RIMScast

The Risk and Insurance Management Society, Inc.
  • 4.5 (11)
  • BUSINESS NEWS
  • UPDATED WEEKLY
RIMScast

The official podcast of RIMS, the Risk and Insurance Management Society. Tune in for weekly discussions about risk management hot topics, interviews with leaders in the profession, and updates on RIMS events and education.

  1. 6D AGO

    Supply Chain Integrity and Sustainability with Nicole Sherwin of EcoVadis

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Our guest, Nicole Sherwin, Chief Impact Officer of EcoVadis, explains her ESG philosophy, and how her role as EcoVadis Chief Impact Officer works with sustainability, including climate-related risks, human rights, transparency in supply chains, and sustainability supply chain regulations. Nicole and Justin discuss each of these topics and how companies can improve their sustainability metrics. Nicole points out the incentives companies have to demonstrate to investors and institutions more transparency in their supply chains. She notes tools and frameworks companies can use for supply chain ESG and sustainability reporting. Listen for a perspective on adding sustainability compliance to your organization’s supply chain. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow with RIMS at RISKWORLD from May 4th through May 7th in Chicago, Illinois. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:30] About this episode. We will discuss sustainability and supply chain risk with our guest, EcoVadis Chief Impact Officer Nicole Sherwin. [:55] RIMS-CRMP Workshops! The next workshop will be March 19th and 20th. Register by March 12th. As part of our continuing strategic partnership with Purima, we have a two-day course coming up April 22nd and 23rd. [1:12] LInks to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:20] Virtual Workshops! “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. On March 26th, Pat will also host “Generative AI for Risk Management.” [1:38] On April 16th and 17th, Chris Hansen will lead “Managing Worker Compensation, Employer’s Liability, and Employment Practices in the U.S.”  [1:51] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:02] RISKWORLD registration is open. Engage Today and Embrace Tomorrow, May 4th through 7th in Chicago. Register at RIMS.org/RISKWORLD. Also, remember there will be lots of pre-conference workshops being held in Chicago just ahead of RISKWORLD. [2:20] These courses include “Applying and Integrating ERM,” “Captives as an Alternate Risk Financing Technique,” “Contractual Risk Transfer,” “Fundamentals of Insurance,” “Fundamentals of Risk Management,” RIMS-CRMP Exam Prep, and more! Links are in the show notes. [2:43] Between tariffs, climate threat, and geopolitical instability, now is a good time to reexamine your supply chain risk management practices, especially in front of April, which is Supply Chain Integrity Month. [2:57] Joining us today to discuss the role that sustainability efforts can play in managing supply chain risk is Nicole Sherwin, the Chief Impact Officer at EcoVadis, a provider of business sustainability ratings and insights. There’s much to discuss about sustainability, ESG, and more! [3:17] Interview! Nicole Sherwin, welcome to RIMScast! [3:40] Nicole holds that businesses have a unique opportunity to magnify the positive social and environmental impacts of the things they do and where they engage. [3:56] Nicole is especially passionate about sustainable supply chains and the B2B relationship between buyers and suppliers. Procurement, the function that works with suppliers, holds a lot of power, in deciding which suppliers to spend money with. [4:13] Procurement wants to work with suppliers who can demonstrate they are strong partners in all senses of the word, but increasingly in managing their business’s sustainability. [4:22] It can reduce risk, increase resilience, and open collaboration opportunities for procurement teams to drive growth and value for their business. [4:35] Procurement can leverage sustainability innovations of products and services of their suppliers into the design and selling of their products and services, which helps them meet the demands of customers and unlock new markets. That excites Nicole. [4:59] EcoVadis is a purpose-driven company, as stated in its corporate bylaws. Its purpose is to guide all companies toward a sustainable world. [5:14] Nicole’s role as Chief Impact Officer is similar to a Chief Sustainability Officer. Part of her role is responsibility for implementing best-in-class sustainability practices internally. Some of those practices are set science-based carbon reduction targets. [5:31] EcoVadis runs a program with its suppliers to engage them in sustainable practices. [5:35] The bigger impact EcoVadis can