Latest Studies - June 2015

Each month the Insurance Information Institute compiles recent studies from industry, government, academic and other sources. Topics include consumer issues, industry trends, climate and environment, and studies covering individual lines of business like automobile liability and workers compensation.

Munich Re; 13 Pages
April 1, 2015

This paper examines potential exposures and their implications to the insurance industry and society as a whole as autonomous vehicle (AV) technology develops. Munich Re speculates that exposures will change over time and shift from driver to manufacturer as AV technology becomes more widely used.  Exposure for the manufacturer will include reputational risk. Surveys show that drivers are open to purchasing autonomous vehicles (especially if it would reduce insurance costs) but many are doubtful that a computer can make better decisions than a human, therefore any large loss involving AV will be closely scrutinized and widely reported in the news media.  Cyber liability is another exposure the manufacturer faces as vehicles become more connected to each other, the Internet and other networks leaving the vehicles exposed to hacking. Vehicle manufacturers may require hold harmless agreements with autonomous component suppliers. If the component can impact the safe operation of a vehicle the manufacturer of the component may have a traditional products liability and product recall/withdrawal exposure. There may be a new underwriting class that combines the computer manufacturing class with the auto manufacturing class. The underwriter will need to gain knowledge of emerging vehicle technologies and various conditions (blizzard, construction zone) impact on vehicle operation.  Telematics systems should help insurers determine rates for AV. Full Report

Sponsored by Aon Risk Services, Independently conducted by Ponemon Institute LLC; Page N/A
April 1, 2015

This Ponemon Institute survey sponsored by AON found that surveyed companies estimate that the value of the largest loss (probable maximum loss) that could result from theft or destruction of information assets is approximately $617 million, compared to an average loss of $648 million that could result from damage or total destruction of property, plant and equipment (PP&E). Yet on average only 12 percent of information assets are covered by insurance. By comparison, about 51 percent of PP&E assets are covered. The survey found that self-insurance is higher for information assets at 58 percent, compared to 28 percent for PP&E.  Another key takeaway from the survey is that business disruption has a much greater impact on information assets ($207 million) than on PP&E ($98 million). This suggests the fundamental nature of probable maximum loss (PML) varies considerably for intangible assets vs. tangible assets, Ponemon says. Business disruption represents 34 percent of the PML for information assets, compared to only 15 percent of the PML for PP&E. A footnote states that while the survey results suggest PML in the neighborhood of $200 million, a growing number of companies are using risk analysis and modeling to suggest potential losses in excess of $500 million to over $1 billion and seek cyber insurance limit premium quotes and policy terms for such amounts. Some 2,243 individuals involved in cyber and enterprise risk management at companies in 37 countries responded to the Ponemon survey. Full Report

Zurich and the ESADEgeo-Center for Global Economy and Geopolitics; 32 Pages
April 1, 2015

This report commissioned by Zurich Insurance Group discusses cybersecurity challenges and identifies new opportunities for business. It calls for the establishment of guiding principles to build resilience and the establishment of supranational governance bodies for managing evolving cyber risks. The report observes that while emerging technologies such as drones, 3-D printing and self-driving cars are fundamentally changing the nature of cyber risk, the current regulation and governance regimes in place globally are inadequate to ensure the security of the world’s cyber infrastructure. Geopolitical and ideological tensions between states, the report points out, are increasingly played out in cyberspace – including over matters of governance. Companies in almost all sectors are exposed to cyber threats with the potential to cause enormous damage in terms of reputation and physical losses, liabilities, and regulatory costs. Unchecked, these cyber threats could severely affect technical and economic development globally. Based on a detailed mapping of the rules, institutions and procedures that form the current global cyber governance framework, the report highlighted opportunities for the private sector, civil society and policy makers to improve the current situation and facilitate the mitigation of cyber threats. Recommendations to policymakers include the creation of a Cyber Stability Board to strengthen global institutions and insulate them from geopolitical tensions, and the creation of a cyber alert system based on the World Health Organization (WHO) to enhance crisis management. Full Report

The American Red Cross; 52 Pages
April 1, 2015

This report was commissioned by the Red Cross with corporate sponsors that include Zurich, Willis, IBM, Guy Carpenter and federal agencies. These groups have come together to explore and explain how and why drones should be used in the wake of natural disasters and other emergencies that threaten widespread loss of life and property. The report outlines use cases including reconnaissance and mapping; structural assessment; supply delivery; wildfire detection and extinguishing; and insurance claims response and risk assessment. It concludes by recommending that lawmakers implement policies that ensure the safe integration of drones into the national airspace system while still being flexible enough to accommodate current and future drone deployment models.  Full Report.

