Category Archives: Business Risk

Triple-I Webinar Covers COVID-19’s Economic and Health Implications

The Insurance Information Institute invited its members to a webinar titled “Covid-19’s Impact on Health, the Economy and Growth” on March 5 at 11:00 a.m. EST presented by Triple-I Vice President and Senior Economist Michel Léonard, PhD, CBE.

Dr. Lèonard will discuss the following key points:

• Economic impact likely to continue into Q3/Q4 2020 and 2021
• Could reduce global growth by as much as 1 percent and delay recovery by up to 12 months
• Fiscal and monetary policy, rates cuts, unlikely to be effective
• Insurance industry to see higher claims, reduced premium growth

He will also preview the Global Macro and Industry Outlook report before it is made available to the public.

To find out more about the benefits of Triple-I membership click here.

COVID-19: Learn From History to Address
The Current Outbreak

By Dr. Steven Weisbart, CLU

Dr. Steven Weisbart

COVID-19, the new coronavirus, has killed more than three times as many people as the 2003 SARS epidemic.

The World Health Organization (WHO) reported that, as of 10 a.m. Central European Time (CET) on March 1, there were 87,137 confirmed COVID-19 cases and 2,977 of the infected people had died. From November 2002 through July 2003, according to the U.S. Centers for Disease Control and Prevention (CDC), 8,098 people worldwide became sick with severe acute respiratory syndrome (SARS) and 774 died.

More people are believed to have been infected with COVID-19 than official statistics show. This is because confirmed infections are based on positive tests for the virus, and some countries—including the United States—have been doing very little testing. Further, the estimated 2 percent death rate attributed to the disease is based on this unreliable infection count.

Instead of SARS, some are now comparing COVID-19 with the Ebola pandemic of 2014 to 2016.  Ebola is believed to have killed about 50 percent of those it infected, but that outbreak was contained before it reached the same number of infections as COVID-19.

So, is there a useful historic comparison to be made with COVID-19? I would argue that there is: the “Spanish Flu” of 1918-19.


Policemen in Seattle during the influenza epidemic. December 1918. National Archives.

There is no vaccine for COVID-19, and experts suggest  it could take a year or more to develop, test, manufacture, and distribute a vaccine. This suggests there are few medical strategies for dealing with the current outbreak. It’s as though we’re medically in the world of 100 years ago.

The 1918 flu virus had an estimated mortality rate of about 2 percent and was very infectious. It is estimated that as many as one-third of the entire world population was infected at some time, so even a 2 percent mortality rate caused millions of deaths.

This raises a scary thought about how the COVID-19 pandemic might play out: the Spanish Flu swept around the globe in three phases. The first  was in the Spring of 1918 and, although it infected widely, had a relatively low mortality rate. The second phase occurred in the Fall of 1918. This phase saw faster infection spread and was much more deadly. The third phase was in February and March of 1919 and was less infectious and less deadly than either of the two prior phases.

World War I – with large concentrations of soldiers in barracks and trenches and truck convoys moving across Europe – may have contributed to this infectious arc. But the virus killed more people than the war on every continent except Europe.

Insurance industry impact

What would a COVID-19 pandemic mean for insurers? The main impact would likely be on health insurers, since the number of people seeking hospitalization would likely spike claims far beyond anything their rate structures have anticipated. In 1918 hospitals were so overwhelmed that auditoriums, indoor sports arenas, and similar spaces were set up to house patients. Scarcity rates would apply; for example, the number of respirators available currently is far short of what would be needed, and prices for new supply would likely surge.

As I’ve written previously, for life insurers the effect of a severe pandemic would depend on which segments of the population are likely to die. In 1918, in addition to the very old, that virus struck unusually strongly at people in the prime working years, triggering benefits from both individual and group life insurance. The sudden impact of such unpredicted losses would affect all life insurers, particularly the weaker ones.

In the property and casualty sector, the line most directly affected is likely to be workers compensation, particularly for health care workers and others exposed to the virus as a result of their work—such as police, fire, and EMT. Another possible line affected is various liability lines, involving claims from people who became sick from manufacturing, dispensing, or receiving a vaccine or other treatments. In recent years, Congress passed laws blocking such liability claims, but it’s not clear that it will do so again today.

