Category Archives: Business Risk

Ransomware payments doubled in fourth quarter 2019

The average ransomware payment increased by a whopping 104 percent in the fourth quarter of 2019, spiking to $84,116 from $41,198 in Q3, according to a report from Coveware, a security vendor.

Ransomware, also known as cyber extortion, involves the use of malicious software designed to block access to a computer system until a sum of money is paid. The 4Q increase reflects the diversity of the cyber criminals attacking companies.

Some ransomware variants are focusing on large companies where they can attempt to extort the organizations for seven-figure payouts. Small businesses, on the other hand, are bombarded with ransomware variants with demands as low as $1,500.

The total cost of a ransomware attack depends on its severity and duration and includes the costs of the ransom payment (if one is made), as well as remediation costs, lost revenue, and potential brand damage.

In Q4, ransomware actors also began exfiltrating data from victims and threatening to release it. In addition to remediation and containment costs, this complication adds to the potential costs of third-party claims.

Other key takeaways from the report include:

  • 98 percent of companies that paid the ransom received a working decryption tool in Q4 2019, unchanged from Q3.
  • Victims who paid for a decryptor successfully decrypted 97 percent of their data, a slight increase from Q3.
  • Average downtime increased to 16.2 days, from 12.1 days in Q3 of 2019. The was driven by a higher prevalence of attacks against larger enterprises, which often spend weeks fixing their systems.
  • Cyber criminals demand Bitcoin almost exclusively now in all forms of cyber extortion because it’s easier to swap extortion proceeds into a privacy coin after they collect, than to require a victim to purchase a less liquid type of digital currency.
  • Less sophisticated and well-financed attackers will target small companies with small IT budgets.
  • Public sector organizations continued to account for a high percentage of ransomware attacks in Q4. The attacks are expected to continue until these organizations are able to increase their security budgets.

 

House approves TRIA, NFIP extensions as part of $1.4 trillion spending package

On Tuesday, December 17, the House approved a package of bills that includes a seven-year reauthorization of the Terrorism Risk Insurance Act (TRIA) and funding for the National Flood Insurance Program until September 30, 2020.

Numerous insurance industry groups applauded the extension of TRIA. The act has been an important support in the effort to supply terrorism insurance through the private market. Since it was enacted, the percentage of companies purchasing terrorism insurance has risen to 80 percent, and the price of coverage has fallen more than 80 percent.

The $1.4 trillion spending package also includes:

  • Federal funding ($25 million) for gun violence research for the first time in 20 years.
  • A repeal of Obamacare taxes, including a 2.3 percent excise tax on medical devices, a health insurance industry fee that would have taken effect in 2020, and the 40 percent “Cadillac” excise tax on the most expensive health-insurance plans.
  • The Setting Every Community Up for Retirement Enhancement (SECURE) Act of 2019, which features provisions that make it easier for smaller employers to join open multiple-employer plans, ease non-discrimination rules for frozen defined benefit plans, and add a safe harbor for selecting lifetime income providers in defined contribution plans.

The bill is expected to pass the Senate and be signed by President Trump before government funding expires on December 20.

Is a Global Recession Imminent? If So, Businesses Can Protect Themselves with Credit Risk Insurance

By Loretta Worters, Vice President – Media Relations

The credit crisis of 2007-2008 was a severe worldwide economic crisis considered by many economists to have been the most serious financial crisis since the Great Depression of the 1930s, to which it is often compared.  “Everyone was impacted, not just those working in banks.  Because the price of debt, the ability to get financing changed, a lot of things happened.  So, everyone is impacted by credit every day, whether they know it or not,” said Tamika Tyson, senior manager, credit with Noble Energy, in this video interview.

Tyson, who is also a non-resident scholar with the Insurance Information Institute, said what she is most concerned about is debt repayments that are coming due. “If a global recession happens, as economists are predicting, and it happens in conjunction within an election, it can be difficult for companies to refinance any mature debentures they have coming in 2020,” she said.  “Leadership needs to be thinking about the risks in their company.  Not just the credit risks, but all risks related to their business.”

