There are many factors that can affect a company’s credit ratings and it appears that cyber risk is moving up a notch in importance in corporate credit analysis.

In a new report, ratings agency Moody’s Investors Service said it views material cyber threats in a similar vein as other extraordinary event risks, such as a natural disaster, with any subsequent credit impact depending on the duration and severity of the event.

Moody’s reports:

While we do not explicitly incorporate cyber risk as a principal credit factor today, our fundamental credit analysis incorporates numerous stress-testing scenarios, and a cyber event could be the trigger for one of those stress scenarios.”

According to the report, “Cyber Risk of Growing Importance to Credit Analysis,” assessing how prepared an issuer or organization is for a cyber threat presents challenges, owing to the complexity of the problem.

Moody’s identifies several key factors to examine when determining a credit impact associated with a cyber event, including: nature and scope of the targeted assets or businesses; the duration of potential service disruptions; and the expected time to restore operations.

On a positive note, more cyber security expertise is being added to boards and trustee governance in response to the growing cyber threat.

A press release cites Jim Hempstead, Moody’s associate managing director and lead author of the report:

We expect many issuers will create distinct cyber security subcommittees, which is a material credit positive.”

Moody’s said industries housing significant amounts of personal data, such as financial institutions, health care entities, higher education organizations and retail companies are at greatest risk of a large-scale data breaches resulting in serious reputational and financial damage.

Critical infrastructure sectors such as electric utilities, power plants, or water and sewer systems are more exposed to attacks that could result in large-scale service disruption, causing substantial economic—and possibly environmental—damages to sovereign, state and local governments or utilities.

However, Moody’s believes this type of attack would elicit immediate government intervention to restore operations, resulting in lower potential credit risk.

Hat tip to Reuters for its article here.

Check out the I.I.I.’s latest paper Cyber Risk: Threats and Opportunities.

Our mission at the Insurance Information Institute (I.I.I.) is to help people understand how insurance operates. Sometimes that means understanding how insurers handle new technologies, particularly auto insurance. Chief Actuary James Lynch answers a question we got last week:

Q: I am researching driver assist technology and the advantages and pitfalls that could be associated with it. Do driver assist technologies raise or lower insurance premiums? A few of the technologies I’m looking at are lane-keeping devices, blind spot warning systems and hands-free cruise control.

A: As far as technological innovations go, insurance companies adjust their rates after a technology has proved its worth on the road. Only then do they know that a technology is effective and how much discount is warranted, if any. That means hands-free driving systems, which have only been introduced in the past couple months, are not earning anyone discounts right now.

You mention lane departure warnings. That is a technology that has yet to prove valuable on its own. The feature alerts a driver that is beginning to drift from one lane to another. When the driver drifts, an alarm beeps. One problem, it appears, is that drivers have trouble understanding what the beep means.

In addition, the feature can be turned on and off by the owner, and owners frequently find it so annoying that they turn it off. I happen to have a car with this technology, and I drove with it for about 10 minutes before turning it off. You would be surprised how many times your wheels touch a lane line; I know I was, particularly when the road curved. So insurers probably aren’t giving a lot of credits for the system.

That doesn’t mean that the idea of a lane departure warning is useless. The problem may be that the notification system doesn’t help the driver do a better job. There’s every chance that manufacturers will be able to refine the system so that it does better later. If that happens, rates will eventually adjust.

Another possibility: Sometimes a feature by itself doesn’t work as touted but will become an important part of a larger system. An example here is antilock brakes, which were introduced a couple of decades ago. The brakes had a special feature that was supposed to help a car stop more quickly when its brakes were slammed on. By itself, they weren’t much of a help – which surprised a lot of people – but they have become an important part of electronic stability control, a computerized system that figures out when a car is starting to skid and corrects the situation.

Electronic stability control is perhaps the biggest safety advance of our generation. The feature, standard since 2012 on all new vehicles, has cut the risk of a fatal single-vehicle crash in half. Insurers closely monitor this stuff, particularly the Insurance Institute for Highway Safety and its sister organization, the Highway Loss Data Institute.

Here at I.I.I. we offer more information on auto crashes in our Issues Update on the topic.

Suicide-armed assaults and bomb attacks may become an even more attractive tactic for terrorist groups to replicate following the November 13, 2015 attack in Paris, France, according to catastrophe modeling firm RMS.

