Entries tagged with “Business Risk”.

Suffering shopper fatigue? With Black Friday in full swing and Cyber Monday imminent, the biggest online shopping days of the year are upon us, but for businesses trying to see off cyber attacks, fatigue can be a danger at any time of the year.

The just-released annual global fraud survey by Kroll—which found that incidence of fraud, including information theft, is at its highest level in eight years—warns that cyber fatigue is real, but not an excuse for inaction.

It’s easy to become fatigued at the thought of cyber security. With so many things to do and to learn, you can lose sight of the benefits. If the process does become too overwhelming, remember this: Each step your company takes to protect itself makes it that much more difficult for attackers. They will move on to an easier target—one without as much security in place.”

Information theft was identified as being of particular concern among the 768 senior executives worldwide polled for the fraud survey.

More than half of executives (51 percent) believe their businesses are highly or moderately vulnerable to information theft risks such as cyber incidents, according to Kroll’s analysis.

The good news is that this increased awareness level has led to an increase in the number of companies proactively looking after their cyber security stance.

Some two-thirds (67 percent) of companies report that they regularly conduct data and IT infrastructure assessments, and a majority (60 percent) regularly conduct data and IT infrastructure assessments.

Some 60 percent also report they have an up-to-date information security incident response plan and 59 percent have tested it in the past six months, an increase on the previous survey.

Another interesting takeaway: while media attention is focused on external cyber threats to companies, the report findings tell a different story.

Of those companies that have fallen victim to information loss, theft or attack over the past 12 months, the most common cause was employee malfeasance–involved in 45 percent of cases, according to Kroll. Vendor/supplier malfeasance was also involved in 29 percent of cases.

By comparison, only a small minority of cases involved an attack by an external hacker on the company itself (2 percent) or on a vendor/supplier (7 percent).

For information on how insurance can help businesses protect themselves from the cyber threat, check out I.I.I.’s latest paper Cyber Risk: Threats and Opportunities.

I.I.I. facts and statistics on cybercrime and identity theft are available here.


Whether it’s the VW emissions scandal or rebuilding a company’s reputation after a cyber attack, we’re reading a lot about the challenges of managing reputation risk in the business world.

How important—and valuable—a positive reputation and ethical C-suite leadership is for an organization to attract talent is highlighted by recent findings of a survey of 1,012 U.S. adults by Corporate Responsibility Magazine and Cielo Healthcare.

(Hat tip to the WSJ’s Risk & Compliance Journal for flagging this survey.)

The research identified bad behaviors most harmful to a company’s culture and reputation as:

  • Public exposure of criminal acts (33 percent);
  • Failure to recall defective products (30 percent);
  • Public disclosure of workplace discrimination (21 percent);
  • Public disclosure of environmental scandal (15 percent).

What’s the true cost of a bad corporate reputation? According to the survey, companies perceived as unethical face a potential talent shortage and increased recruiting costs as they struggle to successfully recruit women and millennials.

Only 67 percent of employed Americans surveyed would take a job with a company that had a bad reputation if they were offered more money, compared to 70 percent in 2014.

In contrast, 92 percent would consider leaving their current jobs if offered another role with a company with an excellent corporate reputation.

It would also take a substantial pay increase for many to take a job with a company with a bad reputation, with 46 percent of survey respondents needing a pay increase of 50 percent or more to consider moving to an unethical company.

Women are more motivated to work for an ethical company, the survey found. Some 86 percent of women who responded said they would not join a company with a bad reputation compared to only 67 percent of men.

In contrast, 92 percent of men and women would consider leaving their current jobs if offered another role with a company with a stellar corporate reputation.

Check out the I.I.I. online resource for business insurance here.

The Internet of Things (IoT) is expanding rapidly—even permeating the minds of five-year olds.

My own Kindergartener’s query from the back of the car during a routine drive to swim class the other day is a good example:

“Mummy, how did God know to create all these things that we need?” As I paused to consider the appropriate response, he answered for me: “You can just ask Siri, or Google it.”

Just how far we’ve come in our technological transformation is reflected by the development of innovative insurance products to cover the associated—and growing—risk.

A new white paper from the Insurance Information Institute (I.I.I.) Cyber Risk: Threat and Opportunity which I co-authored with I.I.I. president Dr. Robert Hartwig, offers us a glimpse of how cyber insurance has evolved as a product since the mid- to late-1990s.

From a coverage that has its origins in the so-called “Y2K” or Millennium bug that prompted fears the Year 2000 date change would cause widespread computer failure, cyber coverage in the U.S. took off in response to the enactment of numerous privacy and data breach notice laws across the country.

More than 60 insurance carriers now offer stand-alone cyber insurance policies, the I.I.I. says, and interest in this coverage continues to grow following numerous high profile data breaches. Broker Marsh estimates the U.S. cyber insurance market was worth over $2 billion in gross written premiums in 2014.

And while there are many guesstimates out there, PwC suggests the global cyber insurance market could grow to at least $7.5 billion in annual premiums by the end of the decade. PwC also suggests insurers need to move quickly to innovate before a disruptor such as Google enters the market.

No business or industry is immune from the cyber threat. Our paper takes a look at where the threats are coming from and the challenges that cyber insurers face writing this coverage given the rapidly evolving nature of cyber attacks.

How insurers manage these risks while creating products for this multi-billion market opportunity as the legal and regulatory landscape becomes more defined will determine how best we all are protected from cyber risks in the years to come.

We’re well into the second week of the VW emissions scandal fallout and as we scan the latest news headlines it appears that reputation risk-related matters remain front and center.

Multiple auto manufacturer reputations are on the line especially with the news that the Environmental Protection Agency (EPA) has now broadened its investigation to look into at least 27 diesel vehicle models made by BMW, Chrysler, General Motors, Land Rover and Mercedes-Benz.

From ignition switch defects, to exploding air bags, to unintended acceleration and now diesel emissions test cheating the beleaguered auto industry continues to face record recalls and massive reputation damage, not to mention the associated financial impact on stock prices and corporate profits.

After all, more than 25 percent of a company’s market value is directly attributable to its reputation, according to the World Economic Forum.

A global survey of 300 executives by Deloitte notes that a company’s reputation should be managed like a priceless asset and protected as if it’s a matter of life and death.

Some 41 percent of companies that experienced a negative reputation event reported loss of brand value and revenue, Deloitte found.

In the case of VW, the struggle to regain consumer trust in its product and to rebuild its tattered reputation is likely to be protracted and costly.

Criminal investigations, civil fines and penalties and a mounting pile of lawsuits add to the rising volume of liability costs the company will face. Some analysts even estimate the total cost to VW could reach $87 billion.

Consider the following:

–Some €29 billion wiped off VW’s market capitalization in a matter of days after its deception was uncovered, a cost which far outweighs the savings VW made by cutting corners on its diesel vehicles in the U.S., as the New York Times DealBook reports here.

–A refit of 11 million diesel VW and Audi vehicles that have the illegal software, a fix which some analysts have estimated could cost more than $6.5 billion, according to this Reuters report.

–U.S. lawsuits filed against VW are seeking billions of dollars in damage, the Wall Street Journal reports. More than 34 lawsuits filed by U.S. vehicle owners, shareholders and dealerships have been noted so far, and that number is set to grow.

–More than $18 billion in civil penalties and fines, plus other fees for violating the Clean Air Act, based on the Environmental Protection Agency (EPA) notice of violation.

The resignation and replacement of VW’s CEO Martin Winterkorn (now the subject of his own criminal investigation) and widespread criticism of VW’s supervisory board leads us to the potential directors & officers’ exposure facing VW.

A Business Insurance article here explains why VW’s exposure to D&O lawsuits may be limited in the U.S. More on this topic in an excellent post by Kevin La Croix of The D&O Diary blog.

The Insurance Information Institute (I.I.I.) explains why a business should consider purchasing D&O insurance here.

Corporate data breaches and privacy concerns may dominate the headlines, but a new report by Allianz Global Corporate & Specialty makes the case that future cyber threats will come from business interruption (BI), intellectual property theft and cyber extortion.

The impact of BI from a cyber attack, or from operational or technical failure, is a risk that is often underestimated, according to Allianz.

It predicts that BI costs could be equal to—or even exceed—direct losses from a data breach, and says that business interruption exposures are particularly significant in sectors such as telecoms, manufacturing, transport, media and logistics.

Vulnerability of industrial control systems (ICS) to attack poses a significant threat, Allianz says.

To-date, there have been accounts of centrifuges and power plants being manipulated, such as the 2012 malware attack that disabled tens of thousands of computers at oil company Saudi Aramco, disrupting operations for a week.

However, the damage could be much higher from security sensitive facilities such as nuclear power plants, laboratories, water suppliers or large hospitals.

Business interruption can also be caused by technical failure or human error, Allianz notes.

For example, in July 2015, stocks worth $28 trillion were suspended for several hours on the New York Stock Exchange due to a computer glitch, and that same month 4,900 United Airlines flights were impacted by a network connectivity issue.

As a result, Allianz believes that within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape.

It points out that in the context of cyber and IT risks, BI cover can be very broad including business IT computer systems, but also extending to ICS used by energy companies or robots used in manufacturing.

