28.3bn acquisition of Chubb.
Around the world, new regional presidents have
been working on the integration of the global property
and casualty insurers. In Australia, the co-location
is complete in Melbourne and Brisbane, with Perth
following suit by the end of August. The Auckland and
Adelaide offices will be refurbished but with no legacy
Chubb offices, there were no teams to co-locate.
The co-location in Sydney, the insurer’s regional
headquarters, is more extensive. Three offices will
merge into two by the end of November, with one-
third of the workforce moving to a new office at
Grosvenor Place in the CBD. The remaining staff will
move to a new office in North Sydney.
“Almost all functionalities will be split, so you’ll
have representations from legal, finance, claims,
actuarial etc in both offices,” French told StrategicRISK.
“It’s going to be an absolute priority for me to make
sure that interactivity happens [between the two].”
He said employees were told in February about the
new roles and structure in Australia and New Zealand,
which took effect under one management on 1 April.
He would not comment on the specific number of
redundancies, saying only that it was “very small”.
“I’ve been surprised at how well the team have
integrated and blended. We’re working well together
as a unit now, instead of a legacy Chubb team versus
legacy ACE team.”
French said the next 12 months’ focus is on
product harmonisation and “getting the best of both
worlds”. He added: “It’s been an interesting exercise
integrating two companies of the size and complexity
and of this quality. They’re both organisations with
highly disciplined underwriting companies.
“From day one, it’s always been spoken to us that
it’s a growth story because of the very complementary
nature of the organisations. Really now, it’s going
through that integration process and maximising the
opportunities that it’s bringing, and there are a lot.”
For growth, Chubb is looking to the life science
industry, travel and some of its financial lines, such as
professional indemnity and management liability.
Australia and New Zealand’s country
president says the focus is on product
harmonisation and the co-location of
legacy ACE and legacy Chubb
“I’VE BEEN
SURPRISED AT HOW
WELL THE TEAM
HAVE INTEGRATED
AND BLENDED”
Chubb country president
John French
Zurich Australia has become the
latest insurer to increase its play in
the cyber market, announcing the
release of its DigitalResolve solution.
The add-on service – available
to customers with an existing
Zurich security and privacy policy or
management liability policy – helps
clients reduce the impact of, and
recover from, cyber incidents.
The service includes partnerships
with suppliers including global claims
management provider Crawford
Company, consultancy Control Risks,
lawyers Norton Rose Fulbright, public
relationship firm Fleishman Hillard and
cyber security company FireEye.
In the event of an incident, these
work to mitigate the risk of operational
shutdown, supply chain disruption,
customer and revenue losses, declines
in productivity, regulatory fines,
litigation claims, cyber-extortion
payments and reputational damage.
Kym Beazleigh, Zurich Australia’s
national underwriting manager for
corporate institutions, said that “no
matter where you have a breach in the
world, you can access someone in a
very close jurisdiction”.
He added: “While the impact to
the bottom line can be detrimental,
the ramifications of cyber incidents
extend much further, including
potential litigation and damage to
reputation. As well as building greater
cyber risk resilience, organisations
must plan for a coordinated recovery
in the event of an attack, so that
when breaches happen they can get
the business back on track at full
speed with minimum disruption.”
A team effort to combat cyber crime
INSURANCE NEWS

On taking up his new role, Bates told
StrategicRISK: “I’m incredibly flattered and very
proud to be sitting in the chair as the new president
of RIMS Australasia but I’m deeply saddened to see
someone of the calibre of Brad leaving.
“I’d like to thank him enormously and I hope to
continue his good work.
“Brad has rekindled the [RIMS Australasia]
profile. He has ensured a growth in membership
and a growth in commitment from our foundation
sponsors, and has been instrumental in setting us up
for success as an organisation going forward.”
So, how exactly does Bates and his new board
plan to take RIMS forward, and give members a
reason to join and stay?
The first priorities will be to introduce more
events and target the younger generation.
“T
here are quite a few risk
management organisations
out there, so we need to give
risk managers a reason to
join and existing members a
reason to stay.”
That’s the view of Kevin Bates, the new Risk
and Insurance Management Society (RIMS)
Australasia president.
He’s not wrong. In Australia alone, risk managers
are spoilt for choice when it comes to member-
body associations. Aside from RIMS, there’s the
Risk Management Institution of Australasia, the
Risk Management Association of Australia and the
Australian and New Zealand Institute of Insurance
and Finance, to name but a few. Beyond that, there’s
the Pan-Asia Risk and Insurance Management
Association, which was also rumoured to be testing
the waters recently for an Australian chapter.
RIMS, arguably the largest global risk
management association, has been largely
inconspicuous in Australasia over the past few years,
aside from its annual conference. But Bates and a
newly elected board have their sights clearly set on
boosting the association’s profile.
Bates, the Lend Lease group head of risk and
insurance, was unanimously voted into the role in
July. He replaces Brad Tymmons, the former head of
risk at EnergyAustralia, who stepped aside from RIMS
earlier in the month as a result of his taking up a new
role at an insurance broker.
Tymmons had been president of the association
for 18 months.
GENDER EQUALITY
At the meeting that voted Bates in, two new board
members were also elected: Alicia Genet, group risk
and audit manager at Santos, and Kerry Bakkerus,
risk and privacy manager at Counties Manukau
Health. These appointments mean that the eight-
member board now has an equal number of men
and women – one of the few, if not the only boards to
do so in the Australian risk and insurance space.
With a new president and two fresh faces on the board,
RIMS Australasia plans to introduce more events and
target the emerging generation of risk professionals
A society that’s
young at heart
From October this year, members of RIMS will be able to sit
their RIMS-Certified Risk Management Professional (CRMP)
certification exams online.
RIMS launched its certification programme in
December, which focuses on analysing business models,
designing organisational risk strategies and developing
organisational risk competences.
The RIMS-CRMP certification exam is open to RIMS
members with either a bachelor’s degree (or global
equivalent) in risk management and one year working
full-time in risk management, or a bachelor’s (or global
equivalent) in a non-risk management-related field and
three years of full-time employment in risk management.
For members without a bachelor’s degree, seven years
of risk management is required.
The RIMS-CRMP is valid for two years, and all certified
individuals must meet continuing education requirements
to extend beyond the two-year period.
ONLINE EXAMINATIONS
SPECIAL REPORT RIMS AUSTRALIA