In a blog post, RMS writes that the Paris attacks—which killed more than 125 people and left 350 injured—are the deadliest in Europe since the 2004 train bombings in Madrid, Spain, where 191 people were killed and over 1,800 injured.

The attacks have exposed France’s vulnerability to political armed violence and alerted the rest of Europe to the threat of salafi-jihadists within their domain, according to RMS.

RMS also notes that the chosen strategy in last Friday’s attacks offers greatest impact. For example, the suicide armed attacks or sieges witnessed at the Bataclan Theater involved a group opening fire on a gathering of people in order to kill as many as possible.

Similar to the Mumbai attacks in 2008, the ability to roam around and sustain the attack, while being willing to kill themselves in the onslaught makes such terrorist attacks more difficult to combat.

From the terrorist’s perspective, these assaults offer a number of advantages, such as greater target discrimination, flexibility during the operation, and the opportunity to cause large numbers of casualties and generate extensive worldwide media exposure.”

Such attacks typically will target people in crowded areas that lay outside any security perimeter checks such as those of an airport or at a national stadium. Probable targets for such attacks are landmark buildings with a large civilian presence, RMS suggests.

Business Insurance reports that victims of the Paris attacks—whether French national or not—can claim compensation for personal injury from Le Fonds de Garantie des Victimes des Actes de Terrorismes et d’Autres Infractions (FGTI), as detailed by France’s insurance industry association Fédération Française des Sociétés d’Assurances on its website here.

France also has a state-backed reinsurer for property losses caused by terrorism, known as GAREAT (Gestion de l’Assurance et de la Réassurance des Risques Attentats et Actes de Terrorisme), which will likely cover any insured property losses resulting from the attacks.

Check out I.I.I. facts and statistics on global terrorism losses here and the latest I.I.I. paper on the renewed and restructured Terrorism Risk and Insurance Program in the U.S.

There’s a lot of buzz around the Internet of Things (IoT), not least with latest forecasts from Gartner suggesting that 20.8 billion connected things will be in use worldwide by 2020.

Already the estimated number of connected things in 2016—6.4 billion, according to Gartner—is a 30 percent increase on 2015. In fact 5.5 million new things will get connected every day in 2016, Gartner predicts.

A press release notes:

Aside from connected cars, consumer uses will continue to account for the greatest number of connected things, while enterprise will account for the largest spending.”

Gartner estimates that 4 billion connected things will be in use in the consumer sector in 2016, and will reach 13.5 billion in 2020. (Hat tip Canadian Underwriter for its report here)

Numerous analysts have pointed to IoT’s power to transform the insurance industry.

In this Deloitte QuickLook blog post, Sam Friedman writes that IoT will likely accelerate the vast amounts of data available to insurers as Web-connected sensors become the norm.

For example, telematics for usage-based auto insurance can provide carriers with 24/7 updates about where, when and how fast an insured travels, as well as assessing their turning and braking habits, traffic navigation skills and response time.

This same IoT technology has applications in a number of other coverages in personal, life and health and commercial insurance, Friedman writes.

Another example is “smart” homes which will allow homeowners to monitor their property, its security and elements like heating remotely. Insurers could provide loss control advice to minimize threats and perhaps take action to secure insured properties, he suggests.

And in this Accenture blog post, Daniele Presutti writes about how IoT will change how insurance is sold and who sells it. He predicts an increasing presence in the insurance business by tech-savvy competitors, such as Google and Amazon.

But it’s not all bad news, he writes:

As people, homes, organizations and even cities become increasingly interconnected, an array of new opportunities will emerge. Smart and agile insurance companies will be able to take advantage of the IoT to launch new products, with new customers and capture new markets. These companies will be the Insurers of Things. For them the possibilities will be huge.”

Read more about how insurers are innovating along with the evolution of IoT in our latest paper Cyber Risks: Threat and Opportunities.


The expected $2 billion minimum economic cost of the South Carolina and eastern U.S. floods in early October will place the event as one of the top 10 costliest non-tropical cyclone flood events in the country since 1980.

Aon Benfield’s latest Global Catastrophe Recap report, which evaluates the impact of natural disaster events occurring worldwide during October 2015, reveals that already public and private insurers have reported more than $400 million in payouts from the event.

Days of relentless record-setting rainfall caused by a complex atmospheric set-up brought tremendous flooding across much of South Carolina, leaving at least 19 dead, Aon reported.

