Not long ago, ESG (environmental, social, governance) risks would have been missing on most chief risk officers' (CROs) radar screens. It's true that CROs in certain industries have been managing environmental risks for many years due the nature of their companies’ products or processes. However, the concept of ESG, including DEI (diversity, equity, inclusion), as a conjoined corporate imperative is relatively new. 

As ESG gained support and momentum, CROs and others saw the one risk that seemed to be evident: not implementing some ESG protocol. The passing of time has revealed a whole new set of risks that CROs need to help their companies realize and manage.

Not Meeting Established Goals

More and more companies are disclosing their specific goals relative to ESG just as they do their growth and earnings estimates. One of the big differences behind these two sorts of goals is that companies have a lot of historical and trend data to draw on when setting financial goals but do not have an equal amount of data when setting ESG goals. Another difference is that some ESG goals are being set because outside organizations are forcing specific numeric and timetable goals to be adopted by companies rather than companies setting their own realistic goals.  

Thus, the risk of not meeting publicly stated goals is significant. That risk translates into other categories of risk not the least of which is reputational risk. Failure to meet ESG goals can lead to investor dissatisfaction, regulatory scrutiny, shaken consumer loyalty and reduced sales, among other outcomes. 

Greenwashing 

Further, if the effort to meet the goals is deemed deliberately insufficient or nonexistent, it could lead to charges of greenwashing with penalties attached. The FTC (Federal Trade Commission) has levied fines on companies that misled consumers with false advertising/marketing regarding how environmentally friendly its products are. The SEC has fined or investigated banks that misled customers regarding “green” investment funds that turned out not to be so “green.” 

Given the public interest and the oversight of regulatory agencies being so keen on the topic of ESG, greenwashing risk is very real and significant for companies that only wish to give the appearance of fulfilling ESG principles. 

Unintended Consequences   

Almost any major action a company takes can have unintended consequences, and the more innovative or previously untried actions can easily incur negative unintended consequences. Consider a company that steps up its corporate giving to community minded nonprofits only to have nonprofits that have not been chosen to get contributions complain or sue on the basis of discrimination or conflicts of interest. The company could also have its customers turn against it because they recognize that corporate giving usually means higher prices for them. The company in this example expected to be lauded for its giving but got negative reactions instead. 

Next, consider a company that wants to strengthen its governance by broadening the group of individuals involved in vetting a product launch and winds up increasing the time to market by one year. The company in this example may have overdone the vetting process and allowed its competition to have first mover advantage by launching a competing product ahead of it.

Negative unintended consequences tend to be surprises for which management is unprepared and which greatly upset investors. It is hard to overstate the risks posed by unintended consequences because they can be very costly in so many different ways.  

See also: ESG Means 'Extremely Strong Gains'

Expense

Companies know that transformative steps to be more environmentally, socially and governance responsible will likely increase expenses, at least, in the short term. However, the risk that these expenses can ramp up exponentially and become runaway costs always exists. Once down the path of transformative change, it's often impossible to readjust or halt forward movement, even if expenses balloon beyond projection. The risk of unplanned levels of expense can affect profits and all other business practices that depend on profits, e.g., management compensation.

Some ESG-related undertakings that can effectuate increased cost include: 1) moving from a gas-fueled fleet to an electric one, 2) adding staff to handle new ESG initiatives in human resources, operations, internal audit, IT and other functions, 3) making improvements to HVAC systems to reduce dependence on fossil fuels. These may all be worthwhile investments, especially in the long term, but add to budget in the short term. Companies need to understand and plan for the risk of having higher expenses turn into a marketplace disadvantage.

Management Focus

It's no secret that in our increasingly complex world, the attention bandwidth of company management is stretched. Adding a host of goals and protocols at the same time as dealing with new technology, new levels of data detail, new threats and risks, new regulations and reporting requirements can be daunting for managers at all levels. An aggressive adoption of ESG by an already overloaded management team, can diffuse their focus on the business fundamentals that keep the company afloat. Caution and reasonableness need to be applied. 

Conclusion

As they work with senior management, functional leaders, the risk committee and risk owners, CROs need to make sure that ESG risks are not ignored but rather are identified and mitigated. These are not risks that can be ignored because they can have wide-ranging repercussions.

In today’s highly competitive insurance marketplace and the era of heightened customer expectations, insurers must find ways to optimize the customer experience (CX). PwC noted that as the pandemic reshaped customer expectations, “insurers must become more customer-centric and focus on relationships that can spell the difference between loyalty and lost business.”