“We’re going to tap into some of the magnificent
young talent that we have in risk management in
Australia,” Bates says.
“We need to improve membership depth and
actually enhance the membership involvement
and the experience and the value that we as an
organisation provide to them. We need to provide
stakeholder returns to our founding partners.”
The first event of the new board – a pub quiz,
sponsored by Zurich – was on 17 August in Sydney.
Similar events in other cities are expected to follow.
In the coming weeks, the association will also be
launching a Stars of the Future programme.
RIMS members will be able to nominate risk
professionals under 35 years of age and the chosen
individual will be invited to a dinner with an insurer
or broker “hosting partner” and a RIMS board
member.
“We’ll do that in Auckland, Sydney, Melbourne,
and hopefully in Adelaide and Perth also,” Bates says.
“The idea is to have that more youthful and
innovative look at what’s going on in our space,
because it’s easy for us to get set in our ways. It’s
always important to keep tabs on what the future,
and what best practice, look like.”
Fellow RIMS Australasia board member Cathy
Murray adds: “It’s really important to keep the
young professionals in the industry and give
them something that they can really get their
teeth stuck into.”
NETWORKING OPPORTUNITIES
The group will also continue its risk roundtable
events, according to Murray.
“These are more focused on risk and insurance
managers, but we are also looking at going into
the brokers and carriers more and giving them our
perspective on risk and insurance.”
It’s the networking element of RIMS, and the
members’ collective acumen, that both Murray and
Bates say is the biggest benefit of membership.
Murray, who worked at Marsh for 20 years prior
to her current role, points to the multitude of
information sessions and courses on offer, aimed at
helping members learn about insurance and risk.
She says RIMS Australasia is exceptional because
of its “diverse collection” of members.
“A lot of them have been in the insurance industry
or have specific legal or technical backgrounds and
that’s what makes the RIMS networking opportunity
more interesting,” she says.
MEET THE NEW RIMS
AUSTRALASIA BOARD
Lend Lease group head of
risk and insurance Kevin
Bates (president)
Vector chief risk officer
Kate Beddoe (deputy
president)
Goodman Group head of
insurance Cathy Murray
Former Scentre Group
chief risk officer
Eammon Cunningham
Alicia Genet, group risk and
audit manager at Santos
Kerry Bakkerus, risk
and privacy manager at
Counties Manukau Health
Orica group manager risk
and insurance Peter Sterry
Wesfarmers group risk
manager John Evans
“IT’S REALLY
IMPORTANT TO
KEEP THE YOUNG
PROFESSIONALS
IN THE INDUSTRY
AND GIVE THEM
SOMETHING THAT
THEY CAN REALLY
GET THEIR TEETH
STUCK INTO”
RIMS Australasia
board member
Cathy Murray

How Yates of the Yard is
keeping shoppers safe
Scotland Yard’s former counter-terrorism boss says
the Nice attack is a “wake-up call” for Australia.
John Yates, now director of security for Scentre
Group, which operates Westfield shopping centres,
said Australians have “always thought they are
slightly immunised from the big, geopolitical shocks
elsewhere, but increasingly that’s not the case”.
Speaking to StrategicRISK ahead of the RIMS
Australasia conference where he is presenting, Yates
said the Nice attack was a “sharp reminder of the
ease with which this can happen and the challenges
and the difficulties of preventing it”.
“Could France happen, here? There’s absolutely
no reason why it couldn’t,” he said, adding that it
would be “reckless” to think otherwise.
“The message for Australia is let’s learn from
what’s happened elsewhere and get ahead of the
curve before it happens, rather than wait for a signal
event that will make us change.”
Yates – who was known in his old job as ‘Yates
of the Yard’ – said the biggest challenge is that the
environment is changing so rapidly, and causing
companies to reassess their thinking “around what’s
appropriate and what’s proportionate” when it
comes to security.
He recommended companies promote and train
“a curious workforce as opposed to a courteous
workforce”.
“The message we’re doing internally is that
security is not done to you, it’s done with you, and
every member of the company is part of it. If you can
move to that position then actually we’ve got a chance
of preventing things happening.”
He also advocates expanding the use of security
technology, a closer coordination and agreed
protocols with local law enforcement, and investing
in security training so that staff feel empowered and
supported to act. “It shouldn’t be complicated … keep
it simple and keep it relevant,” he said.
Shopping centres have been known targets of
recent terrorism activity.
Last year, a couple were jailed for preparing
terrorist acts on a Westfield shopping centre in London
and video footage also emerged of Muslim extremists
urging attacks on shopping malls in Western countries.
“We are a seemingly vulnerable place – a place of
entertainment and where we want to attract people,
and yet this is a crowded place, so it poses all of these
security challenges,” Yates said.
He added that there was a “fine balance” between
being fearful and being cautious.
“Most of your workforce now will read and see and
watch the TV, so they’re getting as good a briefing as
what the intelligence agencies used to get 25 years
ago,” he said.
“The important thing is to keep it in context, so they
understand where we’re operating and where that
threat meets the business.”
Yates has a direct line to the chief executive
and says his role is “mostly helping other leaders
understand what they need to be doing and why
it’s important”.
“It’s not just about terrorism, it’s serious organised
crime, it’s money laundering, it’s fraud and corruption,
it’s cyber… You look at the big threats facing most
organisations and that’s what it’s about.
“Australia is a fantastic country and a fantastic
country to do business in. We’ve just got to be alive to
what’s going on in the rest of the world and not think
that we’re immune to it,” he said.
“THE MESSAGE
FOR AUSTRALIA IS
LET’S LEARN FROM
WHAT’S HAPPENED
ELSEWHERE
AND GET AHEAD
OF THE CURVE”
Scentre Group
director of security
John Yates
Counter-terrorism expert John Yates,
formerly of London’s Metropolitan Police,
says Australia faces a wake-up call
HEAR MORE Session on 22 August at RIMS
Australasia at 11:20am