Allianz currently estimates the cyber insurance market is worth around $2 billion in premium worldwide, with U.S. business accounting for around 90 percent of the market. However, the cyber market is expected to experience double-digit growth year-on-year and could reach in excess of $20 billion in the next 10 years.

The Allianz Cyber Risk Guide is available here.

Check out I.I.I. facts and statistics on cybercrime here.

A couple of new studies appear to shed light on the continuing need to communicate the importance of insurance for small business owners.

First, a Nationwide-sponsored survey found that 66 percent of small businesses do not have business interruption insurance (hat tip to Insurance Journal for its report here). This is despite the fact that an estimated 25 percent of businesses do not reopen following a major disaster.

Most small business owners are at risk of disaster, Nationwide noted. Some 75 percent of small businesses do not have a disaster recovery plan in place, even while 52 percent say it would take at least three months to recover from disaster.

Nationwide commissioned the survey from Harris Interactive, which polled 500 U.S. small business owners with fewer than 300 employees from June 8-19, 2015.

In a press release, Mark Pizzi, president and chief operating officer of Nationwide Direct and Member Solutions, said:

Small businesses are least likely to have disaster recovery insurance. And yet they are the ones most affected by a disaster. That’s why it’s essential for small businesses to have a disaster recovery plan.”

Meanwhile, a J.D. Power study found that many small business owners are unaware that insurers even provide commercial insurance.

Less than one-fourth of small business owners said they were aware that nine of the 17 insurance providers included in the study offer insurance for business customers.

Only six insurers had awareness rates above 40 percent for their commercial insurance offerings, and five of these are among the largest personal lines insurers, J.D. Power said.

While advertising is important to spread brand awareness, the study suggested that commercial insurers have better success when they develop awareness through agents/brokers, trade groups and word of mouth from other businesses.

The proportion of customers who considered/shopped an insurer among all potential prospects is 61 percent when awareness comes from an agent/broker or trade group, compared with just 38 percent when awareness is attributed solely to advertising.

Still, the study—now in its third year—found that small business customers are increasingly satisfied with their insurance providers. Overall satisfaction was up 10 points at 793 on a 1,000-point scale in 2015, due primarily to improvements in price and policy offerings.

The 2015 U.S. Small Business Commercial Insurance study is based on 3,292 responses from insurance decision-makers in businesses with 50 or fewer employees that purchase general liability and/or property insurance and was fielded from April through June 2015.

The Insurance Information Institute’s excellent online resource for business insurance is available here.

The cyber insurance market for small- to mid-sized companies is much friendlier than the market for larger insureds, according to the findings of an annual survey just released by Betterley Risk Consultants.

The Cyber/Privacy Insurance Market Survey 2015 notes that there are many insurance products competing for the business of small and mid-sized (SME) organizations.

Brokers are actively selling cyber policies to their SME insureds, and more are buying than ever before, as they realize the potential for liability, breach and response costs, arising out of the possession of private data.

The report says:

Rates for the SME segment are still competitive and renewals are generally flat, even a bit soft, undoubtedly affected by the numerous insurers getting a foothold in the cyber insurance market. Smaller insureds tend to have lower limits and often have relatively modest claims.”

In contrast, cyber coverage for larger organizations, especially those in retail and healthcare, are finding it more difficult to buy adequate limits at a reasonable price, the report suggests, as insurers are increasingly strict about adherence to cyber security and payment card industry standards.

For the larger/retail/healthcare insured, rates are rising, with increases in the 10-25 percent range most common. But the report points out:

This is for untroubled organizations; it’s worse (up to 200 percent) if they have claims experience that has yet to result in significantly improved cybersecurity measures.”

While annual premium volume information about the U.S. cyber insurance market is hard to come by, the report concludes that annual gross written premium is growing and may be as much $2.75 billion in 2015, up from $2 billion in last year’s report.

We think the market has nowhere to go but up—as long as insurers can still write at a profit.”

This year’s report includes products offered by 31 insurers, up from 28 in 2014.

Check out the Insurance Information Institute’s (I.I.I.) online resource for business insurance here.


Technology is not enough in the fight against cybercrime, effective cybersecurity measures require policy and process changes as well.

That’s the takeaway from an analysis of cyber-risk spending included in the 2015 U.S. State of Cybercrime Survey recently released by PwC.

While cybersecurity budgets are on the rise, companies are mostly reliant on technology solutions to fend off digital adversaries and manage risks.

Among the 500 U.S. executives, security experts and others from public and private sectors responding to the survey, almost half (47 percent) said adding new technologies is a spending priority, higher than all other options.

