RIMScast

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Our guest, Ryan Harris, became a Super Bowl Champion after winning Super Bowl 50 in 2016 with the Denver Broncos and retired later that year. Ryan speaks about winning a game in Chicago, winning the Super Bowl, and becoming a sportscaster. He shares inspiring thoughts about achieving greatness, what it takes to succeed, and the difference between willingness and perfection.   Listen for Ryan’s rules for success in this inspiring episode. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:33] About this episode. We will be joined by Super Bowl Champion and award-winning broadcaster, Ryan Harris. He will be a keynote at RISKWORLD 2025. [:59] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:21] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:37] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [2:00] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:23] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:52] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [3:00] RISKWORLD 2025 registration is open. Take advantage of our Super Savings Rate by February 28th. Speaking of RISKWORLD, that brings us to our very special guest. [3:12] Ryan Harris became a Super Bowl Champion after winning Super Bowl 50 in 2015 with the Denver Broncos. He retired in 2016. [3:21] Beyond the field, Ryan has continued to work to win. For his contributions to Denver’s business community, Ryan was the First African American to be awarded Colorado Sportscaster of the Year in 2020. [3:33] Ryan was also named to Denver Business Journal’s 40 under 40 class of 2021. He is an analyst for his alma mater, Notre Dame. [3:42] On May 6th, Ryan Harris will be a mainstage speaker at RISKWORLD in Chicago where he will discuss transformative "5 Components of Championship Leadership," emphasizing how the direction from which leaders operate shapes their effectiveness. [3:58] We’re going to have so much fun speaking to Ryan, and we might even get his predictions on Super Bowl LIX. Let’s get to it! [4:06] Interview! Super Bowl L Champion, and RISKWORLD 2025 Keynote Speaker, Ryan Harris, welcome to RIMScast! [4:18] Ryan Harris is the first Super Bowl Champion to join us on RIMScast! Justin and Ryan are both big fans of the Buckhorn Exchange in Denver. [5:09] Ryan loves the idea of having people together at RISKWORLD 2025 to find groundbreaking solutions and try new things. That’s how you win in football; that’s how you win in life! Ryan looks forward to a convention of people looking for what’s next with the skills they have now.  [5:32] Ryan says playing NFL football in Chicago was cold. He recalls that playing on Soldier Field feels like you’re in a spaceship; the way the stadium bows out and comes right up is unique! [5:49] One of Ryan’s favorite memories of playing against the Chicago Bears was when the Broncos beat the Bears in a tight game, the year the Broncos went to win the Super Bowl! It was an important win! [6:02] Ryan credits Head Coach Gary Kubiak for inspiring the team to win that day in Chicago by shortening team meetings from an hour to 15 minutes. So they kept the 15-minute meetings for the rest of the year and won the Super Bowl! Ryan loves going to Chicago. [5:38] Ryan had said that one of the things he was going to do after the Super Bowl was get into broadcasting. He didn’t have to go to anybody else to make that happen. [6:55] Ryan says the plan starts with you! You need nothing outside of yourself to be great. You cannot expect other people to work harder for you and your goals. You’re working toward them. [7:06] Ryan got his “doctorate” in Applied Football Mechanics and Theory. He went into broadcasting to use all that knowledge. He was selected by the NFL to go to a Broadcast Boot Camp and meet the best of the best in the broadcast industry. [7:20] On the last day, one of the presenters told them to go to their Alma Maters and work their way up. Ryan canceled his flight home, rented a car, and drove from that symposium to Notre Dame, and that’s where he got his first broadcasting job. [7:34] Ryan says it started with him listening, taking action, and telling people what he wanted to do and how he wanted to get involved. You sometimes have to work for free to get started, and then you don’t. [7:59] Everyone can sit on the couch and say they want to do something. The difference is the people who put their feet where they want to be. [8:04] At the Broadcast Boot Camp, Ryan saw an old college football rival. They hugged it out. The NFL is one big office building and there aren’t a lot of chairs. Spend a couple of years there and you’ll get to know a lot of people in the NFL and they’ll get to know you. [8:31] Ryan is currently in law school. His “doctorate” is from “Peyton Manning University.” He had great “professors” like Ben Roethlisberger, Alex Smith, and Tim Tebow. He went through quite the school of football thought. [8:47] It’s fun to have that knowledge, but it’s useless as a father or a keynote speaker. He can’t go hit people anymore. He had to change, and it’s been fun doing that. [9:17] Ryan has a double major in Political Science, and Economics and Policy. From Political Science he learned that there are many ways to solve social problems. In economics, he learned that having two parents in your life puts you in the top 1% of opportunities in America. [9:51] There are key figures in your life or the education you receive that drastically change economic outcomes. What kinds of levers motivate people? There are many ways to do the same thing. It’s a matter of degree and what fits the situation. [10:34] Ryan’s advice on stories: 1. People remember the first 20 words you say. 2. Storytelling is more valuable than a Master’s in Business Administration. [10:55] Start a story with a main theme. “We’re going to talk about failure. This is a time I failed. On my sixth day in college football in training camp, I got knocked to the ground.” Our brains love tangible examples. Examples get people into the story. Then Ryan introduces the obstacle.  [11:18] “At one point in Kansas City, I wanted to quit.” He tells what he learned from it. He always brings a big idea that everybody understands and gives a concrete example from his life, what he said to himself, how he went through it, and what he learned from it. [11:45] When we can bring people into our story and talk about our failures and how we worked out of them, we help others and create impact. [12:14] Ryan attests that you don't win by ignoring the struggle. He speaks of factors of success and elements of success. Factors are things like having money and goods. Elements are things that have to happen for you to be successful. [12:30] Failure is an element of success! You have to fail to reach your highest potential. That’s the only way it works. Any famous person or industry has had a failure or ten, along the way. We don’t talk enough about our failures. Having a process for failure dictates your success. [13:05] Kickers in the NFL focus on process. Golfers focus on process. When you focus on the process, you reduce anxiety by 78%. You have the power to create the process for the failure you need. Then you start to have fun! [13:22] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [13:34] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [13:50] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [14:02] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [14:13] The First of (hopefully) Many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through 6th, 2025. Risk Management Roundup in San Antonio is set to unite the Texas RIMS Chapters and welcome risk professionals from around the world. [14:32] You can be a speaker. The Conference Planning Committee is interested in submissions exploring technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trends. [14:55] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode’s show notes. Go check it out! [15:07] Let’s Return to My Interview with Super Bowl 50 Champion and RISKWORLD 2025 Keynote, Ryan Harris!   [15:20] Ryan Harris had an NFL career of 10 years, about 300% longer than the average NFL career. Justin asks what lessons of his career apply themselves most to risk management. [15:43] Preparation is number one. What are you preparing for? When you’re an NFL lineman you get prepared for different blitzes, an extra person who’s going to come from a different place. The key to picking up the blitz is knowing it’s coming. You anticipate it. [15:58] Anticipation is very big. Then take the space that you need. Ryan tells of introducing himself to Mark Cuban, as a fan, referring to a book about him. Don’t hold back. Introduce yourself to people you want to meet. In the NFL, you learn you have to take action. [16:45] Go do it. You don’t get to know if it’s successful or not until the end. That’s what Ryan loves bringing to people about the game of football. [17:22] If you are looking to transition from one career to another, 1. Find out how to listen with curiosity. You add value by being curious. 2. Ask “How” or “What” questions, not “Why” questions. 3. Follow up. Call or email. Do those three things and you are going to be successful. [18:47] Ryan Harris will bring his positivity to RISKWORLD. Positivity is one of the most important elements of success. Some hard experiences are a part of succeeding. Find a way to stay positive. It is so easy to be negative. Be positive and look at the obstacles in front of you. [19:36] Look at the things you can do with the skills you can add to be successful. The positivity keeps you moving faster in that direction. [19:59] What about injuries? Ryan Harris has had nine surgeries; four of them on his back! One time, walking to dinner, his body locked up, being so swollen from the impact in the game. [20:19] The biggest thing people miss about professional athletes is how they take care of their bodies. Ryan has been doing yoga for 17 years. The Kansas City Chiefs are on their way to their third straight Super Bowl. They’ve had yoga every Tuesday at their facility for the last 10 years. [20:46] If you want to know what the greats are doing, they’re doing yoga. They start with yoga, a stretch, hydration, and nutrition to repair. All those things matter, but also the mindset they’re in. Tell your body, I don’t care how you feel right now, we’ve got to lift at 11:00. Then do it. [21:13] Find a way. Get the kinks out. It is mind over matter. [21:42] Ryan explains how he, as an offensive tackle, adjusted for a blitz. The key to being great is using all the information that’s out there. We fail sometimes to realize the information that’s at our fingertips because we’re not even looking. [21:55] When Ryan was with the Kansas City Chiefs, his 8th year in the NFL, a coach taught him, “Ryan, that spacing doesn’t make sense. What is the field telling you right now?” He had not looked up beyond the line. When he looked, he could see the safety positioned to blitz. [22:36] Ryan took it upon himself to get all the information he could before the snap. That made the play easier. He anticipated this guy going there, and he pushed him hard, helping his teammate. He was ready to attack the guy who was coming. That could apply to a sales call. [22:54] Any situation you face will be easier if you gather all the information that’s available about it. Make backup plans. [23:09] Ryan talks about entrepreneur Jesse Itzler. He went to Davos to sell hourly memberships on his airplane. He couldn’t get in, but he found out everyone was going to one coffee shop for a muffin and coffee. On the last day, he bought all the muffins and sat in the corner. [23:27] Someone walked in for a muffin. The shopkeeper said he’s got them over there. Jesse said, I’ve got a muffin for you, do you want it? That was his first sale. Do everything you can, take in all the information you can, and apply it strategically. [24:08] Ryan predicts the Kansas City Chiefs are going to win Super Bowl LIX. He believes their willingness is the highest. The number one thing you learn in winning a Super Bowl is you have to be willing, not perfect. Ryan says most people are unwilling to be imperfect to succeed. [24:23] The Kansas City Chiefs don’t care what it looks like. They’re willing to win the game with 13 seconds left on the clock or with five seconds left on the clock. [24:34] For those who will be watching as a casual spectator, look for somebody to make a mistake and see if they’re strong enough to come back and make a play again. If you can find that person, that team is a likely winner. [24:51] Ryan, it’s been such a pleasure to meet you today! I look forward to seeing you again in May. I’ll be in the front, right there, waving to you! I’ll try not to distract you too much, though! [24:58] Ryan says, “Please try, I’m used to it! I love you, Justin. Thanks for having me, my friend!” [25:04] Special thanks again to Super Bowl Champion and award-winning broadcaster,  Ryan Harris, for joining us here on RIMScast. You can go to his site, RyanHarris68.com for more information. [25:17] Be sure to register for RISKWORLD 2025, where Ryan will be on the main stage on May 6th, delivering a Keynote. [25:27] Be sure to tune into next week’s RIMScast episode, when another one of those main stage Keynotes, Rachel DeAlto, will join us as we talk about “The Power of Relatability.” Register at RIMS.org/RISKWORLD. [25:42] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [26:10] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [26:28] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [26:46] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [27:02] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [27:16] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [27:24] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7. | Register today! | Super savings rate ends Feb. 28. RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP)RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RyanHarris68.com RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025   Upcoming Virtual Workshops: “Claims Management” | February 11‒12 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27 | Instructor: Elise Farnham “Managing Data for ERM” | March 12 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Stacking Habits with Olympic Gold Medalist Jon Montgomery” “Exploring Risk in Extreme Environments with Kevin Vallely”   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Ryan Harris, Super Bowl Champion, Colorado Sportscaster of the Year   Production and engineering provided by Podfly.  