have is via its solutions and driving sustainability transformation with its customers. EcoVadis is dedicated to embedding sustainability data and intelligence into business decisions. [5:50] EcoVadis has sustainability ratings and data it provides to help businesses benchmark themselves and improve their performance on environmental and social topics. It focuses on global supply chains and procurement organizations that engage their suppliers. [6:08] The impact EcoVadis has is as an enabler to guide companies to improve their practices on decarbonization, working conditions, and human rights, to create stronger sustainability performance with more resilient supply chains. [6:19] KPIs are important ways to measure. Action can be even more important. Don’t wait to get the right measurement or figure out how to measure. Get to action, maybe specifically on decarbonization, where some of the metrics and KPIs might be hard to get to. [6:46] Nicole believes there are many risks to global supply chains. Some are geopolitical instability, tariffs impacting trade, and increased cyber attacks on critical infrastructure as things are becoming more digitalized. [7:05] Nicole mentions four sustainability topics. The first is climate-related risks, including extreme weather events, natural disasters, and long-term climactic changes, like rising temperatures and sea levels. Climate impacts raw material availability or shortages. [7:27] Droughts and changes in weather affect agricultural productivity. Weather could be linked to transportation and distribution disruption with infrastructure damages and closure of routes that impact business continuity. [7:45] The second sustainability topic is human rights and forced labor risks. These can be hard to detect. EcoVadis customers, working with their supply chain, have a strong focus on identifying and remediating those risks. [8:02] The third sustainability topic is the lack of transparency in the supply chain. Many companies are only scratching the surface of the potential risks as they engage their direct or tier-one suppliers. Behind the tier-one supplier are different products and raw materials. [8:23] How do you understand who those suppliers are and what are their ethical standards for sourcing and labor practices? [8:30] The fourth sustainability topic is ESG or sustainability supply chain regulations. Supply chains are complex. They’re global. They could go deep into the multi-tier. Getting supply chain data needed for compliance is also complex. [8:45] The ESG regulation space is evolving. It’s a moving target, both in the U.S. and in Europe. Being late or not being prepared for these regulations is a risk. [9:01] Plug Time! The Spencer Educational Foundation’s goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [9:21] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. [9:35] Spencer’s 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. General Grant awardees are typically notified at the end of October. Learn more about Spencer’s Grants through the Programs tab of SpencerEd.org. [9:54] Spencer Day is an annual virtual event where the risk management and insurance communities come together to celebrate the Spencer Educational Foundation and the incredible work they do to attract and retain talent in the risk management and insurance professions. [10:10] It’s never too late to donate. You can send a belated Spencer Day card. This year, the Foundation is seeking donations of $46 in honor of Spencer’s 46th year of operations. Visit SpencerEd.org/spencer-day for more details and donate. [10:34] Every contribution is an investment in the future of risk management. We appreciate your support. [10:40] Let’s Get Back to Our Interview with Nicole Sherwin of EcoVadis! [11:02] Organizations can focus on sustainable procurement, creating an end-to-end program with suppliers, identifying where the risk is, assessing the performance, closing the gaps, and driving improvements on ethical, social, and environmental topics. That’s a key foundation. [11:22] This can be done with on-site audits, online questionnaires, certifications that can be collected, and verification technology. Companies are deploying targeted engagements with suppliers that align with their corporate sustainability goals. [11:39] Decarbonization of the supply chain is a key sustainability goal. It starts by understanding a supplier’s carbon footprint. [11:47] A vast majority of the supply chain is small-to-medium companies (SMEs) in emerging markets. They don’t know where to start calculating their Scope 1 and Scope 2 indirect emissions. There are a lot of carbon estimators that can support suppliers to calculate those. [12:03] These estimates can be used by procurement organizations to calculate their S

