Cyberrisk is often compared with natural catastrophe-related threats, but a recent study by global reinsurer Guy Carpenter and analytics firm CyberCube suggests a better analogy is with terrorism.
“Probability is assessed in terms of intent and capability.”
The report – Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study – quotes Andrew Kwon, lead cyber actuary for Zurich: “Extending the lessons learned from property cats to the cyber space is intuitive and logical, but cyber continues to be a unique force unto itself. A hurricane does not evolve to bypass defenses; an earthquake does not optimize itself for maximum damage.”
This passage resonated as I read it because a few hours earlier I’d been reading a FreightWaves article about risks posed to international shipping by digitalization and pondering the fact that the same technology that helps vessels anticipate and avoid adverse weather also subjects them – and the goods they transport – to a panoply of new risks.
The FreightWaves article quotes U.S. Navy Captain John M. Sanford – who now leads the U.S. Maritime Security Department within the National Maritime Intelligence Integration Office – describing how the NotPetya virus inflicted $10 billion of economic damage across the U.S. and Europe and hobbled company after company, including shipping giant Maersk, in 2017.
Sanford said Russian military intelligence was behind the hacker group that spread NotPetya to damage Ukraine’s economy. The virus raced beyond Ukraine to machines around the world, crippling companies and, according to an article in Wired, inflicting nine-figure costs where it struck.
“Maersk wasn’t a target,” Sanford said. “Just a bystander in a conflict between Ukraine and Russia.”
Collateral damage.
The FreightWaves article describes how supply chains, ports, and ships could be disrupted more intentionally through GPS and Electronic Chart Display and Information System (ECDIS) systems onboard ships, or even via a WiFi-connected printer: “Pirates working with hackers could potentially access a ship’s bridge controls remotely, take control of the rudder, and steer it toward a chosen location, avoiding the expense and danger of attacking a vessel on the high seas.”
The Carpenter/CyberCube report identifies parallels in the deployment of “kill chain” methodologies in both conventional and cyber terrorism: “Considering terrorism risk in terms of probability and consequence, probability is assessed in terms of intent and capability.”
As our work and personal lives become increasingly interconnected through e-commerce and smart thermostats and we look forward to self-driving cars and refrigerators that tell us when the milk is turning sour, these considerations might well give us pause.
Hurricanes, earthquakes, fires, and floods might be scary, but at least we never had to worry that they were out to get us.
The Insurance Information Institute’s new white paper, “A World Without TRIA: Incalculable Risk,” shows how the market for terrorism insurance has evolved since the 2001 terrorist attacks – from the early days in which there was effectively no market (insurers avoided covering terrorism wherever they could) to today, where the market is stronger but by all accounts unable to shoulder the entire burden without government backstop.
The 9/11 attacks generated by far the most insured losses of any terrorism event. We wanted to see how the government program the Terrorism Risk Insurance Act (TRIA) created in its wake would handle financially a repeat of that awful day.
If that happened, the government’s net payout would be less than zero, as it would recover more from mandatory surcharges to insurance policies than it would reimburse insurers for a portion of their losses.
Meanwhile, the net payout by insurance companies would be nearly $20 billion. Repeating the exercise in the future, the insurer contribution would steadily grow, assuming the law was renewed with the same terms under which it is set to expire at the end of next year. The share borne by policyholders through the surcharge increases more dramatically.
These estimates come from a mathematical model created by the Reinsurance Association of America to increase understanding of how the law operates.
The RAA created the model around the time of the first reauthorization of TRIA in 2005. It is widely regarded as a credible look at how the federal program would react to various scenarios. It has been shown to organizations as diverse as the Federal Insurance Office, the National Association of Insurance Commissioners, the Government Accountability Office, ratings agencies and business groups with a stake in the program, like the U.S. Chamber of Commerce.
“Our intention is to be inclusive so that all of the interested groups vested in the program understand the statute,” said RAA President Frank Nutter.
At the request of the Triple-I, the RAA created four scenarios, each replicating the insurance losses stemming from 9/11. The years modeled were 2019, 2020, 2029 and 2030. Losses were adjusted using the Consumer Price Index. Insurer premium – an important input – was adjusted by a 4 percent compound rate of growth, which is close to what the Congressional Budget Office projects as the growth in nominal Gross Domestic Product over the next decade.
