Category Archives: Business Risk

“London Calling…”

I.I.I.’s James Ballot, Senior Director of Marketing and Content Strategy, contributes these highlights from the IIS Global Forum 2017.

Established millennia ago and since visited continually by perils ranging from fire, flood, pestilence, civil unrest and wave upon wave of attacking foreign enemies, it’s no great stretch to call London the de-facto global headquarters of resilience. So it’s fitting that London should host this year’s International Insurance Society’s (IIS) Global Insurance Forum (GIF), given that the event’s focus was set squarely on Global Resilience and the Role of Insurance.

At the Forum more than 500 delegates and other attendees gathered to set a truly global agenda for how insurance and other parties–NGOs, policymakers, businesses, educational institutions, the media, among others—will respond to challenges ranging from political instability to cyberthreats to the need to create the right talent infrastructure to master the technological changes presently shaping our industry to innovating ways to address threats posed by intensifying natural catastrophe cycles.

Among the highlights:

  • A video address from HRH The Prince of Wales to open the Day 3 Insurance Development Forum (IDF) in which he outlines four key areas where insurance can assume leadership in fostering resilience.
  • Wide-ranging discussions of the “insurance gap” and how narrowing it is essential to building financial resilience against cyberattacks, as well as mitigating uninsured natural catastrophe losses among vulnerable populations in developing nations.
  • The Nature Conservancy, a top-line partner at this year’s GIF, introduced an innovative insurance product underwritten by Swiss Re that insures coral reefs and other natural coastal fortifications.
  • Insurtech and emerging innovations are changing the business—mostly by creating a climate in which, as one insurance fund capital manager asserted, insurance and tech startups can partner to help make “yesterday’s risks insurable today.”

A lot to cover in a single posting, to be sure. For a deeper dive into the goings-on at IIS Global Forum, Asia Insurance Review (AIR) offers gavel-to-gavel coverage of the event, as well as valuable insights from Forum participants.

 

 

Cyber protection gap akin to nat cat

FedEx Corp has disclosed in a securities filing that its international delivery business, TNT Express BV, was significantly affected by the June 27 Petya cyberattack.

Apparently, the courier company did not have cyber insurance or any other insurance that would cover losses from Petya, according to this report by The Wall Street Journal, via the I.I.I. Daily.

A new emerging risk report from Lloyd’s and risk modeling firm Cyence notes that cyberattacks have the potential to trigger billions of dollars of insured losses, yet there is a massive underinsurance gap.

Take its first modeled scenario: a cloud service provider hack. The event produced a range of insured losses from $620 million for a large loss to $8.1 billion for an extreme loss (overall losses ranged from $4.6 billion to $53 billion).

This left an insurance protection gap of between $4 billion (large loss) and $45 billion (extreme loss), so between 87 percent and 83 percent of the overall losses respectively were uninsured.

In another modeled scenario, the mass vulnerability attack, the underinsurance gap is between $9 billion for a large loss and $26 billion for an extreme loss, meaning that just 7 percent of economic losses are covered by insurance.

From the report:

“In some ways, the cyber insurance market can be considered in the same light as underinsurance in the natural catastrophe space – risks are growing and insurance penetration figures are low.”

How do ransomware attacks impact cyber insurance loss ratios?

Another global ransomware attack, dubbed Petya, has disrupted operations at major firms across Europe and the United States.

More than 100 companies and organizations across various industries were affected, including shipping and transport firm AP Moller-Maersk, advertising firm WPP, law firm DLA Piper, Russian steel and oil firms Evraz and Rosneft, French construction materials company Saint-Gobain, food company Mondelez, drug giant Merck & Co, and Pennsylvania healthcare systems provider Heritage Valley Health System.

Today’s Insurance Information Institute Daily, via The Wall Street Journal, reports that the attack has exposed previously unknown weaknesses in computer systems widely used in the West.

The U.S. cyber insurance market grew by 35 percent from 2015 to 2016, based on recent reports.

From A.M. Best: U.S. property/casualty insurers wrote $1.35 billion in direct written premium for cyber insurance in 2016.

Overall, cyber insurance for the majority of companies was profitable and the direct loss ratio decreased by 4.5 percentage points to 46.9 percent in 2016, from 51.4 percent in 2015.

Ransomware attacks are part of the reason for the decline in the loss ratio, A.M. Best explains:

“The decline in direct loss ratio for 2016 is partially attributed to the majority of reported cyber-attacks being related to ransomware heists. In almost all ransomware cases, the losses were well below the deductible and a simple backup recovery resolved and remedied any negative long-term effect of the attacks.”