    27 min

  2. FEB 25

    (Re)Humanizing Leadership in Risk Management with Holly Ransom

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Our guest, Holly Ransom, an internationally acclaimed speaker and leadership trailblazer, will be a keynote speaker on May 6th at RISKWORLD 2025 in Chicago. Holly previews her keynote as well as shares nuggets of risk knowledge she has collected throughout her career. Holly gives tips for leadership qualities and skills that are needed more than ever in this uncertain environment. She speaks of resilient leadership and confidence in crises. She tells how to recover a strong brand from a crisis when handled properly. She speaks of the importance of lifelong learning, not as an ideal but as a practice. Listen for Holly’s keynote theme and her advice for leaders today in this insightful episode. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:29] Register now! The Super Savings Rate ends on February 28th! [:37] About this episode. We will be joined by Holly Ransom, who is one of the keynote speakers who will be on the main stage at RISKWORLD 2025 on May 6th. We will get a preview of her session, “Humanizing Leadership in a Tech-Enhanced World.” [1:10] RIMS-CRMP Workshops! RIMS will partner with Purima once again on March 5th and 6th to deliver a virtual RIMS-CRMP Prep Course. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:30] Virtual Workshops! “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. On March 26th, Pat will also host “Generative AI for Risk Management.” [1:52] On April 16th and 17th, Chris Hansen will lead “Managing Worker Compensation, Employer’s Liability, and Employment Practices in the U.S.”  [2:05] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:16] RISKWORLD registration is open. Take advantage of our Super Savings Rate by February 28th. Register at RIMS.org/RISKWORLD. Also, remember there will be lots of pre-conference workshops being held in Chicago just ahead of RISKWORLD. [2:34] These courses include “Applying and Integrating ERM,” “Captives as an Alternate Risk Financing Technique,” “Contractual Risk Transfer,” “Fundamentals of Insurance,” “Fundamentals of Risk Management,” RIMS-CRMP Exam Prep, and more! Links are in the show notes. [2:55] Our guest today is Holly Ransom, and she is one of the keynote speakers who will be on the main stage on May 6th at RISKWORLD. She will lead the session “Humanizing Leadership in a Tech-Enhanced World.” We’re going to get a preview of her presentation. [3:08] Holly will also talk about some of the world leaders she has shared the stage with and why she found them impactful. [3:17] Interview! Holly Ransom, welcome to RIMScast! [3:24] At RISKWORLD 2025, on May 6th, Holly Ransom will present a TED-style talk, “Humanizing Leadership in a Tech-Enchanced World.” [3:41] Holly can’t wait to be there in Chicago. She is excited that so many will be attending! Her keynote goal is to explore how important authenticity, empathy, and purpose in leadership are amid technological change. [3:59] It’s easy to lose sight of authenticity in an industry that’s all about metrics and frameworks. We need to maintain that focus on building resilient teams that can navigate uncertainty with confidence and clarity. That’s what Holly will share at RISKWORLD. [4:34] Holly will be diving into the high-performing culture element. A lot of Holly’s work with high-performing sports teams and in the corporate landscape is about how to get collective effectiveness. [4:45] Holly’s keynote will pull on those insights to ask what it looks like to influence positively the environment to get the best out of the people around her, maximize creativity, and seize the innovation opportunity. That will be where it comes together in her conversation. [5:22] Holly discusses the metrics of success. It depends on the organization. There are performance metrics for revenue and reputation that show how effective a business is. She talks about looking beyond traditional KPIs to other ways to measure effectiveness. [5:51] These other measures may include new products to market, rate of innovation, successful growth of new products versus legacy brands, psychological safety scores, team engagement, and recognition. [6:12] Holly looks for proactive measures and team collaboration quality. That’s a combination of metrics beyond what organizations have traditionally measured. Pick out of the KPI soup the ones that benefit you. Which ones measure the needle moving in your organization? [7:01] Holly has spoken at events within the risk industry. RISKWORLD will be her largest risk management speaking event. [7:23] Holly sees the risk profession as having an incredibly important role, making sure that safety is maintained and people safely get to where they want to go, inside their organizations.  [7:39] These are the people laying down strategy and setting the innovation roadmap, and how we get there while maintaining the expectations of our customers, standards for our employees, and the license we have to operate within our community and the broader society. [8:05] Holly says risk management is one of the most complex jobs inside an organization. Holly worked in large corporations in mining and banking early in her career. She spent a lot of time with CROs. Their risk reports to the board were around 150 pages, before cyber frontier. [8:44] Holly has empathy for risk managers who must influence other executives to understand the risk agenda and embrace and support it. The skills of risk professionals have probably never mattered more as we navigate the complexity. [9:30] The 150-page risk reports Holly saw in her corporate career were filled with information, including heatmaps. It was important to call attention to what mattered most and report it realistically while discharging risk duties responsibly. It’s an interesting tightrope to walk. [10:22] Holly mentions the role that smart risk plays in innovation and progress. In high-performing teams, if you keep doing the same thing, you can’t maintain your competitive edge. There is always an element of risk in the evolution of strategy and approach. [10:49] Netflix embraced risk in its strategy of pivoting away from rental to streaming, first with owned content and now into live sports. There were difficulties, but now Netflix is one of the most successful stories of the last 20 years. [11:52] Netflix was prepared to “cannibalize” itself and jump on what it saw as an emerging technology opportunity to stake out a new business model. Netflix continues to add new subscribers. [12:40] What can leaders learn from Netflix? Ask yourself what you are doing as a leader to build your peripheral vision. How do you make sure you’re not getting caught in the way you do things or the way your industry operates? [13:02] How do you expand your view so change does not catch you off-guard and the opportunities and threats that come are things that you as a leader are beginning to think about? AI could be an example of something relevant to leaders at the moment. [13:21] Ask what’s the question you need to be reflecting on. What’s the strategic question you can take to your leadership team or board that allows you to get into a “meaty” conversation on the topic with ideas on how the board wants to respond to it, proactively versus reactively? [13:40] How are you keeping your finger on the pulse? Do you have a source outside your deep industry expertise or outside where you operate? Are you having periodic conversations with a leader in another industry sharing observations and data points? [14:06] How do you turn an observation into a question that sparks the thinking and the conversation that can be the catalyst for transformation? Get into conversations with your colleagues. What does this mean for us and how can we do something significant for us with it? [14:27] Netflix started very early in strategic conversation and prepared to take strategic bets on what part of its portfolio and what allocation of its resources to give to this new idea. [14:41] You see this process in a range of businesses, however they structure it. Some businesses have an innovation arm. Other places have a budget allocation per department for new ideas each year. [15:05] There needs to be a meaningful skin in the game each year, building the muscle of working up an idea and attempting execution. That allows you to get real opportunities, rather than just intellectualizing risk. What will you learn in the process to try better next time? [15:35] Plug Time! RIMS Webinars! On March 13th, our friends from Global Risk Consultants will return to discuss “How to Make Your Property Insurance Submission AI-Ready”. [15:49] On a unique day and time, March 26th at 2:00 p.m. Eastern Time, members of the RIMS Strategic and Enterprise Risk Management Council will extend the dialog that began in the recent RIMS Executive Report “Understanding Interconnected Risks”. [16:07] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [16:19] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. [16:27] The Spencer Educational Foundation’s goal to help build a talent pipeline of risk management and insurance professionals is achieved i