The original program has been modified each time Congress has reauthorized it: 2005, 2007 and 2015. The program has a number of parts, and the RAA model shows that each reauthorization has increased the burden on insurance companies and decreased the burden on the government.
The Triple-I estimates that adjusted for inflation, 9/11 this year would generate insurance losses of $45.7 billion. According to the RAA model, the government would contribute $6.6 billion. It would front another $19.3 billion but recover $27.0 billion from a mandatory surcharge that would be placed on the insurance purchased in all lines of business that the program covers. Netting all that out means the government would pay less than zero. Insurers would be responsible for $19.7 billion, or 43 percent of the total insured loss.
By 2030 9/11 would be a $58 billion event. The government would contribute nothing. It would front $29.6 billion but recover $41.5 billion from policyholders due to the recoupment and surcharge. Insurers would be responsible for $28.4 billion, or 49 percent of the total insured loss.
The main drivers of the changes:
Beginning in 2020, the law makes the size of the industry marketplace retention a function of insurers’ aggregate premiums, so the marketplace retention grows as the industry’s premium does.
Also in 2020 the government’s co-payment shrinks to 80 cents per dollar insurers pay above their deductible, down from 81 cents in 2019.
The amount of losses subject to policyholder surcharges grows to $29.6 billion from $19.3 billion, shrinking the federal support.
The work “is a reminder under the current statute, policyholder and company retentions go up over time,” said RAA President Nutter. “In 2020 this becomes effective in a way that changes retentions of the private sector. It also shows a vanishing federal share.”
The RAA model can show the impact of any proposed changes to the program. It also has the ability to show how the federal program would handle specific major events, including 25-ton truck bombs, chemical or biological events, industrial sabotage and port bombs, using information from two major catastrophe modeling firms, RMS and AIR. It also can tailor results to individual cities; car bombs in New York and Baltimore, for example, will generate different levels of loss.
The modeling firms’ data show “just how big some of the [nuclear, biological, chemical and radiological] events are,” said Scott Williamson, the RAA vice president who developed the model. “The workers compensation exposure is really very large.”
As part of our series of profiles of insurance professionals, we interviewed Darla Finchum, Head of MetLife Auto & Home. She is responsible for growth and management of the company’s personal and small commercial lines, as well as transforming the business to meet the needs of today’s technology-focused consumers. Finchum is also an active member of MetLife’s U.S. Business Diversity & Inclusion Task Force.
I.I.I.: Please tell us a little about your professional background. How did you end up working in insurance and what has your career trajectory been like at MetLife?
Darla Finchum: I’ve spent my career in personal insurance in the property and casualty industry. I started right out of college in the claims organization of an insurance carrier. Claims is where we put people’s lives back together in some of the most devastating moments. I developed a passion for what insurance does for people and for society. It is such a noble profession.
Once I knew that I had a passion and intellectual curiosity for insurance and what the industry stood for, I sought out roles and opportunities in various parts of the insurance business—from underwriting to sales to operations to services. I really began to understand the customer, the back end and front end, the business operations, and why it’s important for us to be a partner in the lifetime of our customers.
I came to MetLife Auto & Home through an acquisition in 2000 and have held various leadership roles including chief claims officer, prior to my current role as head of the business. It’s a real privilege to lead MetLife Auto & Home, drive our business growth and ultimately be there for our customers.
In your early career, has there been a mentor or boss who particularly encouraged and inspired you? If so, is there anything they said or did that you still draw on in your role as leader?
DF: I have been fortunate to meet, connect, and build mentor relationships with many individuals in both my professional and personal lives. My network and group of trusted advisors include former bosses, colleagues both inside and outside my organization, as well as individuals I’ve connected with outside of work, people I have met in life. I believe it’s essential to have a network you can call on, who will tell you what you need to hear and be there in pivotal moments to help in making those big decisions.
Most organizations agree that a diverse workforce is a good thing. Sometimes overshadowed by discussions about diversity is the topic of inclusion. One HR consultant described diversity as the “who” and inclusion as the “how”. How is MetLife promoting inclusion?
