01:55 PM
Technology Risk Still Not Understood
Not only was Y2K a drain on most insurance companies' budgets and development processes, it also highlighted the risks involved with technology and what can happen when those risks are not managed.
A survey conducted by the St. Paul Companies of nearly 1,500 executives in the United States and Europe found that managing technology risk is considered very important, but is not completely understood by risk managers.
"The results are more surprising than we imagined," says Kae Lovaas, president, global technology underwriting, The St. Paul Companies. "The thing that surprised us the most is the role the risk manager takes in managing technology risk. We found the risk managers did not understand IT, had a level of overconfidence when it came to technology and were abdicating a lot of risk management to the IT department."
About four out of 10 corporate risk managers surveyed said they only have a "fair" to "poor" understanding of technology risk. Most risk managers defer to IT experts when it comes to technology, says the study. "The key issue is complexity," says Lovaas. "When you get into technical systems, the IT people are the experts and they know more than anybody else. An IT person can come up with technology solutions, but they are not risk managers."
However, US financial service companies appear to be ahead of other industries (including US high-tech, US brokers, European financial services and European high-tech) when it comes to the awareness, identification and management of technology risks. In fact, both US and European financial services risk managers surveyed cited technology risk as the most important risk facing their companies today.
Nearly half (47 percent) of US financial institutions and 37 percent of European financial institutions have a formal technology risk management structure to identify and monitor technology exposures, according the St. Paul Companies study. Overall, the Internet was the European risk managers' top concern, and workforce issues, such as training and awareness, were top concerns for US risk managers. In fact, most financial services firms reported they are more likely to identify and manage technology risks today because of their experience with Y2K.
"To some degree, we were not surprised to see financial services ahead of the curve," when it came to understanding and managing technology risk, says Lovaas. "Financial services has always been concerned with security and privacy of financial information. In many cases they have transferred their best practices to technology and to the Internet."
Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio