Tag Archives: Business Risk

U.S. Exposure to Brexit Referendum

London, for decades the financial center of Europe, finds itself on the brink of a monumental vote. On Thursday, British voters will decide whether to leave the European Union in what’s known as the Brexit referendum.

While there is uncertainty over what a Brexit could mean for the UK economy and for London, there is also uncertainty over what it would mean for the United States and for U.S. companies.

The Los Angeles Times reports that while the U.S. economy is better insulated than most from the risk of market turmoil, the Brexit referendum has added to uncertainties in a presidential election year and to lingering concerns about China’s economic slowdown.

A lot of U.S. companies have something to lose if the UK decides to leave the EU, with the banking and insurance sectors among those most likely to be affected, according to this CNBC report.

Some U.S. companies have moved not just parts of their operations but whole headquarters from the U.S. to the UK, CNBC says.

For example, the world’s largest insurance broker Aon, relocated its corporate headquarters to London from Chicago in 2012, in a move designed to give the company greater access to emerging markets through London.

Aon told CNBC in a statement:

“If Britain votes to leave the European Union, the innovative center of excellence that has set London apart in the insurance space will be deeply challenged.

“Talent is a true differentiator for the city of London, and to create a barrier between the industry that addresses the world’s most complex risks and the global talent needed to do this will have real implications.”

If companies lose the ability to passport their services into Europe, they may decide to move their European hubs and staff out of London and the UK, which would lead to significantly higher operational costs.

The London insurance market has been very vocal on why remaining in the EU is the best outcome for insurers.

As Lloyd’s chief risk officer Sean McGovern said earlier this year, the London market is currently the largest global hub for commercial and specialty risk—controlling more than £60 billion ($88 billion) of gross written premium.

And the UK’s membership of the EU gives it access to the world’s largest insurance market with a world market share of nearly 33 percent and total insurance premiums of nearly Euros 1.4 trillion ($1.6 trillion).

In a recent paper, Lloyd’s, the International Underwriting Association and Fidelis warned that Brexit poses a significant threat to London insurance jobs and business.

Read more about the insurance sector impact of a Brexit in this analysis by London law firm Clifford Chance.

Aon’s full statement on the EU referendum is available here.

What Does A Cyberattack Really Cost?

The current market value put on the business impact of a cyberattack is grossly underestimated, according to a new report from Deloitte Advisory.

It finds that the direct costs commonly associated with data breaches, such as regulatory fines, breach notification and protection costs, and public relations costs account for less than 5 percent of the total business impact.

But the effects of a cyberattack can be even more far-reaching and last for years, resulting in a wide range of hidden or intangible costs related to loss of intellectual property, operational disruption, increase in insurance premiums, and devaluation of trade name.

In fact more than 95 percent of the financial impact of a cyberattack is likely to accrue in these areas and businesses can be caught especially unprepared for these intangible costs.

In a press release, Don Fancher, principal, Deloitte Advisory, and global leader for Deloitte forensic, says:

“Rarely brought into executive and board conversations around cyber risk are the costs and consequences of IP theft, cyber espionage, data destruction, or business disruption, which are much harder to quantify and can have a significant impact on an organization.

“Our intent is not to scare executives into thinking that all cyber incidents will be more costly than they think. It’s to give them a better understanding of their specific risks so they can make more educated decisions that are aligned with their business strategies.”

Find out more about cyber risks and insurance in this Insurance Information Institute paper.

Commercial Insurance Barometer Shows Competitive Market

Commercial property/casualty insurance rates in the United States continued to register a decline  in February, but showed little movement across  sectors, according to online insurance exchange MarketScout.

The composite rate remains at minus 4 percent.

Richard Kerr, CEO of MarketScout noted that traditionally February has always been a slow insurance month, so the lack of activity in rates is not surprising.

By coverage classification, commercial property saw the largest decrease at  5 percent, while business interruption, inland marine and commercial auto were all priced more competitively in February as compared to January. The rates for other coverages remained steady.

Large and jumbo accounts were also down more in February, with large ($250,001 to $1 million) down from minus 4 percent in January 2016, to minus 5 percent in February 2016. Jumbo accounts (over $1 million), declined from minus 3 percent to minus 4 percent in the same period. All other account sizes matched the same composite rate from the prior month.