Branded communication technology, such as branded calling, is emerging as a strategic enabler of best-in-class CX that can help insurers improve customer satisfaction, loyalty and profitability.

Because nearly 87% of Americans don’t answer calls from unidentified numbers, branded communication gives insurers a leg up. It allows insurance providers to identify themselves on mobile devices as a legitimate caller by displaying logos, images and a reason for the call on the recipient’s device at the time of the call and in the native call log afterward. Branded calling helps insurers deliver a positive CX by injecting transparency into the phone call, which gives consumers the confidence to answer their phones.

That’s critical today as robocalls flood the phone channel, making consumers wary of answering calls from unknown numbers. Recent scam data estimates U.S. mobile subscribers received over 100 billion scam calls during the first six months of 2022. This projects to over 80 million successful scam attempts, resulting in cumulative financial losses as high as $40 billion. 

However, the phone channel remains a preferred method of communication. In a 2022 Insurance Survey Report that explored the insurance calling experiences of 5,000 U.S. mobile subscribers, 42% of policyholders prefer communicating with insurance providers over the phone. 

See also: 8 Key Changes for Customer Experience

The survey also found that more than three in four respondents (76%) reported missing a call from their insurance provider because they didn’t recognize the number calling or it was not properly identified as a call from their insurance provider. These missed calls directly affect the customer experience, particularly when missed connections with insurers involve time-sensitive policy and payment decisions. The survey results revealed that missing these calls had a “moderate to big impact” on nearly 60% of respondents, and almost 20% reported that missing the call cost them valuable time or had a direct financial impact. Even when survey respondents requested a call back instead of waiting on hold, a significant number of these people (59%) still missed the call back because they did not recognize who was calling.

Missed calls add up to lost time and money for insurers and a bad experience for clients who either start the call process all over again, hoping to make a connection with the insurance provider or take their business elsewhere. Bad CX can put brand loyalty and revenue gains at risk. A survey by CX platform Emplifi revealed that 63% of U.S. consumers said a poor customer experience is enough of a reason to leave a brand they were previously loyal to.

Increasing loyalty and reducing customer churn has a bottom-line impact on any business but is especially high stakes in the insurance industry which has the highest customer acquisition costs of any industry. In fact, it’s been reported that it costs seven to nine times more for an insurance agency to attract a new customer than to retain one. 

Branded communication can help insurers reach the right customer at the right time, which is critical to increasing customer loyalty. Customer retention is increased as a result of the transparency provided by the technology, which elevates consumer trust and allows insurers to deliver the relevant and timely communication consumers want. 

The phone call remains an important touchpoint in an industry that is based on personal relationships and protects the things that consumers value most. This touchpoint elevates the customer experience by providing useful information that gives clients and potential clients a better understanding of insurance products and recommendations.

See also: Improving Customer Experience In 2022

Branded calling increases answer rates and improves customer perception of the insurer’s brand. This helps shape the customer experience and helps insurers build stronger relationships with policyholders and deliver human interactions that are particularly important to policyholders when it comes to policy questions, purchasing and the claims process. 

Optimizing communication with this technology powers exceptional customer interactions that boost productivity and revenue by increasing call duration, conversion rates and engagement rates.

A key differentiator and competitive advantage for insurers, branded communication is a strategic CX enabler that allows these companies to better serve policyholders and potential customers, which translates to improved customer satisfaction, increased loyalty and higher profitability.

With the number of cybersecurity attacks growing every year, it’s not a matter of if, but when, a threat comes knocking on your organization’s door. The U.S. was the target of 46% of cyberattacks in 2020, more than double any other country.

With the threat of more attacks growing every year, companies in industries that are considered high risk should be prepared in every way. What makes an industry more vulnerable than another? It’s not that one is less or more prepared than another, it’s what they are trying to protect. The insurance industry is one such vertical – with attackers penetrating this sector to access the personally identifiable information (PII) of millions of Americans. Insurance companies store large amounts of information about their policyholders, and attacks against the insurance industry are expected to grow in frequency and severity in the coming years.

Approximately 68% of business leaders feel their cybersecurity risks are increasing. If you are a leader of an insurance firm, the time is now to minimize all possible risks and maximize efficiency and response to an impending threat. Here are a few ways to ensure preparedness against cyber criminals. 