What leads to credit risk and how can companies protect themselves?

The main microeconomic factors that lead to credit risk include limited institutional capacity, inappropriate credit policies, volatile interest rates, poor management, inappropriate laws, low capital and liquidity levels, direct lending, massive licensing of banks, poor loan underwriting, laxity in credit assessment, poor lending practices, government interference and inadequate supervision by the central bank.

Doing a comprehensive risk assessment is a great idea for everyone within an organization, noted Tyson.  “Once an assessment is made as to how much risk they are exposed to, then they can develop a strategy to help protect the company. If there’s more risk in the system than a company is willing to take, then they should consider obtaining credit risk insurance,” she said.

What is Credit Risk Insurance?

Credit risk insurance is a tool to support lending and portfolio management.  It protects a company against the failure of its customers to pay trade credit debts owed to them. These debts can arise following a customer becoming insolvent or failing to pay within the agreed terms and conditions.

What can impact credit risk?

The factors that affect credit risk range from borrower-specific criteria, such as debt ratios, to market-wide considerations such as economic growth. Political upheaval in a country can have an impact, too.

For example, political decisions by governmental leaders about taxes, currency valuation, trade tariffs or barriers, investment, wage levels, labor laws, environmental regulations and development priorities, can affect the business conditions and profitability.

“At the end of the day, political risks have the ability to impact credit risks.  Credit risks rarely impact political risks,” she said.  “We have a lot of different views right now on the political spectrum so until we know how that’s going to work out, it’s going to create risk in the system, and we’ll see how different companies react to that,” Tyson said.

“We all talk about biases.  Everyone thinks they’re better off and it’s always someone else that has the issue.  It’s the same when looking at a risk assessment or reviewing someone’s financials; everyone thinks they’re doing fine, but then they discount what’s going on with other people.  That’s why it is imperative companies self-evaluate as they evaluate those they transact business with.”

“Know your portfolio, know your customers and understand your risk tolerance,” said Tyson.  “Know, too, there are a lot of tools available to help you mitigate against those risks.”

 

Workers Comp 2019:Sixth Straight Yearof Underwriting Profits

Private workers compensation insurers were slightly less profitable in 2019 than their 2018 record, according to a preliminary analysis by the National Council of Compensation Insurance (NCCI). NCCI estimates the combined ratio – a measure of insurer profitability – for 2019 will be about 87 percent, the second-lowest in recent history after last year’s record-low 83.2 percent.

These results, reflecting the segment’s sixth consecutive year of underwriting profitability, are part of NCCI’s State of the Line Report—a comprehensive account of workers’ compensation financial results.

 

Workers’ compensation net premiums written (NPW) fell 3.9 percent in 2019, to $41.6 billion from $43.3 billion in 2018, the report says. Before 2018, cession of premiums to offshore reinsurers stalled NPW growth.  But the Base Erosion Anti-Abuse Tax (BEAT) component of the Tax Cuts and Jobs Act of 2017 – which limits multinational corporations’ ability to shift profits from the United States by making tax-deductible payments to affiliates in low-tax countries – spurred NPW growth to almost 9 percent in 2018.

While the BEAT’s residual effect and the strong economy may place upward pressure on 2019 net premiums written, recent decreases in rates and loss costs are likely to more than offset these factors.

Changes in rates/loss costs impact premium growth and reflect several factors that impact system costs, such as changes in the economy, cost containment initiatives, and reforms. NCCI expects premium in 2019 to fall 10 percent, on average, as a result of rate/loss cost filings made in jurisdictions for which NCCI provides ratemaking services.

The State of the Line Report was presented at NCCI’s Annual Issues Symposium (AIS) in May.

Despite Safer Skies, Aviation Claims Rise: What’s Up With That?