The event caused considerable flood inundation damage to residential and commercial properties, vehicles, and infrastructure after more than two feet (610 millimeters) of rain fell from October 1 to 5.

Aon noted that the minimum $2 billion in total economic losses from the event includes infrastructure and $300 million in crop damage.

Preliminary reports from insurers suggest roughly $350 million in claims.

However, additional insured losses of at least $100 million are expected via the federal National Flood Insurance Program (NFIP) and the USDA RMA crop insurance program.

A recent article by Insurance Journal noted that the potential exposure home insurers in South Carolina face from the early October event is estimated at $18 billion. That’s according to figures by catastrophe modeling firm CoreLogic.

According to the Insurance Information Institute (I.I.I.), none of the 10 largest floods as ranked by NFIP payouts occurred in South Carolina (see below).

However, the state was affected by three of the most costly U.S. hurricanes: Hurricanes Charley and Frances in 2004 and Hurricane Hugo in 1989.

The list includes events from 1978 to June 30, 2015, as of August 21, 2015.


Whether it’s the VW emissions scandal or rebuilding a company’s reputation after a cyber attack, we’re reading a lot about the challenges of managing reputation risk in the business world.

How important—and valuable—a positive reputation and ethical C-suite leadership is for an organization to attract talent is highlighted by recent findings of a survey of 1,012 U.S. adults by Corporate Responsibility Magazine and Cielo Healthcare.

(Hat tip to the WSJ’s Risk & Compliance Journal for flagging this survey.)

The research identified bad behaviors most harmful to a company’s culture and reputation as:

  • Public exposure of criminal acts (33 percent);
  • Failure to recall defective products (30 percent);
  • Public disclosure of workplace discrimination (21 percent);
  • Public disclosure of environmental scandal (15 percent).

What’s the true cost of a bad corporate reputation? According to the survey, companies perceived as unethical face a potential talent shortage and increased recruiting costs as they struggle to successfully recruit women and millennials.

Only 67 percent of employed Americans surveyed would take a job with a company that had a bad reputation if they were offered more money, compared to 70 percent in 2014.

In contrast, 92 percent would consider leaving their current jobs if offered another role with a company with an excellent corporate reputation.

It would also take a substantial pay increase for many to take a job with a company with a bad reputation, with 46 percent of survey respondents needing a pay increase of 50 percent or more to consider moving to an unethical company.

Women are more motivated to work for an ethical company, the survey found. Some 86 percent of women who responded said they would not join a company with a bad reputation compared to only 67 percent of men.

In contrast, 92 percent of men and women would consider leaving their current jobs if offered another role with a company with a stellar corporate reputation.

Check out the I.I.I. online resource for business insurance here.

Business interruption, commercial property, general liability, umbrella, and workers’ compensation were the lines brokers most often noted had a decline in rates in the third quarter of 2015, according to the latest Commercial P/C Market Index Survey from the Council of Insurance Agents & Brokers.

Broker comments came as The Council survey found rates decreased across all lines by an average of 3.1 percent in the third quarter, compared with a 3.3 percent decline in the second quarter of 2015.

Large accounts saw the largest decreases at 4.1 percent, followed by medium-sized accounts at 3.8 percent, and small accounts at 1.4 percent.

The ongoing buyers’ market was consistent across most lines of business, The Council noted, with a few exceptions, including commercial auto and flood both of which saw a slight uptick in rates. Flood continued to be viewed as a troubled peril, brokers said.

Flood insurance rates increased, especially in the Southeast and Pacific Northwest regions, as rate increases, assessments and surcharges continued to be implemented by the National Flood Insurance Program (NFIP) and Write Your Own Carriers.

Ken Crerar, president and CEO of The Council observed that while rates seemed stable and competition plentiful, the brokerage industry is keeping an eye on many factors that may have an impact on insurance placements going forward.

We heard from our brokers about the growing cyber insurance market, consolidation in the industry, and attracting and retaining talent.

These are long-term, macro-level issues that have been percolating for years.”

Check out latest I.I.I. information on industry financial results here.

As we put the finishing touches to our Halloween costumes we’ve rounded up some of the not-so-spooky posts from around the insurance blogosphere to keep the ghouls and ghosts away.

First up is Erie Insurance with its post 4 Lesser-Known Halloween Safety Tips. Read all the way to the end and you’ll learn of the dangers of glow sticks. As a parent to two young children who gravitate towards anything that glows, I appreciate the tip that glow sticks cause an increase in poisoning on Halloween. Make sure to tell your kids to keep them away from their mouths.