Omri Ben-Shahar and Kyle D. Logue
The University of Chicago; 54 Pages
May 1, 2015

This study from the University of Chicago Institute for Law and Economics concluded that the government’s dominance of the severe weather insurance markets favors affluent homeowners in coastal communities and that the subsidies induce excessive development (and redevelopment) of storm-stricken and erosion-prone areas. The authors cite US Census Bureau data to prove that the population of Florida's coastal regions had quadrupled between 1960 and 2008, with, as of 2012, 79 percent of the state's insured property exposure on the coast, equal to $2.8 trillion. The study also held the National Flood Insurance Program out for particular criticism, stating that the policy count increased from 1.9 million in 1980 to more than 5 million in recent years, with below-market rates being charged for protection against flood. The study cited a 2007 Congressional Budget Analysis which found that the median range for homes insured under NFIP was $220,000 to $400,000 compared with the then US median of $160,000. The 2012-Biggert-Waters Act was meant to phase out such subsidies but when legislators realized that phasing out of subsidies entailed increasing flood protection rates key portions of the law rescinded. High-profile cases of low to middle income households facing more than 100 percent increases in their rates were used to demonstrate the unfairness of the Biggert-Waters Act. However, the study found that about 40 percent of subsidized coastal properties were worth more than $500,000, and 12 percent were worth more than $1 million. Using policy-level data in Florida, the study found that the wealthier coastal regions, such as Monroe County, the home of Florida Keys, received the biggest subsidies.  The study found: "The estimates we derived for the correlation between wealth and subsidy probably understate the true magnitude of the pro-affluent advantage. First, one of our measures of wealth—policy coverage limit—is capped by Citizens’ rules, which means that we are not measuring the true wealth of the people who buy maximal coverage, and are therefore deriving downward-biased correlations. Second, Citizens’ report of the subsidies—the indicated rate changes—understates the subsidies’ true magnitude. Citizens does not take into account some of the costs of providing insurance—costs that private insurers would incur in running an insurance scheme. Specifically, when Citizens calculates the amount of the indicated rate change, it does not build into it the cost of reinsurance—an insurance reserve necessary to protect it against the risk of pricing errors or unexpected spikes in losses." Full Report.

Hiscox USA; 14 Pages
May 1, 2015

The Hiscox Embezzlement Watchlist examines employee theft cases that were active in US federal courts in calendar year 2014. The study focused specifically on entities with fewer than 500 employees which generated more than 70 percent of the claims in federal courts that year. Some of the findings include: over 40 percent of the thefts were committed by an employee in the accounting/finance function; 80 percent of victim organizations had fewer than 100 employees; financial services organizations (including banks, credit unions and insurance companies) represented over 21 percent of employee thefts, the largest industry concentration in the data set. Women were behind more than 60 percent of frauds committed against employers but stole about 30 percent less than men, or a median of about $242,000. Women were behind three quarters of payroll frauds, which hit employers with a median loss of $300,000, but men were responsible for two thirds of vendor frauds, where the median loss was about double that. In 58 percent of cases of employee theft losses are never recovered. The report makes recommendations for managing exposure and mitigating risk. Full Report

Cybersecurity Unit of the U.S. Department of Justice; 15 Pages
April 1, 2015

The U.S. Department of Justice Cybersecurity Unit recommends that organizations take action before hacker attacks occur and offers eight tips for responding to cyber incidents. 1. Identify the organization’s critical needs; 2. Put in place an actionable plan before any intrusion occurs; 3. Acquire appropriate technology and services; 4. Arrange for appropriate authorization to permit network monitoring; 5. Make certain legal counsel has crucial knowledge of technology and cyber incident management to reduce response time when an incident occurs; 6. Make certain organization policies agree with cyber incident response plan; 7. Establish a relationship with local federal law enforcement offices and have a point of contact in place; and 8. Connect with cyber information sharing groups. If attacked, organizations are advised to respond by: 1. Performing an initial assessment of the system affected, the origin of the attack; identify any malware that may have been used; and determine if any remote servers that received data and the identity of any other victims. 2. Implementing steps to prevent continuing damage. 3. Recording and collecting information on the attack. And last, 4. Notifying all people inside the organization as well as law enforcement agents, the Department of Homeland Security and other potential victims. Full Report

Chartered Institute of Procurement & Supply; 12 Pages
May 1, 2015

The Chartered Institute of Procurement & Supply (CIPS) Risk Index has lost ground again as the global economic outlook continues to weaken particularly in emerging markets. The general deterioration of the risk index reflects the larger number of downgrades than upgrades. During the first quarter only five countries were upgraded in terms of operational risk assessments while 11 countries saw an overall increase in operational risk for companies operating internationally. The article includes a graph showing the CIPS Risk Index score for the first quarter of 2015 in the high-risk range at 78.7. Two additional graphs show the contribution to global risk by region. The index covers 132 nations, representing more than 90 percent of the world’s economic activities. The increase in the overall risk index is attributed to a reduction in the growth rates of emerging economies in East Asia and the continued economic problems in Europe. The leading oil producing economies are facing increased risks because of the volatility of oil prices. The continuing weakness and uneven rate of global economic recovery is moving the risk index close to the record high set in the third quarter of 2013. Full Report


If you have a suggestion for a study to be included in this section please email