 Flying has never been safer.

You’re more likely to die from being attacked by a dog than in an airline accident (see chart).

Today’s aircraft contain more sophisticated electronics and materials than those flying in the 1960s. When they bump into each other or come down too hard, they cost more to repair.

And yet, according to a recent Allianz Global Corporate & Specialty (AGCS) report, the aviation sector’s insurance claims continue to grow in number and size.

The report – Aviation Risk 2020 – says 2017 was the first in at least 60 years of aviation in which there were no fatalities on a commercial airline. The year 2018, in which 15 fatal accidents occurred, ranks as the third safest year ever.

Of more than 29,000 recorded deaths between 1959 and 2017, the report says, fatalities between 2008 and 2017 accounted for less than 8 percent – despite the vast increase in the number of people and planes in the air since 1959.

So, what gives?

Safety is expensive

Some of the reasons for the increased claims are good ones: Safer aircraft cost more to repair and replace when there are problems.

The report analyzed 50,000 aviation claims from 2013 to 2018, worth $16.3 billion, and found “collision/crash incidents” accounted for 57 percent, or $9.3 billion. Now, this may sound bad, but the category includes things like hard landings, bird strikes, and “runway incidents.”

The AGCS analysis showed 470 runway incidents during the five-year period accounted for $883 million of damages.

Engine costs more than the plane

Today’s aircraft contain far more sophisticated electronics and materials than those flying in the 1960s. When they bump into each other or come down too hard, they cost more to repair.

“We recently handled a claim where a rental engine was required while the aircraft’s engine was repaired,” said Dave Watkins, regional head of general aviation, North America, at AGCS. “The value of the rental engine was more than the entire aircraft.”

When entire fleets have to be grounded – the report cites the 2013 grounding of the Boeing Dreamliner for lithium-ion battery problems and the more recent fatal crashes involving the Boeing 737 Max – costs can really soar. Boeing reportedly has set aside about $5 billion to cover costs related to the global grounding of the 737 Max.

Even after a fix is found, the task of retrofitting a fleet takes considerable time – and, in the aviation industry, time truly is money.

Liability awards take off

Compounding the claims associated with the costs of safer flight, the report says, liability awards have risen dramatically.

“With fewer major airline losses,” Watkins said, “attorneys are fighting over a much smaller pool and are putting more resources into fewer claims, pushing more aggressively for higher awards.”

Today’s aircraft carry hundreds of passengers at a time. With liability awards per passenger in the millions, a major aviation loss could easily result in a liability loss of $1 billion or more.

A world without TRIA: premiums skyrocket following 9/11

Below is an abstract from the I.I.I. database citing a Wall Street Journal article from October 8, 2001. It describes the sharp increase in insurance rates immediately following the terrorist attacks of 9/11 2001.

The abstract is part of our series covering the Terrorism Risk Insurance Act of 2002 (TRIA). The act made public and private sharing of insured losses from acts of terrorism in the United States possible.

I.I.I.’s report, A World Without TRIA: Incalculable Risk, describes the function of the federal  terrorism backstop.

Intent and ability distinguish cyberrisk from natural perils

Cyberrisk is often compared with natural catastrophe-related threats, but a recent study by global reinsurer Guy Carpenter and analytics firm CyberCube suggests a better analogy is with terrorism.

“Probability is assessed in terms of intent and capability.”

The report – Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study – quotes Andrew Kwon, lead cyber actuary for Zurich: “Extending the lessons learned from property cats to the cyber space is intuitive and logical, but cyber continues to be a unique force unto itself. A hurricane does not evolve to bypass defenses; an earthquake does not optimize itself for maximum damage.”

This passage resonated as I read it because a few hours earlier I’d been reading a FreightWaves article about risks posed to international shipping by digitalization and pondering the fact that the same technology that helps vessels anticipate and avoid adverse weather also subjects them – and the goods they transport – to a panoply of new risks.