Beyond the direct effects to insurance, there are growing forecasts that the global economy, and especially particular sectors, could see dramatic cutbacks. Businesses and other organizations that involve people gathering in crowds are already seeing such effects, and insurance premiums that reflect these downturns are likely to follow. However, claims are also likely to turn down (e.g., fewer auto accidents), so the effect on those lines might actually be neutral or positive. 

Learn from history

Today people and goods move around the world with unprecedented speed. Urban environments and the transit systems that serve them are as packed with people as any military convoy or trench network.

If COVID-19 follows a similar track to that of the Spanish Flu, the current outbreak would turn out to have been a mild phase. If this scenario is correct, the first phase would taper off in a month or two, followed by several months in which the virus would appear to have ended its threat.

We should continue developing vaccines and other preventive/mitigating measures during this lull to better prepare for the more virulent phase that might manifest in the second half of 2020. Failure to do so would mean we’ve learned nothing from the worst global pandemic in the last 100 years.

Emerging cyber terrorism threats and the Federal Terrorism Risk Insurance Act

Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

On December 20, 2019, President Trump signed a federal funding package that includes a seven-year extension of the Terrorism Risk Insurance Act (TRIA). TRIA provides for a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.

Passage of the act was met with resounding approval by the insurance industry. You can read more about it here.

A critical mandate of the TRIA extension is for the Government Accountability Office (GAO) to make recommendations to Congress about how to amend the statute to address emerging cyberthreats. Triple-I recently hosted an exclusive members-only webinar featuring Jason Schupp of the Centers for Better Insurance, who discussed issues likely to be addressed by the GAO report.

Schupp said the report will likely serve as a starting point for a discussion about cyber threats and how the insurance industry can better meet the needs of businesses, nonprofits and local governments for cyber insurance. It will address:

  • Vulnerabilities and potential costs of cyber-attacks to the United States;
  • Whether adequate coverage is available for cyber terrorism;
  • Whether cyber terrorism coverage can be adequately priced by the private market;
  • Whether TRIA’s current structure is appropriate for cyber terrorism events; and
  • Recommendations on how Congress could amend TRIA to meet the next generation of cyber threats.

Cyber terrorism is already covered under TRIA, but such acts don’t fit neatly into the TRIA framework. Because cyber limits and conditions are already narrow, TRIA’s current make available requirement has not been effective in providing coverage for cyber-terrorism events at the same limits and conditions as non-cyber events.

Schupp proposes that the requirement be amended so the coverage doesn’t exclude insured losses specific to the loss of use, corruption or destruction of electronic data or the unauthorized disclosure of or access to nonpublic information.

But expanding the requirement carries considerable risk. If insurers are required to make more coverage available for cyber events than they are comfortable with the result could be a pullback in property and liability insurance generally – not just for cyber events. Any expansion must be balanced with the terms of the backstop.

Schupp concluded that the GAO’s investigation and report (which is required to be completed by June 2020) is likely to kick off a multi-year debate that could substantially redefine U.S. cyber insurance markets. Insurers, policyholders and other stakeholders should engage accordingly.

To learn about how to become a member of Triple-I visit iiimembership.org.

Ransomware payments doubled in fourth quarter 2019

The average ransomware payment increased by a whopping 104 percent in the fourth quarter of 2019, spiking to $84,116 from $41,198 in Q3, according to a report from Coveware, a security vendor.

Ransomware, also known as cyber extortion, involves the use of malicious software designed to block access to a computer system until a sum of money is paid. The 4Q increase reflects the diversity of the cyber criminals attacking companies.

Some ransomware variants are focusing on large companies where they can attempt to extort the organizations for seven-figure payouts. Small businesses, on the other hand, are bombarded with ransomware variants with demands as low as $1,500.

The total cost of a ransomware attack depends on its severity and duration and includes the costs of the ransom payment (if one is made), as well as remediation costs, lost revenue, and potential brand damage.

In Q4, ransomware actors also began exfiltrating data from victims and threatening to release it. In addition to remediation and containment costs, this complication adds to the potential costs of third-party claims.

