This paper focuses on Enterprise Risk Management (ERM) and strategic business management for health insurance companies in our world of ‘unknown unknowns’ and the emergence of unexpected risks over time. It illustrates how Chief Risk Officers (CROs) can focus on ‘risk and opportunity management’ through an ERM framework, and thereby balance risks against opportunities, whilst being resilient against ‘unknown unknowns’ and their emergence over time as ‘known unknowns’ and ‘known knowns’. The paper has been designed to meet the broad requirements of health insurers that would like to implement an ERM framework for the effective risk management of their health insurance lines of business. Risk management for health insurers in the context of Solvency II and broader European Commission regulatory requirements is also discussed. The authors discuss how insurers can develop and apply risk management to build resilience in the face of the storms and shocks that may lie ahead.