The FreightWaves article quotes U.S. Navy Captain John M. Sanford – who now leads the U.S. Maritime Security Department within the National Maritime Intelligence Integration Office – describing how the NotPetya virus inflicted $10 billion of economic damage across the U.S. and Europe and hobbled company after company, including shipping giant Maersk, in 2017.

Sanford said Russian military intelligence was behind the hacker group that spread NotPetya to damage Ukraine’s economy. The virus raced beyond Ukraine to machines around the world, crippling companies and, according to an article in Wired, inflicting nine-figure costs where it struck.

“Maersk wasn’t a target,” Sanford said. “Just a bystander in a conflict between Ukraine and Russia.”

Collateral damage.

The FreightWaves article describes how supply chains, ports, and ships could be disrupted more intentionally through GPS and Electronic Chart Display and Information System (ECDIS) systems onboard ships, or even via a WiFi-connected printer: “Pirates working with hackers could potentially access a ship’s bridge controls remotely, take control of the rudder, and steer it toward a chosen location, avoiding the expense and danger of attacking a vessel on the high seas.”

The Carpenter/CyberCube report identifies parallels in the deployment of “kill chain” methodologies in both conventional and cyber terrorism: “Considering terrorism risk in terms of probability and consequence, probability is assessed in terms of intent and capability.”

As our work and personal lives become increasingly interconnected through e-commerce and smart thermostats and we look forward to self-driving cars and refrigerators that tell us when the milk is turning sour, these considerations might well give us pause.

Hurricanes, earthquakes, fires, and floods might be scary, but at least we never had to worry that they were out to get us.

 

Big, nasty claims in the casualty sector: no end in sight

Getty images

On September 19 Advisen hosted its second annual Big, Nasty Claims Conference at the New York Law School. The discussion focused on the issues that are driving mass torts and class actions that have the potential to exceed $100 million.

In her opening remarks, Ellen Greiper, partner with Lewis Brisbois, said that seven to nine figure verdicts are becoming common, a statement echoed by many of the panelists. And in his keynote address, Sherman “Tiger” Joyce, president of the American Tort Reform Association cited the trend of courts becoming a vehicle for public change that started with the tobacco litigation in the 1990s and continues through today’s opioids liability litigation. He also noted that the sheer “critical mass” of claimants is driving astronomical verdicts, for example the Xarelto® blood thinner lawsuit had 25,000 claimants and resulted in a $775 million verdict.

He mentioned speaking with an insurer who was ready to settle an older, expired claim for $150,000. Then legislation came through, changing the statute of limitations – and the claim demand changed to $50 million. “It’s not going to stop here. It’s never a one-off when it comes to this type of activity. Toxic torts, there are any number of events this will migrate to. Be on the alert for the exposure,” he warned the audience. “It’s gotten to the point where it’s just exploding.”

Joyce also cited liberal expert evidence rules, and the bending of personal jurisdiction rules, especially in so-called judicial hellholes, leading the way to more and bigger casualty losses.

Jim Blinn, executive vice president, Client Solutions, Advisen and Jesse Paulson, managing director, U.S. Excess Casualty Leader, Marsh, led the session dealing with frequency and severity trends for losses larger than $100 million, including a growing number of verdicts that breach the $1 billion threshold. The audience got a glimpse into Advisen’s proprietary excess casualty loss database via a slide listing recent colossal verdicts. Topping the list were Monsanto’s Roundup, Johnson & Johnson’s Pinnacle hip replacements and opioids and PG&E’s Camp Fire related losses.

In a session dealing with the insurance industry’s response to large claims Kathy Reid, senior vice president of Berkshire Hathaway Specialty Insurance said that the more information the insurer has about a client the better — uncertainty causes price to increase. She said that while this is not the best time for insurers to come into the market some middle market casualty business can still be profitable.