    32 min

  3. FEB 18

    RIMS Legislative Priorities in 2025 with Mark Prysock

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Our guest, Mark Prysock, RIMS General Counsel & VP of External Affairs, is here to tell us about the RIMS Legislative Summit 2025, in Washington D.C. on March 19th and 20th. Mark shares the top five RIMS legislative priorities, what they mean, and how they impact the risk management profession. These include the need to regulate private third-party legislation funding, data privacy, and cyber security, the National Flood Insurance Program, non-profit tax reform, and the Investing in Tomorrow’s Workforce Act, liberalizing College 529s to allow using them for certifications. Listen for details on the RIMS Legislative Summit 2025, why you should attend, and what you can expect from it. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:33] About this episode. We will be joined by RIMS General Counsel and Vice President for External Affairs, Mark Prysock to discuss RIMS’s legislative priorities and the RIMS Legislative Summit.. [:59] RIMS-CRMP Workshops! RIMS will partner with Purima once again on March 5th and 6th to deliver a virtual RIMS-CRMP Prep Course. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:18] Virtual Workshops! On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [1:44] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [1:55] RISKWORLD registration is open. Take advantage of our Super Savings Rate by February 28th. Register at RIMS.org/RISKWORLD. [2:07] Speaking of RISKWORLD, next week, we will have one of the main stage keynotes, Holly Ransom, join us. Be sure to subscribe to RIMScast to make sure you get that episode as it comes out! [2:19] Today’s episode is all about RIMS’s legislative priorities and how those priorities will be addressed at the RIMS Legislative Summit 2025, March 19th and 20th in Washington, D.C. You can learn more about it at RIMS.org/advocacy. [2:37] One of my favorite RIMS colleagues is here to discuss all things legislation. Mark Prysock is our General Counsel and Vice President for External Affairs. [2:48] Mark is the point person for the RIMS Legislative Summit 2025, helping to ensure that our priorities at RIMS are communicated on behalf of our members to representatives in Congress. [3:02] Mark is going to join me today to discuss the top five RIMS legislative priorities in a little bit more detail, provide some additional perspective, and discuss the agenda a little bit, which will be finalized soon. [3:19] Interview! Mark Prysock, welcome back to RIMScast! [3:26] The RIMS Legislative Summit 2025 will be held on March 19th and 20th in Washington, D.C. This is a different time of year to host the summit. It was formerly held in September or October, depending on whether it was an election year. [3:56] Mark says the event was shifted to March because Congress, in general, seems to be fatigued by the end of the year. By September or October, it seemed that Congress was pretty much done with what they planned to get done for the year already. [4:13] RIMS thought it would make sense to meet with them in the first quarter of the year rather than the last quarter and see if they can’t get more engagement or interest in RIMS’s issues. Mark is excited about this change to March for the Summit. Congress will be newly in session. [4:41] The Summit participants will be meeting some new committee chairs and ranking members for the first time. This is going to be a great shift for the RIMS Legislative Summit. [5:02] This year will be a little different because there is going to be a significant tax bill passed. In 2017 there was a large package of temporary tax cuts which are set to expire this year. No one in Congress wants those tax cuts to expire and hit the American people with a tax hike. [5:27] To extend those tax cuts, Congress has to find other ways to generate tax revenue. So there will probably be a big tax bill this year. This is a good time to engage with the broader association community and members of Congress on these issues. [6:05] Mark says the Congressional Budget Office will rate how much of an impact, positively or negatively, a bill is going to have on the government’s finances. Eight years was the maximum they could push out these tax cuts without the government going over the tax cliff. [6:30] These temporary tax cuts are set to expire in September. Congress will need to do something about that. [6:39] The top five RIMS legislative priorities are listed on the RIMS.org site. Please see the link in this episode’s show notes. Justin and RIMS CEO Gary LaBranche discussed these legislative priorities in a recent RIMScast episode. [7:07] The top five legislative priorities, in no particular order, include third-party litigation funding. This issue is gaining a lot of traction in Washington. Mark defines third-party litigation funding as private investors backing civil litigation with significant sums of money. [7:39] There are currently no disclosure requirements. It can be a national security risk when foreign agents fund litigation here in the United States. Funders are often in a position to take control of litigation. They often get paid before the claimants and there is little regulation. [8:23] On both sides of the aisle, there’s a feeling that Congress needs to adopt, at least, some disclosure requirements so the courts and arguably, the other parties to the lawsuit are aware of who is backing this litigation. [8:43] RIMS is particularly concerned about the national security threat. There could be bad players from around the world funding litigation against American businesses. This concern seems to be gaining traction in the House and the Senate. [9:08] RIMS is very happy to be actively involved in a broader group that’s working on this issue. [9:27] The Plaintiffs Bar loves third-party litigation funding because it can make filing and pursuing lawsuits extremely profitable. They may not embrace limits on it. [10:10] Another legislative priority is data privacy and cyber security. RIMS is interested in having Congress pass a uniform data privacy law. Right now, there’s a patchwork of state laws that your company needs to know if it operates in multiple jurisdictions. It’s not an easy thing to do. [10:45] The last session of Congress came close to passing a Uniform Data Privacy Bill. That bill had a couple of significant flaws. It created carve-outs for the laws of favored states such as California, New York, and Massachusetts. [11:24] It also created a private right of action so individuals could sue companies for failing to comply with this law. The outcome of those cases would be on a state-by-state basis. Over time, this would lead to a patchwork of state laws. [11:48] RIMS is hoping to get a better version of the unified standard bill passed this session. [11:53] RIMS is looking for a reauthorization of the National Flood Insurance Program (NFIP), currently part of the Continuing Resolution funding the federal government. It’s “must pass” legislation. Few serious lawmakers would consider it good to shut down the government. [12:25] The Continuing Resolution gets renewed regularly. The NFIP, rolled up into it, also gets renewed regularly. It’s hard to make structural enhancements to a program that is part of the Continuing Resolution. The CR is often passed at the last minute; it’s hard to change it. [13:21] Non-profit Tax Reform is a new issue. It’s in a tax bill being considered to generate revenue to cover extending the expiring tax cuts. Tax-exempt organizations pay taxes on unrelated business income, which is a foggy area. Many organizations don’t pay any tax. [13:54] There is a movement to reconsider non-profit tax exemptions. The idea is that the corporate tax rate, currently 21%, should be levied against all non-donation revenue that associations and non-profit organizations generate. [14:10] For RIMS, that would include event revenue, sponsorships, royalties, membership dues, and any other non-donation revenue. It’s a significant deal. [14:29] Mark sees two drivers to this idea. The first is, that Congress does need to find a big pot of money to make sure the government doesn’t go off this tax cliff. The second is an intellectual argument that it’s time to take another look at why we’re not taxing these organizations more. [14:52] It’s a significant issue for RIMS and the association community at large because of the financial hit they could all take. Mark believes it will be considered by Congress relatively early this year. [15:05] Justin adds a statement that “RIMS has joined the steering committee of ASAE’s Community Impact Coalition to protect the non-profit community and educate Congress on the societal benefits of the tax-exempt sector.” [15:21] ASAE is the American Society of Association Executives. It’s an association for association people. Justin met some of the ASAE executives at an NYSAE event last year. They are all in alignment on this issue. [15:43] Plug Time! RIMS Webinars! HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:03] On March 13th, our frien