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches.   Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week’s theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA’s privacy, external civil rights, civil liberties, and transparency programs. [3:46] We’re going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd’s primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it’s by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency’s operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it’s CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA’s international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That’s part of the risk manager’s job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don’t collaborate up front, you have to collaborate later, as a result of your emergency. That’s not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner’s point of view. It doesn’t make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA’s. NIST can see what works or doesn’t work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They’ve been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident.  [14:35] There’s no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there’s a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People’s Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They’re one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:39] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:55] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:07] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [17:20] Let’s Return to My Interview with James Burd of the Cyber Infrastructure Security Agency!   [17:42] Whether talking about AI, IoT, or 5G, the issues are hardware problems and software problems. [18:02] The issues of the 1970s are similar to the issues of the 2020s, regarding vulnerabilities, exposure, and unsafe practices when developing software and hardware. [18:20] What we’re seeing in the emerging technology space with AI, IoT, and 5G is an increase in the volume and velocity of data. The improvement of technology in this space is based on power and efficiency. Software improvement is based on the reach of interconnectivity. [18:34] Privacy and cybersecurity risks do not just appear. We’re seeing existing risks and issues increasing in size and complexity. What we previously thought of as a perceived risk is now a real risk, thanks to advances in computational power and the amount of data available. [18:54] It’s always been a risk but it was less likely to occur until this point where there’s more data, more volume, and more complexity. AI systems rely on a vast amount of personal data, raising concerns about data security, algorithmic bias, and a lack of transparency. [19:11] We’ve heard about these risks with machine learning and big data databases. They require governance frameworks that address how data is collected, stored, and used in systems, or, in this case, AI models. [19:28] Those frameworks should be familiar to anyone working in the data protection space or the risk management space for the last three decades. Insurers getting into the cybersecurity space have been paying stark attention to this. [19:58] We’ve found out that IoT devices are probably the easiest and most risky entrance points within networks into homes and critical infrastructure devices. The biggest risks they create are unauthorized access, data breaches, and potential surveillance. [20:19] These are not new risks. They’re existing risks that are promulgated because of the new avenue to get in. It used to be that the worst thing that could happen to an IoT device like a router is that it gets compromised and becomes part of a botnet to take down websites. [20:38] Today, that still happens, but that IoT device is looked at as the back door for entering someone’s network if it’s not properly secured. [20:49] In itself, 5G is awesome. There are fantastic things to do with increased data flow. With increased speed and connectivity come the ability to move more data at a time and we’re facing data being transferred in an insecure manner. People don’t know what data they’re sharing. [21:15] We’re running into the same classic issues but they’re exacerbated by something we view as a major success, access. Access should be celebrated but we shouldn’t open doors because we can open them. We need to be able to make sure those doors are secured. [21:48] James paraphrases Mark Groman, a privacy expert formerly with the FTC. “Privacy and cybersecurity are sometimes viewed as competing priorities. They are two sides of the same coin. I refuse to live in a world where you compromise security for privacy or vice versa.” [22:11] We live in a world where you can have both. The great thing about advancing technologies is that we can do both. Both cybersecurity and privacy aim to protect sensitive data and systems, just from slightly different angles and for different reasons. [22:31] There has to be a collaborative approach between cybersecurity and privacy. An intermediary like a risk professional can help cybersecurity and privacy teams work together. [22:41] By leveraging things privacy-preserving technologies and designing privacy into cybersecurity measures, organizations can bridge the gap and achieve harmony between the two essential functions. This strengthens the organization and its overall risk management. [22:58] When a risk is realized in one area, it’s common for it to be a harmonious risk with another risk in a different area. In the privacy and cybersecurity space, risks overlap often. Conflicts between cybersecurity and privacy are easily bridged. [23:24] Cybersecurity professionals want to collect more data; privacy professionals want you to minimize the amount of data you collect. [23:34] Cybersecurity relies on extensive data collection to detect, monitor, and respond to threats. Privacy wants to collect only what’s necessary and maintain it for a minimum time. [23:46] Security monitoring tools like intrusion detection systems may gather logs or metadata that could include personal data, creating potential privacy risks, especially for an insider threat. [24:00] Organizations can implement privacy-aware cybersecurity solutions that anonymize or pseudo-anonymize data where possible, allowing cybersecurity professionals to get to the root of the problem they’re trying to solve while masking sensitive data. [24:13] If you’re investigating an insider threat, you can unmask the data. Do you need that data to do the job that you’re tasked to do? If not, why run the risk of inappropriately accessing it? [24:53] Privacy frameworks will always encourage transparency about data usage and sharing, especially by private entities doing consumer business and handling personal information. [25:07] The public needs to know what you are collecting from them, how you are using it, and whether are you sharing it. They need to know if you are handling their data securely. [25:38] James would tell cybersecurity professionals that if they think obscurity is security, they should find another job. Obscurity is typically the worst way to secure things. [25:51] There are ways to describe how data is being held or secured by an organization without compromising the cybersecurity tools or techniques used to monitor or look for vulnerabilities. [26:03] Transparency can be maintained without compromising security and can be used in a way to assure the public that an organization is keeping serious security techniques in mind when handling the public’s data. James tells how to share that message with the public. [27:08] When James opens software, he reads the Third Party Agreements. He knows most people don’t. Government agencies include a plain language version of the agreement. Some private companies are doing the same to help people understand how their data is being used. [28:40] Quick Break for RIMS Plugs! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through August 6th, 2025. [28:58] This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world! Also known as the Risk Management Roundup in San Antonio, you can join as a speaker!  [29:11] The Conference planning committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trending now sessions. [29:28] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode’s show notes. Go check it out! [29:39] The Spencer Educational Foundation’s goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [29:58] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer’s 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:20] General grant awardees are typically notified at the end of October. Learn more about Spencer’s general grants through the Programs tab at SpencerEd.org. [30:30] Let’s Return to the Conclusion of My Interview with the Chief Privacy Officer of CISA, James Burd! [31:00] A lot of ERM frameworks exist because they were required by regulation or law. [31:10] Privacy professionals are starting to see the same risks that risk management and compliance professionals have been dealing with for decades. The big tools that privacy professionals use are called Data Privacy Impact Assessments (DPIA). [31:29] DPIAs vary, depending on the regulatory framework or law. DPIAs do two things: they identify what data assets you have and they examine the risks that are associated with the handling of those data assets and what mitigations must be in place to buy down those risks. [31:48] That assessment can populate half of an ERM framework’s register. Getting involved with your privacy program manager as they do these DPIAs may first cause the privacy program manager to resist your risk assessment, but a risk in one space is a risk in another space. [32:21] The DPIA is a valuable source of information for a risk manager. You can see the risks earlier. You can identify with the privacy program manager what some of the major risks might become. That means both realized and unrealized risks, which are equally important. [33:06] A privacy program manager will be preoccupied with a lot of the perceived risks. A risk manager wants to know which risks are more likely and identify them early. [33:40] A likelihood assessment will help the privacy officer identify how many “calories” to spend on this risk. The risk manager and privacy manager have a mutually beneficial relationship. They help each other. [34:17] CISA provides cybersecurity education, news on vulnerabilities and cyber threats, threat intelligence, and service to critical infrastructure providers once there is an incident of some sort. The CISA website shows cyber threat indicators of what a compromise might look like. [35:40] CISA has found novel patterns on networks that make it hard to tell that your network has been compromised. CISA calls those things “Left of Doom.” On the “RIght of Doom,” CISA prioritizes the incidents that it responds to. [36:02] CISA focuses primarily on critical infrastructure. If you have a situation CISA cannot respond to, they will assist you by a local field office to find the people to help you, whether it’s law enforcement, local cyber security service providers, or a local Emergency Response Team. [37:03] Companies are involved in the California wildfires. Could an incident like that distract them that they might become susceptible to data breaches? James notes that you can’t address every problem at the same time. Prioritize, rack, and stack. [37:17] Incidents are going to happen. CISA asks agencies and companies to take the time and spend the resources to knock out all the low-hanging fruit. The great majority of incidents CISA sees are bad actors exploiting very simple, easy-to-fix vulnerabilities. [37:55] It might be companies not using encrypted traffic, or only using a password to secure access to a server. The fix is relatively low cost or low impact. It takes time to figure out how to do the fix, but you’ll be grateful that you took the time and spent the money to implement it. [38:24] The cost of a greater fix from the breach of a simple vulnerability will be far greater than the resources you’d spend to address it in the first place. Establishing that floor will help you focus on other “fires” that pop up while assuring you won’t get “popped” for a silly reason. [38:49] If somebody’s going to get you, make sure they’ve tried their hardest to get you. [38:58] It’s Data Privacy Day today, as this episode is released! It’s the start of Data Privacy Week! The theme is Take Control of Your Data!  [39:22] Robust privacy governance tips: Figure out where your data asset inventory is for your organization. Keep track of it and keep track of the risk associated with each data asset, Each data asset may have a different set of risks. [39:47] Every organization should maintain a comprehensive inventory of data assets, detailing what data is collected, where it is stored, who has access to it, and how it’s used. [39:56] The risk professional probably isn’t the one who takes the inventory, but they should have access to it and they should be evaluating that inventory.  [40:06] The risk professional can help the privacy manager by helping them establish clear policies and procedures for handling data, access control, and breach response, based on real risk. A privacy officer sometimes has difficulty identifying a real risk over a perceived risk. [40:23] By focusing on real risks, you avoid the problem where privacy officers spend too much energy coming up with solutions for the most unlikely scenarios, leaving organizations unprepared for what’s likely to happen. [40:42] Special thanks again to James Burd of CISA for joining us here on RIMScast! There are lots of links about Data Privacy Day and Data Privacy Week in this episode’s show notes. [40:54] Also see links to RIMS Risk Management magazine coverage of data privacy through the years and links to some RIMScast episodes that touch upon the topic. Be sure to tune into last week’s episode with Tod Eberle of the Shadowserver Foundation on cyber risk trends of 2025! [41:18] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [41:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [42:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [42:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [42:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [42:53] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:00] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4-7. | Register today! RIMS Legislative Summit — March 19‒20, 2025 Cyber Infrastructure Security Agency National Cybersecurity Alliance | Data Privacy Week 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27, 2025 | Instructor: Elise Farnham “Managing Data for ERM” | March 12, 2025 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Cyberrisk Trends in 2025 with Shadowserver Alliance Director Tod Eberle” “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O’Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff”   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance”| Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: James Burd, Chief Privacy Officer, Cyber Infrastructure Security Agency (CISA)   Production and engineering provided by Podfly.  