1. Properly Train Employees to Mitigate Risk

All potential weaknesses are important to take into consideration when weighing security risks. According to a study, 95% of all cybersecurity breaches occur due to human error, and such error can occur at any access point in online activity, which is why educating and training employees in safe online practices is the first step in avoiding catastrophe. 

There are a few best practices: 

• Encourage Taking Care of Devices — A study conducted by Forrester found 15% of company breaches are caused by lost or missing devices. With remote work becoming more common, awareness and prevention is absolutely essential because every gadget–personal or professional–becomes a possible gateway to your company’s network. A device management and monitoring solution might be considered, so the IT team can manage employee devices from anywhere and mitigate risk. However, keep in mind this should only serve as a backup solution.
• Teach Employees to Spot Suspicious Activity — Training may be required to improve employees’ ability to spot suspicious activity, such as: the sudden appearance of new apps or programs on their devices; the device slowing down for no apparent reason; new extensions or tabs in the browser; or loss of mouse and keyboard control. Every employee should be fully aware of these signs while operating a company device. 
• Reinforce Confidentiality — Fully explain the rationale of virtual private networks (VPNs), multi-factor authentication, frequent password changes and other secure processes to employees. It’s best to provide examples and scenarios of data breach consequences to help them understand risks can occur anytime, anywhere, and can affect them and their personal information just as much as it can affect the company as a whole. This highlights the essential need for meticulous management practices. 
• Take Advantage of Training and Online Courses — All of the above and more can be properly addressed through the use of online training courses and frequent “security check-ins” throughout the year. The Federal Trade Commission, Department of Homeland Security and others provide courses and programs for organizations to help ensure your company will be safe from harm.

2. Employ Artificial Intelligence (AI) and Machine Learning (ML)

The more insurance companies join the digital landscape, the more incorporating AI and ML into systems will help mitigate risk. Intelligent data gathering will significantly help insurance companies protect against malware, ransomware and advanced persistent threats (APT). The newest artificial intelligence and machine learning technologies can analyze a vast amount of data quickly and can detect any deviation from an expected pattern in data behavior. These programs can be used to monitor data workflows and respond to attacks immediately.

Technical cybersecurity solutions for the insurance industry must focus on access control management, data behavior, the encryption of large data volumes and the prevention of data leaks. Remember these elements when searching for a cybersecurity solution for your firm.

See also: A New Era of Cyber Risk

3. Have a Plan of Action in Place

Perhaps most importantly, having a written plan and protocol in place provides peace of mind for insurance leaders, investors and customers. This plan should outline every possible measure of safety and action. Here are some examples of best practices:

• Data Privacy Policy: Provides an in-depth guide around the handling of corporate data to ensure maximum security
• Retention Policy: Describes how various types of corporate data are expected to be stored or archived, where and for how long
• Data Protection Policy: How the organization handles the personal data of its employees, customers, suppliers and other third parties
• Incident Response Plan: Responsibilities and procedures that must be followed to ensure a quick, effective and orderly response to security incidents like ransomware attacks and breaches

The considerations outlined above are intended to maximize preparedness and security against a potential cyber attack on an insurance firm. Even in circumstances where a threat seems unlikely, countless businesses of all sizes have fallen prey to cyberattacks in the past few years, and that number is rising. If employees and digital systems rely on the online ecosystem, there’s a good chance of an attempted or successful attack. 

Can your organization afford to risk such an event? If the answer is no, it’s time to put an action plan in place. Protect what matters – your resources, your people and, above all, your customers.

Insurance telematics has been explored by insurers for the past couple of decades, and insurers have approached it with varying degrees of curiosity, commitment and disillusionment. The same has recently occurred with insurtech.

There have been more telematics failures than successes, but these successes clearly show what is achievable if the technology is used well. When a market is in its “disillusionment phase,” all the failures are used as excuses for a lack of innovation.

But the best practices have already demonstrated what can be achieved. As Dr Jan Myszkowski, the author of  50 Shades of Leadership, said during the last peer discussion of the IoT Insurance Observatory, “The world is full of customers and money; if you don’t grow… the problem is you!”

One of the lessons I have learned over the years is that telematics should be seen as a business capability, not as a product or IT project. This strategic capability (basically the application of the IoT paradigm – sense, infer and act – to the auto insurance business) can provide value and returns on many different levels in any insurance company in any market around the world.