    29 min

  4. FEB 11

    Risk and Relatability with Rachel DeAlto

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Our guest, Communication and Relatability Expert Rachel DeAlto will be a keynote speaker on May 6th at RISKWORLD 2025. In this episode, Justin and Rachel discuss her career from insurance defense attorney to speaker, author, and startup leader. As a defense attorney, Rachel worked with risk management professionals. Rachel shares tips for creating connection, relatability, and trust. She speaks of authenticity within professional boundaries.   Listen for suggestions on developing empathy and establishing trust. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:33] About this episode. Our guest is relatability and communication expert, Rachel DeAlto. She will be one of the keynote speakers at RISKWORLD 2025. [:59] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:21] RIMS will be partnering with Purima once again on March 5th and 6th to deliver a virtual RIMS-CRMP Prep Course. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:38] Virtual Workshops! Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:53] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:14] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:25] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:43] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [2:51] RISKWORLD 2025 registration is open. Take advantage of our Super Savings Rate by February 28th. Speaking of RISKWORLD, that brings us to our very special guest. [3:03] Rachel DeAlto is a communication and relatability expert. She maintains a law degree and a master’s in psychology and has achieved the designation of Certified Speaking Professional through the National Speakers Association. [3:17] Rachel is the author of Relatable: How to Connect with Anyone, Anywhere, (Even if it Scares You), available from Simon and Schuster. [3:26] On May 6th, Rachel DeAlto will deliver her keynote, “The Power of Relatability,” at RISKWORLD 2025, where she will explore the vital role of genuine human connections in effective leadership. [3:38] She’s here to tell us a little bit more about her keynote and she will reveal some of the top interpersonal qualities that inspire trust and motivate teams. These are the sorts of skills that risk management professionals can use at any stage of their career. [3:56] Interview! Rachel DeAlto, welcome to RIMScast! [4:01] Rachel is one of the three keynote speakers on May 6th. She is super excited about it. She has heard amazing things about RISKWORLD from friends who have attended or spoken there. [4:18] Rachel was adjacent to the risk profession as an insurance defense attorney. She was very much aware of the risk management professionals. [4:47] Rachel was constantly having conversations with the risk professionals, keeping them in the loop, determining together where potential pitfalls were, based on the boots on the ground, in front of witnesses or clients. She and the risk management professionals were cooperative. [5:16] Rachel is still friendly with the claims adjusters she worked with and her former office, who are still working in the insurance defense world. [5:33] When Rachel knew she was going to be at RISKWORLD, she took a bigger look at it to see how large it is, how many different risk professionals are out there, and the different roles they play. The risk professionals Rachel had worked with were a fragment of the risk population. [6:07] Rachel saw there was a holistic way that organizations mitigate or prevent risk. [6:26] Rachel tells how she had transitioned from being an attorney. She had always dreamed of being an attorney and maybe a judge. Ten years ago, she came up with an idea for a startup company, intending to continue practicing law while running the company. [6:52] The company led to a significant launch, with about $2 million in private placement. Her responsibility shifted to the company she was running. That led to doing more media and public speaking. She had had no intention of leaving her boss; he still chastises her for it. [7:27] Rachel uses very strategic “yeses.” She notes that there are times when you are shown two paths; one goes this way, and one goes the other. She is grateful her paths led her to where she is. She would have been happy still practicing as an attorney but she enjoys what she does. [8:04] Rachel believes her skills as an attorney transfer to her career as a speaker. She likes being able to help people and make an impact, with some of the elements of her former career integrated into her work. She feels lucky to do what she does. [9:18] Rachel sees a change over the last several years in that we’re understanding that we’re all on a stage. We all have stories to tell. We all have parts of ourselves to share. The more comfortable we are in that, the more successful we can be. It’s how we connect with people. [9:43] Rachel is all about relatability now. We should all be striving for it. It’s the ability to connect with people on a multitude of levels. How can risk professionals balance the emotional risks of vulnerability, authenticity, and leadership and be relatable? [10:15] Rachel speaks of the components of relatability. Authenticity and vulnerability are parts of it, but you don’t reveal everything. Be genuine while maintaining professional boundaries. It’s not about oversharing but having appropriate levels of transparency. [10:46] Cheryl always tries to demonstrate this, whether in conversations or on a keynote stage. It’s sharing stories for a purpose; sharing parts of herself, with intention attached to it. That’s how we can build trust and credibility without compromising our authority and professionalism. [11:08] Justin asks about resilience. What traits or practices distinguish reliant leaders in periods of uncertainty? [11:31] Because she loves student loans, Rachel went back and got her master’s degree in psychology. Resilience stuck with her. It’s not a huge part of what she speaks on but it’s part of our lives. [11:56] There’s a lot of research around the difference between resilient states and traits. Some people naturally have resilient traits. Others can invoke resilient states when needed, focusing on adaptability, emotional intelligence, and maintaining composure. These can be developed. [13:44] Plug Time! RIMS Webinars! HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [13:04] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [13:15] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [13:27] The First of (hopefully) Many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through 6th, 2025. The Risk Management Roundup in San Antonio is set to unite the Texas RIMS Chapters and welcome risk professionals from around the world. [13:50] You can join as a speaker. The Conference Planning Committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and more. [14:08] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode’s show notes. Go check it out! [14:20] Let’s Return to My Interview with RISKWORLD Keynote Rachel DeAlto!   [14:28] Justin asks about compassion. What steps can a risk professional take to build compassion? Compassion can be developed through practice. It’s easy for risk professionals to look at things as black and white; as numbers, percentages, and data points. [15:30] If you start to feel a little disconnected from what you’re talking about it’s because you’re coming at it from a very educated perspective. Recognize that and then ask yourself where are the parts of it where you can become compassionate. Take a step back and practice empathy. [15:53] Look at things from the other side and put yourself in the other person’s shoes. Use active listening without judgment. Be in tune with the other person, trying to understand their objectives. Find common ground and the space to take a step back. Take small steps. [16:22] If someone feels disconnected from their compassion, they can start with the awareness of it and then take small steps in the beginning, to dive back into it. [16:32] On the RISKWORLD keynote stage, on May 6th, Rachel will share a