The challenges of
branching out
Inconsistencies in communication, delays or
difficulties in policy coordination and contract
uncertainty are some of the top concerns that
risk managers have when implementing global
insurance programmes.
These will be some of the issues raised during
a panel discussion between a broker, insurer and
risk manager on the pros and cons of multinational
programmes at the 2016 RIMS Australasia
conference in Melbourne on 23 August.
Praveen Sharma, global practice leader –
insurance, regulatory, and tax at Marsh, will be
joined on the panel by Tony McHarg, SVP and head
of multinational Asia-Pacific at AIG, and Alistair Daly,
group risk and insurance manager at Lend Lease.
Speaking to StrategicRISK ahead of the event,
Daly said that when implemented correctly,
multinational programmes could help organisations
operating in multiple countries to manage
uncertainty and achieve economies of scale.
But he explained that the programmes weren’t
suited to every company.
“[Risk managers] need to take a deconstructed
approach to deciding if a global insurance
programme is right for their company,” he said.
“There’s a balancing act between making sure
that there’s sufficient input from the regions and also
a strong drive and direction from the head office.”
AIG’s McHarg said that a “multinational
programme should be no more or less challenging
than a local policy”.
He added: “The challenges that come up usually
arise because either there’s a lack of alignment
and coordination, there are communication
challenges in describing the expected scope of
coverage, agreeing the tax calculations, the claims
settlement process and expectations as to how
that’s going to work.
“It boils down to those fundamental issues, which
can all be overcome.”
HEAR MORE Session on 23 August at RIMS
Australasia at 9am
A broker, insurer and risk manager
will debate the pros and cons of
multinational insurance programmes
Boards must clearly articulate their company’s
risk appetite in order for risk managers to do
their jobs, according to one of Australia’s risk
management veterans.
RIMS Australasia board member and
former Scentre Group chief risk officer
Eamonn Cunningham said: “If you don’t have
that overarching view from the board to the
business as to what should be the company’s
appetite for risk, then I don’t see how a
company can operate in an efficient way.
“Any self-respecting risk manager who is
following the ASX [corporate governance]
principles needs to have a risk appetite. But,
fundamentally, the board needs to tell the
CEO, and ultimately the group, what is the risk
appetite for the organisation. It’s developed
by the company and executive management,
but ultimately it’s the board that approves it.”
A common barrier to this ‘tone from the
top’ is a lack of understanding between a
company’s risk appetite and risk tolerance,
Cunningham said.
“Simplistically, risk appetite is a measure
of the amount of risk you’re prepared to take
on as a business. Whereas tolerance is a
very related point, but it’s the amount you’re
willing to lose. Therefore, tolerance tends to
be more quantitative rather than qualitative in
terms of a concept.
“A lot of companies implicitly understand
tolerance, even if they don’t necessarily call
it as such. It really is about, once I roll out
my operations and I accept risk, what is the
maximum amount I’m prepared to lose in a
catastrophe situation?
BPAY group risk manager Francesca
Dickson agreed that it’s important to have an
in-depth understanding of a company’s risk
appetite. But she said often the stated risk
appetite and the actual risk appetite are not
the same within an organisation.
“You have to have actual conversations
about it,” she added.
Cunningham is speaking at the RIMS
Australasia conference on 22 August about
how risk managers can work with their boards
on risk appetites.
He will be joined by Goodman Group head
of insurance Cathy Murray and Sedgwick
Institute director Chris Mandel.
Risk appetite: the
‘tone from the
top’ matters