There are six questions any business leader can use to assess if this capability is currently necessary for their organization:

1. Are any crashes due to the risky behavior of your policyholders? More than a dozen insurers around the world are using telematics data within a structured behavioral change program. Best practices such as those of Discovery Insure have generated up to three percentage points of improvement in the loss ratio by providing frequent and tangible rewards. This opportunity is so relevant that three insurers – among the largest in their own markets – have introduced telematics functionalities in their core app to offer the behavioral change program to their current portfolio of policyholders (without any element of usage-based pricing) in the past 18 months.
2. Does your company care about corporate social responsibility? An insurer able to improve the driving behaviors of its policyholders not only makes their lives better and improves its technical profitability but also saves lives. Telematics (if used to promote safer behavior) creates safer roads.
3. Is your claim department adjudicating and paying any claim? Italian and U.K. insurers have developed advanced capabilities in using telematics-based insights in their claim processes over the years. I’ve seen best practices detecting inflated claims and reducing by up to 18% the incidence of bodily injuries on their portfolio, with others increasing settlement speed while also improving customer satisfaction.
4. Is your company interested in selecting the lowest risks at each pricing level? At telematics conferences, you often hear that self-selection is the “best friend” of any telematics program. “For sure, there is a world of difference between people who are on [usage-based insurance] and people who are not on UBI […] The fact that you say ‘yes’ to UBI is a data point” is one of my favorite quotes to explain this peculiarity of current telematics offerings. Based on my experience, the magnitude of the effect is different based on the technology used and the product storytelling. For example, a player such as Discovery with an app&tag approach has quantified nine percentage points of this self-selection effect.
5. Do you need to increase retention? Almost all the insurers I have worked with over the past 10 years have experienced higher retention in the telematics portfolio compared with the traditional one. “Customers who connect and sign up for a telematics program tend to have anywhere between 5-15ppt higher retention rates relative to those who have chosen to not enroll into a program,” reported Allstate – one of the international best practitioners in mobile-based telematics – a few months ago.
6. Is your company interested in generating more revenue? Paying a fee to have telematics services wrapped around their insurance coverage has been normal in Japanese, Italian and South African markets for a few years. Moreover, customers are ready to pay for services even in other markets. SwissRe and my IoT Insurance Observatory – a think tank that has aggregated more than 150 organizations over its six annual editions – have interviewed 10,000 policyholders in the U.S., Canada, the U.K., Germany, France, Spain, Portugal and South Africa this summer. And 57% of them said they would pay at least €5 a month to receive telematics services together with their insurance coverage.

See also: Telematics Consumers Are Ready to Roll

Any executive who has answered yes to one or more of these questions should choose to develop telematics capabilities. The time to start is now because we are talking about capabilities. A competitor’s product can be replicated in a few months, but capabilities need time – innovation lap after innovation lap – to be built and internalized in an organization.

You can find this article originally published here.

With inflation remaining stubbornly high and climate risks increasing, insurers in niche sectors face an impossible choice: put their underwriting profits at risk or drive customers away with high premiums. Insurers in specialty lines need new ways to reduce cost and drive efficiency to overcome a challenging market.

Due to high demand and volume of standard personal and commercial insurance, such as car or small business owners insurance, there is limited room for price and coverage variation. The converse is true for specialty markets, from high-value property assets to large-scale commercial cyber coverage and everything in between. Niche sectors face the risk of becoming prohibitively expensive in today’s market. Policyholders needing specialized coverage, such as complex commercial sectors, often act as a canary in the coalmine for the industry at large; they are the first to notice insurers raising premiums unsustainably or exiting niche markets. Currently, 78% of risk managers report rising insurance premiums as the biggest concern for their high-net-worth clients. 

Every year, climate change brings even more unpredictable and damaging weather events. As of October 2022, there were 15 disasters with losses exceeding $1 billion. These include drought, flooding, storms, cyclones and wildfires. This is far above the average from 1980-2021 of 7.7 events. Supply chain issues associated with COVID-19 and the war in Ukraine make the task of rebuilding costlier and more difficult. According to Fitch, the cost of building materials increased 23% year-on-year in Q1 of 2022. 

With massive catastrophes like Hurricane Ian laying waste to swaths of property, this year will be the second year that insured losses from disasters exceed $100 billion. As cost per claim soars, insurers find themselves stuck between a rock and a hard place. If insurers raise premiums, they risk pushing customers past what is affordable and widening the protection gap. If insurers lower underwriting capacity in unpredictable markets, they miss opportunities to capitalize on raised demand caused by extreme weather conditions. 