    22 min

  5. FEB 4

    Risk and Leadership Patterns with Super Bowl Champion Ryan Harris

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Our guest, Ryan Harris, became a Super Bowl Champion after winning Super Bowl 50 in 2016 with the Denver Broncos and retired later that year. Ryan speaks about winning a game in Chicago, winning the Super Bowl, and becoming a sportscaster. He shares inspiring thoughts about achieving greatness, what it takes to succeed, and the difference between willingness and perfection.   Listen for Ryan’s rules for success in this inspiring episode. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:33] About this episode. We will be joined by Super Bowl Champion and award-winning broadcaster, Ryan Harris. He will be a keynote at RISKWORLD 2025. [:59] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:21] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:37] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [2:00] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:23] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:52] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [3:00] RISKWORLD 2025 registration is open. Take advantage of our Super Savings Rate by February 28th. Speaking of RISKWORLD, that brings us to our very special guest. [3:12] Ryan Harris became a Super Bowl Champion after winning Super Bowl 50 in 2015 with the Denver Broncos. He retired in 2016. [3:21] Beyond the field, Ryan has continued to work to win. For his contributions to Denver’s business community, Ryan was the First African American to be awarded Colorado Sportscaster of the Year in 2020. [3:33] Ryan was also named to Denver Business Journal’s 40 under 40 class of 2021. He is an analyst for his alma mater, Notre Dame. [3:42] On May 6th, Ryan Harris will be a mainstage speaker at RISKWORLD in Chicago where he will discuss transformative "5 Components of Championship Leadership," emphasizing how the direction from which leaders operate shapes their effectiveness. [3:58] We’re going to have so much fun speaking to Ryan, and we might even get his predictions on Super Bowl LIX. Let’s get to it! [4:06] Interview! Super Bowl L Champion, and RISKWORLD 2025 Keynote Speaker, Ryan Harris, welcome to RIMScast! [4:18] Ryan Harris is the first Super Bowl Champion to join us on RIMScast! Justin and Ryan are both big fans of the Buckhorn Exchange in Denver. [5:09] Ryan loves the idea of having people together at RISKWORLD 2025 to find groundbreaking solutions and try new things. That’s how you win in football; that’s how you win in life! Ryan looks forward to a convention of people looking for what’s next with the skills they have now.  [5:32] Ryan says playing NFL football in Chicago was cold. He recalls that playing on Soldier Field feels like you’re in a spaceship; the way the stadium bows out and comes right up is unique! [5:49] One of Ryan’s favorite memories of playing against the Chicago Bears was when the Broncos beat the Bears in a tight game, the year the Broncos went to win the Super Bowl! It was an important win! [6:02] Ryan credits Head Coach Gary Kubiak for inspiring the team to win that day in Chicago by shortening team meetings from an hour to 15 minutes. So they kept the 15-minute meetings for the rest of the year and won the Super Bowl! Ryan loves going to Chicago. [5:38] Ryan had said that one of the things he was going to do after the Super Bowl was get into broadcasting. He didn’t have to go to anybody else to make that happen. [6:55] Ryan says the plan starts with you! You need nothing outside of yourself to be great. You cannot expect other people to work harder for you and your goals. You’re working toward them. [7:06] Ryan got his “doctorate” in Applied Football Mechanics and Theory. He went into broadcasting to use all that knowledge. He was selected by the NFL to go to a Broadcast Boot Camp and meet the best of the best in the broadcast industry. [7:20] On the last day, one of the presenters told them to go to their Alma Maters and work their way up. Ryan canceled his flight home, rented a car, and drove from that symposium to Notre Dame, and that’s where he got his first broadcasting job. [7:34] Ryan says it started with him listening, taking action, and telling people what he wanted to do and how he wanted to get involved. You sometimes have to work for free to get started, and then you don’t. [7:59] Everyone can sit on the couch and say they want to do something. The difference is the people who put their feet where they want to be. [8:04] At the Broadcast Boot Camp, Ryan saw an old college football rival. They hugged it out. The NFL is one big office building and there aren’t a lot of chairs. Spend a couple of years there and you’ll get to know a lot of people in the NFL and they’ll get to know you. [8:31] Ryan is currently in law school. His “doctorate” is from “Peyton Manning University.” He had great “professors” like Ben Roethlisberger, Alex Smith, and Tim Tebow. He went through quite the school of football thought. [8:47] It’s fun to have that knowledge, but it’s useless as a father or a keynote speaker. He can’t go hit people anymore. He had to change, and it’s been fun doing that. [9:17] Ryan has a double major in Political Science, and Economics and Policy. From Political Science he learned that there are many ways to solve social problems. In economics, he learned that having two parents in your life puts you in the top 1% of opportunities in America. [9:51] There are key figures in your life or the education you receive that drastically change economic outcomes. What kinds of levers motivate people? There are many ways to do the same thing. It’s a matter of degree and what fits the situation. [10:34] Ryan’s advice on stories: 1. People remember the first 20 words you say. 2. Storytelling is more valuable than a Master’s in Business Administration. [10:55] Start a story with a main theme. “We’re going to talk about failure. This is a time I failed. On my sixth day in college football in training camp, I got knocked to the ground.” Our brains love tangible examples. Examples get people into the story. Then Ryan introduces the obstacle.  [11:18] “At one point in Kansas City, I wanted to quit.” He tells what he learned from it. He always brings a big idea that everybody understands and gives a concrete example from his life, what he said to himself, how he went through it, and what he learned from it. [11:45] When we can bring people into our story and talk about our failures and how we worked out of them, we help others and create impact. [12:14] Ryan attests that you don't win by ignoring the struggle. He speaks of factors of success and elements of success. Factors are things like having money and goods. Elements are things that have to happen for you to be successful. [12:30] Failure is an element of success! You have to fail to reach your highest potential. That’s the only way it works. Any famous person or industry has had a failure or ten, along the way. We don’t talk enough about our failures. Having a process for failure dictates your success. [13:05] Kickers in the NFL focus on process. Golfers focus on process. When you focus on the process, you reduce anxiety by 78%. You have the power to create the process for the failure you need. Then you start to have fun! [13:22] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [13:34] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [13:50] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [14:02] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [14:13] The First of (hopefully) Many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through 6th, 2025. Risk Management Roundup in San Antonio is set to unite the Texas RIMS Chapters and welcome risk professionals from around the world. [14:32] You can be a speaker. The Conference Planning Committee is interested in submissions exploring technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme w

