Leaders should expand their view of risk in the coming years, shift technology and other resources to support that broader vision of risk management as an enabler, and make sure their risk managers and business innovators have the experience and mindset necessary for the challenge. Risk functions need to shift from a posture of risk avoidance to one of risk mitigation and ultimately risk optimization.

Leaders should also pay attention to one crucial element: digital trust. 

In an environment churning with fear, uncertainty and doubt, customers and partners are beginning to elevate the value they place on trust at or near the top of other factors that win the deal. Digital enterprises that differentiate themselves on trust, and that transform their partners’ uncertainty into confidence, will be positioned to gain financial health and competitive advantage. 

Let’s look at several examples of how advanced technology might tame risk and promote opportunity.


One of the oldest and most tradition-bound of industries, maritime insurance, is a testing ground for one of the newest, still maturing technologies to prove its worthiness: blockchain. For hundreds of years, insurance terms were agreed to between insurer and shipowner on paper, sometimes on the very dock where the ship was berthed. 

Risk can increase or decrease as a container ship navigates from the Port of Yantian to Miami, depending on weather, engine efficiency and the trustworthiness of dockworkers. Enter blockchain, which is essentially a distributed ledger (or database) stored on potentially thousands of servers that anyone authorized on the network can see and that safeguards the integrity of the data it holds. An insurance-related blockchain solution plays in several areas of the risk management spectrum. When evaluating downside risk, insurers are able to assess their exposure in near real time.

Premiums can be agreed to quickly, and claim payments made in seconds rather than years. The result is risk better managed through digitalization, automation and increased transparency. 

Blockchain also creates opportunity to innovate with pricing or entirely new offerings. This innovative technology allows insurers to better understand and calibrate for risk. By precisely analyzing the asset, its location, the stakeholders involved and the existing threat environment, insurers can provide finer-grain coverage on a sliding scale based on previously agreed-to terms — all embedded in a smart contract. As a cargo ship enters a dangerous area, for example, new rates could be triggered until the ship sails into safer seas. 

This isn’t fantasy: in the first use of blockchain to manage risk in maritime insurance, EY and Guardtime teams are working with Microsoft, Maersk and a number of insurance providers offering hull coverage to some 1,000 commercial vessels.  


RPA offers the potential to powerfully enable organizations to automate high-volume, routine, system-based tasks by unleashing a virtual workforce of robots, at less cost than human operators.

One strength of RPA bots is they are quite dependable and incredibly efficient, and can be deployed without the need for much change to underlying platforms.

This becomes a significant asset for tasks like access provisioning.  Large companies often use dozens or even hundreds of workers to create user accounts generated by new apps, business services and everything else employees must log in to in order to access the digital ecosystem. Identity and access management processes — if done manually — can take hours. This time can be reduced to minutes by using a software robot, while freeing up human capital for more “brainworthy” jobs.  

From a risk management perspective, RPA reduces the potential for everything from audit failures to enterprise attacks by lessening human error, helping ensure dependable data and increasing business norm compliance. 


AI approaches risk management with a learning eye. Related technologies, such as machine learning, neural networks, data science and heuristics, enable AI-based applications to learn through experience, similar to human cognition, and compare their growing knowledge of “normal” behavior with suspicious or unknown activity they encounter.

Since these systems can adapt as the risk environment changes, AI tools enhance monitoring in a multitude of areas, including cybersecurity, regulatory compliance and corporate governance. Not only can they detect and warn humans of problems, intruders or breaches, but they can also initiate mitigation against them. Best of all, from a risk perspective, early-learning systems can help prevent threats from even materializing.

All three technologies can be used as disruptive technologies to transform the business and how to manage risk in the business. However, we live in the digital age, where the very technologies used to improve production, quality and security can end up causing serious new problems.    

To guard against these uncertainties, companies should build risk prevention into processes, tools and products at the start of their development. This will be more difficult than you think. The whole DNA of people in technology is first to make sure that something works, not to hedge bets in case it doesn’t. That’s a complete mind shift that needs to happen. 

How do you get ahead in the new age of risk management?  

Organizations have traditionally focused their resources on what risk managers call preventative or avoidable risk. To achieve performance goals over the next few years, companies must broaden their vision beyond the preventative to two other areas: upside risk and outside risk. This enables organizations to expand their focus from the dangers they can control to include the ones they cannot or that they need to balance to better drive performance. 

Managing upside risk is increasingly important because the digitization of the enterprise is all about business model innovation and experimenting with new products and services. Where downside risk is focused on saving money, upside risk is also about making money through invention.