If insurers want to successfully walk the tightrope between charging prohibitively and losing money on pay-outs, they need to be agile. Niche sectors with razor-thin profit margins require insurers to react immediately to the fast-changing market landscape. To generate a profit, tech-enabled businesses must operate at the highest efficiency. Stripping out legacy IT systems helps insurers eliminate technical debt and become nimble. These savings in turn enable insurers to keep premiums as affordable as possible while managing financial risks the economic and geopolitical climate bring. 

See also: What to Do About Rising Inflation?

Many carriers are still stuck using antiquated IT infrastructures. Yet, modern digital core insurance platforms enable ease of integration and cloud-native operating systems offering continuous updates. No-code platforms provide flexibility and agility for insurers to provide greater personalization, usage-based plans, on-demand policies, and expanded portfolios. This flexibility unleashes the creativity of insurance professionals. Insurers can make and implement pricing and distribution decisions, tailoring their offering without relying on developers. The time saved translating business needs to technical users alone enables rapid launch of new products tailored to the fast-moving niche markets of the day. 

Using API-enabled systems with the right data integrations, businesses can also support more accurate risk modeling in specialty lines and offer a more seamless quoting experience. Platforms built with integration in mind use available data sets to the full, enabling data pre-fill and straight-through processing. This can save agents and underwriters days or weeks of time, offer real-time service for agents and policyholders and increase underwriting capacity without increasing head count.  

As just one practical example for keeping step with rapidly changing weather patterns, an aerial imagery property intelligence API can be quickly and seamlessly plugged into a SaaS platform. This way, insurers have up-to-date information on the state of a property and the risk characteristics associated with the surrounding area. With climate change making weather unpredictable and rendering historical risk trends obsolete, it becomes necessary to lean into the latest innovative technologies to collect accurate risk intelligence, underwrite profitably and speed up claims processing times. 

Despite relentless challenges facing the P&C insurance sector, with API-enabled, digital-first, no-code platforms, insurers can not only overcome the current challenges, but set themselves up to overcome future headwinds. With the right technologies, insurers can outflank competitors, rapidly bring innovative products to market and insure otherwise underinsured customers.

Cyber security can still feel vague for many people whose knowledge is often limited to malware and ransomware. However, from a risk perspective, the threat of cyberattacks to individuals, businesses and the government is wide-ranging and has grown exponentially in the last few decades. Current geopolitical and economic conditions, specifically those tied to the conflict in Ukraine, have increased cyber risks as nation-state actors continue to orchestrate more prolific cyberattacks against other countries. Preparing for these risks has challenged insurers and businesses through safety protocols, frequent assessments and evolving industry-wide mitigation strategies.

Is the threat of escalating cyberattacks real?

Simply put, the threat is very real. In April 2022, Microsoft released an in-depth report “detailing the relentless and destructive Russian cyberattacks we’ve observed in a hybrid war against Ukraine.” The Microsoft report described how, for the first time in history, the world observed a conflict where a nation’s “use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians.” 

In the weeks and months leading up to Russia’s military offensive into Ukraine, multiple cyber security researchers identified highly destructive malware suspected of being from Russian nation-state actors. While destructive malware is not new, the volume of new malware that masquerades as ransomware before deploying the destructive phase of the malware is most concerning. 

Ransomware continues to be a booming business. With any new piece of malware, there are unique deployment and infection vectors that raise tension for companies and governments as they work to strengthen their cyber practices. While security professionals are tracking and mitigating risks, there is no guarantee that highly sophisticated and dangerous nation-state-originated malware will stay contained to the geographical regions of their intended targets. This malware may be obtained and modified by other nation-states, criminal hacking groups and various malicious actors to create new variants for nefarious, profitable gain. As companies improve their security posture and data protection methods, criminal groups continually look for proverbial bigger sticks to carry to coerce companies into paying ransoms. 

Impact of the conflict in Ukraine on cyber recovery efforts

In addition to the organized weaponization of cyberattacks, the current conflict in Ukraine has affected an already sluggish supply chain system of technology parts. The global microchip supply suffered significantly during the COVID-19 pandemic, while the demand for devices using microchips soared overnight as people began to rely more on digital communications. The shortage worsened immensely with the conflict in Ukraine. Microchips require specific lasers in their manufacturing process, and one of the materials critical to operating those lasers is semiconductor-grade neon. Two Ukrainian companies supplied approximately half of the world’s semiconductor-grade neon to the global marketplace. When those companies shut down following Russia’s invasion of Ukraine, 50% of the global semiconductor-grade neon disappeared from the manufacturing pipeline. Experts predict that if the Ukraine conflict continues to drag on, it will likely further affect the broader supply chain and the ability to manufacture products that use microchips.   

