All posts by Jeff Dunsavage

Business Risk, Catastrophes, Cyber Risk, Emerging Risks, Terrorism Risk

Intent and ability distinguish cyberrisk from natural perils

Leave a comment

Cyberrisk is often compared with natural catastrophe-related threats, but a recent study by global reinsurer Guy Carpenter and analytics firm CyberCube suggests a better analogy is with terrorism.

“Probability is assessed in terms of intent and capability.”

The report – Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study – quotes Andrew Kwon, lead cyber actuary for Zurich: “Extending the lessons learned from property cats to the cyber space is intuitive and logical, but cyber continues to be a unique force unto itself. A hurricane does not evolve to bypass defenses; an earthquake does not optimize itself for maximum damage.”

This passage resonated as I read it because a few hours earlier I’d been reading a FreightWaves article about risks posed to international shipping by digitalization and pondering the fact that the same technology that helps vessels anticipate and avoid adverse weather also subjects them – and the goods they transport – to a panoply of new risks.

The FreightWaves article quotes U.S. Navy Captain John M. Sanford – who now leads the U.S. Maritime Security Department within the National Maritime Intelligence Integration Office – describing how the NotPetya virus inflicted $10 billion of economic damage across the U.S. and Europe and hobbled company after company, including shipping giant Maersk, in 2017.

Sanford said Russian military intelligence was behind the hacker group that spread NotPetya to damage Ukraine’s economy. The virus raced beyond Ukraine to machines around the world, crippling companies and, according to an article in Wired, inflicting nine-figure costs where it struck.

“Maersk wasn’t a target,” Sanford said. “Just a bystander in a conflict between Ukraine and Russia.”

Collateral damage.

The FreightWaves article describes how supply chains, ports, and ships could be disrupted more intentionally through GPS and Electronic Chart Display and Information System (ECDIS) systems onboard ships, or even via a WiFi-connected printer: “Pirates working with hackers could potentially access a ship’s bridge controls remotely, take control of the rudder, and steer it toward a chosen location, avoiding the expense and danger of attacking a vessel on the high seas.”

The Carpenter/CyberCube report identifies parallels in the deployment of “kill chain” methodologies in both conventional and cyber terrorism: “Considering terrorism risk in terms of probability and consequence, probability is assessed in terms of intent and capability.”

As our work and personal lives become increasingly interconnected through e-commerce and smart thermostats and we look forward to self-driving cars and refrigerators that tell us when the milk is turning sour, these considerations might well give us pause.

Hurricanes, earthquakes, fires, and floods might be scary, but at least we never had to worry that they were out to get us.

 

Specialty Coverage

Travel company collapse offers lessons in risk

Leave a comment

Most people don’t like to think about risk — especially when planning a holiday abroad. If they think about travel risk at all, it tends to be in terms of nuisances like flight cancellations or misrouted luggage.

The collapse of British travel company Thomas Cook, which left many thousands of travelers stranded, highlights the types of risks travelers rarely think about.

This week’s seemingly overnight collapse of British travel company Thomas Cook – leaving approximately 600,000 travelers stranded worldwide and leading U.K. authorities to launch what has been called be the “largest peacetime repatriation ever” – underscores several of the myriad risks that most travelers rarely think about.

For better or worse, when I hear “repatriation” the word is typically followed in my mind by “of remains.” While mass repatriations like the one occurring this week are rare, people often die while traveling for pleasure or business. Whether it’s headline-grabbing strings of mysterious deaths like those in the Dominican Republic earlier this year or more common, less publicized deaths by auto, drowning, or natural causes, the cost and complexity of returning the bodies of loved ones can compound the stresses typically experienced by grieving families. A travel policy with adequate coverage for repatriation of remains is a relatively inexpensive way to help address this burden.

Now, you’re even more likely to become ill or injured while traveling than you are to die. Have you checked your current health insurance to see what it does and doesn’t cover when you’re traveling outside your country? Depending on what you learn, you may want to consider buying medical travel insurance. If your health policy does provide international coverage, the U.S. State Department advises that you remember to carry your insurance policy identity card and a claim form.

In the case of a serious illness or injury, the State Department says, medical evacuation can cost more than $50,000, depending on your location and condition. A policy that covers medical evacuation and emergency extraction (say, in the event of natural disaster or political unrest) also is worth considering for international trips.

Perhaps the most important lesson to draw from the “surprise” collapse of 178-year-old Thomas Cook is that it wasn’t exactly a surprise for those who were paying attention. As the U.K.-based Guardian news site reports, “The tour operator’s woes go back much further” than its inability to secure a £200 million lifeline from its bankers. The Guardian calls Thomas Cook “a victim of a disastrous merger in 2007, ballooning debts and the internet revolution in holiday booking. Add in Brexit uncertainty, and it was perhaps only a matter of time before the giant of the industry collapsed.”

Travelers often are so focused on capturing bargains that they don’t take the time to research the organizations bringing them great deals or the safety considerations in the lovely destinations being marketed to them. In travel, as in other adventures, it’s often the case that “you get what you pay for.”

Maybe a bit of research might have kept some of the hundreds of thousands of inconvenienced Thomas Cook clients from putting all their holiday eggs in a single overstuffed basket.