    28 min

  6. JAN 28

    Data Privacy and Protection with CISA Chief Privacy Officer James Burd

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches.   Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week’s theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA’s privacy, external civil rights, civil liberties, and transparency programs. [3:46] We’re going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd’s primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it’s by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency’s operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it’s CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA’s international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That’s part of the risk manager’s job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don’t collaborate up front, you have to collaborate later, as a result of your emergency. That’s not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner’s point of view. It doesn’t make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA’s. NIST can see what works or doesn’t work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They’ve been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident.  [14:35] There’s no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there’s a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People’s Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They’re one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver

    43 min

  7. JAN 21

    Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware.   Listen to how you can harden your organization’s network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode’s show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you’re not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod’s background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney’s Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney’s Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney’s Office in Pittsburgh, need to have some aspect of an organization’s criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital’s network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It’s an unusual non-profit organization working 100% in operations. It works in three core areas. First, it’s the world’s largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation’s work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver’s data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren’t timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that’s unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra’s GoAnywhere software. That continued in May, with them exploiting Progress Software’s MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio’s file transfer platform that breached victims’ networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabi

    35 min

  8. JAN 14

    Kicking off 2025 with RIMS CEO Gary LaBranche

    Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews RIMS CEO Gary LaBranche about what you can expect from RIMS in 2025. This value-packed discussion offers Gary’s comments on 2025 RIMS President Kristen Peed, RIMS’ 75th Anniversary events, possible insurance impacts of proposed trade tariffs, nuclear verdicts, and third-party litigation. Gary encourages you to join RIMS Advocacy and the RIMS Legislative Summit on March 19th and 20th, 2025 to lobby on Capitol Hill. He shares insights on public safety, security, and of course, news of RISKWORLD 2025 and more.   Listen for how you can participate in 2025 RIMS events. Key Takeaways: [:01] About RIMS. [:16] About this episode, coming to you from RIMS headquarters in New York, kicking off 2025 with RIMS CEO Gary LaBranche! Gary, welcome back to RIMScast! [:59] Interview! Gary had a quiet, fun New Year’s Eve at home, dining on Asian sea bass with champagne and watching television. [1:39] This is a big year for RIMS. RIMS has a new president, Kristen Peed. Justin has known her since he started with RIMS. Kristen is a long-time volunteer, very positive, and great at representing RIMS. She continues in a long line of volunteer leaders who have built RIMS. [2:29] Gary reports that RIMS 2024 president David Arick had a wonderful term. On David’s last day, the Wall Street Journal published an interview with him; a wonderful capstone to his year. [2:49] RIMS board presidents serve as unpaid volunteers. They travel for board meetings and events, taking time away from their families and jobs. Gary says everyone should appreciate what the board president and officers, chapter leaders, and other volunteers do to help RIMS. [3:35] Reading the history of RIMS, Gary is struck with and inspired by the long line of volunteers who put their shoulders to the wheel, creating this organization. [3:59] RIMS is delighted to have Kristen. Kristen is with Sequoia. You’ll get to meet her at RISKWORLD, the RIMS Canada Conference, and other activities in 2025. Kristen embodies the spirit of the RIMS community. [4:29] This year is the 75th anniversary of RIMS. It’s a good opportunity to reflect and appreciate all that came before us. RIMS New York traces its roots to the 1930s. Later, four groups came together to create the National Association of Insurance Buyers, today known as RIMS, in 1950. [5:44] The NAIB provided networking and learning opportunities for commercial buyers of corporate insurance. They saw that it would be helpful to have a national view and ultimately, an international view of the issues and trends in the commercial side of insurance. [6:26] Reading the history gives you a better sense of how RIMS has played a key role in creating today’s insurance world. Justin points out that they organized RIMS without email or interstate highways! They worked hard to make the organization happen. [8:31] RIMS will celebrate its 75th anniversary throughout the year. Chapter leaders will soon attend the Annual Leadership Forum to kick things off. At the RIMS Canada Conference 2024, RIMS unveiled the 75th Anniversary logo and themes. RISKWORLD 2025 will be the tent pole event. [9:21] This will be the biggest RISKWORLD in history! The biggest RIMS annual conference was held in Chicago 20 years ago. RISKWORLD 2025 will be in Chicago from May 4th to May 7th and RIMS is expecting to see well over 11,000 attend. Other events will also feature the anniversary. [9:53] RIMS is launching the Texas Regional Conference, with the four Texas chapters, in August, in San