DF: MetLife has developed initiatives designed to strengthen an inclusive work environment. Designed in collaboration with human resources partners, business leaders, and external resources, the initiatives focus on three pillars: Attraction, Development/Advancement, and Retention. We define inclusion as a commitment to recognizing and appreciating the variety of characteristics that make individuals unique in an atmosphere that promotes and celebrates individual and collective achievement aligned to our values. We promote a culture where we respect others and listen for both facts and feelings to show respect for others’ perspectives. We focus on commonalities and value differences by identifying areas of agreement and shared goals.
Diversity, inclusion, and associate engagement are top priorities for me as a leader. Our Enterprise Local Inclusion Action Teams and Americas U.S. Diversity Task Force are two programs I’m involved in to promote and create inclusion across MetLife. Understanding employee values not only supports and helps them to thrive; it also has a positive impact on the business. Being involved in these enterprise teams gives me the opportunity to implement best practices across the broader organization, starting at the top with my senior leadership team.
How does MetLife go about recruiting employees from non-insurance backgrounds?
DF: It’s important for businesses to have look outside their industry to not only hire people with great experience but also individuals with intellectual curiosity, an ownership mindset, and who are willing to challenge the status quo, take risks, and experiment. MetLife leverages our recruitment marketing platform to promote jobs on our career site and various diverse job boards. In addition to job boards, our recruitment teams leverage several tools and channels to meet prospective candidates where they are and promote our employer brand, such as social media, Glassdoor, Indeed, job fairs, AI tools, community-based organizations, and employee referrals. MetLife is focused on targeting candidates who align with our core behaviors and values from a variety of industries.
What steps is MetLife taking/has taken to build a consumer-centric culture?
DF: Today’s consumers are aware of what’s possible and expect to engage with businesses on their own terms and in their preferred channels. At MetLife Auto & Home, we are focused on putting the customer at the center of our business to ensure we are delivering products and coverage our customers need, as well as quality service and experience they want.
We provide a personalized experience in which our customers can engage with us whenever, wherever, and however they chose. Whether that’s over the phone, through our website and apps, or in-person, we are a trusted advisor ensuring we provide the right types of guidance and advice to our customers.
In today’s world of emerging technologies, it’s important to have a balance of leveraging the latest technology like artificial intelligence, aerial imagery, and drones with the human connection. While digitalization and speed are core to today’s customer experience, the human connection is important in insurance. Immediately after an auto accident a customer may want to speak with a person at their carrier to verbally explain what happen, ask questions, and receive reassurance the claim will be handled. Once the initial claim has been submitted, a customer may choose to only receive updates via email and/or the app as they have the confidence in us that the claim will be properly handled.
And finally – What are you passionate about outside of work?
DF: While I’m passionate about insurance and my career, I’m just as (if not more!) passionate about my family – I strive for work-life balance. Whether it’s watching my grandson play baseball, a girl’s trip with my daughters or our annual family vacations, spending time with my family is a top priority and joy of my life. The balance of work and life is something I encourage for all our associates to make a priority. I remind them they can have it all, but they can’t do it all, so surround yourself with people who will help you along the way.
Electronic cigarettes have been marketed as a healthier alternative to smoking tobacco, but a recent outbreak of lung disease linked to e-cigarettes shows that smoking is unsafe in any form, and insurers are cautioned to review their books of business for exposures to e-cigarettes.
The Centers for Disease Control (CDC) has reported 12 deaths and 805 cases of lung injury linked to e-cigarettes (or vaping) as of this week. Of the 373 cases where data on the patients was available, about three-quarters were male, two-thirds were 18 years to 34 years old and 16 percent were younger than 18 years
The cause of the illnesses has not been linked to any specific ingredients or devices. And while health officials continue to investigate, people are cautioned to refrain from using e-cigarettes altogether, and particularly to stay away from vaping liquids or devices sold on the street.
And if the outbreak of lung disease is not bad enough, e-cigarette batteries have been known to explode, causing serious injuries and a few deaths. A study from George Mason University estimated there were more than 2,000 visits to U.S. emergency rooms from 2015 to 2017 for e-cigarette burns and explosion-related injuries.
