Entries tagged with “Business Risk”.


Earthquake resilience was in the spotlight as the Obama administration gave its support for an earthquake-alert system on the West Coast at a White House summit Tuesday.

President Obama also signed an executive order establishing a federal earthquake risk management standard which will improve the capability of federal buildings to function after a quake.

The order requires federal agencies to ensure that federal buildings are constructed or altered using earthquake-resistant design provisions in the most current building codes.

A 2015 scientific assessment from the U.S. Geological Survey shows that more than 143 million Americans could experience potentially damaging earthquakes, nearly double the prior 2006 estimate.

The ShakeAlert early warning system being developed and tested in the West would warn residents and businesses from at least a few seconds to a few minutes before the shaking starts.

This would be enough time to slow and stop trains and taxiing planes, and to prevent cars from entering bridges and tunnels, for example.

A common misperception among Americans is that earthquake coverage is provided in a homeowners or business insurance policy.

However, standard homeowners, renters and business insurance policies do not cover earthquake damage. Coverage is available either in the form of an endorsement or as a separate policy.

Residential earthquake insurance in California is sold through the California Earthquake Authority, a privately funded, publicly managed organization.

Some 85 percent of U.S. homeowners said they do not have coverage for earthquake damage in response to the Insurance Information Institute’s (I.I.I.) annual Pulse Survey.

The I.I.I. Pulse results showed significant variations in the number of consumers that have earthquake insurance across the U.S.

That number was greatest in the earthquake- prone West, where 18 percent of homeowners said they had purchased separate earthquake insurance coverage.

Screen Shot 2016-02-03 at 9.29.28 AM

Information on reducing earthquake damage to homes and businesses is available on the Insurance Institute for Business and Home Safety (IBHS) website.

The I.I.I. also offers facts and statistics on earthquakes and tsunamis here.

The 2016 U.S. presidential election is one of the rising political risks facing businesses and investors in the year ahead, according to Marsh’s Political Risk Map 2016.

Terrorism and struggling emerging economies, such as China and Russia, are also among the growing political risks businesses face.

Marsh notes that the recent terrorist attacks in Paris and San Bernardino, California have intensified political rhetoric and brought foreign relations and defense policy topics to the forefront.

With polls showing national security to be a major concern for voters, foreign policy will remain a key theme on the campaign trail in 2016 — and will be top of mind for the next presidential administration.”

Marsh observes that in the last decade multinational organizations have undertaken unprecedented international expansion, leaving them exposed to global credit and political risks like never before.

And those risks—including terrorism and political violence, armed conflicts, increasingly powerful anti-establishment political movements, and persistently low commodity prices—continue to grow.

Against this backdrop, it’s critical for businesses to be prepared for the possibility that political violence, unrest, or other large- scale crises will quickly develop in virtually any part of the world — including those countries that were historically seen as safe or stable, Marsh says.

Companies can prepare for these risks by managing their credit risk, building resilient supply chains, protecting their people and by protecting their assets through insurance.

Marsh notes:

Credit and political risk insurance can protect against a variety of risks, including expropriation, political violence, currency inconvertibility, non-payment, and contract frustration.”

Marsh’s Political Risk Map 2016, with data and insight from BMI Research, presents country risk scores for more than 200 countries and territories, helping businesses and investors make smarter decisions about where and how to deploy financial resources—including risk capital—globally in 2016 and beyond.

Cyberattacks are now the greatest risk to doing business in North America, according to the just-released World Economic Forum’s (WEF) Global Risks Report 2016.

In North America, which includes the United States and Canada, cyberattacks and asset bubbles were considered among the top risks of doing business in the region.

The WEF noted that in the United States, the top risk is cyberattack, followed by data fraud or theft (the latter ranks 7th in Canada, which is why it scores 50 percent in the table below).

The risks related to the internet and cyber dependency are considered to be of highest concern for doing business in the wake of recent important attacks on companies, the WEF observed.

WEF2016NorthAmericaTopRisks

On a global scale, cyberattack is perceived as the risk of highest concern in eight economies: Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland, and the United States.

Public sector bodies in at least two of these countries have recently been disrupted by cyberattacks: the US Office of Personnel Management and the Japanese Pension service, the WEF noted.

Attempts to detect and address attacks are made harder by their constantly evolving nature, as perpetrators quickly find new ways of executing them. Businesses trying to match this speed in their development of prevention and response methods are sometimes constrained by a poor understanding of the risk, a lack of technical talent, and inadequate security capabilities.”