That means if large-scale, destructive cyberattacks occurred, victims may be unable to buy or source enough devices to get back online. Additionally, there is concern about inflationary prices associated with this scenario. A potential destructive cyberattack could effectively shut down essential services and businesses for weeks or months in a world where most of our day-to-day tasks have become digitized.  

Broader connectivity of risks

We are in an increasingly connected world, meaning there are more complex and often unrecognized connections across firms than ever. Increased market concentration, paired with complex and often unrecognized connections across firms (including shared technologies and third-party service providers), can result in a single or near-single point of failure. In any industry, this could create a correlated, systemic cyber event.

As more organizations purchase cyber insurance, from 26% in 2016 to 47% in 2020, cyber insurers are reviewing their portfolios to determine their exposure to evolving categories of systemic risk and taking steps to ensure solvency should a systemic cyber loss occur. A 2018 Lloyd’s of London study modeled the potential insured loss of $19.49 billion resulting from a five- to 11-day outage at one cloud provider. That’s nearly double the estimated annual cyber insurance premiums of $8 billion to $10 billion, so it’s clear why insurers are concerned.  

See also: October ITL Focus: Cyber Threats

Next step for cyber insurers

Aon’s Cyber Security and Supply Chain white paper suggests the following strategies to mitigate the effects of a cyberattack. 

• Ensure cybersecurity teams are up to date with existing threats
• Ensure a disaster recovery plan and assess supply chain redundancies for devices, identifying alternative sources of devices in case of an emergency
• Confirm an incident response plan and run tabletop exercises to prepare for the worst-case scenario
• Maintain good cyber practices, including: 
  • Have sufficient network segmentation
  • Arrange off-site and offline backups
  • Use endpoint detection and response (EDR) solutions
  • Employ internal monitoring 
  • Implement phishing prevention
  • Mandate cyber security awareness training for all employees

Additional services to consider include: 

• Conducting a Threat Hunt or Adversary Simulation—both of which can help detect a malicious actor lurking in your system before a breach
• Implementing procedures to minimize credential theft, prevent account abuse and secure internet-facing systems and remote access 
• Consider risk transfer solutions either through traditional cyber insurance or other alternative methods

Cyber risks are not limited to global conflict and will have a major impact for all stakeholders. But mitigation techniques and partnerships with strategic consultants such as Aon will help as we ride out the latest risk management issues.

In the final two weeks of 2022, an arctic high-pressure system, guided by a south-bound polar jet stream, pushed frigid air across Canada and the U.S., reaching the Gulf Coast region. The combination of widespread freezing temperatures, strong winds and extensive precipitation exceeded forecasters' expectations. Hundreds of winter weather alerts were issued, and 60% of the U.S. population was affected by Winter Storm Elliott. The impact was significant. At least 69 deaths in the U.S. have been attributed to the storm to date, of which 38 perished in the historical blizzard conditions in Buffalo, New York. The U.S. insured losses are estimated to be $5.4 billion across the 42 states affected by the storm, according to the catastrophic modeling firm Karen Clark & Co. 

The havoc caused by Winter Storm Elliott is a stark reminder of the power of nature and the exposure the winter season can bring. This event highlights the importance of preparedness and provides several fundamental lessons to better manage winter risks and advance business resilience. 

1. Ensure snow and ice maintenance programs are in place 

Preparedness before the storm is paramount. The new U.S. NOAA Winter Storm Severity Index (WSSI) can be referenced to monitor the potential winter weather conditions and the magnitude of impacts on people, property and processes for any business. A winter weather checklist is also a useful tool to ensure the organization is prepared before conditions deteriorate. 

The snow and ice accumulations were of great concern with Winter Storm Elliott. Roof collapses can occur when the weight of accumulated snow and ice exceeds the live load capacity of the roof structure. Planning, preparation and prompt action to safely remove accumulated snow will help minimize the risk of snow loading and roof collapse.  

Snow and ice accumulation are also the root cause for the majority of slips and falls on exterior surfaces.  Building owners have a legal responsibility to mitigate snow- and ice-related walking hazards on property to protect the general public and employees from injury. A snow removal contract or an internal removal plan to clear access to hydrants, sidewalks, entryways and parking lots can reduce the risk of falls and injuries. Ice prevention using salt, brine and other chemicals on walkways can act as a freeze point depressant on wet surfaces when temperature drops occur.  

