Business Risk


The Ukraine crisis is making headlines around the world, and also in the insurance world.

While events are still unfolding, Russia’s move to annex the Crimea region of Ukraine has prompted United States and European Union leaders to impose economic and travel sanctions on some Russian officials.

U.S. and EU leaders will meet next week in the Netherlands to discuss the crisis and further sanctions are possible.

As for insurance implications, the ongoing turmoil has the potential to impact the political risk, structured credit and trade credit insurance markets.

Broker Marsh said in a briefing last week that some insurers had stopped underwriting political risk insurance in the two countries due to concern over the political unrest and credit ratings in Ukraine and potential sanctions in Russia.

Canadian Underwriter reported on the story here.

Noting the uncertainty of the evolving situation, Marsh said:

Companies with interests in the region face the potential for damage to assets through political violence and possible broader expropriation measures or sanctions against foreign interest in Russia should sanctions be imposed against the country. This is in addition to the potential for payment delays on trade payment obligations due from customers, especially those in Ukraine.”

Marsh also noted that because Russia is the political risk and structured credit market’s largest country exposure, if the current conflict results in large-scale insurable damage, global premiums and insurance capacity for these coverages could be adversely affected.

There is also the potential for a downgrade of the country rating by the ratings agencies and possible payment difficulties for creditors of Ukrainian companies, either commercial or economic, Marsh added.

The broker advised businesses with operations in Ukraine, especially those in Crimea, to check their crisis response and insurance programs to ensure they sufficiently mitigate the potential effects on their operations.

The I.I.I.’s International Insurance Fact Book has insurance and economic data on Russia and Ukraine here.

Two months after Target announced a massive data breach in which hackers stole 40 million debit and credit card accounts from stores nationwide and the rising costs related to the incident are becoming clear.

Costs associated with the Target data breach have reached more than $200 million for financial institutions, according to data collected by the Consumer Bankers Association (CBA) and the Credit Union National Association (CUNA).

Breaking out the numbers, CBA estimates the cost of card replacements for its members have reached $172 million, up from an initial finding of $153 million. CUNA has said the cost to credit unions has increased to $30.6 million, up from an original estimate of $25 million.

So far, cards replaced by CBA members and credit unions account for more than half (54.5 percent) of all affected cards.

In a press release, CBA notes that the combined $200 million cost does not factor in costs to financial institutions other than credit unions or CBA members, nor does it take into account any fraudulent activity which may have occurred or may occur in the future:

Fraudulent activity would push the cost of the Target data breach to the industry much higher, as consumers would not be held liable.”

A post over at the Wall Street Journal Corporate Intelligence blog points out that cyber attacks like these continue to be a drain on the wider economy.

It cites a study backed by computer security firm McAfee that last year estimated the total cost of cybercrime and cyber espionage to the United States at up to $100 billion each year.

Meanwhile, legal experts caution that companies need to take stock in the wake of the Target breach and make sure they have adequate insurance in place.

A post by Emily R. Caron in Media, Privacy and Beyond published by law firm Lathrop & Gage notes that fortunately Target appears to have a lot of insurance in place.

It cites reports suggesting that between cyber coverage and directors and officers (D&O) coverage, Target has $165 million in total limits, after self-insuring the first $10 million. (Hat tip to @LexBlogNetwork for highlighting this article)

However, The New York Times recently reported that total damages to banks and retailers could exceed $18 billion according to estimates by Javelin Strategy & Research.

In addition the NYT noted that nearly 70 lawsuits have already been filed against Target, many of them seeking class-action status.

As Caron notes in her article at Media, Privacy & Beyond, there is a big gap between $165 million and $18 billion.

Check out I.I.I. facts + statistics on ID theft and cyber security.

Job bias charges reported to the U.S. Equal Employment Opportunity Commission (EEOC) dropped to 93,727 in fiscal year 2013, down 5.7 percent from 99,412 charges in 2012, and a 6.6 percent decrease from the record 99,947 charges reported in fiscal year 2011.