Defining clear roles and responsibilities for cyber risk within corporations is crucial, the WEF noted.

Who in the corporation is the actual owner of the risk? While there are many “C” level owners (CISO, CFO, CEO, CRO, Risk Management), each of these owners has differing but related interests and unfortunately often does not integrate risk or effectively collaborate on its management.”

Outdated laws and regulations also inhibit the ability of governments to capture criminals, but also to expedite the often lengthy procedure of implementing legal and regulatory frameworks to reflect evolving realities.

Check out the Insurance Information Institute’s latest report on cyber risks here.

“Clear rules that are fit for the digital age.” That’s how Vera Jourova, the European justice commissioner, described tough new European data protection regulations just agreed by European policy makers.

The long-awaited reforms, which are expected to take effect in early 2018, will establish one set of rules on data protection across all 28 member nations in the European Union (EU).

As the New York Times reports, the new regulations would apply to any company with customers in the EU, whether or not it is based in the region.

This will expand potential liability for companies, experts note.

What key changes can businesses active in the EU market expect?

Among the policy changes the new law would require companies to inform national regulators within three days of any reported data breach.

The other proposed change that jumps off the page is one that would link sanctions (read: fines) to company revenues.

Policymakers have agreed that fines could total up to 4 percent of a company’s global revenue for the most serious breaches to European data privacy rules. This could amount to billions of dollars, according to this report by the Guardian.

While the tougher fines are seen as a major step forward for consumer protection, they have raised concerns among large tech companies such as Google and Facebook, the NYT says.

It cites Peter Church, a technology lawyer at Linklaters in London:

Europe’s approach to privacy is much stronger than in the United States. There’s a fundamental difference in culture when it comes to privacy.”

The new law will also expand potential liability for companies, bringing increased responsibility and accountability for those controlling and processing personal data, according to this politico.eu article.

Currently the data controller at a company is liable for data breaches in the EU, but Politico notes that once the law takes effect, both the controller and data processors will be jointly liability for any damages.

Economic impact from business interruption (BI) is often much higher than the cost of physical damage in a disaster and is a growing risk to companies worldwide, according to a new report from Allianz Global Corporate & Specialty (AGCS).

Its analysis of more than 1,800 large BI claims from 68 countries between 2010 and 2014 found that business interruption now typically accounts for a much higher proportion of the overall loss than was the case 10 years ago.

Both severity and frequency of BI claims is increasing, AGCS warns.

The average large BI property insurance claim is now in excess of €2 million (€2.2 million: $2.4 million), some 36 percent higher than the corresponding average property damage claim of just over €1.6 million ($1.8 million), the global claims review found.

The vast majority of BI losses are not caused by natural catastrophes, with non-natural hazard events such as human error or technical failure accounting for 88 percent of BI losses by value.

Reported loss estimates from the largest non-natural catastrophe BI events across the insurance industry during 2015 total more than $7 billion so far, with the Tianjin loss potentially accounting for almost half this total.

GlobalLossAtlas_471x150

Fire and explosion is the top cause of BI loss around the globe by value (2010-2014), with each incident analyzed averaging €1.7m ($1.9 million) in BI costs alone, but there are some major differences regionally.

Storm and flood related losses are notable in Asia, highlighting the region’s continuing economic development and increasing exposure to natural hazards.

Storm is also the top cause of BI loss in the Caribbean and Central America region, accounting for one-third of insurance claims by value.

As Chris Fischer Hirs, CEO of AGCS, says:

The growth in BI claims is fueled by increasing interdependencies between companies, the global supply chain and lean production processes.

Whereas in the past a large fire or explosion may have only affected one or two companies, today losses increasingly impact a number of companies and can even threaten whole sectors globally.”

Check out Insurance Information Institute resources on business interruption insurance here.

Suffering shopper fatigue? With Black Friday in full swing and Cyber Monday imminent, the biggest online shopping days of the year are upon us, but for businesses trying to see off cyber attacks, fatigue can be a danger at any time of the year.

The just-released annual global fraud survey by Kroll—which found that incidence of fraud, including information theft, is at its highest level in eight years—warns that cyber fatigue is real, but not an excuse for inaction.

It’s easy to become fatigued at the thought of cyber security. With so many things to do and to learn, you can lose sight of the benefits. If the process does become too overwhelming, remember this: Each step your company takes to protect itself makes it that much more difficult for attackers. They will move on to an easier target—one without as much security in place.”