2. Confirm workers have proper gear to reduce cold stress and health risks 

Depending on the wind chill and duration of exposure, significant injuries can happen in minutes during a winter storm. In addition, sudden temperature drops and high wind can suddenly change an organization’s risk profile. Winter Storm Elliott dramatically dropped temperatures by 30 to 50 degrees in Colorado and Wyoming. While individuals acclimatized to their environment may fare better than those who are not, everyone is at risk for weather-related injuries, including: 

• Hypothermia occurs when the body temperature drops below 95°F. Because symptoms of hypothermia often go undetected, serious damage to one’s nervous system and organs, even death, may occur. 
• Frostbite occurs when extremities are exposed to lower temperatures and high winds, causing the skin to freeze, and may result in permanent injury to affected areas.  Frostbite affects the extremities, including fingers, toes, nose, ears, cheeks and chin. 
• Heart attacks can occur when the body is not acclimated to the cold weather and works harder to maintain body heat. A seven- to 10-day acclimation period is recommended to reduce cold stress. 

All employees need to understand the additional strain that winter weather brings. It is important to ensure outdoor workers work in pairs, stay informed of their job site weather conditions, wear proper clothing and understand weather-related injury symptoms to enable immediate emergency procedures to be activated, when needed.  

3. Take steps to minimize the risk to drivers and vehicles 

Roadway conditions quickly deteriorated across Canada and the U.S. when Winter Storm Elliott arrived.  Travel warnings and bans must not be ignored or taken lightly. Each year in the U.S., more than 1,300 people are killed and more than 116,800 people are injured in vehicle crashes on snowy, slushy or icy pavement. In Buffalo, several people perished in their cars when emergency responders were not able to respond to all distress calls during the height of the storm. Employees required to drive in winter weather need to understand the dangers, preparation steps and what to do in an emergency to survive.

See also: Hurricane Season: More Trouble Ahead?

4. Plan for winter utility impacts and outages for vulnerable supplies and operations  

Water damage from burst pipes is expected to be the greatest loss driver for Winter Storm Elliott (e.g., sprinkler systems, potable water). In fact, Memphis, Tenn/. alone reported 30 water main breaks. Tanker trucks were required to pump water into area hospitals for boilers that provide heat and steam for sterilization.  

Consider the use of Internet of Things (IoT) technology to reduce the occurrence and impact of frozen water pipes. Wireless sensors are used to monitor and alarm for freezing temperatures before a pipe freeze occurs or for the presence of water if frozen pipes result in a water intrusion incident. Sensors properly placed in a facility can provide insights into unheated spaces that may need to be better protected from freezes. This cost-effective technology can also be connected to control valves to automatically shut off the water when a leak occurs to minimize damage.   

At one point during Winter Storm Elliott, more than 1.7 million customers were without power on the East Coast. Rolling blackouts, which are becoming more common, were implemented to meet the electricity demand in some areas of Tennessee and North Carolina. Business continuity strategies can help prepare for the potential extended water and power outages that may occur during winter storms. 

5. Plan for transportation delays and travel system failures

Time-sensitive and temperature-sensitive supply chains were most vulnerable to Winter Storm Elliott’s power and reach (e.g., holiday deliveries, fresh food and medicine). Businesses can help prevent costly delays by planning ahead for the impact of winter weather on supply chains.  

The ability to understand and minimize the impact to business operations is a core risk management discipline that will enable a business to be resilient as disruptive incidents, supply/demand shifts and other dramatic changes occur. Knowledge and awareness can help business leaders better prepare for emerging risks and potentially disruptive events.

The information, examples and suggestions presented in this material have been developed from sources believed to be reliable, but they should not be construed as legal or other professional advice. CNA accepts no responsibility for the accuracy or completeness of this material and recommends the consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual situations. This material is for illustrative purposes and is not intended to constitute a contract. Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice. “CNA” is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the “CNA” trademark in connection with insurance underwriting and claims activities. Copyright © 2023 CNA. All rights reserved.

It's a sign of the times at Tesla that I need to specify which issue is the moment of truth that I refer to in the headline. I'm not talking about the high-profile lawsuit that began last week into whether CEO Elon Musk owes damages to investors who bought stock in 2018 when he tweeted, falsely, that he had "funding secured" to take the company private. Nor am I talking about the crash in Tesla's stock price over the past year, partly caused by Musk's very public flailing at Twitter, which has, in my view, alienated both investors and potential customers at all Musk's companies. 