Other key takeaways from the report include:

  • 98 percent of companies that paid the ransom received a working decryption tool in Q4 2019, unchanged from Q3.
  • Victims who paid for a decryptor successfully decrypted 97 percent of their data, a slight increase from Q3.
  • Average downtime increased to 16.2 days, from 12.1 days in Q3 of 2019. The was driven by a higher prevalence of attacks against larger enterprises, which often spend weeks fixing their systems.
  • Cyber criminals demand Bitcoin almost exclusively now in all forms of cyber extortion because it’s easier to swap extortion proceeds into a privacy coin after they collect, than to require a victim to purchase a less liquid type of digital currency.
  • Less sophisticated and well-financed attackers will target small companies with small IT budgets.
  • Public sector organizations continued to account for a high percentage of ransomware attacks in Q4. The attacks are expected to continue until these organizations are able to increase their security budgets.

 

House approves TRIA, NFIP extensions as part of $1.4 trillion spending package

On Tuesday, December 17, the House approved a package of bills that includes a seven-year reauthorization of the Terrorism Risk Insurance Act (TRIA) and funding for the National Flood Insurance Program until September 30, 2020.

Numerous insurance industry groups applauded the extension of TRIA. The act has been an important support in the effort to supply terrorism insurance through the private market. Since it was enacted, the percentage of companies purchasing terrorism insurance has risen to 80 percent, and the price of coverage has fallen more than 80 percent.

The $1.4 trillion spending package also includes:

  • Federal funding ($25 million) for gun violence research for the first time in 20 years.
  • A repeal of Obamacare taxes, including a 2.3 percent excise tax on medical devices, a health insurance industry fee that would have taken effect in 2020, and the 40 percent “Cadillac” excise tax on the most expensive health-insurance plans.
  • The Setting Every Community Up for Retirement Enhancement (SECURE) Act of 2019, which features provisions that make it easier for smaller employers to join open multiple-employer plans, ease non-discrimination rules for frozen defined benefit plans, and add a safe harbor for selecting lifetime income providers in defined contribution plans.

The bill is expected to pass the Senate and be signed by President Trump before government funding expires on December 20.

Is a Global Recession Imminent? If So, Businesses Can Protect Themselves with Credit Risk Insurance

By Loretta Worters, Vice President – Media Relations

The credit crisis of 2007-2008 was a severe worldwide economic crisis considered by many economists to have been the most serious financial crisis since the Great Depression of the 1930s, to which it is often compared.  “Everyone was impacted, not just those working in banks.  Because the price of debt, the ability to get financing changed, a lot of things happened.  So, everyone is impacted by credit every day, whether they know it or not,” said Tamika Tyson, senior manager, credit with Noble Energy, in this video interview.

Tyson, who is also a non-resident scholar with the Insurance Information Institute, said what she is most concerned about is debt repayments that are coming due. “If a global recession happens, as economists are predicting, and it happens in conjunction within an election, it can be difficult for companies to refinance any mature debentures they have coming in 2020,” she said.  “Leadership needs to be thinking about the risks in their company.  Not just the credit risks, but all risks related to their business.”

What leads to credit risk and how can companies protect themselves?

The main microeconomic factors that lead to credit risk include limited institutional capacity, inappropriate credit policies, volatile interest rates, poor management, inappropriate laws, low capital and liquidity levels, direct lending, massive licensing of banks, poor loan underwriting, laxity in credit assessment, poor lending practices, government interference and inadequate supervision by the central bank.

Doing a comprehensive risk assessment is a great idea for everyone within an organization, noted Tyson.  “Once an assessment is made as to how much risk they are exposed to, then they can develop a strategy to help protect the company. If there’s more risk in the system than a company is willing to take, then they should consider obtaining credit risk insurance,” she said.

What is Credit Risk Insurance?

Credit risk insurance is a tool to support lending and portfolio management.  It protects a company against the failure of its customers to pay trade credit debts owed to them. These debts can arise following a customer becoming insolvent or failing to pay within the agreed terms and conditions.

What can impact credit risk?