So what types of Big Nasty Claims keep insurance executives up at night? Paul DeGiulio, senior vice president of General Casualty and Health Care Claims, Allied World, cited incidents causing multiple claims such as train wrecks or industrial explosions. Aging infrastructure and commercial auto (with rising fatalities on the road) are also areas of concern. And in premises liability, more businesses are being held liable when customers fall victim to crime in parking lots and garages.

 

 

A world without TRIA: The formation of a federal terrorism insurance backstop

On September 11, 2001 terrorists hijacked commercial airliners and flew them into the World Trade Center towers and the Pentagon. The attacks remain the deadliest and most expensive terrorist incidents in U.S. history, with insurance losses totaling about $47.0 billion in 2019 dollars, according to I.I.I. estimates.

In the wake of the attacks the U.S. Congress enacted the Terrorism Risk Insurance Act of 2002 (TRIA). The act creating a federal backstop for catastrophic terrorism losses that is designed to keep terrorism risk insurance available and affordable. It was renewed in 2005, 2007 and again in 2015. The act is set to expire on December 31, 2020.

Over the next months the Triple-I Blog will run stories featuring key participants in the terrorism risk insurance market and highlight news stories from our database from the periods immediately following 9/11 (before TRIA) and 2015 (when TRIA briefly lapsed).

Below is an abstract from the I.I.I. database citing a BestWeek article from October 1, 2001. The article refers to the fact that the heaviest insured losses were absorbed by foreign and domestic reinsurers, the insurers of insurance companies. Because of the lack of public data on, or modeling of, the scope and nature of the terrorism risk, reinsurers felt unable to accurately price for such risks and largely withdrew from the market for terrorism risk insurance in the months following September 11, 2001

For more on the importance of a federal terrorism backstop read the I.I.I. report, A World Without TRIA: Incalculable Risk.

I.I.I. report contemplates a world without TRIA

Terrorism, by design, is unpredictable, hugely destructive, and to date uninsurable through private market methods alone.

Few events demonstrate this better than the 9/11 attacks, in which terrorists hijacked commercial airliners and flew them into the World Trade Center towers and the Pentagon. The attacks remain the deadliest and most expensive terrorist incidents in U.S. history, with insurance losses totaling about $47.0 billion in 2019 dollars, according to I.I.I. estimates.

U.S. and international insurers were able to pay virtually all the claims from the 9/11 attacks and their aftermath. But insurers also made it clear that they could not, on their own, cover future losses caused intentionally by people acting strategically to attack select targets intentionally. In response to these concerns, the U.S. Congress enacted the Terrorism Risk Insurance Act of 2002 (TRIA), creating a federal backstop for catastrophic terrorism losses that is designed to keep terrorism risk insurance available and affordable. Renewed in 2005, 2007 and again in 2015, the act is set to expire on December 31, 2020.

Although the expiration is still more than a year away, U.S. commercial insurers are preparing for the possibility that the federal backstop might expire, and federal financial assistance is unavailable for a catastrophic terrorist event.

A new I.I.I. report, A World Without TRIA: Incalculable Risk, concludes that the terrorism insurance market is more robust than in the immediate aftermath of 9/11, but – similar to the situation in 2015 – does not appear to have the ability to bear all terrorism risk.

In this context, the report offers a historical overview of TRIA – why it exists and how it functions – to inform the discussion about the potential consequences should the program disappear. The report discusses:

  • Commercial terrorism risk insurance before the 9/1 1 attacks
  • How the attacks changed the terrorism risk insurance marketplace
  • The enactment of the federal Terrorism Risk Insurance Act and the program’s structure
  • What happened when the program briefly expired in 2015
  • How a failure to reauthorize the program in 2020 could affect terrorism risk insurance

Over the next months the Triple-I Blog will run stories featuring key participants in the terrorism risk insurance market and highlight news stories from our database from the periods immediately following 9/11 (before TRIA) and 2015 (when TRIA briefly lapsed). You can follow the topic here.