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware.   Listen to how you can harden your organization’s network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod’s background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney’s Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney’s Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney’s Office in Pittsburgh, need to have some aspect of an organization’s criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital’s network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It’s an unusual non-profit organization working 100% in operations. It works in three core areas. First, it’s the world’s largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation’s work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver’s data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren’t timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that’s unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra’s GoAnywhere software. That continued in May, with them exploiting Progress Software’s MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio’s file transfer platform that breached victims’ networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [17:17] The Spencer Educational Foundation’s goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer’s 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer’s general grants through the Programs tab at SpencerEd.org. [18:08] Let’s Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury’s Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It’s been going on for many years and it’s going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don’t seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it’s now a concern for all of society. There’s the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It’s not going away. One thing we’re seeing is bypassing data encryption and focusing on data theft. It’s easier and less time-consuming for the threat actors because they don’t have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers.  [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver’s very talented team collects the data. It’s free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn’t scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won’t be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies’ due diligence, with the insurance applicant’s consent. [32:20] It’s important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode’s show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We’ve got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That’s going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O’Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024)   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail’ | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Tod Eberle, Shadowserver Foundation   Production and engineering provided by Podfly.  

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews RIMS CEO Gary LaBranche about what you can expect from RIMS in 2025. This value-packed discussion offers Gary’s comments on 2025 RIMS President Kristen Peed, RIMS’ 75th Anniversary events, possible insurance impacts of proposed trade tariffs, nuclear verdicts, and third-party litigation. Gary encourages you to join RIMS Advocacy and the RIMS Legislative Summit on March 19th and 20th, 2025 to lobby on Capitol Hill. He shares insights on public safety, security, and of course, news of RISKWORLD 2025 and more.   Listen for how you can participate in 2025 RIMS events. Key Takeaways: [:01] About RIMS. [:16] About this episode, coming to you from RIMS headquarters in New York, kicking off 2025 with RIMS CEO Gary LaBranche! Gary, welcome back to RIMScast! [:59] Interview! Gary had a quiet, fun New Year’s Eve at home, dining on Asian sea bass with champagne and watching television. [1:39] This is a big year for RIMS. RIMS has a new president, Kristen Peed. Justin has known her since he started with RIMS. Kristen is a long-time volunteer, very positive, and great at representing RIMS. She continues in a long line of volunteer leaders who have built RIMS. [2:29] Gary reports that RIMS 2024 president David Arick had a wonderful term. On David’s last day, the Wall Street Journal published an interview with him; a wonderful capstone to his year. [2:49] RIMS board presidents serve as unpaid volunteers. They travel for board meetings and events, taking time away from their families and jobs. Gary says everyone should appreciate what the board president and officers, chapter leaders, and other volunteers do to help RIMS. [3:35] Reading the history of RIMS, Gary is struck with and inspired by the long line of volunteers who put their shoulders to the wheel, creating this organization. [3:59] RIMS is delighted to have Kristen. Kristen is with Sequoia. You’ll get to meet her at RISKWORLD, the RIMS Canada Conference, and other activities in 2025. Kristen embodies the spirit of the RIMS community. [4:29] This year is the 75th anniversary of RIMS. It’s a good opportunity to reflect and appreciate all that came before us. RIMS New York traces its roots to the 1930s. Later, four groups came together to create the National Association of Insurance Buyers, today known as RIMS, in 1950. [5:44] The NAIB provided networking and learning opportunities for commercial buyers of corporate insurance. They saw that it would be helpful to have a national view and ultimately, an international view of the issues and trends in the commercial side of insurance. [6:26] Reading the history gives you a better sense of how RIMS has played a key role in creating today’s insurance world. Justin points out that they organized RIMS without email or interstate highways! They worked hard to make the organization happen. [8:31] RIMS will celebrate its 75th anniversary throughout the year. Chapter leaders will soon attend the Annual Leadership Forum to kick things off. At the RIMS Canada Conference 2024, RIMS unveiled the 75th Anniversary logo and themes. RISKWORLD 2025 will be the tent pole event. [9:21] This will be the biggest RISKWORLD in history! The biggest RIMS annual conference was held in Chicago 20 years ago. RISKWORLD 2025 will be in Chicago from May 4th to May 7th and RIMS is expecting to see well over 11,000 attend. Other events will also feature the anniversary. [9:53] RIMS is launching the Texas Regional Conference, with the four Texas chapters, in August, in San Antonio. It’s a wonderful opportunity for folks in that region to gain access to the power and value represented in the RIMS community. [11:04] About trade tariffs: Gary recently spent an hour at a U.S. Chamber of Commerce meeting, talking with top trade policy experts. U.S. President-elect Donald Trump has mentioned tariffs. How would new tariffs impact consumers? What might they do to the cost of insurance? [13:05] If any goods go up in cost, that could potentially have an effect on the cost of insurance, just as inflation causes prices to go up. If you’re insuring a fleet of trucks, where do you get the parts to fix those vehicles? Will the cost of those parts go up? [14:05] Right now, we don’t know. There are differences of opinion. Some 60% of replacement truck and auto parts are made outside of the United States. If tariffs are imposed on those, and if those costs are passed on to consumers, that will raise the cost of insurance. [14:56] Justin sees tariffs impacting insurance rates, the supply chain, and decisions risk professionals make about materials to use. Tariffs may not have their intended effect of having you “buy American” if you’re in America. It may not work that way. [15:28] Gary notes that tariffs, historically, have had the long-term effect of spurring domestic production. The question is, how fast will that happen? How long will it take to create the infrastructure to create more cement or truck parts? Where will the workers come from? [16:16] If there are price increases for supplies and materials or if there are disruptions in the supply chain, that will have a dragging effect in terms of the cost of insurance. RIMS publications will tackle this topic and report on it as they have done for 75 years. [17:08] Dave Arick was interviewed in the Wall Street Journal, He discussed how “nuclear verdicts” of $10 million or more are influencing what happens in the insurance markets. Nuclear verdicts create higher costs. [17:47] If insurance companies are paying out more and more for those claims, they’re going to try to recoup that cost through higher premiums in the future. RIMS is concerned about the runaway growth of nuclear verdicts. [18:11] Ultimately,  the claims bar pumping up the demands for recompense is having an impact on cost. When someone is hurt, there should be recompense for that. The issue is the significant growth in multi-million dollar verdicts that are outside of what is reasonable and fair. [18:53] If that happens, it simply drives up the cost for businesses to do business. If people are getting 10 times the reasonable recompense for their injuries, it starts to add up significantly. [19:35] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th with a topic to be announced. [19:42] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [19:58] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [20:10] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [20:21] Congratulations to my RIMS colleagues! RISKWORLD 2024 was honored with the 2024 TSNN Trade Show News Network Award for Outstanding Commitment to Advancing DE&I in the Risk Management Community Through Intentional Programming and Representation! [20:44] The programming included real-time translation technology and partnerships with DE&I organizations NAAIA, AAIN, and APIW, fostering a globally inclusive environment, and keynote speaker Academy Award-winning actress, Marlee Matlin, on inclusion and accessibility. [21:10] The TSNN Award is a huge honor and RIMS is so pleased that our continued DE&I efforts are being recognized by various industries, specifically in events and exhibitions. [21:23] Of course, a big shout-out to the RIMS DE&I Advisory Council for their unwavering commitment to helping advance DE&I initiatives at our conferences and RIMS events throughout the risk management community. [21:36] There are still DE&I sponsorship opportunities available for RISKWORLD 2025 in Chicago. You can visit the link in this episode’s show notes for more details. [21:51] Back to My Interview with RIMS CEO Gary LaBranche! [22:03] Justin and Gary consider third-party litigation, which impacts the courts, laws, and legislation. Gary will attend the RIMS Legislative Summit, to be held on March 19th and 20th. [22:39] Gary says the plaintiffs’ bar has discovered the power of investment. They have learned they can gather investors who will back a potential lawsuit and fund lawsuits that come along, in return for a share of the proceeds of that suit. That has always been concerning. [23:13] Something that has become an additional concern is the lack of transparency as to where those investment funds are coming from. They could be coming from anywhere, inside or outside the U.S. They could be from sources that could be illegal. It’s unknown. [23:45] As a matter of national security and public policy, RIMS thinks it’s time we have better insight into the sources of funds for third-party litigation. Gary will be on Capitol Hill, lobbying with members of Congress for transparency in funding third-party litigation. [24:09] A link to the RIMS.org/advocacy page is in the show notes. If you’re a RIMS member and want to go to Capitol Hill for a couple of days with the very knowledgeable RIMS staff and have a chance to meet with your Representatives in Congress, that’s the way to do it. [24:26] Gary will be there, RIMS General Counsel, Mark Prysock, will be there, and a few other very knowledgeable folks will help you prepare for these fun “pitches.” Gary says it’s a blast. You’re telling your story and why this is something of concern to you. [25:12] Typically you’ll be meeting with staff members who are directly involved in the public policy process. They want to hear your story, especially if you’re from their district. It’s a lot of walking, listening, and talking along with your peers. You’ll appreciate what you’ve done. [25:56] Going from office to office on the Hill, you’re seeing other people doing the same thing; ranchers, flight attendants, and more. It’s an interesting cross-section of America. You’re seeing the Constitutional freedom of speech. It gives you a perspective on the public policy process. [26:51] Gary has led other organizations for 25 years, so he has been to Capitol Hill a few dozen times. He worked in Washington D.C. for years. He loves gathering a group of members, having a reception and a briefing, and walking around Capitol Hill. By lunchtime, people are excited. [27:53] At the end of