But the decline in the number of charges was offset by an increase in the amount of monetary relief obtained for victims.

Monetary relief obtained for victims increased by $6.7 million to $372.1 million – the highest monetary recovery from private sector employers in agency history through its administrative process, the EEOC said.

As in prior years, retaliation under all statutes was the most frequently cited basis for charges of discrimination, increasing in both actual numbers (38,539 up from 37,836) and as a percentage of all charges (41.1 percent up from 38.1 percent) from the previous year.

This was followed by race discrimination (33,068/35.3 percent); sex discrimination, including sexual harassment and pregnancy discrimination (27,687/29.5 percent); and discrimination based on disability (25,957/27.7 percent).

The EEOC noted that both race and disability discrimination increased in percentage of all charges while decreasing in raw numbers from the previous year, while charges of sex discrimination were down by over 2,600 charges.

The EEOC also received 333 charges under the Genetic Information Nondiscrimination Act, which prohibits discrimination on the basis of genetic information, including family medical history.

Despite the overall positive trend, employers should remain vigilant, legal experts say.

In a post on legal newsfeed Lexology, Hannesson Murphy, a partner at law firm Barnes & Thornburg, writes:

While employers should be encouraged by current trends, this is no time to let down their guard: EEOC charges remain well above the levels of the mid-1990’s or mid-2000’s, retaliation claims are on the rise, and the EEOC is as active as ever. In short: remain vigilant.”

Check out further I.I.I. facts and statistics on employment practices liability insurance here.

The fallout continues in the wake of the massive data breach at Target in which hackers stole 40 million debit and credit card accounts from stores nationwide between November 27 and December 15.

USA Today reports that so far three class-action lawsuits have been filed in the wake of the incident, seeking more than $5 million in damages. Two of the cases were filed in California and one in Oregon.

The same USA Today article reports that the Attorney General in at least four states – Connecticut, Massachusetts, New York and South Dakota – have asked Target for information about the breach, in what is regarded as the first step to a possible multi-state investigation into the breach.

Meanwhile, the Krebs on Security blog which broke the story of the Target breach last Wednesday December 18, reports that card accounts stolen in the breach are flooding the underground markets. Check out the latest reports here and here.

For anyone who shopped at Target during the breach period, the New York Times has a helpful Q&A on what you should do.

While latest studies indicate U.S. companies continue to improve their preparation for and response to a data breach, the security breach at Target highlights the vulnerability of major companies to this threat.

Both the organizational cost of a data breach and the cost per lost or stolen record declined last year, according to the 2013 Cost of a Data Breach study by the Ponemon Institute and Symantec.

The organizational cost of a breach declined from $5.5 million to $5.4 million and the cost per record from $194 to $188.

The Ponemon report also noted that while the cost of a data breach can vary widely because of the types of threats and data protection laws, the financial consequences are serious worldwide.

Check out I.I.I. facts and statistics on identity theft and cyber security.

Direct foreign investors operating in the Middle East and North Africa (MENA) face an increasing level of political risk as a result of the instability and uncertainty created by the Arab Awakening, according to an annual risk report.

The 2014 Marsh-Maplecroft Political Risk Map reveals that more than 60 percent of countries in the MENA region have experienced a significant increase in the level of political violence since 2010.

According to the map, 17 countries since 2010 have experienced a significant increase in their level of dynamic political risk, more than half of which are located in the MENA region.

Note: dynamic political risks focus on short-term challenges, such as rule of law, political violence, the macroeconomic environment, resource nationalism and regime stability.

Syria has seen the most significant increase in risk and is now ranked as the second-highest risk country behind only Somalia.  For the first time, Egypt is now categorized as “extreme” risk for political violence, a deterioration driven by post-coup violence and increased terrorist activity in the Sinai Peninsula.

Over the past year, East Africa was host to the most countries with an increase in political violence, according to the map.

Marsh notes that the increase in political violence in East Africa presents significant challenges to foreign investors looking to the region following the discovery of substantial oil and gas reserves.