InterRisk managing director Phil Kearns
wants his industry to appeal to the young
“WE SHOULD BE
PROUD OF DOING
WHAT WE DO AND
UNDERSTAND THE
MASSIVE BENEFIT
WE BRING TO OUR
CLIENTS WHEN
THEY NEED US”
InterRisk managing
director
Phil Kearns
SR: After a very successful career as a Wallaby,
and then at Centric Wealth, how and why did you
get into insurance broking?
PK: I’m really interested in businesses with a
really tight relationship with their clients, but also
businesses that can evolve and change in a new
environment. InterRisk and the insurance industry
have both those elements. Our relationships with
our clients are critical and that can only be built with
transparency and trust.
SR: You’ve been managing director of InterRisk
for just over a year. What has surprised you
most about the Australian insurance industry in
that time?
PK: The lack of technology adoption among brokers
has been an eye-opener for me as many, it seems,
operate in very ‘old school’ ways, which means a great
opportunity for us all.
Secondly, the breadth of product in the industry is
fantastic and if you are prepared to really work hard
for your client, then coverage is possible.
SR: How can insurance brokers maintain their
relevance in a world where disintermediation is
increasingly common?
PK: Brokers, if they do their job well, know more
about the client than the insurer ever will. There
are just too many clients out there for
insurance companies to deal with
directly to absolutely understand
the needs of each client. That is
not a criticism of insurers, it’s just
a physical impossibility for them
to do it.
Brokers maintain their
relevance when they can
understand the nuances of their
clients and what the twists and
turns are within their clients’
business and therefore what
they really need. Technology
is a fantastic enabler for the
industry but it can’t solve all
our clients’ problems.
SR: What do you see as the biggest concerns on
the minds of Australian risk managers today?
PK: Apart from questions around where the general
market is heading, I think the key questions are
around the best use of technology, the best providers
of technology and what to expect from technology.
To move to the human side, we desperately need
to make our industry something that young people
aspire to be part of. It is in the UK, but in Australia
it tends to be something we fall into rather than
something we plan to be in.
We should be proud of doing what we do and
understand the massive benefit we bring to our
clients when they need us. Legitimisation of the
industry would be a great outcome, but it will take
some generations to get there with the right program
in place.
SR: Do you see that changing in the next 12-18
months and if so, how?
PK: Not in 18 months, but we can do things like
working more closely with universities, marketing our
courses and training more effectively into schools,
developing and using technology and being ‘loud
and proud’ about what we do. Together this builds a
profile that becomes attractive to the young graduate
that is not sure what to do next.
SR: What are you most looking forward
to at the RIMS conference in August?
PK: Meeting a whole bunch of people
I haven’t met before is the key for me.
I’ve only been in the industry just over
12 months, so to be in and among
the dozens of the industry and learn
from those who have been around
for a while is always eye-opening. I
learn best by listening and talking
to people, so for me it’s a great
education.
Session on 22 August
at RIMS Australasia at 3:50pm
An ex-Wallaby plans to tackle
insurance’s image problem

“THE PRIMARY
CONCERN FOR
MOST COMPANIES
IS THE LARGE
AMOUNT OF
SENSITIVE DATA
FOR WHICH THE
ARE RESPONSIBLE”
Aon regional director
Andrew Mahony
At the 2016 Strategic Risk Forum, attended by more
than 200 risk managers, only 23% of delegates had a
standalone cyber liability policy. More than one-third
were considering a purchase, however.
That’s not owing to a shortage of products on
offer in the market. In the past month alone, Chubb,
Zurich and Berkshire Hathaway Specialty Insurance all
launched cyber-related products within a few days of
each other in the Australian market.
So, is something causing a disparity between cyber
insurance demand and risk manager adoption?
Andrew Mahony, regional director, Financial
Services Professions Group, Aon, says that cyber
losses, whether caused by malicious attack, user error
or both, are not preventable. “Companies with good
governance and security measures can reduce the
likelihood or limit the impact of these losses, but the
threat cannot be eliminated. For that reason, cyber
risk transfer needs to be considered in conjunction
with risk prevention.”
Mahony says that Aon’s clients are first seeking
to understand their cyber risk profile and how their
existing insurance programme addresses cyber
exposure. “The primary concern for most companies
is the large amount of sensitive data for which they
are responsible – for customers and employees –
although the potential for operations to be shut down
by a cyber attack is also a significant risk,” he says.
“Companies are also looking to insurers to provide
direction and expertise with the engagement of
external consultants to assist in cyber remediation.”
WEIGHING THE PROS AND CONS
As cyber insurance matures as an offering, it is
boosted by its benefits and restricted by its issues.
On the positive side, Mahony says cyber insurance
offers well-rounded cover for both the direct loss
suffered by a company and its liability to third parties.
“Good cyber insurance policies provide cover for
business interruption, regulatory fines and penalties,
and cyber extortion events,” he adds.
Geetha Kanagasingam, vice president for UK,
Europe APAC, Group Insurance and Group Risk,
Barclays Bank, says cyber insurance also provides the
scope that covers data breach notification expenses
– a mandatory requirement imposed by regulators in
many jurisdictions.
“[Cyber insurance also] fills up the gaps of cover
as only some aspects of the cyber coverage elements
may be found in existing policies such as crime policy
and/or professional indemnity,” she says.
One deficiency, she notes, is the absence of
cover for bodily injury and property damage arising
from cyber events, under both traditional insurance
products and cyber policies. She adds that there is
still insufficient capacity in the market. “[The] limit
purchased may range from single digit in millions to
triple digits in millions globally, notwithstanding the
fact that the demand for higher limits is increasing.”
Kanagasingam says further issues emanate from
extensive disclosure, as insurers tend to request
too much internal information that is sensitive and
confidential. She asks: “Are firms confident to reveal
this information to insurers who, after all, are also
potential targets to cyber risk events?”
RISK MANAGER CONCERNS
Cyber exposures have kept risk managers keen for
cyber insurance products, but several concerns have
dampened their adoption rates. “We have made
some initial [cyber insurance] inquiries,” says Richard
Cassidy, risk financing lead, EnergyAustralia, “and
obtained premium indications for an ‘off the shelf’
product, but did not proceed to a purchase.”
While cyber insurance offerings address many
potential cyber exposures, gaps exist, he says.
Another Australian risk manager told StrategicRISK
that despite shopping around, his firm has not
purchased cyber insurance, “due to low limits and
very narrow wording”. He believes this is due to the
“immaturity of the product offering to date”.
“Cyber insurance has not been, and I doubt ever
will, get to the real pain points which companies face
in this space, such as cover for ‘loss of opportunity’ if,
for example, there is a known cyber intrusion which
accesses confidential bid information, which then
subsequently means the bid is lost,” he says.
Risk managers are keen to mitigate their cyber exposures but
have qualms about the insurance products on the market
Why cyber-related policies aren’t
as popular as you might think
HEAR MORE Session on 23 August at RIMS Australasia
at 10:50am

