Cyberattacks Growingin Frequency, Severity, And Complexity

By Max Dorfman, Research Writer, Triple-I (04/29/2022)

Several recent reports quantify the growing risk and cost of cyber attacks in 2021.

Willis Towers Watson PLC, a multinational risk-management, insurance brokerage, and advisory company, and global law firm Clyde & Co, surveyed directors and risk managers based in more than 40 countries around the world. They found that 65 percent regard cybercrime as “the most significant risk” facing directors and officers. Data loss and cyber extortion followed, at 63 percent and 59 percent, respectively.

In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

The frequency of ransomware attacks alone rose by 105 percent globally in 2021, SonicWall says,  making them the most frequent type of cyberattack on record. The State of Ransomware 2022 by Sophos, a security software and hardware company, found that 66 percent of organizations surveyed were attacked by ransomware in 2021, rising from 37 percent in 2020. Ransomware payments often trended higher, with 11 percent of organizations stating that they paid ransoms of $1 million or more, up from 4 percent in 2020. Additionally, 46 percent of organizations that had data encrypted in a ransomware attack paid the ransom.

The 2021 Software Supply Chain Security Report by Argon, an Aqua Security company, underscores the main areas of criminal focus, including: “open-source vulnerabilities and poisoning; code integrity issues; and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.”

According to the Argon report, cybercriminals often use these methods to extort victims:

  • Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted.
  • Data Theft: Hackers release sensitive information if a ransom is not paid.
  • Denial of Service (DoS): Ransomware gangs launch denial of service attacks that shut down a victim’s public websites.
  • Harassment: Cybercriminals contact customers, business partners, employees, and media to tell them the organization was hacked.

“The number of attacks over the past year and the widespread impact of a single attack highlights the massive challenge that application security teams are facing,” said Eran Orzel, a senior director at Argon.

Cyber insurers work toward protecting businesses

Cyber insurance remains an important investment for many companies, particularly as cyberattacks continue to wreak havoc across industries. Investing in cyber insurance can help an organization recover from an attack, with cyber insurance companies often helping to recover data, repair damaged devices, protect a company from civil lawsuits, and fixing any reputational damage sustained during an attack.

However, the first line of defense is creating a robust cybersecurity system, training employees on how to identify a potential attack, encrypting company data, and enabling antivirus protection. With only half of businesses reporting a consistent encryption strategy, and the cost of data breaches continuing to rise, organizations must do more to protect themselves and their customers.

Study Highlights Costof Data Breachesin a Remote-Work World

By Max Dorfman, Research Writer, Triple-I (04/27/2022)

A recent study by IBM and the Ponemon Institute quantifies the rising cost of data breaches as workers moved to remote environments during the coronavirus pandemic.

According to the report, an average data breach in 2021 cost $4.24 million – up from $3.86 million in 2020. However, where remote work was a factor in causing the breach, the cost increased by $1.07 million. At organizations with 81-100 percent of employees working remotely, the total average cost was $5.54 million.

To combat the risks associated the rise of remote work, the study highlights the importance of security artificial intelligence (AI) and automation fully deployed – a process by which security technologies are enabled to supplement or substitute human intervention in the identification and containment of incidents and intrusion efforts.

Indeed, organizations with fully deployed security AI/automation saw the average cost of a data breach decrease to $2.90 million. The duration of the breach was also substantially lower, taking an average of 184 days to identify the breach and 63 days to contain the breach, as opposed to an average of 239 days to identify the breach and 85 days to contain the breach for organizations without these technologies.

Organizations continue to struggle with breaches

In 2021 and 2022, several high-profile data breaches have illustrated the major risks cyberattacks represent. This includes a January 2022 attack 483 users’ wallets on Crypto.com, which resulted in the loss of $18 million in Bitcoin and $15 million in Ethereum and other cryptocurrencies.

In February, the International Committee of the Red Cross (ICRC) was targeted by a cyberattack that resulted in the hackers accessing personal information of more than 515,000 people being helped by a humanitarian program, with the intruders maintaining access to ICRC’s servers for 70 days after the initial breach.

And in April, an SEC filing revealed that the company Block, which owns Cash App, had been breached by a former employee in December of 2021. This leak included customers’ names, brokerage account numbers, portfolio value, and stock trading activity for over 8 million U.S. users.

Insurers play a key role in helping organizations

The increasing frequency and seriousness of cyberattacks has led more organizations to purchase cyber insurance, with 47 percent of insurance clients using this coverage in 2020, up from 26 percent in 2016, according to the U.S. Government Accountability Office. This shift includes insurers offering more policies specific to cyber risk, instead of including this risk in packages with other coverage.

The insurance industry offers first-party coverage – which typically provides financial assistance to help an insured business with recovery costs, as well as cybersecurity liability, which safeguards a business if a third party files a lawsuit against the policyholder for damages as a result of a cyber incident.

A third option, technology errors and omissions coverage, can safeguard small businesses that offer technology services when cybersecurity insurance doesn’t offer coverage. This kind of coverage is triggered if a business’s product or service results in a cyber incident that involves a third party directly.

Still, the primary focus for organizations looking to defend themselves from cyberattacks is implementing a rigorous cyber defense system.  

A Piecemeal Approach Toward Transparency In Litigation Finance

A U.S. District Court judge in Delaware made his courtroom the latest jurisdiction to require lawsuit participants to disclose whether third-party investors have any stake in litigation being brought before him.

While this is a step toward greater transparency with regard to third-party litigation funding, the standing order by Chief Judge Colm F. Connolly only affects cases in his court. The other three district court judges in Delaware have not issued similar decrees. But the order was made in an extremely influential district. More than half of publicly traded U.S. corporations are incorporated in Delaware, and the state’s laws often govern contracts between businesses.

A booming global industry

Funding of lawsuits by international hedge funds and other financial third parties – with no stake in the outcome other than a share of the settlement – has become a $17 billion global industry, according to Swiss Re. Law firm Brown Rudnick sees the industry as even larger, at $39 billion globally, according to Bloomberg.

Third-party litigation funding was once widely prohibited. As bans have been eroded in recent decades, it has grown, spread, and become a contributor to “social inflation”: increased insurance payouts and loss ratios beyond what can be explained by economic inflation alone.

Efforts at transparency

Some progress in toward greater transparency has been made in recent years. Last year, the U.S. District Court for the District of New Jersey amended its rules to require disclosures about third-party litigation funding in cases before the court. The Northern District of California imposed a similar rule in 2017 for class, mass, and collective actions throughout the district. Wisconsin passed a law requiring disclosure of third-party funding agreements in 2018. West Virginia followed suit in 2019.

At the federal level, the Litigation Funding Transparency Act was introduced and referred to the Senate Judiciary Committee in October 2021.

Panelists at Triple-I’s Joint Industry Forum in December 2021 agreed on the importance of requiring disclosure of litigation funding. Insurance groups and the U.S. Chamber of Commerce say litigation funding needs more rules to prevent abuses of the legal system and to protect consumers, who often pay exorbitant interest rates on money they borrow to pay legal expenses.

“By its very nature, third-party litigation financing promotes speculative litigation and increases costs for everyone,” said Stef Zielezienski, executive vice president and chief legal officer for the American Property Casualty Insurance Association in a press release about the Delaware order. “At its worst, outside investment in litigation financing dependent on a successful verdict creates incentives to prolong litigation.”

The Delaware judge’s order requires, in addition to disclosing the name and address of any third-party funder, that parties to any case before his bench must also disclose whether approval by the funder is necessary for settlement decisions and, if so, the terms and conditions relating to that approval.

While strides like this may be small, they add up in the fight to make disclosure of third-party litigation financing a priority in states and in courthouses nationwide.

Learn More:

Social Inflation: What It Is and Why It Matters

Triple-I, CAS Quantify Social Inflation’s Impact on Commercial Auto

What Is Social Inflation and What Can Insurers Do About It?

IRC Study: Social Inflation Is Real, and It Hurts Consumers, Businesses

Insurers, Regulators Push Back on Changes In S&P Rating Criteria

Insurers, regulators, and members of Congress have expressed concern about proposed changes in how Standard & Poor’s Global Ratings defines “available capital” in its rating criteria. Specifically, S&P would no longer consider certain debt to be counted as available for purposes of rating insurers’ financial strength and ability to pay claims.

“Disruptive” and an “overuse of market power” is how the Association of Bermuda Insurers and Reinsurers (ABIR) described the measure in an 18-page letter to S&P, which has requested comments by April 29 on its proposed methodology and assumptions for analyzing the risk-based capital adequacy of insurers and reinsurers.

S&P’s proposed changes, in ABIR’s view, would lead to the sudden removal of billions of dollars overnight that otherwise would be available to underwrite catastrophe risk – a sector in which average insured losses have risen nearly 700 percent since the 1980s.

“This debt is viewed as capital by the regulators,” ABIR CEO John Huff says in a news release. “If carriers are forced to restructure debt, they’ll get less favorable terms today. Any replacement debt will increase financial leverage, which is counter to the stability people seek from a rating agency.”

Members of the U.S. House of Representatives and Senate, along with the U.S. state insurance regulators, through the National Association of Insurance Commissioners, have expressed similar concerns about S&P’s proposed change in its rating criteria.

