The Insurance Information Institute (Triple-I) 2020 Insurance Fact Book is now available.
The 234-page digital publication features facts, figures, statistical tables, and charts on U.S. and global insurance markets. It also includes detailed data on direct premiums written and factors affecting U.S. auto, homeowners, and business insurance costs.
Three unique insurance risks—cybersecurity, extreme weather, and social inflation—are highlighted in a new section called Emerging and Evolving Insurance Issues. Other new components include:
“As we welcome a new decade, the challenges before the insurance industry are vast,” said Triple-I CEO Sean Kevelighan. “The catastrophic shock and losses from the last few years, from California wildfires and the Atlantic hurricane season, are telling. What the last decade has foreshadowed could be, as some say, the new abnormal. Our new Insurance Fact Book reflects the new risks insurers face.”
The 2020 Insurance Fact Book is available for purchase from the Triple-I’s online store. Copies may be obtained free of charge by Triple-I member companies and associate members via the Triple-I’s members-only website. Previous editions have been popular with policymakers, journalists, academics, business leaders, and others.
The most primal ones – those associated with wind, fire, and water – often travel in pairs. Modern, more complicated risks – supply chain, business interruption, cyber, political, and financial – are like tapestries so tightly woven that any effort to address this or that hazard can threaten to unravel much of what you’re trying to protect.
A new report from Verisk looks at complex emerging risks and why they matter to insurers and risk managers.
Between 1990 and 2008, natural hazards were the cause of 16,600 hazardous material releases.
“Accidents in the industrial sector can be catastrophic, and up to five percent of all accidents in this sector are caused by natural events,” writes Alastair Clarke of Verisk’s AIR Worldwide in an article titled “Where Climate Change and Natech Risk Meet.”
Between 1990 and 2008, Clarke reports, natural hazards were the cause of 16,600 reported hazardous releases.
“In each case,” he writes, “a natural event triggered a technological malfunction that led to the release of hazardous material.”
That’s a natech, and the insurance implications are significant.
Many examples exist of catastrophic casualty claims from natechs. The report cites the 2010 collapse of a dam at the Ajka alumina plant in Hungary. The dam broke after days of heavy rain, releasing toxic sludge and causing 10 deaths and 150 injuries, along with the contamination.
In 2005, Hurricane Katrina triggered 200 hazmat releases. When storm surge ruptured a storage tank at a Louisiana oil refinery, Clarke writes, “the release of 25,000 barrels of crude oil affected 1,800 homes and resulted in a $330 million settlement.”
“Natechs show how liability can arise from natural events that can be traced back to the suppliers of a faulty service,” Clarke writes. “With climate change, the threads are deeply tangled. ”
IoT unites us, for better and worse
Globalization has connected the world through commerce and culture as never before, and the Internet of Things (IoT) aims to finish the job. But supply-chain risks – already subject to the vagaries of weather, politics, and global finance – only become more complex as machines whisper among themselves.
Utilities alone are expected to deploy more than 800 million connected IoT devices by the end of 2019. Each one is a potential cyberattack portal.
In “Cyber Risks Loom Large in an Interconnected World,” Tim Campbell of Verisk Maplecroft and Kamban Parasuraman of AIR report that a survey of more than 1,000 U.K. and U.S. risk professionals indicated the average company shares confidential information with about 583 third parties. Of those surveyed, 59 percent experienced a data breach linked to a vendor or other third party in 2018.
“Just as companies need to be aware of the cyber risks introduced by third parties in their supply chains,” Campbell and Parasuraman write, “insurers may need to consider how the insureds within its own book of business are interconnected. In fact, the lack of full visibility into each insured’s interdependencies may create risks that are unidentifiable from an underwriting standpoint.”
Utilities alone are expected to deploy more than 800 million connected IoT devices by the end of 2019, reports Ben Kellison of Verisk’s Wood Mackenzie in “Power Utilities Face Emerging Cyber Threats.”
Each one is a potential cyberattack portal.
“The power grid is also becoming more decentralized,” Kellison writes. “Tens of millions of small generators and loads are being integrated into more power markets and local power systems that may or may not be owned or operated by the utility.”
The risks go on
The Verisk report, produced by the data and analytics provider’s ISO Emerging Issues team, examines these and other risk areas. As I reflect on these articles in the context of many hours spent reading about, discussing, and listening to others discuss risk and insurance, it becomes clear – from a resilience perspective – that a more holistic, epidemiological approach to risk management is needed.
Your building can be designed and built well above code; if your neighbors’ buildings aren’t, you’re at risk when a tornado turns their HVAC units into projectiles. This reality becomes more insidious when your billing system is threatened by malware introduced through a customer’s “smart” lightbulb.
Cyberrisk is often compared with natural catastrophe-related threats, but a recent study by global reinsurer Guy Carpenter and analytics firm CyberCube suggests a better analogy is with terrorism.
“Probability is assessed in terms of intent and capability.”
The report – Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study – quotes Andrew Kwon, lead cyber actuary for Zurich: “Extending the lessons learned from property cats to the cyber space is intuitive and logical, but cyber continues to be a unique force unto itself. A hurricane does not evolve to bypass defenses; an earthquake does not optimize itself for maximum damage.”
This passage resonated as I read it because a few hours earlier I’d been reading a FreightWaves article about risks posed to international shipping by digitalization and pondering the fact that the same technology that helps vessels anticipate and avoid adverse weather also subjects them – and the goods they transport – to a panoply of new risks.
