URMIA 2025 Annual Conference: Top Takeaways & Next Steps

The University Risk Management and Insurance Association (URMIA) once again delivered an exceptional gathering of thought leaders, higher education risk professionals and insurance specialists from across the country. The 2025 URMIA Annual Conference blended education with collaboration — offering participants the chance to connect on emerging issues shaping the future of risk management in higher education.

From cybersecurity and climate resilience to governance, ethics and financial strategy, URMIA 2025 provided actionable insights and fresh approaches for institutions of all sizes. Below is a recap of several standout sessions and themes that resonated throughout the event.

1. Emerging Risk & Resilience Strategies

A dominant theme across multiple sessions was building resilience in the face of complex and evolving risks. Sessions such as “Risk Horizons: What’s Next in Higher Ed” and “Climate, Cyber, and Continuity: Integrated Approaches” emphasized how universities must move from reactive postures to proactive, integrated strategies.

• “Risk Horizons” highlighted top “unknown unknowns” — climate-driven disruptions, data privacy regulation shifts and changing student demographics.
• “Climate, Cyber, and Continuity” called for bridging silos between IT, facilities and emergency planning, fostering unified resilience teams.

Discussion Prompt: How well-positioned is your institution to anticipate cross-domain shocks? Should risk offices spearhead broader scenario planning initiatives?

2. Cybersecurity & Privacy — Elevated Attention

Cyber risk was top of mind throughout URMIA 2025. With campuses relying heavily on third-party technology providers and cloud systems, sessions explored how risk leaders can strengthen governance and accountability.

• “Third-Party Vendor Risk in the Digital Age” guided participants through vendor assessment frameworks, audit rights and continuous monitoring.
• “Data Privacy and Governance” emphasized the need for comprehensive data inventories, ISO/IEC 27001 alignment and embedding privacy by design into campus systems.

Key Takeaway: Cybersecurity is no longer solely an IT issue — it’s an enterprise risk requiring coordination across procurement, compliance and leadership.

Discussion Prompt: Are your vendor agreements robust enough? Does your institution maintain an up-to-date inventory of all systems handling sensitive data?

3. Governance, Ethics & Institutional Culture

Another recurring conversation centered on the role of ethics, governance and culture in shaping institutional resilience. Sessions such as “Ethics in Risk Decision Making” and “Board Engagement in Risk Oversight” encouraged a broader look at leadership accountability and transparency.

• “Ethics in Risk Decision Making” presented frameworks for conflicts disclosure and transparent deliberation.
• “Board Engagement in Risk Oversight” explored trustee education, risk dashboards and how to bring risk metrics into boardroom discussions.

Discussion Prompt: How engaged is your board in risk dialogue? Would a standing “risk dashboard” enhance transparency and strategic awareness?

4. Insurance, Claims & Financial Risk

Insurance, claims and financial risk management remained core to the conference, with practical discussions on adapting coverage models to shifting exposures.

• “Captive Insurance & Alternative Risk Financing” examined how midsized institutions might benefit from pooled or captive programs.
• “Claims, Coverage Gaps & Emerging Liability Exposures” provided real-world examples of claim trends in employment practices, sexual misconduct and data breach response.

Discussion Prompt: When was the last time your insurance program was stress-tested against new exposures? Does your institution have the internal expertise to explore captives or alternative structures?

5. Operational & Crisis Preparedness

Preparedness and continuity planning were front and center, reinforcing that crisis readiness is an organizational—not departmental—function.

• “Campus Continuity & Resilient Infrastructure” showcased case studies on recovery from wildfires, floods and infrastructure failures.
• “Crisis Communication & Reputation Risk” emphasized pre-approved messaging, trained spokespersons and agile response protocols for social media crises.

Discussion Prompt: Do your continuity plans address cascading dependencies—such as utilities or IT systems? Are your crisis communications plans tested and up to date?

Looking Ahead: 2026 URMIA Institute Schedule

URMIA’s professional education calendar is already filling up for 2026, offering regional and topic-specific learning opportunities for risk professionals at every stage:

• Week of March 8–11, 2026 – Louisville, KY (Co-located with ACCED-I) | Seminar: Finance and Insurance for Beginners
• March 16–17, 2026 – Baltimore, MD (University of Maryland, Baltimore), Host: Victoria Meadows | Seminar: Two ERM Tracks (1–3 years & mature programs)
• Week of March 23–24, 2026 – Salt Lake City, UT (University of Utah), Host: Matt Tuttle | Seminar: Emergency and Risk Management for Intermediate/Advanced Learners
• April 12–15, 2026 – Galveston, TX | University of Texas Higher Education Risk Management Conference
• October 10–14, 2026 – Philadelphia, PA (Sheraton Downtown) | URMIA Annual Conference

URMIA 2025 showcased not only the complexity of today’s higher education risk landscape but also the community’s commitment to collaboration and innovation. The conversations sparked in these sessions will undoubtedly shape how institutions anticipate, mitigate and communicate risk in the years ahead.

For those who couldn’t attend, session recordings and materials are available through URMIA’s member portal. See you in Philadelphia next year!