Notably, only 15 percent cited redesigning processes as a priority and 33 percent prioritized adding new skills and capabilities.

When asked whether they have the expertise to address cyber risks associated with implementation of new technologies, only 26 percent said they have capable personnel on staff. Most rely on a combination of internal and external expertise to address cyber risks of new solutions.


As PwC advises:

Companies that implement new technologies without updating processes and providing employee training will very likely not realize the full value of their spending. To be truly effective, a cybersecurity program must carefully balance technology capabilities with redesigned processes and staff training skills.”

Employee training and awareness continues to be a critical, but often neglected component of cybersecurity, PwC said. Only half (50 percent) of survey respondents said they conduct periodic security awareness and training programs, and the same number offer security training for new employees.

Some 76 percent of respondents to the survey said they are more concerned about cybersecurity threats this year than in the previous 12 months, up from 59 percent the year before.

As PwC noted, in today’s cybercrime environment, the issue is not whether a business will be compromised, but rather how successful an attack will be.

Check out Insurance Information Institute (I.I.I.) facts and statistics on cybercrime here.

The percentage of businesses purchasing commercial insurance increased in the second quarter of 2015, according to the latest Commercial P/C Market Index survey from the Council of Insurance Agents & Brokers (CIAB).

An overwhelming 90 percent of brokers responding to the survey said that take-up rates had increased, in part as premium savings drove interest in new lines of coverage and/or higher limits.

Cyber liability continues to gain traction, brokers noted, and this trend is expected to continue as the cyber insurance market matures, new insurers, products and capacity come to market and as companies realize the true extent of their cyber exposure.

Broker comments came as The Council’s analysis shows that rates declined across all commercial lines in the second quarter, continuing the downward trend from the first three months of 2015.

Premium rates across all size accounts fell by an average of 3.3 percent compared with a 2.3 percent decrease in the first quarter of 2015.

Large accounts once again saw the steepest drop in prices of 5.2 percent, while medium sized accounts fell 3.5 percent and small accounts fell 1.3 percent.

Commercial property, general liability and workers’ compensation premiums were most frequently reported down across all regions, with a slight uptick in commercial auto.

Ken Crerar, president and CEO of The Council said:

As the soft market continues in 2015, carriers are competing for good risks and are willing to work with brokers on price and terms.”

Meanwhile, average flood insurance rates saw an uptick across all regions, most frequently in the Southeast and Southwest regions, the Council noted.

This increase is likely due to premium increases, assessments, and surcharges, mandated by both the Biggert Waters Act and the Homeowner Flood Insurance Affordability Act (HFIAA), which went into effect April 1.

Find out more about business insurance from the Insurance Information Institute (I.I.I.).

You may have read that the Justice Department is warning food manufacturers that they could face criminal and civil penalties if they poison their customers with contaminated food.

Recent high profile food recalls, such as the one at Texas-based Blue Bell Creameries and another at Ohio-based Jeni’s Splendid Ice Creams, have drawn attention to this issue once again.

Now a new report by Swiss Re finds that the number of food recalls per year in the United States has almost doubled since 2002, while the costs are also rising.

Half of all food recalls cost the affected companies more than $10 million each and losses of up to $100 million are possible, Swiss Re says. These figures exclude the reputational damage that may take years for a company to recover from.

Contaminated food also takes a financial toll on the public sector. According to the U.S. Department of Agriculture, costs for the U.S. public health system from hospitalized patients and lost wages in 2013 alone was $15.6 billion. In total, 8.9 million people fell ill from the 15 pathogens tracked, with over 50,000 hospitalized and 2,377 fatalities.

Demographic change is putting more sensitive consumer groups at risk. Ageing societies, an increase in allergies in the overall population and the fact that malnourishment is still prevalent in many countries are significant drivers of the increase in exposure, Swiss Re notes.

Which brings us to insurance.

A variety of insurance products are available to help companies protect their bottom line from this potentially catastrophic exposure.

Product recall/contaminated product insurance will cover the costs of recalling accidentally or maliciously contaminated food from the market, and impaired or mislabeled products that cause bodily injury, sickness, disease or death.

Product liability insurance also provides compensation of third party liability claims for bodily injury and property damage caused by an impaired product.

As Roland Friedli, risk engineer at Swiss Re and co-author of the report says:

Food recalls can be caused by something as simple as a labeling error on the packaging, or as complex as a microbial contamination somewhere along a vast globalized supply chain. Yet event a simple mistake can cost a food manufacturer millions in losses and even more in terms of reputation. Insurance and sound risk management are essential for keeping affected businesses afloat.”

Further information on product liability, recall and contamination insurance and is available from the Insurance Information Institute (I.I.I.) here.