ERM | Risk Appetite and Risk Tolerance: The Path to Informed Decision Making

Posted by Andrew Masini on Feb 1, 2017 12:08:27 PM

In our previous posts in this series, we introduced Enterprise Risk Management (ERM) as a “portfolio view” of risk and discussed various aspects of implementing ERM: roles, culture, a framework and preparing your organization. Now, we’ll begin looking at the “big picture” viewpoint of risk, starting with identifying and prioritizing risks. In the ERM process, management (1) determines acceptable levels of risk, (2) identifies and measures risks throughout the entire organization and aggregates the results, and (3) determines if the aggregated results exceed the acceptable levels. Risk Appetite and Risk Tolerance are the expressions of the “acceptable levels” of risk.

Read More

Topics: Enterprise Risk Management (ERM), Enterprise Risk Management, Enterprise Risk Management, ERM, Risk Appetite, Risk Capacity, Risk management, Risk Management Blog, Risk Tolerance

Reviewing Cyber Breach Insurance Coverage | First-Party Costs

Posted by Jon Edwards on Jan 31, 2017 6:02:18 PM

Organizations today must regard cyber breaches not as a possibility, but as an inevitable fact of life. In this environment, it’s crucial to have a cyber liability insurance policy that adequately covers the potential loss and offers payment or reimbursement for response costs. Understanding what’s covered by the policy well before a breach occurs and building that knowledge into your company’s incident response plan is critical.

Read More

Topics: Breach of Security, Cyber Breach, Cyber Insurance, Cyber Liability, Cyber Risk, Cyber Security, Data Breach, Risk Management Blog

2017’s Latest Cyber Security Threat: The Ransomware Bluff

Posted by Jon Edwards on Jan 24, 2017 6:14:09 PM

2016 was a big year for ransomware. It saw a massive increase in ransomware events and payouts to criminals, which, most experts say, only exacerbates the issue.

 

A 2015 report by the Herjavec Group (an Information Security company) noted that the total cost of ransomware reached $1 billion in 2016. With new “strains” of ransomware spreading worldwide (such as the Russian “spora”), we should all be on high alert for this business-impacting cyber threat.

Read More

Topics: Breach of Security, Cyber Breach, Cyber Insurance, Cyber Liability, Cyber Risk, Cyber Security, Data Breach, Ransomware, Risk Management Blog

Implementing ERM | Preparing Your Organization

Posted by Andrew Masini on Jan 20, 2017 1:30:29 PM

 

In our previous blog posts, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a “portfolio view” of risk; outlined how to establish roles and context for ERM implementation; and how to establish a risk-aware culture and develop an ERM framework

Read More

Topics: Enterprise Risk Management (ERM), Enterprise Risk Management, Enterprise Risk Management, ERM, Risk management, Risk Management Blog

Are you Covered? | Cyber Attacks May Cause Property Damage

Posted by Jon Edwards on Jan 10, 2017 2:16:47 PM

Traditionally, a cyber breach occurs and otherwise private information is stolen or made public resulting in costs such as notification expenses, IT forensics, data recovery, public relations/crisis management, legal defense, business interruption, brand/reputation damage and regulatory fines and penalties; just to name a few. However, the breadth of cyber-attacks has proven to be ever expanding.  Now, breaches resulting in physical property damage are being reported more regularly which leads to the immediate question, “am I covered for such an event?”

Read More

Topics: Cyber Breach, Cyber Risk, Data Breach, Property Risk, Risk Management Blog

Implementing ERM | Building a Risk-Aware Culture and Developing an ERM Framework

Posted by Andrew Masini on Jan 4, 2017 2:20:48 PM

 

In our previous blog posts, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a "portfolio" view of risk and we outlined how to establish roles and a context for ERM implementation.

Read More

Topics: Enterprise Risk Management (ERM), Enterprise Risk Management, Enterprise Risk Management, ERM, ERM Framework, Risk Appetite, Risk Management Blog, Risk Register, Risk Tolerance

Is a Cyber Breach on Your Holiday Wish List? | The Internet of Things (IoT)

Posted by Jon Edwards on Dec 20, 2016 5:32:06 PM

The holiday season usually means new tech gadgets for everyone to tap, swipe, click, and download.  Most people who unwrap a new iPhone, MacBook, Smartwatch, Fitbit, or game console probably aren’t considering the ramifications of connecting those devices to the Internet and setting up new user accounts filled with their personal information.  Unfortunately, we live in a time where have to, or at the very least, should.

Read More

Topics: Risk Management Blog

Implementing ERM | Establishing the Roles, Objectives and Context

Posted by Andrew Masini on Dec 16, 2016 3:26:57 PM

In our previous post, Taking a Closer Look at Enterprise Risk Management, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a “portfolio” view of all threats and opportunities throughout an organization.  We contrasted ERM with the traditional “silo” approach to risk management, where various parts of an entity manage their risks with no overarching risk management strategy.

Read More

Topics: Enterprise Risk Management (ERM), Enterprise Risk Management, ERM, Portfolio View of Risk, Risk Management Committee, Risk Management Blog, Subject Matter Expert Group

But, the Data was Encrypted... | California Data Breach Notification Law Amendment

Posted by Jon Edwards on Nov 22, 2016 2:52:03 PM

Back in May 2016 I posted a blog (Be Prepared – Data Breach Notification Laws are Changing), which covered how data breach notification laws were evolving.  At that time the state of Tennessee amended its law, becoming the first state in the nation to require notification of any data breach, whether the information is encrypted or not.  I also predicted that state laws would most likely become stricter in the not too distant future…

Read More

Topics: Breach of Security, California Data Breach Notification Law; Data Brea, Cyber Breach, Cyber Liability, Cyber Risk, Cyber Security, Data Breach, Personally Identifiable Information, PII, Protection Bill AB2828, Risk management, Risk Management Blog

Taking a Closer Look At Enterprise Risk Management

Posted by Andrew Masini on Nov 17, 2016 10:58:35 AM

Every organization is faced with risks and needs to practice some form of risk management in order to maintain the health of the entity. Many take a traditional approach, where risk is managed in silos, with each leader of a business unit (sales, operations, finance, HR, etc.) responsible for managing the risks that fall within his or her area of responsibility.

Read More

Topics: Enterprise Risk Management (ERM), Enterprise Risk Management, Enterprise Risk Management, ERM, ERM Framework, Risk Management Blog

The ALS Group

Risk Management Blog

We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe. 

Our areas of expertise include:

  • Enterprise Risk Management (ERM)
  • Cyber Security & Cyber Liability Insurance
  • Construction Management
  • Customized Risk Management Assessments (RMAs)

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all