Next up is Zillow and with an excellent post on how Halloween carries potential financial risk for homeowners. Whether it’s Halloween-related fires leading to property damage or liability claims from trick-or-treaters injured on your property, some practical safety steps and a homeowners or renters insurance policy can help protect your most valuable assets.

Do you have a secure place to park your car? In this Insurance Institute for Highway Safety (IIHS) post (from 2013) we learn that vehicle vandalism peaks on Halloween with nearly twice as many insurance claims on October 31 as on an average day. Such claims include things like slashed tires and smashed windows. Hence the importance of comprehensive auto insurance coverage.

And for the insurance fans among you, last but not least is a post on WillisWire, reflecting not on make-believe monsters, but on the scariest real risks faced by their clients during the year. Which one keeps you up at night? Have your say and take their poll.

Wishing all our readers a safe and Happy Halloween!


If you’re a small or medium-sized business with fewer than 500 employees you might think that none of your employees would file discrimination charges against your company.

But a just-released survey by Hiscox dispels that myth, showing just how costly employment matters can be for small and medium-sized enterprises (SMEs)—and how important it is to have employment practices liability (EPL) insurance.

A representative study of 446 closed claims reported by SMEs with fewer than 500 employees found that some 19 percent of employment charges resulted in defense and settlement costs averaging a total of $125,000. On average, those matters took 275 days to resolve, Hiscox found.

While the average self-insured retention (deductible) for these charges was $35,000, without employment practices liability insurance, these companies would have been out of pocket by an extra $90,000, Hiscox said.

“Most employment matters don’t end up in court, but for those that do, the damages can be substantial,” Hiscox noted.

Its survey cites data showing the median judgment is approximately $200,000, which is in addition to the cost of defense. About 25 percent of cases result in a judgment of $500,000 or more.

Where a business is located can make a big difference in the potential employment exposure it faces.

The 2015 Hiscox Employee Lawsuit Handbook found states with the highest risk of employees filing lawsuits are: New Mexico (66 percent higher than national average), Washington DC (65 percent higher), Nevada (47 percent higher), Alabama (41 percent higher) and California (40 percent higher).

Overall, U.S.-based companies of all sizes have at least an 11.7 percent chance of having an employment charge filed against them, Hiscox found.

Claims Journal has more on this story here.

Wondering what’s covered by EPL insurance? The Insurance Information Institute (I.I.I.) explains all here.


Broker Willis has just published its commercial insurance rate predictions for 2016.

What’s the outlook for insurance buyers?

Overall, the property/casualty insurance market continues to soften and Willis predicts further softening ahead, fueled by relatively benign losses and an oversupply of capacity from traditional and non-traditional sources.

For 2016, 10 lines of insurance—property, casualty, aviation, energy, health care professional, marine, political risks, surety, terrorism and trade credit—are expecting decreases.

In contrast, just five lines of insurance—cyber, employee benefits, errors & omissions (E&O), fidelity and kidnap & ransom—are expecting increases.

The main exception to the overall softening trend is in cyber and E&O insurance, Willis reports, where the growing threat of cyber intrusion and data theft is sending rates upward.

By how much?

For retailers with POS (point-of-sale) exposures and large health care companies, rate increases are up to an eye-opening 150 percent at renewal, with additional increases on excess layers.

In fact most buyers of cyber insurance are seeing primary premium increases of up to 15 percent, Willis says. For smaller organizations (with revenues less than $1 billion) lower premium increases are typical.

What about terms and conditions?

Willis observes that underwriting requirements continue to rise and cyber insurers are also increasing retentions, reducing capacity and exiting certain sectors.

Despite the reduction in capacity by some carriers, available limits in the cyber marketplace are around $350 million to $400 million.

Willis also predicts the marketplace for first-time buyers of cyber insurance (except for POS retailers and large healthcare organizations) will continue with relatively favorable terms, conditions and pricing.

Willis offers this single piece of advice to buyers of cyber insurance:

In approaching the markets, be ready to identify key investments in security and privacy protections over the past policy year that will help differentiate you from your peers.”

The I.I.I.’s new paper Cyber Risks: Threat and Opportunities sheds more light on the rapidly evolving market for cyber insurance.

Next Page »