In a recent blog post, Tim Fletcher, Senior Emerging Issues Specialist at Gen Re suggests that in response to the situation insurers should review their small commercial retail book to determine whether any are selling e-cigarettes. Such retailers could include convenience stores, gas stations, and liquor stores. The blog lists several forms and ISO exclusions for e-cigarettes.
The Gen Re blogger reminds insurers that the duty to defend exists in all standard CGL occurrence forms with the potential to incur uncapped defense costs.
Most people don’t like to think about risk — especially when planning a holiday abroad. If they think about travel risk at all, it tends to be in terms of nuisances like flight cancellations or misrouted luggage.
The collapse of British travel company Thomas Cook, which left many thousands of travelers stranded, highlights the types of risks travelers rarely think about.
This week’s seemingly overnight collapse of British travel company Thomas Cook – leaving approximately 600,000 travelers stranded worldwide and leading U.K. authorities to launch what has been called be the “largest peacetime repatriation ever” – underscores several of the myriad risks that most travelers rarely think about.
For better or worse, when I hear “repatriation” the word is typically followed in my mind by “of remains.” While mass repatriations like the one occurring this week are rare, people often die while traveling for pleasure or business. Whether it’s headline-grabbing strings of mysterious deaths like those in the Dominican Republic earlier this year or more common, less publicized deaths by auto, drowning, or natural causes, the cost and complexity of returning the bodies of loved ones can compound the stresses typically experienced by grieving families. A travel policy with adequate coverage for repatriation of remains is a relatively inexpensive way to help address this burden.
Now, you’re even more likely to become ill or injured while traveling than you are to die. Have you checked your current health insurance to see what it does and doesn’t cover when you’re traveling outside your country? Depending on what you learn, you may want to consider buying medical travel insurance. If your health policy does provide international coverage, the U.S. State Department advises that you remember to carry your insurance policy identity card and a claim form.
In the case of a serious illness or injury, the State Department says, medical evacuation can cost more than $50,000, depending on your location and condition. A policy that covers medical evacuation and emergency extraction (say, in the event of natural disaster or political unrest) also is worth considering for international trips.
Perhaps the most important lesson to draw from the “surprise” collapse of 178-year-old Thomas Cook is that it wasn’t exactly a surprise for those who were paying attention. As the U.K.-based Guardian news site reports, “The tour operator’s woes go back much further” than its inability to secure a £200 million lifeline from its bankers. The Guardian calls Thomas Cook “a victim of a disastrous merger in 2007, ballooning debts and the internet revolution in holiday booking. Add in Brexit uncertainty, and it was perhaps only a matter of time before the giant of the industry collapsed.”
Travelers often are so focused on capturing bargains that they don’t take the time to research the organizations bringing them great deals or the safety considerations in the lovely destinations being marketed to them. In travel, as in other adventures, it’s often the case that “you get what you pay for.”
Maybe a bit of research might have kept some of the hundreds of thousands of inconvenienced Thomas Cook clients from putting all their holiday eggs in a single overstuffed basket.
On September 19 Advisen hosted its second annual Big, Nasty Claims Conference at the New York Law School. The discussion focused on the issues that are driving mass torts and class actions that have the potential to exceed $100 million.
In her opening remarks, Ellen Greiper, partner with Lewis Brisbois, said that seven to nine figure verdicts are becoming common, a statement echoed by many of the panelists. And in his keynote address, Sherman “Tiger” Joyce, president of the American Tort Reform Association cited the trend of courts becoming a vehicle for public change that started with the tobacco litigation in the 1990s and continues through today’s opioids liability litigation. He also noted that the sheer “critical mass” of claimants is driving astronomical verdicts, for example the Xarelto® blood thinner lawsuit had 25,000 claimants and resulted in a $775 million verdict.
He mentioned speaking with an insurer who was ready to settle an older, expired claim for $150,000. Then legislation came through, changing the statute of limitations – and the claim demand changed to $50 million. “It’s not going to stop here. It’s never a one-off when it comes to this type of activity. Toxic torts, there are any number of events this will migrate to. Be on the alert for the exposure,” he warned the audience. “It’s gotten to the point where it’s just exploding.”