The FreightWaves article quotes U.S. Navy Captain John M. Sanford – who now leads the U.S. Maritime Security Department within the National Maritime Intelligence Integration Office – describing how the NotPetya virus inflicted $10 billion of economic damage across the U.S. and Europe and hobbled company after company, including shipping giant Maersk, in 2017.
Sanford said Russian military intelligence was behind the hacker group that spread NotPetya to damage Ukraine’s economy. The virus raced beyond Ukraine to machines around the world, crippling companies and, according to an article in Wired, inflicting nine-figure costs where it struck.
“Maersk wasn’t a target,” Sanford said. “Just a bystander in a conflict between Ukraine and Russia.”
Collateral damage.
The FreightWaves article describes how supply chains, ports, and ships could be disrupted more intentionally through GPS and Electronic Chart Display and Information System (ECDIS) systems onboard ships, or even via a WiFi-connected printer: “Pirates working with hackers could potentially access a ship’s bridge controls remotely, take control of the rudder, and steer it toward a chosen location, avoiding the expense and danger of attacking a vessel on the high seas.”
The Carpenter/CyberCube report identifies parallels in the deployment of “kill chain” methodologies in both conventional and cyber terrorism: “Considering terrorism risk in terms of probability and consequence, probability is assessed in terms of intent and capability.”
As our work and personal lives become increasingly interconnected through e-commerce and smart thermostats and we look forward to self-driving cars and refrigerators that tell us when the milk is turning sour, these considerations might well give us pause.
Hurricanes, earthquakes, fires, and floods might be scary, but at least we never had to worry that they were out to get us.
Most recently, New Jersey legislators reportedly announced a bill that would permit recreational marijuana. If signed into law, New Jersey would join ten other states and D.C. that currently permit recreational marijuana. More than 30 states and D.C. also permit medical marijuana programs of some kind.
click to enlarge
But as legalization spreads, concerns about driving under the influence of marijuana continue unabated.
Today, the I.I.I. has published a report that examines the current state of the issue.
“A rocky road so far: Recreational marijuana and impaired driving” dives into the hazy questions surrounding marijuana impairment: its effects on driving abilities, how traffic safety might be impacted, and how states are grappling with the issue of “stoned driving.” (Download the report here.)
Unfortunately, there are still many unknowns when it comes to stoned driving. Marijuana impairment degrades cognitive and motor skills, of course – but marijuana-impaired driving is an evolving issue with many questions and few concrete answers. Legalization is still relatively recent. Data are still being gathered. How to understand and measure marijuana impairment are still open questions.
Do the rates of marijuana-impaired driving increase following recreational legalization? Answer: probably. Does marijuana-impaired driving increase crash risks? Answer: probably, but we still don’t concretely know to what degree. What about traffic fatalities – do those increase after legalization? There’s evidence that traffic fatalities could increase following legalization, but there is still quite a bit of discussion about this issue.
click to enlarge
There is active research, discussion and debate being conducted to answer these and other questions. As more states legalize recreational marijuana, forthcoming answers will become ever more critical to help best guide public policy and traffic safety initiatives.
I’m going to get a little wonky here, bear with me.
The standard homeowners insurance policy only explicitly mentions the word “marijuana” once: to exclude it from liability coverage. Basically, the policy says that the insurer won’t pay for any bodily injuries or property damage to another person arising out of any controlled substance, including marijuana.
But there’s an interesting wrinkle to this. The exclusion also states the following: “However, this exclusion does not apply to the legitimate use of prescription drugs by a person following the orders of a licensed physician.”
“Wait,” you say. “Isn’t there a conflict here? Wouldn’t the policy cover damages from medical marijuana, since it’s a prescription drug?”
Sorry to rain on your parade, but the answer is no.
All together now: Medical marijuana is not a prescription drug
You can be forgiven for thinking that medical marijuana is a prescription drug. After all, that’s how it’s often described by news outlets the world over: Wall Street Journal, New York Times, Washington Post, etc.
But medical marijuana is not a prescription drug under any state’s current medical marijuana program.
Physicians don’t “prescribe” marijuana like they do painkillers and other drugs. Rather, physicians will “certify,” “recommend,” or “authorize” (the exact wording depends on the state) that a patient qualifies under a state program to purchase marijuana products. Often this qualification depends on whether a patient suffers from any of a list of “qualifying conditions” – which vary by state.
With a “recommendation” in hand, the patient can then purchase medical marijuana products from a dispensary, subject to various state-specific limitations (like how much marijuana they can buy in any given month).
“Prescription”, on the other hand, has a specific meaning. The Kansas City Medical Society notes that medical drugs are supported by years of study that can provide guidelines for dosages and plans of care. The U.S. Food and Drug Administration regulates these drugs. Patients with a prescription receive these drugs from a certified pharmacist.
Not so with marijuana. Though some states do require physician dosage recommendations, these are not well understood. The FDA has “not approved marijuana as a safe and effective drug for any indication.” Medical marijuana dispensaries are not pharmacies. They don’t employ pharmacists. The people selling the marijuana are basically like knowledgeable sommeliers at a fancy liquor store.
As we saw above, this distinction has insurance implications. As another example, consider workers’ compensation insurance: do these policies reimburse for an injured worker’s medical marijuana? The answer is far more complicated than you’d think.
One more time: medical marijuana is not a prescription drug.