the day, there’s a sense of relief and satisfaction; most of the members want to know when they can do it again! Justin did it in 2018 and it made an impression on him. He also loves speaking with the people who are involved in it. [28:25] The Spencer Educational Foundation’s goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [28:43] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer’s 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [29:07] General grant awardees are typically notified at the end of October. Learn more about Spencer’s general grants through the Programs tab at SpencerEd.org. [29:18] Let’s Return to the Conclusion of My Interview with RIMS CEO Gary LaBranche! [29:31] Justin describes the horrific terrorist act in New Orleans on New Year’s. Someone circumvented the meager barriers, drove onto the Bourbon Street sidewalk, ran over several people, and exchanged fire with the police. The police neutralized him. [30:11] He had killed 14 people and disrupted everything going on there. This also affected the local economy. RISKWORLD 2023 was affected by an issue in the host city. RIMS has had other issues with public safety. Gary mentions the car bomb in Las Vegas and RIMS’ security plans. [32:26] For conferences like RISKWORLD, 30 to 50 hotels are used. You have to look at the security measures already in place for each hotel. That sort of thing keeps Gary up at night. [32:54] Before lunch on his first day back, Gary was on the phone with staff to restart their thinking about RISKWORLD security, in light of the attacks in New Orleans and Las Vegas. RIMS is well advanced on plans for RISKWORLD 2025. Security will be even more on their minds. [33:37] RISKWORLD has no big outdoor events for this year. Chicago in May is not necessarily warm and sunny, so they will be inside. RIMS has a responsibility as event organizers to think about the risks. Every event organizer must do the same. [34:33] RISKWORLD 2025 keynotes and speakers have been announced. Find them at RIMS.org/RISKWORLD. Chicago is a Mecca for the risk management and insurance community. Gary can’t think of a better place to have the 75th Anniversary RISKWORLD convention. [35:43] RISKWORLD 2025 will be held at the McCormick Convention Center, in one of the most beautiful cities in the country. It has a great, diverse culture with 77 unique neighborhoods. [36:01] The RISKWORLD 2025 program is very exciting, being built by great risk professionals who are contributing their time and talent to sharing their knowledge and insight. It’s a lot of fun and it’s a “heck of an event!” Gary is thrilled about the whole thing! [36:26] A huge team works so hard on creating RISKWORLD. It is so much work and there is so much work on-site. At the end of it, the team is exhausted, and so sad that it’s over! It’s a wonderful, fun, safe, educational experience, and then it’s gone. RIMS works on it year-round. [37:15] Three of the keynotes will be delivering TED talks on the main stage on Tuesday, May 6th. Rachel DeAlto, Ryan Harris, and Holly Ransom. It’s called “Triple Vision, Leadership Insights.” RISKWORLD has never done anything like that before. [37:34] These will be short, punchy, to-the-point talks showing a diversity of perspectives, and touching on more topics, and it’s more in keeping with how people obtain and consume information today. Gary is very excited about them. He’s watching to see how it works. [38:18] The RISKWORLD 2025 opening reception will be on Sunday, May 4th, at the Field Museum of Natural History. Gary calls it one of the greatest museums in North America and it’s a great place to have an event. Gary has done black-tie events there. It has a wonderful view. [39:47] Public registration is open. Go to RIMS.org/RISKWORLD and register today! [40:01] This episode with RIMS CEO Gary LaBranche has given us a great glimpse into 2025. Gary will be back on RIMScast sometime after RISKWORLD 2025. [40:53] Gary says RIMS has an extraordinary IT team and they are always drilling on avoiding phishing and cyber-attacks. Risk management is important. When he looks a the RIMS logo, he is reminded that the wind is in our sails. Risk management could not be hotter, now! [41:39] Gary ranks hot, sexy jobs now: astronaut, firefighter, and risk manager! He hopes people take pride in their risk manager jobs. There’s a lot of demand. Salaries have been going up, according to the RIMS salary survey. There are more people attracted to the profession. [42:01] At RISKWORLD, we get 250 or more students. It’s fun to watch them compete in the Spencer Risk Management Challenge. It’s fun to see the support that Spencer and the community give them. It’s fun to see them engage with our professionals and want to learn. [42:39] RIMS CEO Gary LaBranche, thank you so much. It’s always a pleasure! [42:46] Special thanks, as always, to RIMS CEO Gary LaBranche for stopping by and keeping us informed. Be sure to check out all the links in this episode’s show notes to learn more about RISKWORLD 2025, RIMS advocacy, and other RIMS initiatives and events. [43:06] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [43:32] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [43:51] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [44:09] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [44:25] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [44:39] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [44:47] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) Kristen Peed named 2025 President of RIMS ‘Nuclear Verdicts’ Driving Up Costs of Doing Business, Says Risk Management Society’s Head — The Wall Street Journal, Dec. 30, 2024 — an interview with former RIMS President David Arick RIMS DEI Council | Learn more about DEI Inclusivity Partnership opportunities at RISKWORLD RIMS Webinars: RIMS.org/Webinars “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Year In Risk 2024 with Morgan O’Rourke and Hilary Tuttle” “300th Episode Spectacular with RIMS CEO Gary LaBranche” “RIMS Advocacy Updates 2024 with Mark Prysock” “Change Management and Strategy with Jay Kiew, RIMS Canada Conference 2024 Keynote” “On Risk Appetite and Tolerance” “Global Perspectives with RIMS 2023 Chapter Presidents” (ft. Greater Bluegrass Chapter)   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor (New!) “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL ”Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!    RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Gary LaBranche, FASAE, CAE, CEO of RIMS   Production and engineering provided by Podfly.  

Christine Schelble, Director of Insurance and Risk Management at GE Appliances, shares her wealth of experience in risk management following GE's transition to Haier. She discusses the importance of building strong relationships within and outside the company while adapting risk philosophies. Christine emphasizes the necessity of recalibrating partnerships when needed and offers valuable tips for crafting effective requests for proposals. Her insights also touch on the role of active participation in RIMS chapters and the evolving landscape of risk management in today’s market.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Morgan O’Rourke and Hilary Tuttle of RIMS Risk Management Magazine for the Q4 Edition Risk Year in Review. They discuss the biggest risk events we’ve seen in 2024, including natural disasters following climate change and even the recent murder of the UHC CEO. They give their forecasts for 2025, with cybersecurity being an expanding area of risk, combined with AI, and regulatory changes likely under the new administration.   Listen for categories of risk your organization is sure to face in the coming year. Key Takeaways: [:01] About RIMS. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to engage today and embrace tomorrow in Chicago from May 4th through May 7th! Register at RIMS.org/RISKWORLD and the link in this episode’s notes. [:30] About this episode, coming to you from RIMS headquarters in New York. This episode is our special 2024 finale! Hilary Tuttle and Morgan O’Rourke of RIMS Risk Management Magazine will join us to discuss the top trends and stories from 2024 and what to expect in 2025. [:58] RIMS-CRMP Virtual Workshops On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode’s show notes. [1:36] RIMS Virtual Workshops! Gail Kiyomura of The ART of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:50] We’ve got ERM on our minds. On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. The “Managing Data for ERM” course will be hosted by Pat Saporito, starting on March 12th, 2025. [2:12] A link to the full schedule of virtual workshops can be found through the RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:25] Interview! The Q4 edition of RIMS Risk Management Magazine is my favorite of the year! It is The Year in Risk edition. We’ll have a chance to revisit all the risk highlights from 2024. [2:42] Here to discuss what made the cut and trends we need to look out for in 2025 are RIMS Director of Publications and Risk Management Magazine Editor in Chief, Morgan O’Rourke and Risk Management Magazine Managing Editor, Hilary Tuttle. [3:01] There is so much to discuss from cyber security to executive safety. As a show of appreciation to the RIMScast audience and subscribers worldwide, we’ve got so much great content in one huge episode, as opposed to spreading it out over two episodes. [3:18] You don’t have to wait, it’s all here for you at once! Let’s get to it! [3:30] Morgan O’Rourke and Hilary Tuttle, Welcome back to RIMScast! [3:39] Morgan and Hilary are here to discuss The Year in Risk, which is the title of the Q4 edition of RIMS Risk Management Magazine. How does 2024 stand out from other years? [4:04] Morgan starts looking back at the year’s events in October. He recalls the bridge collapse in Baltimore in March. There are always going to be hurricanes and natural disasters. There are always going to be cyber attacks. It’s just a matter of what flavor they are this year. [5:15] Morgan categorizes big risk events. There are accidents, like the bridge in Baltimore that affect shipping, and natural disasters, including storms, earthquakes, and record heat. 2024 is the hottest year on record, with the hottest day in recorded history, July 22. [6:38] The AXA Future Risks Report lists climate change as the number one risk. Climate change brings natural disasters to places that don’t normally see them, like wildfires in the Northeast. [7:55] Hilary says there were a few hundred fires in New York City this year. The NYFD had to put together its first brush fire task force. In the first two weeks of November, they had 271 fires. Canada has had a terrible year for fires, continuing from its 2023 fire season. [9:25] Climate change puts everybody at risk. The risk landscape expands so that everybody’s in the game. Paraphrasing Flannery O’Connor, Hilary says 2024 was a disaster in truth everywhere. Disasters are not new but they are occurring in different places and times than before. [10:22] There were 11,000 fires in the Northeast this year, largely in October and November. It’s a different season and in a different region. The traditional risk models are thrown out the window. [10:49] Morgan comments that this year we saw the earliest category 5 hurricane formed: Beryl in June. We’re starting to throw out more of the parameters for when you need to be prepared for something. [11:21] We are seeing more geopolitical conflict, supply chain issues, and risks that didn’t seem impactful in regions that seemed stable and reliable. Thirty percent of shipping goes through the Red Sea. Shipping is 90% of the supply chain. [11:55] Hilary says in the last year and a half, shipping through the Red Sea has become an untenable and sometimes uninsurable risk. Our standard expectations for doing business are going out the window or being upended. This has become more of a problem this year. [12:42] There are risks we itemize as the things that are causing problems. Then there are bigger-picture risks you don’t necessarily identify when you’re thinking about your problems. [13:01] You’re thinking about supply chain disruption and natural catastrophes and business interruption, but not about the climate change that may cause them. [13:42] Morgan says people have to focus on the problem that’s in front of them. You have to deal with the acute issues before you can deal with the systematic ones. It’s hard to solve systematic problems. [14:28] Morgan sees polycrisis as interconnected risks. Hilary sees the word as an easy way to allude to something that has been happening for a long time. She can’t think of a time in which you truly faced only one risk without having to think of multiple interconnected risks. [17:35] Morgan edited the new RIMS Executive Report, “Understanding Interconnected Risks” authored by RIMS Strategic and Enterprise Risk Management Council members Michael Zuraw and Tom Easthope. [17:48] The paper is available only for members until February 12th, 2025. Then it will be publicly accessible. [18:16] Morgan says the key for the paper is in its practicality about how you should go about prioritizing risks and understanding where they connect within your operations to communicate with departments and executives and implement risk mitigation. It’s actionable. [19:30] Morgan considers that the value of RIMS membership and Risk Management Magazine is in learning what to do about risks. [20:02] Hillary objects to the term polycrisis. It over-intellectualizes a problem to the detriment of focusing on how to solve it or what to do about it. [20:58] Plug Time! RIMS Webinars! Hub International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [21:23] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [21:34] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [21:54] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [22:32] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview’s show notes. [22:40] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [22:51] Back to our Year in Risk Interview with Morgan O’Rourke and Hilary Tuttle of RIMS Risk Management Magazine!  [23:16] Justin brings up the recent shooting and killing of the UHC CEO. Morgan was at the same hotel but didn’t hear about it until he had walked to the office. [23:46] If RIMS Risk Management Magazine had been a print publication, this event would not have been included. Being a digital publication, Risk Management Magazine was able to cover it. [23:59] Hilary starts with executive safety and employee safety. She speaks of reputation risk and monitoring social media discussion. For most who commented on social media, this murder was no surprise. UHC had a tremendous failure of reputation risk and public listening. [25:28] Hilary was saddened but not surprised by the incident. She calls privatized health insurance in the United States a horror show. You can’t let cashing those executive incentive checks blind you to public response. [26:27] Morgan says it’s amazing to see that public sentiment was decidedly unsympathetic, but it’s not unexpected. Hilary mentions the rates of medical debt in the U.S. Hilary saw an outpouring of approval of the murder, which is an awful response to have. [27:15] If you’re in a position where that is the public sentiment around your organization, you need to fire your PR firm and think very seriously, not only about how you’re conducting business but about how you’re communicating with the public. That is a huge reputation failure. [27:47] Some health insurance companies have trimmed down or removed their executive team pages to make them less identifiable in public. It’s a safety issue. You want to be very careful about how much you post about individual people. [28:43] From a cyber security perspective, nothing you put on the internet is private or innocuous. If you are an insurance executive who likes to go hiking at Mount Whatever, maybe that’s not information you want to put on the internet.  [29:31] Hilary sees this situation as reminiscent of Big Tobacco as an industry. She believes there is an awareness that there is a certain amount of evil being done among executives in this industry. She says perhaps there is a social reckoning to be had in that. [30:06] Plug for The Spencer Educational Foundation! Spencer’s goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [30:24] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer’s 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:48] General grant awardees are typically notified at the end of October. Learn more about Spencer’s general grants through the programs tab of SpencerEd.org. [30:59] Let’s Return to the Conclusion of my Interview with RIMS Risk Management Magazine’s Morgan O’Rourke and Hilary Tuttle!  [31:11] Justin asks about AI and cyber security in 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has noted that there will be an increase in breaches and the creativity of attacks. [31:38] They have a revised Revised National Cyber Incident Response Plan that is available for public comment. Hilary agrees that there will be more AI embedded in cyber attacks in 2025. It is already being used to power attacks and in the detection of attacks. [32:01] AI is also being used effectively in different forms of exploiting humans with ChatGPT and better phishing emails. It is being used to write better malware that is harder to detect. [32:25] Moody’s Outlook expects a significant intensification of cyber risk in 2025, from the number of cyber incidents that are occurring and the sophistication and impact of cyber risk. Companies are getting better at detecting cyber attacks and doing basic cyber security. [33:19] Cyber criminals are getting better, too. The attacks will be harder to detect or more severe in scope. Hilary calls social engineering an interesting art. Like journalism, you have to find the approach that successfully gets the information you are looking for out of humans. [34:38] Morgan describes an old social engineering attack with a recording of a baby crying in the background, and a “harried mom” trying to get into an account without her password, trying to craft a persuasive argument. Gen AI might do all this in one step and be relatively successful. [36:01] Hilary mentions that at the DEF CON hacker’s conference, there is a social engineering village. Their “Capture the Flag” is a contest to do just what Morgan described. There are bulleted lists of the types of information you are trying to get in an allotted time. [37:02] Morgan says it’s not like the fast-typing hackers seen in the movies. You get the information through conversation. [38:05] Hilary says one of the downsides of automation is the tremendous proliferation in the number of attacks that are being launched. Ransomware attacks grew 70% last year and are on track to double their 2022 levels by the end of 2024. [38:29] Moody’s and QB Canada both came out with reports anticipating 5,200 ransomware attacks around the world in 2025, from 2,500 in 2022. It’s easier to launch attacks at scale against multiple organizations at once. The attacks are more sophisticated and damaging. [39:01] The ransomware attacks are asking for significantly more money. Fewer companies are paying ransoms because they have backups and plans in place. Average ransomware payments are going up. Last year, ransomware payments passed $1.1 billion for the first time. [39:26] The companies that pay ransom are feeling more compelled and are in a tougher spot so they are paying larger ransoms. [39:48] Morgan points out that paying the ransom doesn’t solve the problem. Change Healthcare had the largest healthcare data breach in U.S. history. They paid $22 million in ransom but didn’t get the data back. Some attackers will keep extorting you or just take your money and run. [40:36] The FBI has said don’t pay ransomware. You can’t trust criminals. [40:43] Hilary mentions three ransomware threats: holding a network captive, holding data captive, and holding sensitive information captive. This is triple extortion. If you are the victim of a ransomware attack, go in with the expectation that that is the situation. [41:55] Hilary forecasts that 2025 will be a colorful year. There is a tremendous amount of uncertainty in pretty much everything. It will be an interesting year, politically. It will be a very interesting four years, from a regulatory perspective. [42:22] In terms of severe weather, disasters, and cyber, it feels like there will be more, and more, and more events. [42:51] Morgan thinks the biggest thing is the change in administration and the priorities. ESG has been downscaled. A lot of companies are moving off of DEI initiatives, based on the shift in administration and the feeling that DEI will not be as popular. [43:16] The regulations concerning a lot of ESG may no longer be in play. The federal guidelines are not going to be what they were in any aspect. [43:39] President Biden in 2023 issued an Executive Order with guidelines and restrictions on AI. Donald Trump has said he’ll probably rescind that. Donald Trump seems to be aligned with a lot of the tech companies for less regulation of AI. Fingers crossed it doesn’t make things worse! [44:33] Hilary knows several organizations are particularly concerned about some of the potential risk impacts of taking away many of the consumer protections and other regulations that do a tremendous amount to curb risk. That could increase the risk landscape for many. [44:55] CISA has cautioned that this could have a disastrous impact on cyber security. A lot of regulations that keep organizations safer are potentially on the chopping block under the new administration. Hilary thinks that’s probably true in some other industries. It will get risky. [45:30] It has been a pleasure to see you both! I appreciate your time. The RIMS Risk Management Magazine Year in Review is now available at RMMagazine.com. Quick Plug! We’re looking for submissions from the risk profession. See the contribution guidelines. [46:01] Reach out to Hilary and Morgan. Especially if you’re a risk professional, we want to hear your ideas. Morgan says we’re only as strong as our contributors in the risk management community. Give us what you’ve got! [46:21] Special thanks again, as always, to Morgan O’Rourke and Hilary Tuttle of RIMS Risk Management Magazine for joining us here on RIMScast! The Risk Management Year in Review Edition is now live at RMMagazine.com. A link is in this episode’s show notes. [46:41] We look forward to checking back with Morgan and Hilary for the mid-year update in 2025. [46:48] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [47:35] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [47:52] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [48:09] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [48:23] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [48:30] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management Magazine RIMS DEI CouncilNominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates Contribute to RIMS Risk Management Magazine / Submission Guidelines “RIMS Executive Report: Understanding Interconnected Risks” RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS Webinars: RIMS.org/Webinars “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “Big Shifts with John Hagel, RIMS ERM Conference Keynote” “2024 Mid-Year Risk Update with Morgan O’Rourke and Hilary Tuttle” “2023 Risk Year In Review with Morgan O’Rourke and Hilary Tuttle” “Live from the ERM Conference 2024 in Boston!”“Maintaining an Award-Winning ERM Program with Michael Zuraw” “Applying ERM Theory with Elise Farnham” “On Risk Appetite and Tolerance”   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor (New!) “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Morgan O’Rourke, RIMS Director of Publications and Risk Management Magazine Editor in Chief Hilary Tuttle, Managing Editor, Risk Management Magazine   Social Shareables (Edited For Social Media Use): There were 11,000 fires in the Northeast this year, largely in October and November. It’s a different season and in a different region. The traditional risk models are thrown out the window. — Hilary Tuttle   There are always going to be hurricanes and natural disasters. There are always going to be cyber attacks. It’s just a matter of what flavor they are this year. — Morgan O’Rourke   In the last year and a half, shipping through the Red Sea has become an untenable and sometimes uninsurable risk. Our standard expectations for doing business are going out the window or being upended. — Hilary Tuttle   People have to focus on the problem that’s in front of them. You have to deal with the acute issues before you can deal with the systematic ones. — Morgan O’Rourke   For most who commented on social media, the murder of the UHC CEO was no surprise. UHC had a tremendous failure of reputation risk and public listening. — Hilary Tuttle   Phishing is not like the fast-typing hackers seen in the movies. They get the information through conversation. — Morgan O’Rourke   Nothing you put on the internet is private or innocuous. If you are an insurance executive who likes to go hiking at Mount Whatever, maybe that’s not information you want to put on the internet. — Hilary Tuttle

Carrie Frandsen, the System-wide ERM Director at the University of California and a Commissioner for RIMS-CRMP, dives into the essentials of Enterprise Risk Management (ERM). She highlights how ERM can be effectively integrated into daily operations and decision-making. Carrie emphasizes the importance of a cohesive, organization-wide approach to foster a risk-aware culture. Listeners gain practical insights on starting an ERM program, including engaging leadership and utilizing resources like ISO 31000 to guide their journey.