ABIR points out ambiguity in the timing of the rollout of the planned changes, saying, “Insurers and reinsurers will have no time to respond to the new debt treatment before S&P has indicated the changes will go into effect.”

“There is no glide path or grandfathering,” Huff says. “It’s just a cliff. “

Bermuda’s insurers urge the rating agency to provide a transition period for any such changes, as well as grandfathering debt that already is in place.

“If there’s a transition plan, we can work within that,” Huff says. “But having this so abrupt is quite disruptive. Standard & Poor’s should be adding stability, not causing disruption.”

Dog-Related Injury Claims Nearly $900 Million in 2021

Despite relaxation of pandemic-related restrictions, behavioral issues in pets and rising costs persist.

By Loretta Worters, Vice President, Media Relations, Triple-I

As pet owners return to the workplace or school, pets will be left home alone. Behavioral issues such as separation anxiety could result in aggressive and destructive behavior. This could be a problem for dogs that were adopted during the pandemic as well as pets that have become used to their pet owners being at home.

March 2020 had the most dog-related injury claims, when people first went into lockdown at the start of the COVID-19 pandemic, according to State Farm. Dog bites were up 21.6 percent from the previous March, likely due to dogs dealing with owner stress, disruption in routines and more people around the house throughout the day. With the easing of restrictions for activities outside the home—experts feared it would lead to another spike in bites.  The overall number of claims slightly increased to 17,989 in 2021 from 17,567 in 2020, accounting for more than one-third of all homeowners liability claims paid out, costing $881 million.

Dog bite-related claims costs have been climbing for years. The average cost per claim nationally has risen 39 percent from 2012 to 2021, due to increased medical costs and the upward trend in the size of settlements, judgments, and jury awards.

Claims costs are attributable not only to dog bites but also to dogs knocking down children, cyclists, and the elderly, which can result in costly injuries.

The latest Triple-I dog bite claim figures are released in conjunction with National Dog Bite Prevention Week, an event held each year to help reduce the number of dog bites.

Children are particularly at risk for dog bites and are more likely to be severely injured, so it’s essential for parents to teach their kids to be safe around strange dogs and their own pets.

Dog training is, of course, key to preventing dog bites and related injuries for everyone, and National Dog Bite Prevention Week’s organizers offer many practical tips. This year, dog experts are again focused on re-socializing animals that have been isolated along with their humans.

Triple-I recommends that you check your homeowners or renters insurance policy to be sure it covers liability for dog bites and related injuries. Click here for more details about dog bite liability insurance.

Related content:

Infographic: National Dog Bite Prevention Week

Spotlight on dog bite liability

Facts about pet insurance

Insurers Step Upto Bring Reliefto Ukraine Refugees

As more people — urgently in need of humanitarian support — flee Ukraine daily, funding continues to grow within the insurance industry.  

The Insurance Industry Charitable Foundation (IICF), a nonprofit dedicated to helping communities and enriching lives, has opened a humanitarian relief fund to help refugees in response to the crisis in Ukraine.

“The insurance industry has a longstanding legacy of philanthropic giving, locally and globally, in times of acute need. Throughout the pandemic – and now, as we raise funds in support of Ukrainian refugees – our industry strives to respond quickly and with impact,” said Hank Watkins, regional director and president of Lloyd’s, Americas and chair of the IICF International Board of Governors. “As an industry founded with the purpose of facilitating progress and responding during times of need, we appreciate the opportunity IICF provides for collaborating on philanthropic and volunteering initiatives, enabling us to continue sharing the very best of our industry with the world.”

Betsy Myatt, vice president and chief program officer, executive director of the IICF’s Northeast Division, noted that the organization “stands with the world and our industry in calling for peace in Ukraine.

With humanitarian efforts underway to address the needs of millions of refugees fleeing the violence – mostly women, children, and the elderly – IICF will join with our industry and many other companies and individuals throughout the world in this support through the IICF: Ukrainian Humanitarian Relief Fund.”

“Proceeds will benefit BeHumanKindness, CARE (Ukrainian Crisis Fund), Red Cross and Save the Children (Children’s Emergency Fund),” she said. “These nonprofit organizations are delivering immediate assistance in the region to the women, children, and families made refugees by the war. “

Insurers and foundations have already contributed millions of dollars toward Ukraine emergency response. The private sector is demonstrating its generosity and solidarity through direct contributions, while also launching creative initiatives to help engage stakeholders, such as employee match funding.