Joyce also cited liberal expert evidence rules, and the bending of personal jurisdiction rules, especially in so-called judicial hellholes, leading the way to more and bigger casualty losses.
Jim Blinn, executive vice president, Client Solutions, Advisen and Jesse Paulson, managing director, U.S. Excess Casualty Leader, Marsh, led the session dealing with frequency and severity trends for losses larger than $100 million, including a growing number of verdicts that breach the $1 billion threshold. The audience got a glimpse into Advisen’s proprietary excess casualty loss database via a slide listing recent colossal verdicts. Topping the list were Monsanto’s Roundup, Johnson & Johnson’s Pinnacle hip replacements and opioids and PG&E’s Camp Fire related losses.
In a session dealing with the insurance industry’s response to large claims Kathy Reid, senior vice president of Berkshire Hathaway Specialty Insurance said that the more information the insurer has about a client the better — uncertainty causes price to increase. She said that while this is not the best time for insurers to come into the market some middle market casualty business can still be profitable.
So what types of Big Nasty Claims keep insurance executives up at night? Paul DeGiulio, senior vice president of General Casualty and Health Care Claims, Allied World, cited incidents causing multiple claims such as train wrecks or industrial explosions. Aging infrastructure and commercial auto (with rising fatalities on the road) are also areas of concern. And in premises liability, more businesses are being held liable when customers fall victim to crime in parking lots and garages.
By Brent Carris, Research Assistant, Insurance Information Institute
Left to right: Brett Lingle, Zoë Linder-Baptie, James Ballot and Brent Carris
The Wharton Risk Center and the Insurance Information Institute co-sponsored the second annual Hack-for-Resilience at PennApps XX, the nation’s oldest and largest student-run college hackathon. Presentations were given by Carolyn Kousky and Brett Lingle of the Wharton Risk Center School; and the I.I.I.’s James Ballot.
From September 6 – 8, 18 student teams used software and hardware technologies to “hack”—conceive and build new apps and devices—ways to combat the risks posed by natural disasters, such as hurricanes, wildfires, and floods. The students also vied to create either a product or service that provided insurance in a customer-friendly manner, a category generally known as Insurtech.
A panel of judges from the I.I.I. and the University of Pennsylvania’s Wharton Risk Management and Decision Processes Center selected the winners.
First place in the Insurtech category was Wildfire Protect– a parametric wildfire insurance product designed to provide immediate payouts to insureds that experience property damage from wildfire.
Second place was a tie between Prophet Profit and Navig8. Prophet Profit is an app designed to help households save money by allocating funds in all sectors of the stock market. The Navig8 team created an app to assist the visually impaired communicate during a disaster.
First place in the resilience category was awarded to a hack called Phoenix. This team created an autonomous drone which detects and extinguishes fires.
On September 11, 2001 terrorists hijacked commercial airliners and flew them into the World Trade Center towers and the Pentagon. The attacks remain the deadliest and most expensive terrorist incidents in U.S. history, with insurance losses totaling about $47.0 billion in 2019 dollars, according to I.I.I. estimates.
In the wake of the attacks the U.S. Congress enacted the Terrorism Risk Insurance Act of 2002 (TRIA). The act creating a federal backstop for catastrophic terrorism losses that is designed to keep terrorism risk insurance available and affordable. It was renewed in 2005, 2007 and again in 2015. The act is set to expire on December 31, 2020.
Over the next months the Triple-I Blog will run stories featuring key participants in the terrorism risk insurance market and highlight news stories from our database from the periods immediately following 9/11 (before TRIA) and 2015 (when TRIA briefly lapsed).
Below is an abstract from the I.I.I. database citing a BestWeek article from October 1, 2001. The article refers to the fact that the heaviest insured losses were absorbed by foreign and domestic reinsurers, the insurers of insurance companies. Because of the lack of public data on, or modeling of, the scope and nature of the terrorism risk, reinsurers felt unable to accurately price for such risks and largely withdrew from the market for terrorism risk insurance in the months following September 11, 2001
