Added to these staggering responsibilities is the issue of the moment. "Like all risk managers in this volatile economy, I have to balance budgetary concerns with the tightening of the insurance market," Luthi says.

Not a job for the faint of heart, of course. Yet risk managers are among the most important executives within a corporation, spying trouble ahead as the CEO plots the course. As wryly depicted in the film "Margin Call," a fictionalized account of the last gasps of Lehman Brothers, it is the firm's risk manager (played by Stanley Tucci) who rings the alarm about rising losses and is fired for it. "He clearly saw the truth," says Felix Kloman, former risk management consultant at what is now Towers Watson. "The problem was the unwillingness of senior management and boards to listen."

Treasury & Risk provided a figurative megaphone to more than a half-dozen risk managers by asking them to speak their minds—loudly. Their worries are writ large across the corporate landscape. For instance, Carmelo Casella, vice president of corporate insurance at BNY Mellon, shares Luthi's concerns about the property-casualty insurance market. "It looks like we may be heading into a hard market because of all the losses from natural disasters that the industry absorbed in 2011," Casella says. "This has to have an effect sometime. Insurance capacity is shrinking, and when that happens, it indicates rising premiums."

According to a recent report from reinsurer Munich Re, 2011 was the costliest year on record for insurance companies in terms of natural disasters. Several earthquakes, including the giant earthquake and tsunami that devastated Japan, as well as a large number of weather-related catastrophes elsewhere, cost insurers $105 billion, more than double the natural-disaster figure for 2010 and exceeding the 2005 record of $101 billion. "Rumblings in the reinsurance market are usually the sign we're in for a market change," says John Phelps, director of business risk solutions at Blue Cross and Blue Shield of Florida.

That means risk managers must endure difficult conversations with their CFOs. "Like everyone, I'm trying to control my expenses because the economy is volatile, and soon I may have to sit down with my CFO and say, 'It looks like our premiums are rising 10% to 25%, and by the way our claims didn't go up,'" Casella says. "That's a hard sell to someone trying to reduce expenses, not add to them."

The property-casualty market hasn't tightened to any considerable degree yet, but risk manager Wayne Salen says he sees the first signs. "We're in the industrial and construction temporary-staffing business, placing more than 100,000 employees nationally, and our industry typically is a harbinger of what to expect, insurance-wise," explains Salen, director of risk management at Labor Finders International in West Palm Beach, Fla. "What happens to us first bodes well, or not, for others."

What's happening? "Our workers compensation premiums are up more than 10%, and workers comp typically leads other risk categories in market changes," Salen says. "Many of my risk management peers will soon be seeing the same."

Some already are. "I'm told by carriers that because of significant losses last year and recent increases in their reinsurance prices, they will need to increase premiums," says Janice Ochenkowski, managing director of global risk management at Chicago real estate services and financial management firm Jones Lang LaSalle. "Right now, we don't know the magnitude of these projected increases, but we need to be prepared in any case."

If the industry's knee-jerk underwriting cycle spins rates out of control, she is dusting off a variety of possible responses. "We may be looking for a captive to self-insure risk or join in a cooperative to share it," says Ochenkowski, a former RIMS president. "We also may increase our self-insured retentions, buy lower limits of coverage and drop some coverages not determined to be absolutely necessary.

"All risk managers will need to be creative—finding solutions that keep our companies properly insured, and yet don't financially constrain them in the uncertain economy," she adds.

Several risk managers commented on the need for risk transfer solutions for possible data breaches. Nearly all U.S. states and Canadian provinces now have laws requiring companies that experience a data breach to notify anyone whose personally identifiable information—Social Security number, birth date, user ID or password—may have been stolen by criminals for identity theft purposes. "Cyber liability is on everyone's mind," acknowledges Nowell Seaman, manager of risk and insurance services at the University of Saskatchewan in Canada.