The Allstate Foundation, for example, created a $1 million dedicated Ukrainian Relief Fund that will support the American Red Cross, Razom, UNICEF and World Central Kitchen. Employee donations to the fund will receive a 100 percent match. “Allstate stands with the people of Ukraine and against Russia’s morally reprehensible attacks,” their statement read. “We set up a $1 million Ukrainian Relief fund and are matching employee donations as we support freedom, civility, and compassion for victims of this war.”

Allianz SE announced that it would make available 10 million euros to support humanitarian efforts along with up to 2.5 million euros to match employee donations. RLI Insurance Co. is matching its employees’ donations to the IICF: Ukrainian Humanitarian Relief Fund.

The American Family Insurance Dreams Foundation and companies of American Family Insurance group have made a collective commitment of $50,000 for Ukrainian humanitarian aid.  The Dreams Foundation is donating $10,000 to UNICEF CONNECT, and The General are providing $10,000 each to the International Committee of the Red Cross; Homesite is donating $10,000 to Save the Children; and Main Street America is pledging $10,000 to CARE Ukraine Crisis Fund.

AXA has taken several initiatives to support the humanitarian crisis triggered by the war, with a donation of 6 million euros to NGOs working in Ukraine and the neighboring countries to support civil populations and refugees.  AXA’s global philanthropic employee volunteering initiative, AXA Hearts in Action, initiated multiple local projects that will be supported by a group donation.

The Hartford signals solidarity by lighting their tower in the colors of the Ukraine flag.

The Hartford is matching employee donations to the US Association for UNHR, UNICEF and International Medical Corps at 100 percent. Lloyd’s has donated to the British Red Cross Ukraine Crisis Appeal to support humanitarian relief efforts in the region. 

Munich Re said it is contributing to alleviate the hardship of the hundreds of thousands of war refugees. “As people are now primarily fleeing the battle zone via the Polish border, Munich Re is currently concentrating its aid on this region.”

Zurich Insurance Group CEO Mario Greco said, “Zurich is strongly committed to helping alleviate suffering in Ukraine. To that end, the Z Zurich Foundation announced a major fundraising effort to mobilize support across our businesses globally for humanitarian relief efforts. The safety and well-being of people across the region are a key concern in these sad times.”

Study: Insurers Suspect Rise in Fraudulent Claims Since Start of Pandemic

By Max Dorfman, Research Writer

Insurance professionals’ suspicions about fraudulent claims have increased during the pandemic as fraudsters have become more creative, according to a recent survey.

The survey by FRISS, a provider of fraud and risk detection solutions for property/casualty insurers, found that its 420 respondents in 2022 believe 20 percent of claims filed might contain fraud. That’s up from 18 percent in 2020.

“Innovation and digitization are disrupting the insurance industry in good ways, setting a new norm that’s enabling the industry to be even more responsive to customers’ needs,” said Triple-I CEO Sean Kevelighan in an introduction to the report. “Unfortunately, the acceleration of digital processes that began well before the pandemic also provides opportunities for fraud.”

In 2022, the top challenge reported by respondents was “Keeping up with fraudsters’ modus operandi” – a change from both the 2020 and 2018 surveys, in which “Internal data quality” was deemed the biggest challenge.

Insurance fraud costs U.S. consumers at least $80 billion every year, according to the Coalition Against Insurance Fraud. The FBI says the cost of non-health insurance fraud hovers at about $40 billion a year.  As a result, the average U.S. family incurs between $400 and $700 per year in losses due to increased premiums.

Respondents to the survey say fraud detection software has proven to be generally effective. This includes improving loss ratio (59 percent), staying ahead of developing fraud schemes (53 percent), and increasing investigator efficiency (52 percent).

Pandemic Fuels Growth in Captive Insurance

By Max Dorfman, Research Writer

The coronavirus pandemic and the financial challenges it presents have fueled growth in captive insurance – a form of self-insurance in which one or more entities establish their own insurance company. They also may insure the risks of organizations other than their major owners. 

“Wholly owned” captives are set up by large corporations to finance or administer their risk financing needs. If such a captive insures only the risks of its parent or subsidiaries, it is called a “pure” captive.  Multiple companies may also form a “group captive.”

Captive formations nearly doubled in 2020, according to a recent survey by Marsh. The global insurance broker and risk advisor’s survey of more than 1,300 captives also shows that gross written premiums in this area grew from $54 billion in 2019 to nearly $61 billion in 2020.

 In January 2022, the National Collegiate Athletic Association (NCAA) board of governors unanimously approved a $175 million fund to create a captive for event cancellation. With insurers unable to cover risks related to the coronavirus pandemic – which falls under the umbrella of communicable diseases policies – because of the potential for unsustainable costs, the captive structure has become a more popular method to protect from losses.