The factors that affect credit risk range from borrower-specific criteria, such as debt ratios, to market-wide considerations such as economic growth. Political upheaval in a country can have an impact, too.

For example, political decisions by governmental leaders about taxes, currency valuation, trade tariffs or barriers, investment, wage levels, labor laws, environmental regulations and development priorities, can affect the business conditions and profitability.

“At the end of the day, political risks have the ability to impact credit risks.  Credit risks rarely impact political risks,” she said.  “We have a lot of different views right now on the political spectrum so until we know how that’s going to work out, it’s going to create risk in the system, and we’ll see how different companies react to that,” Tyson said.

“We all talk about biases.  Everyone thinks they’re better off and it’s always someone else that has the issue.  It’s the same when looking at a risk assessment or reviewing someone’s financials; everyone thinks they’re doing fine, but then they discount what’s going on with other people.  That’s why it is imperative companies self-evaluate as they evaluate those they transact business with.”

“Know your portfolio, know your customers and understand your risk tolerance,” said Tyson.  “Know, too, there are a lot of tools available to help you mitigate against those risks.”

 

Workers Comp 2019:
Sixth Straight Year
of Underwriting Profits

Private workers compensation insurers were slightly less profitable in 2019 than their 2018 record, according to a preliminary analysis by the National Council of Compensation Insurance (NCCI). NCCI estimates the combined ratio – a measure of insurer profitability – for 2019 will be about 87 percent, the second-lowest in recent history after last year’s record-low 83.2 percent.

These results, reflecting the segment’s sixth consecutive year of underwriting profitability, are part of NCCI’s State of the Line Report—a comprehensive account of workers’ compensation financial results.

 

Workers’ compensation net premiums written (NPW) fell 3.9 percent in 2019, to $41.6 billion from $43.3 billion in 2018, the report says. Before 2018, cession of premiums to offshore reinsurers stalled NPW growth.  But the Base Erosion Anti-Abuse Tax (BEAT) component of the Tax Cuts and Jobs Act of 2017 – which limits multinational corporations’ ability to shift profits from the United States by making tax-deductible payments to affiliates in low-tax countries – spurred NPW growth to almost 9 percent in 2018.

While the BEAT’s residual effect and the strong economy may place upward pressure on 2019 net premiums written, recent decreases in rates and loss costs are likely to more than offset these factors.

Changes in rates/loss costs impact premium growth and reflect several factors that impact system costs, such as changes in the economy, cost containment initiatives, and reforms. NCCI expects premium in 2019 to fall 10 percent, on average, as a result of rate/loss cost filings made in jurisdictions for which NCCI provides ratemaking services.

The State of the Line Report was presented at NCCI’s Annual Issues Symposium (AIS) in May.

Despite Safer Skies, Aviation Claims Rise: 
What’s Up With That?

 Flying has never been safer.

You’re more likely to die from being attacked by a dog than in an airline accident (see chart).

Today’s aircraft contain more sophisticated electronics and materials than those flying in the 1960s. When they bump into each other or come down too hard, they cost more to repair.

And yet, according to a recent Allianz Global Corporate & Specialty (AGCS) report, the aviation sector’s insurance claims continue to grow in number and size.

The report – Aviation Risk 2020 – says 2017 was the first in at least 60 years of aviation in which there were no fatalities on a commercial airline. The year 2018, in which 15 fatal accidents occurred, ranks as the third safest year ever.

Of more than 29,000 recorded deaths between 1959 and 2017, the report says, fatalities between 2008 and 2017 accounted for less than 8 percent – despite the vast increase in the number of people and planes in the air since 1959.

So, what gives?

Safety is expensive

Some of the reasons for the increased claims are good ones: Safer aircraft cost more to repair and replace when there are problems.

The report analyzed 50,000 aviation claims from 2013 to 2018, worth $16.3 billion, and found “collision/crash incidents” accounted for 57 percent, or $9.3 billion. Now, this may sound bad, but the category includes things like hard landings, bird strikes, and “runway incidents.”

The AGCS analysis showed 470 runway incidents during the five-year period accounted for $883 million of damages.

