Few risks exist in isolation.
The most primal ones – those associated with wind, fire, and water – often travel in pairs. Modern, more complicated risks – supply chain, business interruption, cyber, political, and financial – are like tapestries so tightly woven that any effort to address this or that hazard can threaten to unravel much of what you’re trying to protect.
A new report from Verisk looks at complex emerging risks and why they matter to insurers and risk managers.
When nature meets technology
Ever heard the word “natech”? I hadn’t until I read the 2019 Verisk Perspectives.
“Accidents in the industrial sector can be catastrophic, and up to five percent of all accidents in this sector are caused by natural events,” writes Alastair Clarke of Verisk’s AIR Worldwide in an article titled “Where Climate Change and Natech Risk Meet.”
Between 1990 and 2008, Clarke reports, natural hazards were the cause of 16,600 reported hazardous releases.
“In each case,” he writes, “a natural event triggered a technological malfunction that led to the release of hazardous material.”
That’s a natech, and the insurance implications are significant.
Many examples exist of catastrophic casualty claims from natechs. The report cites the 2010 collapse of a dam at the Ajka alumina plant in Hungary. The dam broke after days of heavy rain, releasing toxic sludge and causing 10 deaths and 150 injuries, along with the contamination.
In 2005, Hurricane Katrina triggered 200 hazmat releases. When storm surge ruptured a storage tank at a Louisiana oil refinery, Clarke writes, “the release of 25,000 barrels of crude oil affected 1,800 homes and resulted in a $330 million settlement.”
“Natechs show how liability can arise from natural events that can be traced back to the suppliers of a faulty service,” Clarke writes. “With climate change, the threads are deeply tangled. ”
IoT unites us, for better and worse
Globalization has connected the world through commerce and culture as never before, and the Internet of Things (IoT) aims to finish the job. But supply-chain risks – already subject to the vagaries of weather, politics, and global finance – only become more complex as machines whisper among themselves.
In “Cyber Risks Loom Large in an Interconnected World,” Tim Campbell of Verisk Maplecroft and Kamban Parasuraman of AIR report that a survey of more than 1,000 U.K. and U.S. risk professionals indicated the average company shares confidential information with about 583 third parties. Of those surveyed, 59 percent experienced a data breach linked to a vendor or other third party in 2018.
“Just as companies need to be aware of the cyber risks introduced by third parties in their supply chains,” Campbell and Parasuraman write, “insurers may need to consider how the insureds within its own book of business are interconnected. In fact, the lack of full visibility into each insured’s interdependencies may create risks that are unidentifiable from an underwriting standpoint.”
Utilities alone are expected to deploy more than 800 million connected IoT devices by the end of 2019, reports Ben Kellison of Verisk’s Wood Mackenzie in “Power Utilities Face Emerging Cyber Threats.”
Each one is a potential cyberattack portal.
“The power grid is also becoming more decentralized,” Kellison writes. “Tens of millions of small generators and loads are being integrated into more power markets and local power systems that may or may not be owned or operated by the utility.”
The risks go on
The Verisk report, produced by the data and analytics provider’s ISO Emerging Issues team, examines these and other risk areas. As I reflect on these articles in the context of many hours spent reading about, discussing, and listening to others discuss risk and insurance, it becomes clear – from a resilience perspective – that a more holistic, epidemiological approach to risk management is needed.
Your building can be designed and built well above code; if your neighbors’ buildings aren’t, you’re at risk when a tornado turns their HVAC units into projectiles. This reality becomes more insidious when your billing system is threatened by malware introduced through a customer’s “smart” lightbulb.