Caroline Schleifer, Founder and CEO of RegASK, shares her expertise in regulatory affairs and AI integration. She discusses the transformative potential of AI in enhancing regulatory practices through augmentation, automation, and acceleration. Caroline highlights the importance of strategies to navigate regulatory scrutiny and the evolving role of risk professionals. The conversation also dives into the growing significance of AI and ESG in compliance, urging organizations to stay informed on emerging regulations and collaborate effectively.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   As the 2010 Winter Olympics gold medalist in men’s skeleton, Jonathan “Jon” Montgomery became a national icon, renowned for his spontaneous and exuberant celebration. Since 2013, Jon has hosted The Amazing Race Canada, captivating audiences nationwide. His career highlights include winning his first World Cup race in 2008 and earning two silver medals at the 2008 FIBT World Championships. Inducted into the Manitoba Sports Hall of Fame in 2019, Jon continues to inspire through his passion for sport and community. Jon recently keynoted the RIMS Canada Conference 2024 in Vancouver, where he took the audience along on his journey to Olympic history. RIMScast Host Justin Smulison was in the audience and was inspired by Montgomery’s story, which revealed the parallels between risk management and sports and competition.   To help close out 2024 and usher in the winter, Montgomery joined RIMScast to discuss his risk philosophies, highlighted by the ups and downs of training and competition. Justin and Jon discuss Jon’s victory at the 2010 Olympics followed by his failure to qualify for the 2014 Olympics. Jon reveals where he fell short and how he turned this failure into a life-changing habit of learning lessons from every setback. Jon comments on the differences between individual risk-taking, and risk professionals applying more risk-aware thinking. Jon talks about journaling his wins and losses in life. Jon credits his team for everything he achieves, from the Olympics to Amazing Race Canada. Jon shares how a misunderstood training program challenged him to his limit but built him up for the 2010 Olympics. Jon’s secret sauce is his curiosity and his desire to chase the best-informed guesses. Jon recommends stacking habits to make short-term goals become long-term commitments.   Listen in to hear Jon’s take on the RIMS Canada Conference 2024 and what he experienced there. Key Takeaways: [:01] About RIMS. [:14] Member registration for RISKWORLD 2025 is now open! General registration opens on December 4th. Visit RIMS.org/RISKWORLD. [:25] About this episode, coming to you from RIMS headquarters in New York. We will be joined by Olympic Gold Medalist, Host of The Amazing Race Canada, and recent RIMS Canada Keynote, Jon Montgomery! [:49] The next RIMS-CRMP Exam Prep Virtual Workshop will be held on December 17th and 18th. The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. [1:08] Links to these courses can be found on the Certification page of RIMS.org and through this episode’s show notes. [1:15] RIMS Virtual Workshops! Elise Farnham of Illumine Consulting recently joined us here on RIMScast. On December 17th and 18th, she will host “Captives as an Alternate Risk Financing Technique”. [1:30] Gail Kiyomura of The ART of Risk Consulting, will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:41] This is the last week to sign up for “Managing Data for ERM”, hosted by Pat Saporito on December 12th. Registration closes on December 11th. [1:52] A link to the full schedule of virtual workshops can be found through RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:08] Interview! My guest today is one of my favorite RIMS Keynotes from 2024, the 2010 Winter Olympics Gold Medalist for Men’s Skeleton, Jon Montgomery. He’s an icon in Canada. He’s known since 2013 as the host of The Amazing Race Canada, captivating audiences. [2:27] He’s an all-around great guy. His keynote at the RIMS Canada Conference 2024 inspired me. We are catching up now to close out 2024 with a little extra inspirado! We will discuss his risk philosophies and how our listeners can apply these philosophies to their lives. [2:58] Jon Montgomery, welcome to RIMScast! [3:09] Jon Montgomery is an Olympic Gold Medalist. You may also know him as the recent host of the RIMS Canada Conference 2024. Jon is calling into the interview from his home office. Justin found Jon to be very personable after his keynote address at the conference. [3:49] Jon says his experience was awesome. The best part was connecting one-on-one with people, and putting a medal around folks’ necks. Not everybody is going to remember what you say but everybody will remember how you made them feel and a moment you shared. [4:27] Jon gets a charge out of meeting folks and finding out who they might know in common. He says in Canada if it’s more than a couple degrees of separation, one of them has been living under a rock. [5:13] Jon saw that folks at the conference were genuinely engaged and happy. The level of positivity was the connecting element from person to person. He could feel the energy. It felt like folks looked forward to these opportunities. People were familiar with one another, like family. [5:36] Jon saw that people look forward to these conferences to be among friends, as well as to learn and network. The level of familiarity was tangible. [6:26] Jon likes to assess risk, by whatever metrics he uses, and he loves to compete against the best, whatever he gets to be a part of.  [6:51] Jon talks about measuring the risks of skeleton against the potential rewards. Whatever the perceived risks were, he pushed them to the side for the opportunity to represent my country, which carried much greater weight. He downplayed the risk in pursuit of that reward.  [7:27] In hindsight, we might lie to ourselves on occasion about risky endeavors because of that proverbial dangling carrot. Jon would have played any sport that would have him. Skeleton had a shorter bench than the national team in hockey, or even speedskating, or downhill skiing. [7:55] When Jon first saw skeleton, he was compelled. Having tried it one time, he was hooked. He loved the experience of being on the sled. He didn’t think too much about what would happen to him but it seemed safer than hockey with all its variables, which he grew up playing. [8:33] In skeleton racing, you go down a frozen chute. There are no right angles and everything is pretty smooth. It just has a great deal of speed. Once Jon got his brain wrapped around that, he was comfortable in that arena. [8:55] Jon learned that the sport places incredible pressure on the brain. That was glossed over in the pursuit of representing Canada. Some of the athletes got concussions and had to work through them. Jon’s wife was profoundly affected by participation in skeleton racing. [9:18] Jon says they are where they are today because of that row to hoe and the dark days that followed after she left the sport and Jon retired four years later. [9:40] Could risk professionals push some risks to the side with a similar outcome or is there a different approach to apply in their roles? Jon suggests risk professionals not turn a blind eye to the outcomes. As an individual chasing a dream, there has to be some of that. [10:05] Jon says if he focuses solely on the risk, it might detract from his capacity to react and take advantage of a situation and opportunity. If you’re dwelling on what could go wrong, you’re missing things right in front of you that might swing the pendulum in the other direction. [10:32] As a risk professional, you work to mitigate that negative outcome. For what’s at stake as a risk professional, Jon would not advise turning a blind eye to outcomes. For the public, dwelling on what can go wrong will lead to some of those outcomes. What we focus on grows. [10:57] If you perpetually focus on the negative and what could go wrong, you will attract it. Focus instead on what you want to have happen. Justin and Jon discuss the law of attraction where thoughts become things. Justin watched it on streaming instead of reading the book. [12:40] Jon keeps track of his hits and misses, but he doesn’t do as much journaling as he thinks he should. When he does journal, he is proud that he wrote of his successes to be reminded of them later. He finds journaling to be a great tool to be leveraged. [13:32] Jon says nobody should expect not to experience disappointments. As a parent, Jon has had to realize that his reactions are natural, even if he would have preferred to react a different way. [13:58] The conversations that are had afterward are humanizing, when he admits not having had the patience the situation warranted. Jon talks of building conversation around expectations, realities, and disappointments, moving forward with purpose. [14:22] One of Jon’s most disappointing experiences was falling short of making the 2014 Olympic team. As the defending Olympic champion, he failed to qualify for the 2014 Games although he was stronger, faster, and more prepared. He had tried to create a better sled. [15:43] In skeleton racing, your sled needs to be intertwined with every fiber of your being. You have to know how it will react to the smallest impetus. If you haven’t had the time to become one with your sled, you are at a disadvantage. Jon didn’t have the time to perfect his sled. [16:18] Jon fell just a hair short. It was wildly disappointing. The feeling in the pit of his stomach was palpable. Today, Jon is so glad it happened to him. What he took away from it was that he realized he had pushed people away who could have helped him in his project. [17:37] Jon had spent a lot of time, money, and effort on this project and he thought people just wanted to be part of it. He pushed against collaboration. He made himself a man on an island in a solo pursuit. He couldn’t reach the necessary expedited rate of development alone.  [18:12] If you want to go quickly, go alone. If you want to go far, you’ve got to go together. Jon applies that lesson to everything he does today as an entrepreneur and in business. He knows he can’t do it singly. The lesson has stood him well since he moved on from the disappointment. [18:43] As you move away from a failure, if you focus on the lessons you learned through that pursuit, that’s always going to be a win. You’ll either get the victory or the lesson. In either case, it’s a W! [19:10] Plug Time! RIMS Webinars! On December 5th, we have “Predictive Strategies to Detect Electrical and Machinery Failures”, presented by Global Risk Consultants, a TÜV SÜD company. [19:25] On Thursday, December 12th, OneTrust returns to deliver “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring”. [19:35] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [19:47] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [20:07] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [20:44] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview’s show notes. [20:52] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [21:04] Back to the Interview!  [22:02] As the tip of the iceberg, the visible part of Amazing Race Canada, Jon stands on the shoulders of a juggernaut of a team. When you saw Jon at the Olympics, going down the mountain on the crazy carpet with rails on it, you didn’t see the team behind the athlete. [22:27] Jon’s team was made up of coaches, trainers, physiotherapists, and team leaders. All of these people feed into a moment. [22:40] When that moment becomes visible to the masses, the capacity to see the team for the individual isn’t present but everybody who has done something that they can be proud of knows full well what goes into a result. [23:22] Jon’s public speaking skills developed in tandem with his pursuit of athletics in high school. Jon and a buddy were student council co-presidents. They spoke in front of their peers at student assemblies. There is no more angst-inducing group to speak to than teen peers. [24:26] Jon became an auctioneer. He shares a sample of his auctioneer chant. He was often asked to MC weddings and events. He learned to be himself on a grand stage. When a beer was thrust in front of him, he was himself. It led him to develop his career, rather than auctioning. [27:31] Jon has a great deal of anonymity in a bar although some speak of offering him a beer. His favorite beer is wet and free. When offered, he will chug it. [29:01] Due to misunderstanding an article on training, Jon found himself overtraining in squats, lifting twice what was suggested. It caused him to break down, physically, emotionally, and mentally, spending hours at the gym to get 100 reps done. [30:17] On day 10, Jon fell short, being unable to do 100 squats with 200 additional pounds on the bar than he had had on day 1. He looked at the workout again and found he had done almost 100% more work than was required. There was no amount of energy he didn’t expend to do it. [31:11] It dawned on him that he never would have made it that far had he known the truth. He wouldn’t have put forth that amount of work if he hadn't believed it was possible. That belief that others had done it was compelling and propelled him far past his self-imposed limitations. [31:39] Almost completing the doubled workout made Jon realize that things are only out of our reach if we put them there; if we use self-limiting verbiage like “I can’t,” or “We’re going to fail.” Confidence is the key, whether you think you can or you think you can’t, you’re right. [31:59] That experience in the gym made Jon realize that if he was going to be good at skeleton racing, he was going to have to continue to develop his legs, his glutes, his quads, and his core, and also his confidence; his capacity to believe that he could be a 2010 national team skeletor. [32:22] Jon had to believe he had the same opportunity and chance as every other athlete out there to win a medal; to win the gold medal. [32:31] All he could do was execute and be the best version of himself on the day that mattered and not worry about anybody else. If he did that, he would put himself in the best possible position. Jon was 30, turning 31. His training had made him strong. He peaked at the Games. [33:12] Jon’s last push on his last run at the Games was his best. He needed that fast start time to compete with the two fastest pushers in the world. [34:12] Justin and Jon discuss not drinking alcohol on days you train. Jon says how we manage something inherently unhealthy is an individual thing. Your capacity to recover after having alcohol is reduced. Jon calls drinking a balancing act. You have to weigh things. [36:42] Jon talks about getting deep sleep and REM. He wears an Oura Ring to track his sleep. His metrics are different when he’s had alcohol. Jon cherishes his sleep. [37:50] Jon says when you stack habits, your capacity to change short-term interests into long-term commitments is so much more bolstered. [38:33] Jon Montgomery’s secret sauce is curiosity. He has a great deal of gratitude for having a curious mind. It’s hard to teach or coach curiosity. Curiosity can be nurtured when you recognize it in your children and others. Jon’s curiosity leads him to chase best-informed guesses. [39:37] Jon never holds anything so dear to his heart that he would die on that front. He is open and willing to have his mind changed about stuff. He’s plain about what he knows right now. [39:49] Jon, it has been such a pleasure to have this one-on-one time with you for RIMScast. This past year, 2024 RIMS Canada had their best lineup of keynotes with you, Kevin Vallely, Jay Kiew, and Jody Wilson-Raybould. You all were fantastic and there was a lot to take away. [40:14] It resonated with me so I wanted to keep you at RIMS a little longer to get some more of those nuggets of wisdom. [40:39] Jon invites you to get your submission tapes in for Amazing Race Canada. Casting is still open. Jon will be the host for as long as they will have him! If they can him, he’ll follow them on the road and sneak into shots! They do the show for men’s health awareness. Donate online. [41:19] Special thanks again to Olympic gold medalist Jon Montgomery for joining us here on RIMScast. If you missed his keynote at the RIMS Canada Conference 2024, be sure to look for him on the road as he delivers several more at other events. [41:33] Be sure to follow his adventures as the host of Amazing Race Canada, which is gearing up for its 11th season, brought to you by CTV. Learn more about him at JonMontgomery.CA. [41:47] More RIMS Plugs! The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It’s different from the RIMS Events App. Everyone loves the RIMS App! [42:22] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [43:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [43:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [43:42] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [43:56] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [44:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) NEW FOR MEMBERS! RIMS Mobile App RIMS-CRMP Stories — Featuring Valerie Fox!  Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award RIMS Webinars: “Predictive Strategies to Detect Electrical and Machinery Failures” | Sponsored by TUV SUD GRC | Dec. 5, 2024 “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring” | Sponsored by OneTrust | Dec. 12, 2024 RIMS.org/Webinars   Upcoming Virtual Workshops: RIMS-CRMP Exam Prep (Virtual)Dec. 17‒18, 2024 | 9:00 am‒4:00 pm EST — Register by Dec. 10. “Managing Data for ERM” | Dec. 12, 2024 & March 12, 2025 “Captives as an Alternate Risk Financing Technique” | Dec. 17‒18 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops” RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “Exploring Risk in Extreme Environments with Kevin Vallely”, RIMS Canada Conference 2024 Keynote “Change Management and Strategy with Jay Kiew, RIMS Canada Conference 2024 Keynote” “Live From Vancouver! with Maryam Salmasi, Fred H. Bossons Award Winner 2024” “RIMS 2024 Rising Star Chelsea Andrusiak” (SKRIMS Vice President) “Supply and Bike Chains with Emily Buckley”   Sponsored RIMScast Episodes: “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL (New!) “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center   RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Jon Montgomery, 2010 Winter Olympics Men’s Skeleton Gold Medal Winner and Host of Amazing Race Canada   Social Shareables (Edited For Social Media Use): The best part of a gig is the opportunity to connect one-on-one with people in their space, and getting to put a medal around folks’ necks. Not everybody is going to remember what you say but everybody will remember how you made them feel and a moment you share. — Jon Montgomery   I like to assess risk, on what metrics I use, and I love to compete. I love to stack myself against the best, in whatever it is I get to be a part of. — Jon Montgomery   When I saw skeleton for the first time, I was compelled, from a visual standpoint. Having tried it one time, I was hooked. — Jon Montgomery   When the moment of competition becomes visible to the masses, the capacity to see the individual’s team isn’t present but everybody who has done something that they can be proud of knows full well what goes into a result. — Jon Montgomery   That belief that others had done this doubled workout was compelling and propelled me far past my self-imposed limitations. It made me realize that things are only out of our reach if we put them there. — Jon Montgomery   I am a curious dude. It’s led me to chase best-informed guesses for what we know today. I am open and willing to have my mind changed about stuff. Here’s what I know right now. — Jon Montgomery  

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   The RIMS ERM Conference 2024 in Boston featured a stellar lineup of risk thought leaders who shared their experiences applying ERM practices to align risk management with strategy and showcase the value of more risk-aware corporate cultures. At the Conference, Justin spoke with two leading ERM practitioners in different primary areas to provide a range of perspectives. In this episode of RIMScast, Justin interviews Christopher Stitt about his session, which he based on the RIMS ERM Framework and the RIMS Risk Maturity Model. Justin interviews Catrina Gilbert about her position at the DFW Airport and her career in risk management and ERM, as well as current airport initiatives. Listen in for a sample of the offerings of the RIMS ERM Conference 2024 with its record-breaking full-capacity attendance.   Key Takeaways: [:01] About RIMS. [:14] Member registration for RISKWORLD 2025 is now open! General registration opens on December 4th. Visit RIMS.org/RISKWORLD. [:25] About this episode. Recorded live in Boston at the RIMS ERM Conference 2024, we have interviews with two fantastic guests! [:49] The next RIMS-CRMP Exam Prep Virtual Workshop will be held on December 17th and 18th. The next RIMS-CRMP-FED Exam Course will be hosted along with George Mason University from December 3rd through the 5th. [1:07] Links to these courses can be found on the Certification page of RIMS.org and through this episode’s show notes. [1:15] RIMS Virtual Workshops! Elise Farnham of Illumine Consulting recently joined us here on RIMScast. On December 4th and 5th, she will host “Applying and Integrating ERM”. On December 17th and 18th, she will host “Captives as an Alternate Risk Financing Technique”. [1:35] Those are just two of the workshops RIMS offers; we have lots more! Other dates for the Fall and Winter are available on the Virtual Workshops calendar, RIMS.org/virtualworkshops. [1:51] First Interview! Our first guest was a featured speaker on Day 2 of the RIMS ERM Conference 2024. His name is Christopher Stitt and he is the Founder and CEO of CrisisLead, LLC. [2:01] Chris’s session was titled “The Art and Science of High-performing Enterprise Risk Management: Bridging Silos for Sustainable Success.” We’ll speak about that session and give a high-level overview for those who could not attend. [2:18] Chris has a fascinating background that led him to risk management and ERM. His career journey is an inspiration. We recorded live on-site at the Boston Hilton Plaza. Christopher Stitt, welcome to RIMScast! [2:51] This is Chris’s first ERM Conference. He’s enjoying it and likes getting a broader perspective of how the overall ERM community operates. It’s been a fantastic opportunity to network with some amazing professionals and learn from them! [3:20] Chris talks about the session he is giving, “The Art and Science of High-performing Enterprise Risk Management: Bridging Silos for Sustainable Success.” It comes down to people. What sometimes gets missed in the ERM process is the human factor. [3:51] It’s about getting the buy-in necessary and the understanding of what risk is, not just from the senior level but across the board. A new concept, the Risk Intelligence Quotient, can help your organization understand how to look at, feel about, and interact with risk. [4:26] The Risk Intelligence Quotient, along with the human-centric aspects of the risk program, can help you build a good risk culture and ultimately, a high-performing organization that can thrive during both business-as-usual and disruption. [5:03] Chris used the RIMS ERM Framework and the RIMS Risk Maturity Model as the foundation of his session. As he studied the RIMS Risk Maturity Model, he saw it was about the journey, from starting a risk program in a new business to developing a mature program. [5:37] As a business