Cyber risk is now a major threat to businesses. Companies increasingly face new exposures, including first-and third-party damage, business interruption and regulatory consequences. With the operating environment for many industries changing dramatically, as they become more digitally-connected, this report examines cyber risk trends and emerging perils around the globe. It also identifies future mitigation strategies, including the role of insurance.

There is much hand-wringing on the question of risk culture. The failures of the recent past associated with bid-rigging, product mis-selling, rogue trading and the like are viewed by governments, regulators and the media as evidence of an increasing prevalence of unprincipled banking practices and poorly educated and managed bank employees. This negative perception of the culture within banks and declining standards of conduct is of great concern to regulators, senior bankers and their stakeholders.

Risk culture is real and it’s measureable. We may not be able to give it a precise numeric score, but we can build programs and track the right information to give some insight into its strength and effectiveness. We need to ask the right questions that benchmark our progress, from where we were yesterday to where we are today. Improving risk culture is not about eliminating risks but rather having the information to take the right risks to maximize our performance.

This article presents a building-block approach to implementing the COSO ERM framework that makes it usable to organizations regardless of their size or previous experience in risk management. Our building-block process enables organizations to evolve ERM as they establish a risk culture and offers better opportunities for efficient and effective allocation of resources for ERM activities.