Engine costs more than the plane

Today’s aircraft contain far more sophisticated electronics and materials than those flying in the 1960s. When they bump into each other or come down too hard, they cost more to repair.

“We recently handled a claim where a rental engine was required while the aircraft’s engine was repaired,” said Dave Watkins, regional head of general aviation, North America, at AGCS. “The value of the rental engine was more than the entire aircraft.”

When entire fleets have to be grounded – the report cites the 2013 grounding of the Boeing Dreamliner for lithium-ion battery problems and the more recent fatal crashes involving the Boeing 737 Max – costs can really soar. Boeing reportedly has set aside about $5 billion to cover costs related to the global grounding of the 737 Max.

Even after a fix is found, the task of retrofitting a fleet takes considerable time – and, in the aviation industry, time truly is money.

Liability awards take off

Compounding the claims associated with the costs of safer flight, the report says, liability awards have risen dramatically.

“With fewer major airline losses,” Watkins said, “attorneys are fighting over a much smaller pool and are putting more resources into fewer claims, pushing more aggressively for higher awards.”

Today’s aircraft carry hundreds of passengers at a time. With liability awards per passenger in the millions, a major aviation loss could easily result in a liability loss of $1 billion or more.

A world without TRIA: premiums skyrocket following 9/11

Below is an abstract from the I.I.I. database citing a Wall Street Journal article from October 8, 2001. It describes the sharp increase in insurance rates immediately following the terrorist attacks of 9/11 2001.

The abstract is part of our series covering the Terrorism Risk Insurance Act of 2002 (TRIA). The act made public and private sharing of insured losses from acts of terrorism in the United States possible.

I.I.I.’s report, A World Without TRIA: Incalculable Risk, describes the function of the federal  terrorism backstop.

Intent and ability distinguish cyberrisk from natural perils

Cyberrisk is often compared with natural catastrophe-related threats, but a recent study by global reinsurer Guy Carpenter and analytics firm CyberCube suggests a better analogy is with terrorism.

“Probability is assessed in terms of intent and capability.”

The report – Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study – quotes Andrew Kwon, lead cyber actuary for Zurich: “Extending the lessons learned from property cats to the cyber space is intuitive and logical, but cyber continues to be a unique force unto itself. A hurricane does not evolve to bypass defenses; an earthquake does not optimize itself for maximum damage.”

This passage resonated as I read it because a few hours earlier I’d been reading a FreightWaves article about risks posed to international shipping by digitalization and pondering the fact that the same technology that helps vessels anticipate and avoid adverse weather also subjects them – and the goods they transport – to a panoply of new risks.

The FreightWaves article quotes U.S. Navy Captain John M. Sanford – who now leads the U.S. Maritime Security Department within the National Maritime Intelligence Integration Office – describing how the NotPetya virus inflicted $10 billion of economic damage across the U.S. and Europe and hobbled company after company, including shipping giant Maersk, in 2017.

Sanford said Russian military intelligence was behind the hacker group that spread NotPetya to damage Ukraine’s economy. The virus raced beyond Ukraine to machines around the world, crippling companies and, according to an article in Wired, inflicting nine-figure costs where it struck.

“Maersk wasn’t a target,” Sanford said. “Just a bystander in a conflict between Ukraine and Russia.”

Collateral damage.

The FreightWaves article describes how supply chains, ports, and ships could be disrupted more intentionally through GPS and Electronic Chart Display and Information System (ECDIS) systems onboard ships, or even via a WiFi-connected printer: “Pirates working with hackers could potentially access a ship’s bridge controls remotely, take control of the rudder, and steer it toward a chosen location, avoiding the expense and danger of attacking a vessel on the high seas.”

The Carpenter/CyberCube report identifies parallels in the deployment of “kill chain” methodologies in both conventional and cyber terrorism: “Considering terrorism risk in terms of probability and consequence, probability is assessed in terms of intent and capability.”

As our work and personal lives become increasingly interconnected through e-commerce and smart thermostats and we look forward to self-driving cars and refrigerators that tell us when the milk is turning sour, these considerations might well give us pause.

Hurricanes, earthquakes, fires, and floods might be scary, but at least we never had to worry that they were out to get us.