Despite these risks, the map points to opportunities for investors in six growth markets where overall dynamic political risk has significantly improved since 2010: the Philippines, India, Uganda, Ghana, Israel, and Malaysia.

The map draws from Maplecroft’s Political Risk Atlas 2014 and highlights dynamic political risks across 197 countries, including conflict, terrorism, macroeconomic stability, rule of law, and regulatory and business environments.

Hat tip to Business Insurance which reports here.

Health care organizations are facing a much more challenging directors and officers (D&O) liability insurance market as they adapt to changes arising from the Affordable Care Act (ACA), according to a new report from Marsh.

It reveals that average primary D&O rates for midsize and large health systems increased by 9.6 percent in the third quarter of 2013, while total program D&O rates renewed with 7.9 percent increases on average.

Nearly all organizations – 91 percent – renewed with rate increases, according to its findings.

Marsh notes that since the passage of the ACA in 2010, the health care industry has undergone rapid consolidation resulting in organizations working more closely together and sharing information.

As a result, many health care organizations face increased exposure to antitrust risks and this has insurers concerned.

In some cases D&O insurers have lowered their antitrust sublimits and increased antitrust-related coinsurance requirements and retentions, Marsh says. In addition to raising rates, some D&O insurers are also pulling back on offering full policy limit defense coverage.

It quotes Mark Karlson, Marsh’s FINPRO Health Care Practice Leader:

Ongoing merger and acquisition activity and the transition to accountable care organizations and similar networks are creating new exposures for many health care organizations, including antitrust risks.

This has resulted in a much more challenging D&O market for health care companies. Risk managers should expect to face additional rate increases in 2014 and be prepared to provide underwriters with detailed answers about their response to health care reform.”

PC360 has more on this story.

Check out I.I.I. information on D&O liability insurance.

More and more companies are using social media and many recognize the potential risks, but few have an adequate plan in place to manage those risks.

Two separate surveys point to the fact that as social media becomes even more widely used in the corporate setting, businesses need to properly assess and monitor the risks involved.

Chubb’s just-published 2013 Private Company Survey found that 68 percent of companies are using social media – up from 39 percent in 2010 – but only 12 percent are concerned that they will be sued for allegedly making defamatory posts.

Further, only 49 percent have a written social media usage policy for their employees, Chubb found.

Executives at 450 U.S. for-profit private companies were interviewed for the Chubb survey.

An earlier report from Grant Thornton LLP and the Financial Executives Research Foundation (FERF), found that some 71 percent of public and private company executives are concerned about the potential risks involved in the use of social media, but they believe the risks can be mitigated or avoided.

More than half (59 percent) of executives surveyed said their companies do not perform a social media risk assessment.

Also, two-thirds (66 percent) of respondents see their company’s use of social media increasing during the next 12 months, but only a third of respondents (36 percent) reported that their company has social media training.

As the report says:

The evaluation and monitoring of risk needs to be a key component of any organization’s social media strategy, and its importance cannot be overstated.”

More than 100 senior-level executives from public and private companies participated in the 2013 Social Media Risks and Rewards survey, which was conducted during May and June of this year.

Check out the I.I.I. paper Social Media, Liability and Insurance.

The percentage of companies buying cyber liability insurance is increasing substantially, according to an annual survey jointly produced by Advisen and Zurich.

For the first time in the three years that the survey has been administered, more than half of respondents claim to purchase cyber liability insurance.

In response to the question “Does your organization purchase cyber liability insurance?” some 52 percent responded yes, compared to 44 percent in 2012, and 35 percent in 2011.

Only 38 percent said their organization did not purchase this protection, down from 50 percent in 2012 and 60 percent in 2011.

Of those companies that do purchase coverage, some 72 percent have done so for more than three years. This represents a 10-point increase from 2012 suggesting that when organizations purchase the coverage they see enough value to renew it year after year.

Even those companies that have not bought cyber coverage are thinking about it.

Half (53 percent) of survey respondents that do not currently buy cyber insurance are considering purchasing it in the next year – a 28 percentage point increase from 2012.

Advisen notes:

This is an indication of the continued shift in the cyber insurance marketplace, from a product that was interesting but not a necessity to one that is becoming a must have.”

Check out a recent I.I.I. paper on cyber risks.

The impact of a data breach at software maker Adobe appears to be worsening. When it first announced the breach on October 3, Adobe said that cyber attackers had compromised accounts and passwords of nearly 3 million users. Now that number has jumped to at least 38 million users.

What’s more a blog post at PCWorld indicates that a further 150 million usernames and hashed passwords were taken from Adobe. While Adobe says these could include inactive IDs, test accounts and IDs with invalid passwords, the company is still investigating.

PCWorld also reports that the hackers stole source code for flagship Adobe products such as Photoshop, Acrobat, and Reader.

It cites a blog post by Hold Security that suggests the source code theft could have far-reaching security implications.

Here’s the direct quote from the Hold Security blog post:

While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for a new generation of viruses, malware, and exploits.”

Despite the major news headlines about cybercriminals, it’s worth remembering that mistakes made by people and systems actually cause the majority of data breaches.

The 2013 Cost of a Data Breach study by the Ponemon Institute and Symantec, found that negligence and system glitches together accounted for 64 percent of data breaches last year. Such incidents include employees mishandling information, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.

However, U.S. companies represented in this study are apparently continuing to improve their preparation for and response to a data breach.

Both the organizational cost of data breach and the cost per lost or stolen record declined last year, with the organizational cost declining from $5.5 million to $5.4 million and the cost per record from $194 to $188.

Ponemon and Symantec attribute this to more organizations using data loss prevention technologies, fewer records being lost in the breaches and less customer churn.

As mom to two young boys I’ve had to become familiar with construction vehicle terminology, such as backhoes, skid steers and excavators. So it’s with interest I read the latest heavy equipment theft report from the National Insurance Crime Bureau (NICB).

The report, co-produced with the National Equipment Register (NER), analyzes heavy equipment theft data submitted by law enforcement to the National Crime Information Center (NCIC) and breaks out the data by theft state, theft city, theft month, equipment manufacturer, equipment style (type) and year of manufacture.

Here are some of the key takeaways of the 2012 NICB Heavy Equipment Theft report:

– A total of 10,925 heavy equipment thefts were reported to law enforcement in 2012, down 7 percent from the 11,705 reported in 2011. Since 2008, there has been an overall 19 percent reduction in heavy equipment thefts.

– The three most stolen heavy equipment items in 2012 were: mowers (riding or garden tractor: 5,363); loaders (skid steer, wheeled: 1,943); tractors (wheeled or tracked: 1,459).

– Heavy equipment manufactured by John Deere was the number one theft target in 2012, followed by Kubota Tractor Corp, Bobcat, Caterpillar and Toro.

– The top three states for heavy equipment thefts in 2012? Texas ranked first with 1,401 reported thefts, followed by North Carolina with 1,037 thefts, and Florida with 890 thefts.

The report also looks into heavy equipment recoveries in 2012 and here comes the sticker shock for insurers.

According to the NICB, only 20 percent of heavy equipment stolen in 2012 was found, making it a costly crime for insurance companies, equipment owners and rental agencies.

Bear in mind that annual estimates of the cost of equipment theft vary from around $300 million to $1 billion, with most estimates in the range of $400 million.

But, these estimates do not include the theft of tools or building materials or damage to equipment and premises caused during a theft, or losses from business interruption, such as the cost of rentals, project-delay penalties, and wasted workforce and management time.

The NICB says the area that needs the most improvement is also the one that promises immediate results: making accurate information available to law enforcement 24 hours a day.

It notes:

At a minimum, equipment owners should keep accurate lists of equipment with PIN/serial numbers and submit them to law enforcement, their insurers, and NER as soon they discover a theft. When they purchase equipment, owners should register serial numbers in the NER database, so that the information is available to law enforcement 24 hours a day. In the event of a theft, law enforcement can identify the equipment, even during weekends or at night.”

« Previous PageNext Page »