Vocational calling
I
t’s 6.20am and Kate Hughes’ phone goes off.
The chief risk officer for Australia’s largest
telecommunications provider, Telstra, has been
called to activate the crisis management team.
An outage is affecting thousands of customers.
By 7am, an action plan is in place. But an
hour later, a report from a whistleblower alleges bad
behaviour on the part of a senior executive, prompting
the launch of an internal investigation through her
fraud team. A few hours after that, Hughes is alerted to
a customer privacy breach and informs the regulators.
It’s not even lunchtime, and she has fielded more
incidents than most chief risk officers see in a month.
Hughes has agreed to speak to StrategicRISK about
how risk management is helping Telstra change from
a domestic telecommunications provider to a global
technology company. But first, a history lesson.
Telstra is one of Australia’s best-known companies.
It builds and operates networks around the country
and markets mobile, internet access, pay television
and other entertainment products and services.
But the digital landscape has not been kind
to traditional telcos, forcing them to rethink their
business model. Last year, Telstra invested almost
$1.2bn in acquisitions, including a controlling stake
in 15 new businesses. It also expanded its reach in
Asia by acquiring Pacnet in Singapore and launching
TelkomTelstra in Indonesia, and activated new
business units such as Telstra Health.
This pace of change, coupled with a profound
shift in the way people connect, means Telstra
faces challenging business risks in terms of growth
ambitions and financial targets. Which is where
Hughes comes in.
“Most people say to me I’ve got one of the most
interesting jobs in the company, and I would agree
that I do. There’s very little that I’m not across, or not
involved in, or not able to add value to,” she says. “I get
to make decisions about the kind of ladders we use in
the field, I get to talk about the risks of having handbrake
alarms in some of our cars, and I also get to talk about
the risks of technology disruption as it will impact on our
strategy to be a world-class technology company.”
Under Hughes’ leadership, Telstra’s risk function
has evolved significantly in the past three-and-a-half
years. The 160-strong risk office now looks after risk
management, compliance and privacy functions, along
with law enforcement capabilities, fraud investigations,
enterprise resilience, security, and health, safety and
environment arms.
Hughes, who reports to chief financial officer
Warwick Bray, says she is lucky to work for an executive
team who take risk management seriously: “It’s a
privilege to be involved in something that helps our
executives make better decisions.”
That decision-making needs to happen quickly.
“We can be disruptive or we can be disrupted and we’ll
probably be both. That’s not necessarily a bad thing.
I think disruption creates a solid incentive to be more
innovative, and that’s good.”
To avoid falling behind more agile tech start-ups,
a major simplification process is underway. “I’m in a
meeting every Tuesday morning on this to see what am
I doing to help us get there,” Hughes says. She sees the
simplification and disruption impetus as an opportunity
to show the benefits of risk-based decision-making.
“Everything we do requires us to do a risk assessment
and that shouldn’t be seen as an onerous, bureaucratic
thing, but actually built into our processes every day.
Part of the business case is doing a risk management
assessment. You don’t tack it on the end, it’s not done at
five minutes to midnight, it’s not done once we’ve agreed
to everything else … It’s part of the process.
“That is the evolution of risk management – to take
it out of the academic, out of the process, and make it
much more part of the business conversation so that it
actually adds value to the commercial decision-making
challenge that your leader has.”
To take one example, the head of Telstra property had
to decide how to allocate his spending when it came to
upgrade work on the group’s exchange sites. By applying
a safety rating to each exchange, Hughes’ team was able
to prioritise which sites should be worked on first.
BACK TO WHERE IT STARTED
In a way, Hughes’ career has come full circle. After
graduating with a commerce degree with majors in
Telstra CRO Kate Hughes talks
exclusively to StrategicRISK about how
risk management is helping Australia’s
largest telecommunications provider
become a global technology player
“THE ONE THING
I RARELY SAY TO
PEOPLE IS THAT
I’M THE CHIEF RISK
OFFICER. WHAT I
OFTEN SAY IS THAT
I’M AN EXECUTIVE
AT TELSTRA, AS
PART OF MY JOB IS
NOT JUST TALKING
ABOUT THE RISKS,
BUT ABOUT THE
OPPORTUNITIES”
PROFILE KATE HUGHES