Information theft was identified as being of particular concern among the 768 senior executives worldwide polled for the fraud survey.

More than half of executives (51 percent) believe their businesses are highly or moderately vulnerable to information theft risks such as cyber incidents, according to Kroll’s analysis.

The good news is that this increased awareness level has led to an increase in the number of companies proactively looking after their cyber security stance.

Some two-thirds (67 percent) of companies report that they regularly conduct data and IT infrastructure assessments, and a majority (60 percent) regularly conduct data and IT infrastructure assessments.

Some 60 percent also report they have an up-to-date information security incident response plan and 59 percent have tested it in the past six months, an increase on the previous survey.

Another interesting takeaway: while media attention is focused on external cyber threats to companies, the report findings tell a different story.

Of those companies that have fallen victim to information loss, theft or attack over the past 12 months, the most common cause was employee malfeasance–involved in 45 percent of cases, according to Kroll. Vendor/supplier malfeasance was also involved in 29 percent of cases.

By comparison, only a small minority of cases involved an attack by an external hacker on the company itself (2 percent) or on a vendor/supplier (7 percent).

For information on how insurance can help businesses protect themselves from the cyber threat, check out I.I.I.’s latest paper Cyber Risk: Threats and Opportunities.

I.I.I. facts and statistics on cybercrime and identity theft are available here.

 

Whether it’s the VW emissions scandal or rebuilding a company’s reputation after a cyber attack, we’re reading a lot about the challenges of managing reputation risk in the business world.

How important—and valuable—a positive reputation and ethical C-suite leadership is for an organization to attract talent is highlighted by recent findings of a survey of 1,012 U.S. adults by Corporate Responsibility Magazine and Cielo Healthcare.

(Hat tip to the WSJ’s Risk & Compliance Journal for flagging this survey.)

The research identified bad behaviors most harmful to a company’s culture and reputation as:

  • Public exposure of criminal acts (33 percent);
  • Failure to recall defective products (30 percent);
  • Public disclosure of workplace discrimination (21 percent);
  • Public disclosure of environmental scandal (15 percent).

What’s the true cost of a bad corporate reputation? According to the survey, companies perceived as unethical face a potential talent shortage and increased recruiting costs as they struggle to successfully recruit women and millennials.

Only 67 percent of employed Americans surveyed would take a job with a company that had a bad reputation if they were offered more money, compared to 70 percent in 2014.

In contrast, 92 percent would consider leaving their current jobs if offered another role with a company with an excellent corporate reputation.

It would also take a substantial pay increase for many to take a job with a company with a bad reputation, with 46 percent of survey respondents needing a pay increase of 50 percent or more to consider moving to an unethical company.

Women are more motivated to work for an ethical company, the survey found. Some 86 percent of women who responded said they would not join a company with a bad reputation compared to only 67 percent of men.

In contrast, 92 percent of men and women would consider leaving their current jobs if offered another role with a company with a stellar corporate reputation.

Check out the I.I.I. online resource for business insurance here.

The Internet of Things (IoT) is expanding rapidly—even permeating the minds of five-year olds.

My own Kindergartener’s query from the back of the car during a routine drive to swim class the other day is a good example:

“Mummy, how did God know to create all these things that we need?” As I paused to consider the appropriate response, he answered for me: “You can just ask Siri, or Google it.”

Just how far we’ve come in our technological transformation is reflected by the development of innovative insurance products to cover the associated—and growing—risk.

A new white paper from the Insurance Information Institute (I.I.I.) Cyber Risk: Threat and Opportunity which I co-authored with I.I.I. president Dr. Robert Hartwig, offers us a glimpse of how cyber insurance has evolved as a product since the mid- to late-1990s.

From a coverage that has its origins in the so-called “Y2K” or Millennium bug that prompted fears the Year 2000 date change would cause widespread computer failure, cyber coverage in the U.S. took off in response to the enactment of numerous privacy and data breach notice laws across the country.

More than 60 insurance carriers now offer stand-alone cyber insurance policies, the I.I.I. says, and interest in this coverage continues to grow following numerous high profile data breaches. Broker Marsh estimates the U.S. cyber insurance market was worth over $2 billion in gross written premiums in 2014.

And while there are many guesstimates out there, PwC suggests the global cyber insurance market could grow to at least $7.5 billion in annual premiums by the end of the decade. PwC also suggests insurers need to move quickly to innovate before a disruptor such as Google enters the market.

No business or industry is immune from the cyber threat. Our paper takes a look at where the threats are coming from and the challenges that cyber insurers face writing this coverage given the rapidly evolving nature of cyber attacks.