Read our earlier post on insurance for ransomware attacks.

Knowledge transfer gap at retirement needs attention

Talent management is a key concern among business owners, yet only 40 percent of businesses transfer knowledge from retiring staff, a Travelers survey found.

Only 60 percent of businesses surveyed reported that they provide employee training. These business practices can help promote a safe and well-trained workforce, Travelers said.

While businesses use a wide range of measures to prevent or mitigate common risks, including talent management, many could be doing more.

The survey found that roughly 2 out of 5 organizations do not safeguard the security of their premises (42 percent), post emergency exit plans (40 percent), or have emergency contact plans to reach employees or their families (39 percent).

Travelers surveyed 1,202 business owners and decision makers, including 493 small businesses (2 to 49 employees), 453 midsized businesses (50 to 999 employees) and 256 large businesses (1,000+ employees) across 11 industry sectors.

Check out the latest Insurance Industry Employment Trends report from I.I.I. chief economist Dr. Steve Weisbart.

I.I.I. facts and statistics on Careers and Employment are available here.

Ransomware: Does Cyber Insurance Make Sense?

As organizations look to recover from the disruption caused by Friday’s massive global ransomware cyberattack, the value of cyber insurance, and other cybersecurity tools, just multiplied exponentially.

Security researchers at Kaspersky Lab recorded more than 45,000 attacks in 74 countries including the UK, Russia, Ukraine, India, China and Italy, the Guardian reports.

The UK’s National Health Service, French car manufacturer Renault, and Spain’s telecommunications giant Telefonica were among those hit by the so-called WannaCry ransomware, which locks up computer systems until the victims pay a ransom.

Cyber risk modeling firm Cyence estimates the average individual ransom cost from the attacks at $300, and the total economic costs from interruption to business at $4 billion, according to this Reuters report.

Kevin Kalinich, global head of Aon’s cyber risk practice, told Reuters:

“If you’re a hospital that turned away patients, if you’re a global delivery company that can’t send a package, or a telecom company in Spain, Russia or China, the financial statement impact from the business interruption is much larger than the $300 ransomware.”

Insurance coverage for ransomware (see earlier post), and other forms of extortion, is available under cyber insurance policies, or other types of policies that specifically cover cyber extortion.

An insured’s ransom payment following an attack is typically covered, subject to individual policy terms and conditions, according to this I.I.I. white paper.

Cyber policies also provide coverage for the costs of forensic investigation, restoring lost or corrupted data, legal expenses and business interruption.

Here are some of the considerations that go into the decision to purchase coverage.

Where To Go For Small Business Cybersecurity Advice

Small businesses are increasingly vulnerable to cyberattacks. A new website launched by the Federal Trade Commission (FTC) is aimed at helping small business owners be better prepared.

The site – ftc.gov/SmallBusiness – is a one-stop shop where small business owners can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.

Online FTC resources include a new Small Business Computer Security Basics guide with information to help companies protect their files and devices, train employees to think twice before sharing the business’s account information, and keep their wireless network protected, as well as how to respond to a data breach.

Specific information on ransomware and phishing schemes targeting small businesses is also provided.

According to the U.S. Small Business Administration, there are more than 28 million small businesses nationwide, employing nearly 57 million people.

Cyberattacks can be particularly damaging to small businesses, and many lack the resources that larger companies have to devote to cybersecurity.

For example, the percentage of spear-phishing attacks targeting small business rose from 18 percent to 43 percent between 2011 and 2015.

Insurance is one of the ways in which small businesses can protect themselves. See I.I.I. resources on cyber liability risks.

Small Business Insurance Is Going Digital

The way in which small business owners buy insurance is changing, as the number of ventures owned by Millennials/GenXers increases.

Up to 25 percent of total small business insurance premium could be digitally underwritten by 2020, Willis Towers Watson Securities reports.

“Small businesses are expected to grow an average of 6 percent annually through 2020, at which point over 60 percent of businesses are expected to be owned by Millennials/ GenXers who are much more likely to favor digital management of insurance coverages.”

Traditional insurers are embracing new technologies, both by creating proprietary platforms and partnering with small business insurance distribution focused start-ups.

Here are some recent examples of digital innovation in the $100 billion small business insurance market, via Willis Towers Watson Securities inaugural Quarterly InsurTech Briefing:

Whether a start-up or an established company, disruptions can devastate a business. Small business week is the perfect time to tune up your insurance coverage, the I.I.I. says.

Need For Political Risk Coverage Accelerates

Amid ongoing political upheaval in Venezuela and a volatile geopolitical landscape elsewhere, the need for political risk insurance is rising to prominence for multinational companies.