www.strategic-risk-global.com Q12016ASIA EDITION StrategicRISK 23

economics and finance, she took up a role at the NSW
Treasury. One of the first companies she audited was
Telstra, in the very same Melbourne offices that she
sits today.
She then moved to the Sydney Futures Exchange,
where she was responsible for surveying the open
trading floor for rouge or illegal trades during its final
year of operation. “I was one of about four women
in a room of 400 men that had some pretty bad
behaviours,” she recalls.
From there, she moved to the Australian Securities
and Investments Commission (ASIC), the corporate,
markets and financial services regulator. This has
proved invaluable at Telstra, one of the country’s most
highly regulated firms.
“One of our big risks is going to be a rapidly
changing regulatory environment,” she says. “It will
go to things like how we regulate data ownership and
data sovereignty in the long term.”
Regulators around the world are struggling to keep
up with the implications of new technology – mostly
at different paces and with vastly different powers.
For a company with global expansion plans, this
adds a huge layer of complexity.
“How do you grow in those countries where your
company’s cloud strategies aren’t going to fit with
theirs, for example,” she says. “[Regulation] has the
potential to certainly change how we develop and
market products. It’s one of the material risks that we
talk to the board about. What you have to get very
good at doing is staring over the horizon beyond your
normal two to three-year period, out to five to eight
years and start to think about what regulation will
matter then.”
In a disruptive environment, Hughes also sees
the potential for corporates to challenge existing
regulation. “If you look at Uber and Airbnb as two
business model challengers, everybody talks about
those as being challenging at a business model level,
but what for me was most interesting is that they
challenged existing regulator models as well. Uber
drivers never stopped and said, ‘I need a taxi licence.’
“So what would happen to us if we fundamentally
changed [current] regulation? We do a lot of black
swan thinking about some of those risks.”
CYBER AND SECURITY CHALLENGES
In the nearer term, Australia is set to bring in data loss
notification laws that will force companies to advise
customers when their details have been unlawfully
accessed.
“It’s not going to be a huge issue for us because
we’ve always thought long and hard about who we
should tell when we’ve had a breach of some kind,”
Hughes says.
This stance was put to the test last year. Two weeks
before Telstra’s $697m acquisition of Pacnet was
finalised, an unknown third party hacked the Asian
telecommunications business, gaining complete
access to its network, including emails and other
administrative systems.
Telstra said it wasn’t told until after the deal’s
completion on 16 April. At that point, Hughes
says, Telstra voluntarily went to eight different
regulators about the breach. “Each one had different
expectations about whether or not we would or
should tell them,” she adds. “We’ve always felt better
to be upfront and honest. The worst thing you can do
is look like you’re hiding it.”
She fears the new breach notification laws could
lead to “notification fatigue” among consumers: that
they will be bombarded with alerts and then fail to act
on important data breaches.
At Telstra, she is turning the spotlight on
employees, often considered to be the weakest link in
any cyber security programme. “We run drills to see if
we can trick our employees into doing something that
they shouldn’t have,” she says.
This might mean clicking on a link or opening
a suspect attachment. In the first drill, 30% of
employees failed. The figure dropped to 18% in the
second round.
WHAT’S IN A NAME?
Managing major reputation crises is something
Hughes is also well versed in.
In 2005, she was asked to join the Australian Wheat
Board (AWB), at that time mired in a corruption
scandal that saw it on the front pages of the papers
for more than 400 consecutive days. The company
was accused of paying millions of dollars in bribes
to Saddam Hussein’s regime in Iraq in exchange for
lucrative wheat contracts. Overnight, its shareholder
value was slashed by almost $1bn.
“Part of my job was to build the right internal
controls, the right risk processes and the right
compliance controls to ensure we never, ever did that
again,” she says. For four years, she worked with a new
management board to help turn the business around.
“Leadership in good times is always a pleasure.
The hardest job you will ever do is lead in tough times
when there’s bad news on the front page of the paper
PROFILE KATE HUGHES

and your employees feel embarrassed to work for
you,” she says.
Hughes believes reputation isn’t a risk as such, but
an “outcome of other things you didn’t do very well”.
Regardless, when you’re an organisation the size of
Telstra, reputation is incredibly important.
“This year we have put in place much more formal
metrics to measure the impact of our resilience on
reputation,” she says. For example, during outages,
Telstra can map social media mentions against the
network issues to give an indication of the importance
of resilience to its customers.
“It’s also a really good predictor of consumer
behaviour, so how many of these [incidents] does it
take before a consumer, one, rings up and complains,
two, gives us a negative rating, or three, possibly
changes services. That’s critical insightful data that
we work with marketing, media and communications
teams on,” she says.
A passionate advocate for strategic risk
management, Hughes is nonetheless far from
traditional. “The one thing I rarely say to people is
that I’m the chief risk officer; what I often say is I’m
an executive at Telstra, because part of my job is not
just talking about the risks, but talking about the
opportunities. At the end of the day, my real job is
to make sure that our executives know how to make
decisions. Helping people consciously choose to take
risks is good because it means that they’re doing it
utterly informed.”
She says risk managers must move from talking
about the “what” – the list of risks and risk registers –
to the “now what”.
“Being the person who forces people to sit through
three-hour-long risk workshops so we can satisfy
ourselves that we’ve got 25 pages of risk registers is an
academic exercise that has never sat well with me.
“Doing [risk management] for the sake of
governance, whilst necessary, is not necessarily
always valuable.
“Doing it because it helps [the company] make a
better decision, save money, spend it more wisely …
and potentially be a disruptor yourself because you’ve
found a hole in the market that no one else has, that’s
where the real value comes from.”
“LEADERSHIP
IN GOOD TIMES
IS ALWAYS A
PLEASURE. THE
HARDEST JOB YOU
WILL EVER DO IS
LEAD IN TOUGH
TIMES WHEN
THERE’S BAD NEWS
ON THE FRONT OF
THE PAPER AND
YOUR EMPLOYEES
FEEL EMBARRASSED
TO WORK FOR YOU”