How insurers manage these risks while creating products for this multi-billion market opportunity as the legal and regulatory landscape becomes more defined will determine how best we all are protected from cyber risks in the years to come.

We’re well into the second week of the VW emissions scandal fallout and as we scan the latest news headlines it appears that reputation risk-related matters remain front and center.

Multiple auto manufacturer reputations are on the line especially with the news that the Environmental Protection Agency (EPA) has now broadened its investigation to look into at least 27 diesel vehicle models made by BMW, Chrysler, General Motors, Land Rover and Mercedes-Benz.

From ignition switch defects, to exploding air bags, to unintended acceleration and now diesel emissions test cheating the beleaguered auto industry continues to face record recalls and massive reputation damage, not to mention the associated financial impact on stock prices and corporate profits.

After all, more than 25 percent of a company’s market value is directly attributable to its reputation, according to the World Economic Forum.

A global survey of 300 executives by Deloitte notes that a company’s reputation should be managed like a priceless asset and protected as if it’s a matter of life and death.

Some 41 percent of companies that experienced a negative reputation event reported loss of brand value and revenue, Deloitte found.

In the case of VW, the struggle to regain consumer trust in its product and to rebuild its tattered reputation is likely to be protracted and costly.

Criminal investigations, civil fines and penalties and a mounting pile of lawsuits add to the rising volume of liability costs the company will face. Some analysts even estimate the total cost to VW could reach $87 billion.

Consider the following:

–Some €29 billion wiped off VW’s market capitalization in a matter of days after its deception was uncovered, a cost which far outweighs the savings VW made by cutting corners on its diesel vehicles in the U.S., as the New York Times DealBook reports here.

–A refit of 11 million diesel VW and Audi vehicles that have the illegal software, a fix which some analysts have estimated could cost more than $6.5 billion, according to this Reuters report.

–U.S. lawsuits filed against VW are seeking billions of dollars in damage, the Wall Street Journal reports. More than 34 lawsuits filed by U.S. vehicle owners, shareholders and dealerships have been noted so far, and that number is set to grow.

–More than $18 billion in civil penalties and fines, plus other fees for violating the Clean Air Act, based on the Environmental Protection Agency (EPA) notice of violation.

The resignation and replacement of VW’s CEO Martin Winterkorn (now the subject of his own criminal investigation) and widespread criticism of VW’s supervisory board leads us to the potential directors & officers’ exposure facing VW.

A Business Insurance article here explains why VW’s exposure to D&O lawsuits may be limited in the U.S. More on this topic in an excellent post by Kevin La Croix of The D&O Diary blog.

The Insurance Information Institute (I.I.I.) explains why a business should consider purchasing D&O insurance here.

Corporate data breaches and privacy concerns may dominate the headlines, but a new report by Allianz Global Corporate & Specialty makes the case that future cyber threats will come from business interruption (BI), intellectual property theft and cyber extortion.

The impact of BI from a cyber attack, or from operational or technical failure, is a risk that is often underestimated, according to Allianz.

It predicts that BI costs could be equal to—or even exceed—direct losses from a data breach, and says that business interruption exposures are particularly significant in sectors such as telecoms, manufacturing, transport, media and logistics.

Vulnerability of industrial control systems (ICS) to attack poses a significant threat, Allianz says.

To-date, there have been accounts of centrifuges and power plants being manipulated, such as the 2012 malware attack that disabled tens of thousands of computers at oil company Saudi Aramco, disrupting operations for a week.

However, the damage could be much higher from security sensitive facilities such as nuclear power plants, laboratories, water suppliers or large hospitals.

Business interruption can also be caused by technical failure or human error, Allianz notes.

For example, in July 2015, stocks worth $28 trillion were suspended for several hours on the New York Stock Exchange due to a computer glitch, and that same month 4,900 United Airlines flights were impacted by a network connectivity issue.

As a result, Allianz believes that within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape.

It points out that in the context of cyber and IT risks, BI cover can be very broad including business IT computer systems, but also extending to ICS used by energy companies or robots used in manufacturing.

Allianz currently estimates the cyber insurance market is worth around $2 billion in premium worldwide, with U.S. business accounting for around 90 percent of the market. However, the cyber market is expected to experience double-digit growth year-on-year and could reach in excess of $20 billion in the next 10 years.

The Allianz Cyber Risk Guide is available here.

Check out I.I.I. facts and statistics on cybercrime here.