There is good reason. A 2010 survey of more than 2,100 companies worldwide by Symantec found 73% had experienced a cyber attack in the past year and 30% of the attacks were "somewhat/extremely effective." The cost to companies that experienced a breach in 2010 was $214 per compromised record, according to the Ponemon Institute. Multiply that by the tens of thousands of records companies may have and the aggregate expenses stagger.

Seaman is also fretting about the possibility of hackers shutting down the university's networks and systems. "Like most organizations, we are highly dependent on our IT infrastructure, which runs everything from our banking and financial systems to our communications and how we do business," he says. "This reliance on IT is only increasing, and is exposed ever more globally to cyber criminals."

Phelps from Blue Cross and Blue Shield of Florida expresses concern about potential data breach risks created by third-party vendor relationships. "Many companies have squeezed out every dime of excess expenses they can possibly find to survive, and one way this has been done is to use vendors," he explains. "Outsourcing can achieve cost advantages and process efficiencies, but that sometimes means sharing data with a third party, which could create significant liability."

What are risk managers doing to guard the gates? "We employ state-of-the-art firewalls, encryption and other security measures," Ochenkowski comments. "We've assessed the internal risks from a data breach standpoint and are properly managing them."

Salen says Labor Finders has done the same. He also purchases cyber liability insurance in case those best-laid plans go awry. "With more than 100,000 employees, whose personally identifiable information we collect, store and transfer, this is a threat we take very, very seriously," he says.

It's not just data breaches that have risk managers like Ochenkowski "reaching for the Clairol," as she puts it. "The volatile state of the economy, despite signs of recent improvement, gives pause," she explains. "When the economy suffers, it customarily spikes increases in crime, petty theft, vandalism and fraud, which affect the potential for loss. Employees who fear they may lose their jobs, for instance, may devise a fictitious injury to obtain workers compensation, which then affects rates."

Dave Hennes, veteran director of risk management at the Toro Co., isn't worried about his gray hairs, but he is concerned about the risks created as the Minneapolis-based manufacturer of lawn care equipment expands globally.

"We just opened a plant in Romania; we're in a very aggressive growth mode," Hennes explains. "Consequently, I'm now dealing with risks on a long-distance basis, evaluating evolving foreign laws, regulations and insurance markets. The insurance complexities are numbing, with some countries requiring the purchase of insurance locally to increase tax revenues and others disallowing coverages that are permitted by U.S regulators. Compliance has become a major part of risk management."

How is Hennes addressing the increased burdens? "Fortunately, we have a broker with global capability, as well as insurance carriers that mirror our global footprint," he says. "This has become more important than ever for us as our sales grow outside North America."

A key refrain is the difficulty managing risk in an environment of profound uncertainty. For instance, Phelps, whose company provides health services, continues to monitor regulations being developed for healthcare reform. Should the changes be repealed if a new administration comes to power or the Supreme Court makes major modifications as it reviews the rules, that would have a significant impact on the healthcare industry.

"We've been preparing the company for a post-reform environment, such as the introduction of insurance exchanges, but if the reforms are repealed, this would change our business model in terms of pursuing other ventures or alternative opportunities to build policyholder surplus," Phelps says. "We'd be exposed to new risks and shielded from others. The game seems to be constantly changing."

Ochenkowski agrees that uncertainty reigns, but she sees opportunity amid the chaos. "We, as risk managers, have an ability to make a positive impression on our companies by staying abreast of shifting risks, understanding them thoroughly and preparing our organizations accordingly," she says. "To be able to provide senior management with immediate answers to their tough questions is nothing but good for risk managers."

Not that these solutions are ever easy. Risk manager Luthi, for instance, has just been asked by the Public Utilities Commission to develop a plan for the risks posed by rising sea levels in the Bay Area. Why? A sea level rise of only a few feet could inundate hundreds of square miles of land, deluging industry, residences and infrastructure. The impact on the latter is Luthi's responsibility. "The city is developing legislation on the subject, but even if no bills are forthcoming, it's something I still have to contend with," she says. "Risks are risks."

For a look at what risk managers viewed as the top threats in 2011, see The Sky Is Falling.

For a discussion of firming insurance premiums, see Soft Market Ends.