Embrace innovation,
but keep an eye on risk
Australian risk managers are increasingly concerned
about the threat of disruptors to their business.
This was one of the key areas discussed at the
Strategic Risk Forum in Sydney in June, attended by
more than 50 risk and insurance professionals.
In a live audience poll, 79% of delegates said that
‘disruption risk’ or ‘failure to innovate’ was on their risk
register and 97% were ‘concerned’ or ‘very concerned’
about the threat of disruptors to their business’s future
success. In an Asia-Pacific-wide survey that asked the
same question, only 73% of risk managers said the
disruption risk was on their register.
“If your rate of transformation is slower than the
industry that you are in, you are in real trouble, you
are on borrowed time. Risk professionals have a real
role to play in dealing with this,” said Marco Ciobo,
managing director and leader of the Technology
Strategy practice (ANZ) at Accenture Strategy. “It’s
not about mitigating and avoiding risk, it’s about
embracing some risk to create some value.”
BPAY group risk manager Francesca Dickson said
a challenge for risk managers was to “cut through the
hype and understand the real threats… shaping ideas,
not just following and defending.” Zurich Asia-Pacific
chief risk officer James Myerscough added that it
was critical for companies to “understand what they
actually deliver” to customers. “Otherwise someone
else will work it out,” he warned.
Accenture’s Ciobo said today’s competitive
landscape had been reset by digital technology,
emphasising “the absolute criticality of the risk
function in strategic thinking”. He added: “Ongoing
change is the new normal. [So it] works well when
both strategists and risk professionals understand we
are not dealing with static models.”
The audience agreed: when asked which
technology they thought would have the greatest
impact on their business in the next two years, the
Internet of Things and increasing automation and
robotics tied for first place with 39% of the votes each,
followed by artificial intelligence/virtual reality at 14%,
and 3D printing and blockchain both on 4%.
To embrace these technologies and the pace of
change, the risk function should be engaged with
the strategy function, said Brambles’ vice-president,
strategy and planning, Ben Heraghty, who sat on the
morning’s panel. “Somewhere, someone is thinking
about how to disrupt your industry,” he warned. “The
question is, do you get ahead of it or do you ignore it?”
Lend Lease group head of risk and insurance
Kevin Bates said he was lucky to work closely with his
company’s strategy team: “It is about making sure that
when the business is aiming to achieve its strategy,
that we’re working to mitigate the key risks as best we
can so that we’re not the ‘handbrake to happiness’.”
“IF YOUR RATE OF
TRANSFORMATION
IS SLOWER THAN
THE INDUSTRY YOU
ARE IN, YOU ARE
IN REAL TROUBLE,
YOU ARE ON
BORROWED TIME”
Accenture Strategy
managing director
Marco Ciobo
The StrategicRISK Knowledge Live event in Sydney
brought together innovators and risk managers to
discuss how the two should collaborate
‘Someone, somewhere, is thinking
about how to disrupt your industry’
EVENT STRATEGICRISK KNOWLEDGE LIVE SYDNEY: 7 JUNE

“YOU HAVE TO
BE ABLE TO
CHALLENGE THE
NORMS OF THE
BUSINESS, TOP
LEVEL DOWN”
News Corp Australia
chief product officer
Mark Drasutis
In 2015 StrategicRISK launched The
Knowledge, a series of data-led research
reports helping risk professionals across
Asia-Pacific benchmark themselves
against their peers.
In 2016, StrategicRISK’s The
Knowledge LIVE brings the findings of
these reports to life through a series of
interactive peer-led events.
Attendance to The Knowledge LIVE
events is free, by invitation only, for
corporate risk and insurance managers,
finance directors, corporate treasurers
and other senior executives with
responsibility for risk or insurance.
The Knowledge and The Knowledge
LIVE are sponsored by Zurich.
THE KNOWLEDGE
‘At the end of the day, it’s people who
bring business models to life’
Creating a culture that encourages challenging
business norms will be essential for future success,
delegates at the Sydney event heard.
“You have to be able to challenge the norms of the
business – top level down – and the culture has to
allow that,” said Mark Drasutis, News Corp Australia’s
chief product officer – digital and former head of
innovation. “You have to keep your disruptors close
and instil a culture that allows difficult conversations
to occur.”
Challenging traditional thinking can be very
important both when aiming for innovation and when
dealing with disruption, said Ben Heraghty, Brambles’
vice-president, strategy and planning, Asia-Pacific.
But the panel warned that clear boundaries
needed to be established around the idea of ‘failing
fast’, which in turn came back to the culture of the
organisation.
Accenture Strategy managing director Marco
Ciobo said much of an organisation’s success will
rest on its ability to find the right people to help
meet its objectives.
“At the end of the day, it’s people who bring
business models to life,” he said. “How do we find
the talent we need? How do we organise for success?
How do we lead people in this environment?”
However, most delegates said their companies
were not spending enough on their employees to
keep up with the pace of change of today’s business
environment.
Some 68% said their companies were investing,
but that it was not sufficient; only 18% said the
investment was sufficient. Worryingly, 11% said no
investment in people was being made.
In a separate poll, attendees were asked whether
they believed innovation at their company would be
led by internal drivers or external collaborations. More
than two-thirds chose internal drivers.
Ben Baker, who currently leads the development
of industrial IoT solutions, suggested that
organisations needed to find “the right marry up
between internal core expertise and new expertise
sourced externally”.
“What’s the fastest, most effective way you can
get there?” he said, adding that it was worth asking
whether the rate of change of business/disruptive
innovations in your space allowed you the luxury of
being “a fast follower and not a leader”.
Most delegates at the event agreed that the role of
risk managers would increase in relevance as the pace
of business model change increased.
BPAY group risk manager Francesca Dickson
suggested that a growing challenge for risk managers
would be to “cut through the hype and understand
the real threats… shaping ideas, not just following
and defending”.