By industry classification, manufacturing had a significant rate decrease from minus 2 percent in January to minus 5 percent in February. Habitational was down another 1 percent in February for a total of minus 6 percent. All other industry rates remained the same as in January, MarketScout said.

Here’s the visual on the average P/C rate changes for 2016 compared to a year ago:

AverageP/CRateIncrease2016

AverageP/CRateIncrease2015

 

Don’t Ask, Don’t Tell

We’re reading an item of interest from across the pond where the United Kingdom’s Institute of Directors (IoD) has issued a new report that gives insight into how companies tend to react if they are under a cyber attack.

The IoD study, supported by Barclays, revealed that most companies keep quiet, with under one third (28 percent) of cyber attacks reported to the police.

This is despite the fact that half (49 percent) of cyber attacks resulted in interruption of business operations, the IoD noted.

Hat tip to forbes.com which reports on the IoD findings in this blog post.

It’s worth noting that here in the United States, the Identity Theft Resource Center (ITRC) has long maintained that the record number of U.S. data breaches it tracks are by no means the whole story.

Many data breaches fly under the radar, the ITRC says, because businesses want to avoid the financial dislocation, liability and loss of goodwill that comes with disclosure and notification.

Back to the UK the survey of nearly 1,000 IoD members also showed a worrying gap between awareness of cyber risks and preparedness.

Even though nine in 10 of business leaders said cyber security was important, only 57 percent had a formal strategy in place to protect themselves, and just one fifth (20 percent) held insurance against an attack.

In the words of Professor Benham, author of the IoD report:

No shop=owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response.

Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”

With 34,500 members, ranging from start-up entrepreneurs to CEOs of multinational companies, the IoD is the UK’s largest organization for business leaders.

More on cyber security in the Insurance Information Institute’s paper Cyber Risks: Threat and Opportunities.

Alerting You to Earthquakes… and Insurance

Earthquake resilience was  in the spotlight as the Obama administration gave its support for an earthquake-alert system on the West Coast at a White House summit Tuesday.

President Obama also signed an executive order establishing a federal earthquake risk management standard which will improve the capability of federal buildings to function after a quake.

The order requires federal agencies to ensure that federal buildings are constructed or altered using earthquake-resistant design provisions in the most current building codes.

A 2015 scientific assessment from the U.S. Geological Survey shows that more than 143 million Americans could experience potentially damaging earthquakes, nearly double the prior 2006 estimate.

The ShakeAlert early warning system being developed and tested in the West would warn  residents and businesses from at least a few seconds to a few minutes before the shaking starts.

This would be  enough time to slow and stop trains and taxiing planes, and to prevent cars from entering bridges and tunnels, for example.

A common misperception among Americans  is that earthquake coverage is provided in a homeowners or business insurance policy.

However, standard homeowners, renters and business insurance policies do not cover earthquake damage. Coverage is available either in the form of an endorsement or as a separate policy.

Residential earthquake insurance in California is sold through the California Earthquake Authority, a privately funded, publicly managed organization.

Some 85 percent of U.S. homeowners said they do not have coverage for earthquake damage in response to the Insurance Information Institute’s (I.I.I.) annual Pulse Survey.

The I.I.I. Pulse results showed significant variations in the number of consumers that have earthquake insurance across the U.S.

That number was greatest in the earthquake- prone West, where 18 percent of homeowners said they had purchased separate earthquake insurance coverage.

Screen Shot 2016-02-03 at 9.29.28 AM

Information on reducing earthquake damage to homes and businesses is available on the Insurance Institute for Business and Home Safety (IBHS)  website.

The  I.I.I. also offers facts and statistics on earthquakes and tsunamis here.

U.S. Elections Add to Growing Political Risks Businesses Face

The 2016 U.S. presidential election is one of the rising political risks facing businesses and investors in the year ahead, according to Marsh’s Political Risk Map 2016.

Terrorism and struggling emerging economies, such as China and Russia, are also among the growing political risks businesses face.

Marsh notes that the recent terrorist attacks in Paris and San Bernardino, California have intensified political rhetoric and brought foreign relations and defense policy topics to the forefront.