AP reports that General Motors just became the latest corporation to have a factory or asset seized by the government of Venezuela.

GM said assets such as vehicles were taken from the plant causing the company irreparable damage.

To protect themselves against loss or damage to physical assets caused by political action and instability, businesses should consider purchasing political risk insurance.

This specialty type of insurance can protect against a variety of risks, including:

  • Expropriation
  • Political violence (including terrorism and war).
  • Currency inconvertibility.
  • Non-payment.
  • Contract frustration due to political events.

Due to the accelerating pace of geopolitical uncertainty, the market for political risk insurance is pushing toward $10 billion in 2018, up from $8.1 billion in 2015, according to a KPMG LLP report published last year.

Willis Towers Watson advises multinational companies to buy political risk coverage on operations worldwide — particularly for select regions —while it is still available, Business Insurance reports.

Political risk insurance is available from both private insurers and from government-backed insurers, including the Overseas Private Investment Corporation (OPIC), an agency of the U.S. government.

Aon’s Political Risk Map 2017 captures changing risks for businesses and countries across emerging and frontier markets.

Last year an equal number of countries showed a reduction in political risk as showed an increase, a trend which highlights the persistence of political risk across the globe, Aon said.

@united: Do You Have A Reputational Risk Policy?

While the social media firestorm following the forcible removal of a passenger from a United Airlines flight highlights the importance of crisis and reputation risk management, it also underscores the potential liability airlines face from balancing duties to their customers, employees and to shareholders.

USA Today reports that three things govern a carrier’s relationship with its passengers: contracts of carriage, the U.S. Department of Transportation and laws approved by Congress:

United’s dispute with a passenger forcible removed from a Sunday flight shines a spotlight on the contracts that set rules and expectations between carriers and travelers.

“Those contracts are well thought through. They are generally fair and balanced, and they reflect the market,” said Roy Goldberg, a partner at Steptoe & Johnson who practices aviation law in Washington, D.C. “As a general matter, passengers have rights, but airlines have rights, too.”

A Reuters analysis of federal data shows U.S. airlines are bumping passengers off flights at the lowest rate since 1995.

Many insurers and brokers offer reputational risk policies that include crisis management and PR services to assist companies before, during and after a crisis.

More on the story in today’s I.I.I. Daily, via the Wall Street Journal:

On April 11 Oscar Munoz, head of United Airlines, apologized for the forcible removal by the police of Dr. David Dao, a passenger, from United Express Flight 3411 in Chicago. The apology came two days after the altercation led to the widespread expression of anger on social media, including millions of angry posts in the airline’s rapidly growing market in China. Politicians in Washington, D.C., also condemned the airline’s forcible removal of a passenger. Munoz sent a message to employees of United Continental Holdings Inc. apologizing for an incident he characterized as horrific and acknowledging the general public outrage, which he said he shared. The message was in sharp contrast to Munoz’s initial response.

FAA guidance for planning and preparing for your next airline trip here.

Impact Of Collision/Crash Top Cause of Liability Loss In U.S.

Despite advances in safety, the impact of collision/crash, particularly motor-related, is the main driver of liability loss activity in the United States.

The impact of collision/crash accounted for close to half (42 percent) of the value of business liability claims in the U.S., according to the latest global claims review by Allianz Global Corporate & Specialty (AGCS).

New technology will drive a big shift in liability claims, AGCS warns. For example, the rise of autonomous driving presents new loss scenarios for insurers:

“A decline in car ownership in favor of motor fleets, car-sharing and driverless taxis could see insurers move away from providing millions of single annual motor insurance policies to drivers, instead providing large policies purchased by manufacturers, fleet owners and operators.”

The shift to product liability will require insurers to develop technical expertise and not rely on historic data and driver profiling for pricing. Allianz has already started building teams of engineers with experience in automotive and driverless technology.

(Read this Insuring California blog post for more insight on how driverless cars will change auto insurance.)

The growing “sharing economy” also raises new liability questions:

”A road traffic accident featuring an autonomous car share vehicle could involve the vehicle manufacturer, software provider and the fleet operator, as well as third parties involved in the accident. This would make liability harder to apportion and claims more complex to settle.”

AGCS Global Claims Review analyzes over 100,000 corporate liability insurance claims from more than 100 countries, with a total value of €8.85bn (US$9.3bn), paid by AGCS, and other insurers, between 2011 and 2016.

Over 80 percent of losses arise from these 10 causes:

See Insurance Information Institute (I.I.I.) information on litigiousness here.