grows and a company matures, you need to be able to go through the process and say, “We need to start documenting how this works. We need to start ingraining this into our business process.” [6:01] The RIMS Risk Maturity Model gives a great overview of how to ingrain risk management into your business process, especially in a business developing as a hierarchical organization. [6:41] Chris was a U.S. Department of State Diplomatic Security Service Special Agent for over 25 years managing integrated security risks in embassies around the world. He looked at how international risks would influence U.S. operations in a given country. [7:17] Chris was also Chief of Emergency Planning for the Department of State twice. That gave him a wide view of how risks develop and how to develop response plans to those risks. [7:40] About 2014, The Department of State set up an ERM program. Chris was at the initial meeting. Senior officials were using terms he knew but with different meanings. That led Chris to investigate further into the meaning of enterprise risk and how to integrate it. [8:24] What Chris loves is helping other people understand and build ERM programs. That’s why now, since retiring from the Department of State, Chris has moved into consulting. He sees it as a great opportunity to bridge the silos for a better understanding of what we’re trying to achieve. [8:51] Chris is excited about presenting his session where he talks not only about the risks but also how you find the opportunities in those risks. It’s about building a powerful ERM program that gets buy-in from stakeholders and imbuing ERM into your organization’s culture. [9:29] Chris, it’s been a pleasure. Thank you for joining us here on RIMScast. [9:43] Plug Time! RIMS Webinars! On November 25th, Resolver returns to discuss “The Future of Risk & Compliance: 5 Key Insights for the Modern Leader”. [9:54] On December 5th, we have “Predictive Strategies to Detect Electrical and Machinery Failures”, presented by Global Risk Consultants, a TÜV SÜD company. [10:06] On Thursday, December 12th, OneTrust returns to deliver “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring”. [10:16] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [10:28] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [10:48] The awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [11:26] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview’s show notes. [11:35] Final Interview! Catrina Gilbert is a previous ERM Conference speaker. Catrina is well known in ERM in Texas and the DFW RIMS Chapter. We will talk about how ERM influences aviation and some of the risk awareness campaigns she champions at the DFW Airport. [11:56] Catrina Gilbert, welcome to RIMScast! Catrina is the Vice President of Risk Management at the DFW Airport and the Treasurer of the RIMS DFW Chapter. Justin and Catrina have known each other for a few years. [12:30] Catrina is absolutely loving the RIMS ERM Conference 2024. Boston is beautiful this time of year. The speakers, the lineup, the vendors, and the food have been amazing! Every session has been standing-room-only! The Conference is at maximum capacity. [12:54] It adds to the excitement. It is beautiful to see all these great minds from different industries, states, and countries converging on Boston! Catrina had “chowda” for the first time! [13:37] Catrina states that there is never a dull moment in aviation. Airports are growing and rebounding from the pandemic, doing all sorts of construction projects. DFW has a $9B Capital Improvement Plan. From an insurance and claims perspective, that keeps Catrina very busy. [14:02] The DFW Airport has a rolling owner-controlled insurance program, which keeps Catrina super busy. Catrina is also responsible for the airport’s ERM program. That’s why Catrina is at the RIMS ERM Conference 2024. [14:16] Having the ERM program and being rooted in the organization at the ground level and the executive level, Catrina makes sure that everyone on the airport’s Risk Council understands that ERM can also stand for “Everyone’s a Risk Manager.”. [14:37] Catrina is trying to empower the team to think strategically and holistically, and to think about how different programs and platforms have interdependencies. If we have an issue here, how is it going to impact, perhaps, the runway or the concessions? [14:57] Catrina is looking at a resiliency framework; how do we bounce back? A lot of organizations are still struggling from the pandemic. Everyone is focused on a resiliency framework. When this happens again, are we ready? That’s the beauty of this conference. [15:33] Catrina says every holiday is the best time of the year at an airport! There’s no such thing as the worst time of the year. The beauty of an airport is that it connects people around the globe. The holidays are a special time for everyone. Airports love playing a part in that journey. [16:14] Catrina has been at DFW for almost eight years. She has been in risk management since 1999. She has done risk in several industries. Aviation is, by far, her favorite. There is never a dull moment; two days are never the same. DFW Airport is a city, with all the departments. [17:22] Trisha Sqrow and Sandra Fontenot, past RIMScast guests, were DFW colleagues of Catrina’s. Trisha is doing great work at the Conference. Sandra Fontenot is doing great work at the RIMS DFW Chapter and helped Catrina with the annual chapter conference. [17:37] Catrina says we grow when we move, but RIMS and risk management keep people together. Catrina thinks the work that they did together at DFW Airport is one of the reasons they’re still colleagues and friends. They still share ideas and speak at conferences together. [18:31] Catrina has 12 people in her risk group at the DFW Airport. At her previous airport, Hartsfield-Jackson Atlanta, she was a department of one. She reported to the city. She hears “department of one” a lot at the Conference, maybe two or three. Everything’s bigger in Texas. [19:03] Catrina looks for fresh ideas in a new risk hire. DFW had Innovation Week last week. Seeing the great ideas coming through in the aviation industry, including AI, Catrina wants people who have an open mind, are innovative, and are willing to try some new things. [19:37] You can teach the rest of it. Catrina wants people with the soft skills, the personality, and the ability to jump in there, push up their sleeves, and try it out. [19:57] Justin recently noticed in the restrooms at DFW Airport posters on Human Trafficking Awareness. He is a big proponent of human trafficking awareness. He has led those initiatives at RIMS. He was glad to see that DFW is one of the many airports boosting awareness. [20:18] DFW is one of many airports in this fight against human trafficking. They have training, posters, and placards to educate you to say something if you see something and how to report what you see. It’s better to be safe than sorry. DFW provides you with a way to report. [21:06] The Human Trafficking Awareness campaign is a team effort. It went through the Community Engagement Team, the Customer Experience Team, and the Department of Public Safety. Everyone worked hand-in-hand to be on the same beat in fighting human trafficking.  [21:32] DFW is proud to be a part of the global Sunflower Lanyard Program, designed to make hidden disabilities a little bit more visible. A passenger who has a hidden disability will receive a Sunflower Lanyard by mail before their departure date. [21:54] When the passenger with the hidden disability is in the terminals, DFW employees have been trained to recognize the Lanyard and give them a tailored experience by asking how they can assist the passenger to have a wonderful travel experience. [22:14] It’s about providing for the diverse needs of a diverse population to ensure that everybody has the same experience in traveling. [22:25] What a delight to finally have Christoper Stitt and Catrina Gilbert as our special guests here on RIMScast! [22:33] Check out this episode’s show notes for links about the ERM Award of Distinction Winners and Honorees and more about the Conference. Of course, we also have a special edition of Risk Management magazine dedicated to ERM. That’s available in the show notes. [22:52] More RIMS Plugs! The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It’s different from the RIMS Events App. Everyone loves the RIMS App! [23:27] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [24:13] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [24:30] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [24:47] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [25:01] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [25:09] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS ERM Conference 2024 Roundup — Global Award of Distinction Honors RIMS Strategic & Enterprise Risk Center RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) NEW FOR MEMBERS! RIMS Mobile App RIMS-CRMP Stories — Featuring Valerie Fox!  Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award RIMS Webinars: “The Future of Risk & Compliance: 5 Key Insights for the Modern Leader” | Sponsored by Resolver | Nov. 25, 2024 “Predictive Strategies to Detect Electrical and Machinery Failures” | Sponsored by TUV SUD GRC | Dec. 5, 2024 “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring” | Sponsored by OneTrust | Dec. 12, 2024 RIMS.org/Webinars   Upcoming Virtual Workshops: RIMS-CRMP Exam Prep (Virtual)Dec. 17‒18, 2024 | 9:00 am‒4:00 pm EST — Register by Dec. 10. “Applying and Integrating ERM” | Dec 4‒5 “Captives as an Alternate Risk Financing Technique” | Dec. 17‒18 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “Risk Quantification Through Value-Based Frameworks” “Maintaining an Award-Winning ERM Program with Michael Zuraw” “Applying ERM Theory with Elise Farnham” “On Risk Appetite and Tolerance” “Big Shifts with John Hagel, RIMS ERM Conference Keynote” “Live From RIMS ERM Conference 2023”   Sponsored RIMScast Episodes: “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL (New!) “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant’s P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine ERM Special Edition RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy   RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Christopher Stitt, Founder and CEO at CrisisLead, LLC   Catrina Gilbert, Vice President of Risk Management at Dallas Fort Worth International Airport RIMS DFW Chapter Treasurer   Social Shareables (Edited For Social Media Use): The Risk Intelligence Quotient (how you look at risk), along with the human-centric aspects of the risk program, can help you build a good risk culture and ultimately, a high-performing organization that can thrive during both business-as-usual and disruption. — Christopher Stitt   What I really love is helping other people understand and build ERM programs. That’s why now, since I retired from the Department of State, I have moved into consulting. It’s a great opportunity to bridge the silos. — Christopher Stitt   It’s about building those cultures that can build very powerful ERM programs that get buy-in from the stakeholders and imbuing ERM into the culture of your organization. — Christopher Stitt   In a post-pandemic era, everyone is focused on a resiliency framework. When this happens again, are we ready? Are we prepared? Have we done the work? That’s the beauty of this RIMS ERM Conference 2024. — Catrina Gilbert   You can teach the rest of risk management. I want people with the soft skills, the personality, and the ability to jump in there, push up their sleeves, and try it out. — Catrina Gilbert   We have training, posters, and placards to educate you to say something if you see something and to have a way in which to report human trafficking. — Catrina Gilbert