With polls showing national security to be a major concern for voters, foreign policy will remain a key theme on the campaign trail in 2016 – and will be top of mind for the next presidential administration.”

Marsh observes that in the last decade multinational organizations have undertaken unprecedented international expansion, leaving them exposed to global credit and political risks like never before.

And those risks–including terrorism and political violence, armed conflicts, increasingly powerful anti-establishment political movements, and persistently low commodity prices–continue to grow.

Against this backdrop, it’s critical for businesses to be prepared for the possibility that political violence, unrest, or other large- scale crises will quickly develop in virtually any part of the world – including those countries that were historically seen as safe or stable, Marsh says.

Companies can prepare for these risks by managing their credit risk, building resilient supply chains, protecting their people and by protecting their assets through insurance.

Marsh notes:

Credit and political risk insurance can protect against a variety of risks, including expropriation, political violence, currency inconvertibility, non-payment, and contract frustration.”

Marsh’s Political Risk Map 2016, with data and insight from BMI Research, presents country risk scores for more than 200 countries and territories, helping businesses and investors make smarter decisions about where and how to deploy financial resources–including risk capital–globally in 2016 and beyond.

Cyberattacks Top Risk To Doing Business in North America

Cyberattacks are now the greatest risk to doing business in North America, according to the just-released World Economic Forum’s (WEF) Global Risks Report 2016.

In North America, which includes the United States and Canada, cyberattacks and asset bubbles were considered among the top risks of doing business in the region.

The WEF noted that in the United States, the top risk is cyberattack, followed by data fraud or theft (the latter ranks 7th in Canada, which is why it scores 50 percent in the table below).

The risks related to the internet and cyber dependency are considered to be of highest concern for doing business in the wake of recent important attacks on companies, the WEF observed.

WEF2016NorthAmericaTopRisks

On a global scale, cyberattack is perceived as the risk of highest concern in eight economies: Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland, and the United States.

Public sector bodies in at least two of these countries have recently been disrupted by cyberattacks: the US Office of Personnel Management and the Japanese Pension service, the WEF noted.

Attempts to detect and address attacks are made harder by their constantly evolving nature, as perpetrators quickly find new ways of executing them. Businesses trying to match this speed in their development of prevention and response methods are sometimes constrained by a poor understanding of the risk, a lack of technical talent, and inadequate security capabilities.”

Defining clear roles and responsibilities for cyber risk within corporations is crucial, the WEF noted.

Who in the corporation is the actual owner of the risk? While there are many “C” level owners (CISO, CFO, CEO, CRO, Risk Management), each of these owners has differing but related interests and unfortunately often does not integrate risk or effectively collaborate on its management.”

Outdated laws and regulations also inhibit the ability of governments to capture criminals, but also to expedite the often lengthy procedure of implementing legal and regulatory frameworks to reflect evolving realities.

Check out the Insurance Information Institute’s latest report on cyber risks here.

New Era Ahead for Protecting Personal Data in Europe

“Clear rules that are fit for the digital age.” That’s how Vera Jourova, the European justice commissioner, described tough new European data protection regulations just agreed by European policy makers.

The long-awaited reforms, which are expected to take effect in early 2018, will establish one set of rules on data protection across all  28 member nations in the European Union (EU).

As the New York Times reports, the new regulations would apply to any company with customers in the EU, whether or not it is based in the region.

This will expand potential liability for companies, experts note.

What key changes can businesses active in the EU market expect?

Among the policy changes the new law would require companies to inform national regulators within three days of any reported data breach.

The other proposed change that jumps off the page is one that would link sanctions (read: fines) to company revenues.

Policymakers have agreed that fines could total up to 4 percent of a company’s global revenue for the most serious breaches to European data privacy rules. This could amount to billions of dollars, according to this report by the Guardian.

While the tougher fines are seen as a major step forward for consumer protection, they have raised concerns among large tech companies such as Google and Facebook, the NYT says.

It cites Peter Church, a technology lawyer at Linklaters in London:

Europe’s approach to privacy is much stronger than in the United States. There’s a fundamental difference in culture when it comes to privacy.”