The NCAA formed its captive after the 2020 NCAA basketball tournament was cancelled due to COVID-19, resulting in a $270 million payout – or about 40 percent of what the 1,200 participating schools would have earned for the tournament. In 2021, the NCAA limited the number of fans at the tournament, with the organization’s coverage allowing it to pay the total $613 million to members last year. However, their coverage for 2022 had expired, and communicable disease coverage was now difficult to find.

“When the NCAA looked to renew coverage for the 2022 tournament, a lot of it was going to look similar,” said John Beam, a broker for Willis Towers Watson, “but there is not coverage for communicable disease right now.”

The sports and entertainment industry experienced losses between $6 billion and $10 billion as the coronavirus pandemic raged on, with premiums in event insurance increasing between 25 percent and 50 percent. For many organizations, captive insurance provides a viable alternative for these risks.

Workers’ comp and captives

The coronavirus pandemic has also affected captive owners in the workers’ compensation field. Indeed, the pandemic, alongside the ensuing “Great Resignation,” during which employers have struggled to retain staff, has made many captive owners potentially more willing to pay workers’ comp claims, according to a panel at the recently held Captive Insurance Companies Association international conference.

Amy O’Brien, vice president of third-party administer sales at Gallagher Bassett Services Inc., a claims service provider, said the initial phases of the pandemic saw many insurers denying COVID-19-related claims. Claims asserting exposure at work were difficult to prove, and many captives questioned if the claims were associated with claimants’ work. Additionally, there were possible regulatory changes that these captives were concerned about.

“With medical costs continuing to rise, the most significant dynamic in terms of any company controlling their workers’ compensation costs and claims is ensuring that there are adequate tools in place to help mitigate medical costs for claimants under their workers’ compensation,” said Dustin Partlow, senior vice president at Caitlin Morgan Insurance Services and an expert in captive insurance solutions.

“But with omicron and the Great Resignation, we’re seeing a change where employers are saying, ‘What can I do to get this person back to work sooner?’” Gallagher’s O’Brien said.

Approximately 90,000 claims were processed by Gallagher Bassett that covered a COVID-19 issue, with over 60 percent of cases closed without payment, frequently due to the fact that there were no related medical expenses, O’Brien said. But the 40 percent that did result in a payment averaged $4,000 per case.

“The employee is more valuable now – so they are being treated right. The employer is saying: ‘What can I do to keep this person?’,” O’Brien added.

Bringing Clarity
to Concerns About Race
in Insurance Pricing

There is no place for discrimination in today’s insurance marketplace. In addition to being fundamentally unfair, to discriminate on the basis of race, religion, ethnicity, sexual orientation – or any factor that doesn’t directly affect the risk being insured – would simply be bad business in today’s diverse society.

Concerns have been raised about the use of credit-based insurance scores, geography, home ownership, and motor vehicle records in setting home and car insurance premium rates. Critics say using such data can lead to “proxy discrimination,” with people of color sometimes being charged more than their neighbors for the same coverage. Insurers reply that these tools reliably predict claims and help them match premiums with risks – preventing lower-risk policyholders from subsidizing higher-risk ones.

Public confusion around insurance rating is understandable. The models used to determine insurance rates are complex, and actuaries have to distinguish causal relationships from superficial correlations to appropriately align insurers’ prices with the risks they’re covering. If they get it wrong, the insurers’ ability to keep their promises to pay policyholder claims could be compromised.

And they have to do this while complying with regulations and statutes in 50-plus U.S. jurisdictions. As one of the most heavily regulated industries in the world, insurers have strong incentives to comply with anti-discrimination rules.

To help clarify this complexity, Triple-I has published an Issues Brief on the subject, and the Casualty Actuarial Society has published a series of four research papers, drilling down deep into the topic:

Defining Discrimination in Insurance

Methods for Quantifying Discriminatory Effects on Protected Classes in Insurance

Understanding Potential Influences of Racial Bias on P&C Insurance: Four Rating Factors Explored

Approaches to Address Racial Bias in Financial Services: Lessons for the Insurance Industry

“Insurance pricing is a high-wire act,” CAS says.  “As regulation and society’s understanding of discrimination evolve, however, it is necessary for us to keep abreast of changes in the manner in which discrimination is defined and adjudicated.”

Insurers are well aware of the history of unfair discrimination in financial services. While it would be disingenuous to suggest that all traces of bias have been wrung out of the system, the insurance industry has been responsive over the decades to concerns about fairness and equity. Insurers and actuaries are uniquely positioned to continue helping policymakers, corporate decisionmakers, and the public understand these inequities and to play a constructive role in the policy discussion.