Adopting a global
perspective
Risk and insurance managers gathered in
Melbourne earlier this year to talk about
some of the key risks of operating beyond
Australia’s safe shores
Facilitate, don’t dictate: the lessons
of WorleyParsons’ expansion
Resources and energy giant WorleyParsons
is a home-grown international success story.
In 2004, 70% of the company’s business was
on Australian shores. Leap forward to 2016,
however, and local business accounts for just
12% of its portfolio.
The company’s director of risk and
assurance, Will Gurry, was the keynote speaker
at the StrategicRISK Melbourne Risk Forum and
began the day by detailing his experiences of
identifying and managing international risk.
Gurry said risk management was central
to the transformation of WorleyParsons. The
firm began its overseas expansion in Asia in the
1980s, “taking opportunities as they cropped
up”, as he put it.
“It was very different to the formality and
protocol that we have today,” he said. “But it was
risk management by management at its best.
“It is now a truly global business, employing
28,300 people in 134 offices in 44 countries.”
The company operates in many high-risk
areas, such as Kazakhstan and Libya, and Gurry
said joint ventures with local players was one
of the key mitigants for operating in those
markets; likewise, agents and contractors.
Gurry added that international risk was
“so pervasive in everything we do” that
WorleyParsons didn’t categorise international
risk differently to any other risk area.
When asked how risk managers should
manage the optimism of business development
people in their firms and not be considered an
impediment to growth, Gurry said it was best to
“facilitate rather than dictate”.
“That is, helping risk owners to determine
whether the risk is acceptable to them,” he
explained. “We are trying to be more of an
enabling institution rather than a handbrake,
but it’s hard.”
There’s “very little that we say no to as a
business”, Gurry said of WorleyParsons.
Expanding on this, he said that even
though it was conservative, his firm allowed
its “business development guys to seek out
opportunities”, but “they are not allowed to
commit the company to anything”.
“We need board approval to do that,”
he added.
“We have walked away from contracts
or not bid for contracts where there was a
misalignment of views that created unsafe
situations.”
A sustainable and repeatable model
was required to cope with growth through
acquisition as well as organic growth through
entry into new markets, Gurry said.
“The organic growth is really where we have
to deal with the consequences of international
risk,” he told the forum.
Gurry pointed out that his firm and many
others used external providers such as Control
Risks to help inform decisions relating to
geopolitical risks.
EVENT STRATEGICRISK MELBOURNE RISK FORUM: MARCH 2016

THE TOP FIVE MOST IMPACTFUL CYBER
ATTACK TECHNIQUES OF 2016
01
02
03
04
05
7.99
7.11
7.09
7.07
6.53
HARDWARE
COMPROMISE
CRIMINAL
TARGETED
ATTACKS
APT
OPERATIONS
RANSOMWARE
DATA LEAK
Score as at October 2015.
The threat score considers
the actors involved, the
tools used and the attack
method’s severity, impact
and likelihood of success.
HIGH-LEVEL THREAT
7-10: organisations must
immediately take measures
against the threat.
MEDIUM-LEVEL THREAT
5-7: organisations should
seriously consider
implementing mitigation
measures.
LOW-LEVEL THREAT
Under 5: awareness
important but immediate
action not required.
H
H
H
H
M
Source: Control Risks
Targeted cyber attacks on critical national
infrastructure are expected to rise significantly
this year, Control Risks managing director,
global client services, told delegates at the
Melbourne Risk Forum.
By the end of the year, said Cory Davie,
the political risk consultancy expects a 37%
increase in the severity of cyber attacks
targeting industry control systems such as those
relating to power, transport, water, gas and
other critical infrastructure.
Davie cited incidents such as attacks on a
German steel factory and a Ukrainian power
grid that were “targeting the system, not the
data”. This was one of the key messages from
her presentation, in which she outlined the top
risks and key political risk issues for 2016 that
the consultancy had forecast.
‘Terrorism’, ‘cyber’, ‘China’, ‘the European
Union’ and ‘losing perspective’ topped the list
of risks this year.
On terrorism, Davie said the main threat
drivers were Islamic State setbacks, Jihadist
competition and foreign fighter dynamics.
“We’re going to see more high-impact,
high-profile terrorist attacks, such as the recent
Ankara and Ivory Coast attacks,” she said.
Davie also pointed to a persistent ‘lone wolf’
threat in the West.
“More soft targets and active shooter-style
scenarios will encourage an aggressive police
response,” she added.
“So, as businesses, you have to prepare for
responses such as no more negotiating.”
On China, Davie suggested that while the
traditional risk assessment was that slowing
growth and reform were the big-ticket items,
the Control Risks assessment indicated that
“politics do matter again”.
Davie also noted that Control Risks forecast
“lots of aggressive enforcement of some
very vague laws, but we expect clarification
on a number of laws, such as bribery and
corruption”.
On the topic of risk management, she said
that appropriate threat and risk identification
was important, but that firms should be wary of
what she called “shiny new risks”.
“Board members watching the news is
scary,” she said.
“What they bring up at meetings [must be
judged by] what is really a risk, and what’s the
value/likelihood to your business?”
The one-day event, sponsored by AIG and XL
Catlin, formed part of StrategicRISK’s 2016 Asia-
Pacific Risk Forum Series.
Similar events will take place across the
region throughout the year.
Cyber criminals ‘set to target
critical infrastructure in 2016’

201608strategicriskaustralia 379683

201608strategicriskaustralia 379683

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (12)

Semelhante a 201608strategicriskaustralia 379683

Semelhante a 201608strategicriskaustralia 379683 (20)

Último

Último (20)

201608strategicriskaustralia 379683