The new law will also expand potential liability for companies, bringing increased responsibility and accountability for those controlling and processing personal data, according to this politico.eu article.

Currently the data controller at a company is liable for data breaches in the EU, but Politico notes that once the law takes effect, both the controller and data processors will be jointly liability for any damages.

Business Interruption: Risks and Losses On the Rise

Economic impact from business interruption (BI) is often much higher than the cost of physical damage in a disaster and is a growing risk to companies worldwide, according to a new report from Allianz Global Corporate & Specialty (AGCS).

Its analysis of more than 1,800 large BI claims from 68 countries between 2010 and 2014 found that business interruption now typically accounts for a much higher proportion of the overall loss than was the case 10 years ago.

Both severity and frequency of BI claims is increasing, AGCS warns.

The average large BI property insurance claim is now in excess of €2 million (€2.2 million: $2.4 million), some 36 percent higher than the corresponding average property damage claim of just over €1.6 million ($1.8 million), the global claims  review found.

The vast majority of BI losses are not caused by natural catastrophes, with non-natural hazard events such as human error or technical failure accounting for 88 percent of BI losses by value.

Reported loss estimates from the largest non-natural catastrophe BI events across the insurance industry during 2015 total more than $7 billion so far, with the Tianjin loss potentially accounting for almost half this total.

GlobalLossAtlas_471x150

Fire and explosion is the top cause of BI loss around the globe by value (2010-2014), with each incident analyzed averaging €1.7m ($1.9 million) in BI costs alone, but there are some major differences regionally.

Storm and flood related losses are notable in Asia, highlighting the region’s continuing economic development and increasing exposure to natural hazards.

Storm is also the top cause of BI loss in the Caribbean and Central America region, accounting for one-third of insurance claims by value.

As Chris Fischer Hirs, CEO of AGCS, says:

The growth in BI claims is fueled by increasing interdependencies between companies, the global supply chain and lean production processes.

Whereas in the past a large fire or explosion may have only affected one or two companies, today losses increasingly impact a number of companies and can even threaten whole sectors globally.”

Check out Insurance Information Institute resources on business interruption insurance here.

Warning: Cyber Security Fatigue Ahead

Suffering shopper fatigue? With Black Friday in full swing and Cyber Monday imminent, the biggest online shopping days of the year are upon us, but for businesses trying to see off cyber attacks, fatigue can be a danger at any time of the year.

The just-released  annual global fraud survey by Kroll–which found that incidence of fraud, including information theft, is at its highest level in eight years–warns that cyber fatigue is real, but not an excuse for inaction.

It’s easy to become fatigued at the thought of cyber security. With so many things to do and to learn, you can lose sight of the benefits. If the process does become too overwhelming, remember this: Each step your company takes to protect itself makes it that much more difficult for attackers. They will move on to an easier target–one without as much security in place.”

Information theft was identified as being of particular concern among the 768 senior executives worldwide polled for the fraud survey.

More than half of executives (51 percent) believe their businesses  are highly or moderately vulnerable to information theft risks such as cyber incidents, according to Kroll’s analysis.

The good news is that this increased awareness level has led to an increase in the number of companies proactively looking after their cyber security stance.

Some two-thirds (67 percent) of companies report that they regularly conduct data and IT infrastructure assessments, and a majority (60 percent) regularly conduct data and IT infrastructure assessments.

Some 60 percent also report they have an up-to-date information security incident response plan and 59 percent have tested it in the past six months, an increase on the previous survey.

Another interesting takeaway: while media attention is focused on external cyber threats to companies, the report findings tell a different story.

Of those companies that have fallen victim to information loss, theft or attack over the past 12 months, the most common cause was employee malfeasance–involved in 45 percent of cases, according to Kroll. Vendor/supplier malfeasance was also involved in 29 percent of cases.

By comparison, only a small minority of cases involved an attack by an external hacker on the company itself (2 percent) or on a vendor/supplier (7 percent).

For  information on how insurance  can help businesses protect themselves from the cyber threat, check out  I.I.I.’s latest paper Cyber Risk: Threats and Opportunities.

I.I.I. facts and statistics on cybercrime and identity theft are available here.