Antonio. It’s a wonderful opportunity for folks in that region to gain access to the power and value represented in the RIMS community. [11:04] About trade tariffs: Gary recently spent an hour at a U.S. Chamber of Commerce meeting, talking with top trade policy experts. U.S. President-elect Donald Trump has mentioned tariffs. How would new tariffs impact consumers? What might they do to the cost of insurance? [13:05] If any goods go up in cost, that could potentially have an effect on the cost of insurance, just as inflation causes prices to go up. If you’re insuring a fleet of trucks, where do you get the parts to fix those vehicles? Will the cost of those parts go up? [14:05] Right now, we don’t know. There are differences of opinion. Some 60% of replacement truck and auto parts are made outside of the United States. If tariffs are imposed on those, and if those costs are passed on to consumers, that will raise the cost of insurance. [14:56] Justin sees tariffs impacting insurance rates, the supply chain, and decisions risk professionals make about materials to use. Tariffs may not have their intended effect of having you “buy American” if you’re in America. It may not work that way. [15:28] Gary notes that tariffs, historically, have had the long-term effect of spurring domestic production. The question is, how fast will that happen? How long will it take to create the infrastructure to create more cement or truck parts? Where will the workers come from? [16:16] If there are price increases for supplies and materials or if there are disruptions in the supply chain, that will have a dragging effect in terms of the cost of insurance. RIMS publications will tackle this topic and report on it as they have done for 75 years. [17:08] Dave Arick was interviewed in the Wall Street Journal, He discussed how “nuclear verdicts” of $10 million or more are influencing what happens in the insurance markets. Nuclear verdicts create higher costs. [17:47] If insurance companies are paying out more and more for those claims, they’re going to try to recoup that cost through higher premiums in the future. RIMS is concerned about the runaway growth of nuclear verdicts. [18:11] Ultimately,  the claims bar pumping up the demands for recompense is having an impact on cost. When someone is hurt, there should be recompense for that. The issue is the significant growth in multi-million dollar verdicts that are outside of what is reasonable and fair. [18:53] If that happens, it simply drives up the cost for businesses to do business. If people are getting 10 times the reasonable recompense for their injuries, it starts to add up significantly. [19:35] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th with a topic to be announced. [19:42] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [19:58] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [20:10] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode’s show notes. [20:21] Congratulations to my RIMS colleagues! RISKWORLD 2024 was honored with the 2024 TSNN Trade Show News Network Award for Outstanding Commitment to Advancing DE&I in the Risk Management Community Through Intentional Programming and Representation! [20:44] The programming included real-time translation technology and partnerships with DE&I organizations NAAIA, AAIN, and APIW, fostering a globally inclusive environment, and keynote speaker Academy Award-winning actress, Marlee Matlin, on inclusion and accessibility. [21:10] The TSNN Award is a huge honor and RIMS is so pleased that our continued DE&I efforts are being recognized by various industries, specifically in events and exhibitions. [21:23] Of course, a big shout-out to the RIMS DE&I Advisory Council for their unwavering commitment to helping advance DE&I initiatives at our conferences and RIMS events throughout the risk management community. [21:36] There are still DE&I sponsorship opportunities available for RISKWORLD 2025 in Chicago. You can visit the link in this episode’s show notes for more details. [21:51] Back to My Interview with RIMS CEO Gary LaBranche! [22:03] Justin and Gary consider third-party litigation, which impacts the courts, laws, and legislation. Gary will attend the RIMS Legislative Summit, to be held on March 19th and 20th. [22:39] Gary says the plaintiffs’ bar has discovered the power of investment. They have learned they can gather investors who will back a potential lawsuit and fund lawsuits that come along, in return for a share of the proceeds of that suit. That has always been concerning. [23:13] Something that has become an additional concern is the lack of transparency as to where those investment funds are coming from. They could be coming from anywhere, inside or outside the U.S. They could be from sources that could be illegal. It’s unknown. [23:45] As a matter of national security and public policy, RIMS thinks it’s time we have better insight into the sources of funds for third-party litigation. Gary will be on Capitol Hill, lobbying with members of Congress for transparency in funding third-party litigation. [24:09] A link to the RIMS.org/advocacy page is in the show notes. If you’re a RIMS member and want to go to Capitol Hill for a couple of days with the very knowledgeable RIMS staff and have a chance to meet with your Representatives in Congress, that’s the way to do it. [24:26] Gary will be there, RIMS General Counsel, Mark Prysock, will be there, and a few other very knowledgeable folks will help you prepare for these fun “pitches.” Gary says it’s a blast. You’re telling your story and why this is something of concern to you. [25:12] Typically you’ll be meeting with staff members who are directly involved in the public policy process. They want to hear your story, especially if you’re from their district. It’s a lot of walking, listening, and talking

    48 min
See All (100)

Ratings & Reviews

4.5
out of 5
11 Ratings

About

The official podcast of RIMS, the Risk and Insurance Management Society. Tune in for weekly discussions about risk management hot topics, interviews with leaders in the profession, and updates on RIMS events and education.

Information

  • Creator
    The Risk and Insurance Management Society, Inc.
  • Years Active
    2018 - 2025
  • Episodes
    100
  • Rating
    Clean
  • Copyright
    © All content in RIMScast is the exclusive copyright of The Risk and Insurance Management Society, Inc. (RIMS)
  • Show Website
    RIMScast

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada