Category Archives: Business Risk

Tianjin: A Reminder of Insurance Need in Developing Countries

The explosions at the Port of Tianjin, China could ultimately become one of the largest man-made insurance loss events worldwide ever recorded, according to Swiss Re sigma.

Based on Swiss Re’s latest estimates, the total insured property loss of the Tianjin explosions is likely to be around USD 2.5 billion to USD 3.5 billion, making it the largest man-made insured loss event in Asia ever recorded.

Tianjin currently ranks as the third largest man-made insured global loss (in 2015 dollars), behind the September 11, 2001, terrorist attacks in New York, Washington and Pennsylvania and the 1988 Piper Alpha oil rig disaster.

Screen Shot 2016-03-30 at 10.09.19 AM

The Tianjin experience highlights the new potential risks facing developing countries with rapidly-developing economies, according to the latest sigma study.

2015 was the third year in a row that the biggest man-made loss globally originated from an emerging market, a reminder of the importance of insurance for developing countries, sigma says.

“The event shows the large loss potential in a country like China, with a fast-growing economy. If further evidence is needed, in 2013 a fire at a major high-tech semiconductor plant in Wuxi, also in China, caused insured losses of USD 0.9 billion.”

Financial protection through insurance is key to restoring business operations and recouping losses, sigma notes.

Accurate assessment of exposures, appropriate coverage terms and adequate pricing are likewise crucial:

“For re/insurers, they need to actively identify monitor and manage exposures in hazard zones and in areas with high asset-value concentrations.”

The complexities of the Tianjin loss have challenged re/insurers, and highlighted the accumulation of risks that can arise from a single large-scale industrial catastrophe event.

While destroyed and damaged vehicles account for most of the Tianjin losses, uncertainties remain as to the types of insurance policies involved.

Property and cargo present major risk accumulation factors in ports, especially in big centers like Tianjin, sigma observes.

The Insurance Information Institute has useful facts and statistics on man-made disasters here.

Don’t Ask, Don’t Tell

We’re reading an item of interest from across the pond where the United Kingdom’s Institute of Directors (IoD) has issued a new report that gives insight into how companies tend to react if they are under a cyber attack.

The IoD study, supported by Barclays, revealed that most companies keep quiet, with under one third (28 percent) of cyber attacks reported to the police.

This is despite the fact that half (49 percent) of cyber attacks resulted in interruption of business operations, the IoD noted.

Hat tip to forbes.com which reports on the IoD findings in this blog post.

It’s worth noting that here in the United States, the Identity Theft Resource Center (ITRC) has long maintained that the record number of U.S. data breaches it tracks are by no means the whole story.

Many data breaches fly under the radar, the ITRC says, because businesses want to avoid the financial dislocation, liability and loss of goodwill that comes with disclosure and notification.

Back to the UK the survey of nearly 1,000 IoD members also showed a worrying gap between awareness of cyber risks and preparedness.

Even though nine in 10 of business leaders said cyber security was important, only 57 percent had a formal strategy in place to protect themselves, and just one fifth (20 percent) held insurance against an attack.

In the words of Professor Benham, author of the IoD report:

No shop=owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response.

Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”

With 34,500 members, ranging from start-up entrepreneurs to CEOs of multinational companies, the IoD is the UK’s largest organization for business leaders.

More on cyber security in the Insurance Information Institute’s paper Cyber Risks: Threat and Opportunities.

PwC: Incidence of Cybercrime Sharply Higher

Cybercrime has jumped to the second most reported type of economic crime affecting 32 percent of global businesses, according to a just-released survey by PwC.

PwC’s Global Economic Crime Survey 2016 found that while traditional leaders of economic crime–asset misappropriation, bribery and corruption, procurement fraud and accounting fraud–all showed a slight decrease over 2014 statistics, cybercrime is on a steady increase.

In fact over one quarter of the 6,000 respondents to PwC’s survey said they’d been affected by cybercrime.

Despite a sharply higher incidence of reported cybercrime among PwC’s respondents, the survey found that most companies are still not adequately prepared for–or even understand the risks faced.

Only 37 percent of organizations have a cyber incident response plan in place and many boards are not sufficiently proactive regarding cyber threats.

Even though  boards have a fiduciary responsibility to shareholders when it comes to cyber risk in several countries, PwC found that less than half of board members actually request information about their organization’s state of cyber-readiness.

Losses from cybercrime can be heavy, PwC reported. A handful of respondents (around 50 organizations) said they had suffered losses over $5 million. Of these, nearly one-third reported cybercrime-related losses sin excess of $100 million.

Reputational damage was considered the most damaging impact of a cyber breach among survey respondents, followed by legal investment and/or enforcement costs.

According to PwC:

The insidious nature of this threat is such that of the 56 percent who say they are not victims, many have likely been compromised without knowing it.”

This year’s results show that the incidence of economic crime has come down, for the first time since the global financial crisis of 2008-9 (albeit marginally by 1 percent).

Check out  the I.I.I. white paper  Cyber Risk: Threat and Opportunity  for the latest on cybercrime, risks and insurance.

U.S. Elections Add to Growing Political Risks Businesses Face

The 2016 U.S. presidential election is one of the rising political risks facing businesses and investors in the year ahead, according to Marsh’s Political Risk Map 2016.

Terrorism and struggling emerging economies, such as China and Russia, are also among the growing political risks businesses face.

Marsh notes that the recent terrorist attacks in Paris and San Bernardino, California have intensified political rhetoric and brought foreign relations and defense policy topics to the forefront.

With polls showing national security to be a major concern for voters, foreign policy will remain a key theme on the campaign trail in 2016 – and will be top of mind for the next presidential administration.”

Marsh observes that in the last decade multinational organizations have undertaken unprecedented international expansion, leaving them exposed to global credit and political risks like never before.

And those risks–including terrorism and political violence, armed conflicts, increasingly powerful anti-establishment political movements, and persistently low commodity prices–continue to grow.

Against this backdrop, it’s critical for businesses to be prepared for the possibility that political violence, unrest, or other large- scale crises will quickly develop in virtually any part of the world – including those countries that were historically seen as safe or stable, Marsh says.

Companies can prepare for these risks by managing their credit risk, building resilient supply chains, protecting their people and by protecting their assets through insurance.

Marsh notes:

Credit and political risk insurance can protect against a variety of risks, including expropriation, political violence, currency inconvertibility, non-payment, and contract frustration.”

Marsh’s Political Risk Map 2016, with data and insight from BMI Research, presents country risk scores for more than 200 countries and territories, helping businesses and investors make smarter decisions about where and how to deploy financial resources–including risk capital–globally in 2016 and beyond.

Another Day, Another Hack

As if we needed another reminder of the rising threat of cyber attacks, the estimated EUR 50 million ($55 million) loss arising from a cyber fraud incident targeting Austrian air parts supplier FACC AG made us sit up and take notice.

As Bloomberg reports here, if the damages do indeed amount to $55 million this would be one of the biggest hacking losses by size.

Bloomberg also points out that the incident is made more intriguing because FACC is 55 percent owned by China-based AVIC.

It will take time for the  details of this attack to emerge, but in a January 20 press release, FACC acknowledged that the target of the cyber fraud was the financial accounting department of FACC Operations GmbH.

The company also noted that its IT infrastructure, data security, IP rights and the group’s operational business are not affected by the criminal activities.

Further, FACC said the $55 million in damage was an outflow of “liquid funds”.

“The management board has taken immediate structural measures and is evaluating damages and insurance claims,” FACC added in its third quarter report.

According to this report by ComputerWeekly.com, the fact that FACC’s financial accounting department was targeted in the fraud is prompting speculation that the company was likely the victim of a so-called whaling attack, also known as business email compromise (BEC) and CEO fraud.

These sophisticated phishing attacks are when cyber criminals send fake email messages from company CEOs, often when a CEO is known to be out of the office, asking company accountants to transfer funds to a supplier. In fact the funds go to a criminal account.

Last year, the Federal Bureau of Investigation (FBI) described BEC fraud as an emerging global threat.

Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, more than 7,000 U.S. companies have been targeted by such attacks with total dollar losses exceeding $740 million. If you consider  non-U.S. victims  and unreported losses, that figure is  likely much  higher.

The rising incidence of BEC and CEO fraud and its intersection with cyber insurance will form the topic of a future blog post.

Both the WEF Global Risks Report 2016 and the Allianz Risk Barometer 2016 have identified cyber attacks and incidents among the top risks facing business.

Find out more about cyber risks and insurance in the I.I.I. white paper Cyber Risk: Threat and Opportunity.

Cyberattacks Top Risk To Doing Business in North America

Cyberattacks are now the greatest risk to doing business in North America, according to the just-released World Economic Forum’s (WEF) Global Risks Report 2016.

In North America, which includes the United States and Canada, cyberattacks and asset bubbles were considered among the top risks of doing business in the region.

The WEF noted that in the United States, the top risk is cyberattack, followed by data fraud or theft (the latter ranks 7th in Canada, which is why it scores 50 percent in the table below).

The risks related to the internet and cyber dependency are considered to be of highest concern for doing business in the wake of recent important attacks on companies, the WEF observed.

WEF2016NorthAmericaTopRisks

On a global scale, cyberattack is perceived as the risk of highest concern in eight economies: Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland, and the United States.

Public sector bodies in at least two of these countries have recently been disrupted by cyberattacks: the US Office of Personnel Management and the Japanese Pension service, the WEF noted.

Attempts to detect and address attacks are made harder by their constantly evolving nature, as perpetrators quickly find new ways of executing them. Businesses trying to match this speed in their development of prevention and response methods are sometimes constrained by a poor understanding of the risk, a lack of technical talent, and inadequate security capabilities.”

Defining clear roles and responsibilities for cyber risk within corporations is crucial, the WEF noted.

Who in the corporation is the actual owner of the risk? While there are many “C” level owners (CISO, CFO, CEO, CRO, Risk Management), each of these owners has differing but related interests and unfortunately often does not integrate risk or effectively collaborate on its management.”

Outdated laws and regulations also inhibit the ability of governments to capture criminals, but also to expedite the often lengthy procedure of implementing legal and regulatory frameworks to reflect evolving realities.

Check out the Insurance Information Institute’s latest report on cyber risks here.

Environmental Pollution and Liabilities: Renewed Concerns

Environmental pollution stories seem to be dominating the headlines and with this comes renewed awareness of potential environmental liabilities among companies, municipalities and their (re)insurers.

An ongoing gas leak at the Southern California Gas Co Aliso Canyon natural gas storage facility near the Porter Ranch suburb of Los Angeles, has forced thousands of residents to evacuate, many of whom have been experiencing health problems.

The Los Angeles Times reports that so far, the gas company has spent more than $50 million to combat the methane leak that began October 23, and more than 25 lawsuits have been filed against the utility.

A securities filing last week stated that the cost of defending the lawsuits, and any damages, if awarded, could be significant.

As the LA Times reports:

The utility has told the U.S. Securities and Exchange Commission that it had “at least four types of insurance policies that it believes will cover many of the current and expected claims, losses and litigation…associated with the natural gas leak at Aliso Canyon.”

Those insurance policies are understood to have a combined available limit in excess of $1 billion, though legal experts suggest the ultimate costs could run much higher.

Meanwhile, officials in Flint, Michigan, made a cost-saving decision to switch the source of their drinking water to the Flint River from Lake Huron in April 2014, a move  that has exposed thousands of children to dangerous levels of lead.

While the city has since switched back to Lake Huron water, and started distributing water filters and bottled water to the city’s residents, The New York Times reports that many have called for state money to replace Flint’s aging pipe infrastructure (at an estimated cost of $1.5 billion) and a fund to address any developmental impact on children.

Last week Michigan governor Rick Snyder declared the city to be in a state of emergency just as federal officials opened an investigation into the water contamination.

Other environmental pollution stories in the news include one lawyer’s fight against DuPont’s decades-long history of chemical pollution and further away the recent Samarco dam burst in Brazil–described as the worst environmental disaster in the country’s history.

In a recent note AIG Environmental Insurance said that environmental pollution continues to be a major source of concern for the (re)insurance market.

AIG noted that the potential environmental liability impact of the Samarco dam burst remains the unknown factor, with market sources putting the overall insured coverage at in excess of $600 million.

Taken together with the property and business interruption elements of the cover, the (re)insurance market is facing a potential overall loss that could be in excess of $1 billion.”

Man-made Disaster Losses Increase in 2015

Natural catastrophes made up the lion’s share of global insured disaster losses in 2015, but a man-made loss was the year’s costliest.

Preliminary estimates from Swiss Re sigma put insured losses from disaster events at $32 billion in 2015, of which $23 billion were triggered by natural catastrophes and $9 billion by man-made disasters.

The explosions at the Port of Tianjin, China in August are expected to lead to claims of at least $2 billion, making it the costliest event of the year and the biggest man-made insured loss in Asia ever, sigma said.

Some 173 people were killed and many more injured in the Tianjin explosions, which damaged and destroyed vehicles, shipping containers, production facilities and surrounding property.

The insured loss estimate is subject to a high degree of uncertainty due to the many different lines of business and coverage impacted, including potentially contingent business interruption,  sigma noted.

An  earlier  report by Guy Carpenter has suggested potential losses of up to $3.3 billion resulting from the Tianjin explosions.

figure_1_2015prel

Insured losses from man-made disasters were up 30 percent in 2015 at $9 billion, from $7 billion in 2014, according to sigma.

However, at $23 billion natural catastrophe insured losses were below the annual average of $55 billion for the previous 10 years.

Losses were caused by various severe natural catastrophes across different perils in 2015, including windstorms, hurricanes, earthquakes, flooding and wildfires.

A February winter storm in the United States was the costliest natural disaster of the year, resulting in insured losses of more than $2 billion.

Low activity during the North Atlantic hurricane season kept the total global insured loss low, sigma noted.

Sadly, approximately 26,000 people lost their lives in disasters this year, double the amount in 2014.

Large disasters in other parts of the world contributed to the high level of fatalities.

The magnitude 7.8 earthquake that struck Nepal and neighboring countries in April triggered a humanitarian catastrophe, killing around 9,000 people.

More than 5,000 people also died in waves of extreme temperatures during the summer season in India, Pakistan, Europe, North Africa and the Middle East.

And more lives were lost due to capsizing of many boats carrying migrants from conflict zones in northern Africa to Europe, often in unseaworthy vessels, sigma noted.

More facts and statistics on man-made  disasters available from the I.I.I. here.

New Era Ahead for Protecting Personal Data in Europe

“Clear rules that are fit for the digital age.” That’s how Vera Jourova, the European justice commissioner, described tough new European data protection regulations just agreed by European policy makers.

The long-awaited reforms, which are expected to take effect in early 2018, will establish one set of rules on data protection across all  28 member nations in the European Union (EU).

As the New York Times reports, the new regulations would apply to any company with customers in the EU, whether or not it is based in the region.

This will expand potential liability for companies, experts note.

What key changes can businesses active in the EU market expect?

Among the policy changes the new law would require companies to inform national regulators within three days of any reported data breach.

The other proposed change that jumps off the page is one that would link sanctions (read: fines) to company revenues.

Policymakers have agreed that fines could total up to 4 percent of a company’s global revenue for the most serious breaches to European data privacy rules. This could amount to billions of dollars, according to this report by the Guardian.

While the tougher fines are seen as a major step forward for consumer protection, they have raised concerns among large tech companies such as Google and Facebook, the NYT says.

It cites Peter Church, a technology lawyer at Linklaters in London:

Europe’s approach to privacy is much stronger than in the United States. There’s a fundamental difference in culture when it comes to privacy.”

The new law will also expand potential liability for companies, bringing increased responsibility and accountability for those controlling and processing personal data, according to this politico.eu article.

Currently the data controller at a company is liable for data breaches in the EU, but Politico notes that once the law takes effect, both the controller and data processors will be jointly liability for any damages.

Business Interruption: Risks and Losses On the Rise

Economic impact from business interruption (BI) is often much higher than the cost of physical damage in a disaster and is a growing risk to companies worldwide, according to a new report from Allianz Global Corporate & Specialty (AGCS).

Its analysis of more than 1,800 large BI claims from 68 countries between 2010 and 2014 found that business interruption now typically accounts for a much higher proportion of the overall loss than was the case 10 years ago.

Both severity and frequency of BI claims is increasing, AGCS warns.

The average large BI property insurance claim is now in excess of €2 million (€2.2 million: $2.4 million), some 36 percent higher than the corresponding average property damage claim of just over €1.6 million ($1.8 million), the global claims  review found.

The vast majority of BI losses are not caused by natural catastrophes, with non-natural hazard events such as human error or technical failure accounting for 88 percent of BI losses by value.

Reported loss estimates from the largest non-natural catastrophe BI events across the insurance industry during 2015 total more than $7 billion so far, with the Tianjin loss potentially accounting for almost half this total.

GlobalLossAtlas_471x150

Fire and explosion is the top cause of BI loss around the globe by value (2010-2014), with each incident analyzed averaging €1.7m ($1.9 million) in BI costs alone, but there are some major differences regionally.

Storm and flood related losses are notable in Asia, highlighting the region’s continuing economic development and increasing exposure to natural hazards.

Storm is also the top cause of BI loss in the Caribbean and Central America region, accounting for one-third of insurance claims by value.

As Chris Fischer Hirs, CEO of AGCS, says:

The growth in BI claims is fueled by increasing interdependencies between companies, the global supply chain and lean production processes.

Whereas in the past a large fire or explosion may have only affected one or two companies, today losses increasingly impact a number of companies and can even threaten whole sectors globally.”

Check out Insurance Information Institute resources on business interruption insurance here.