No, I'm talking about testimony that recently surfaced about a key video that Tesla used six years ago to sell the idea that its cars could drive entirely on their own. The testimony, from a deposition last July by a senior Tesla executive, acknowledged that the video was staged. Coming at a time of mounting lawsuits that claim an overreliance on Tesla self-driving technology led to accidents, including fatalities, the testimony could be extremely damaging.

It could help undermine a key selling point for Tesla and Musk, who hoped to leverage self-driving into all kinds of additional revenue streams, including insurance -- he has said he can charge extremely low rates because his technology is supposedly so much safer than human drivers are. The testimony, together with all the lawsuits, could also deliver a real black eye to the whole self-driving movement. 

Here is the video from October 2016, complete with "Paint It, Black" musical background, still available on the Tesla website. It begins with this notice: "The person in the driver's seat is only there for legal reasons. He is not doing anything. The car is driving itself." The video shows the car leaving a home and driving, in traffic on side streets and a freeway, before parallel parking by an office in Palo Alto, Calif. Musk promoted the video on Twitter as evidence that "Tesla drives itself." 

Now, here is the Reuters story in which the Tesla executive debunks the video, as part of testimony in a trial about whether Tesla is liable for a crash that killed a former Apple engineer. The Tesla executive says engineers carefully mapped a single route for the car to take and trained it for that one route -- having to intervene multiple times to prevent the car from making mistakes. During one attempt at parking, the car backed into a fence. 

So, it was hardly true in 2016 that "Tesla drives itself." And it still isn't true, according to recent reporting -- a fact that will surely bedevil the company as it defends itself against the various lawsuits. 

A long piece last week in the New York Times magazine about Tesla found that lots of enthusiasts were willing to essentially be guinea pigs for its autonomous driving technology, carefully monitoring for and correcting unsafe behavior by their cars while letting Tesla collect real-world data about problems to be addressed. But the piece also documented a wide array of potentially serious problems. 

For instance, as the author rode in a Tesla with a man named Alford, and it tried to make a left turn: 

"The Tesla started creeping out, trying to get a clearer look at the cars coming from our left. It inched forward, inched forward, until once again we were fully in the lane of traffic. There was nothing stopping the Tesla from accelerating and completing the turn, but instead it just sat there. At the same time, a tricked-out Honda Accord sped toward us, about three seconds away from hitting the driver-side door. Alford quickly took over and punched the accelerator, and we escaped safely....

"It was a rough ride home from there. At a standard left turn at a traffic light, the system freaked out and tried to go right. Alford had to take over. And then, as we approached a cloverleaf on-ramp to the highway, the car started to accelerate. To stay on the ramp, we needed to make an arcing right turn; in front of us was a steep drop-off into a construction site with no guard rails. The car showed no sign of turning. We crossed a solid white line, milliseconds away from jumping off the road when, at last, the wheel jerked sharply to the right, and we hugged the road again. This time, [Tesla's self-driving technology] had corrected itself, but if it hadn’t, the crash would have surely killed us."

A Fortune columnist says,"2023 should prove a watershed year in determining whether Tesla’s deeds amounted to legally protected speech, careless embellishment, violations of civil and criminal law, or something in between."

So, the short answer on what happens to Tesla and self-driving more broadly is: Stay tuned.

But I'll attempt a slightly longer answer.

I think Tesla self-driving is in trouble and believe that the various lawsuits, buttressed by the testimony debunking the self-driving video, will force some kind of retrenchment of the company's aspirations. 

That will surely cause heartburn for other self-driving companies, but shouldn't be a massive obstacle for Google's Waymo, GM's Cruise and a few others, which have taken a very different, "slow and steady wins the race" sort of approach.

We'll see.

Cheers,

Paul

Risk management in modern non-financial companies is very different compared with, say, five years ago. The level of risk management maturity, for lack of a better word, has grown significantly.

As more and more companies across the globe are looking to implement robust risk management, the demand for risk management consultants is also growing. Unfortunately, not all risk consultants are able to generate long-term value for their clients. Here are three reasons why:

A. Selling the wrong product

Non-financial companies want to buy, and many risk consultants continue to sell, risk assessments, risk management frameworks, risk appetite statements and risk profiles. What do all these products have in common? I am being intentionally provocative here, so I will say all these products are missing the point completely. One thing they have in common – they are designed to measure, capture or document risks, making us all believe that risks and their mitigation are the ultimate goals of the exercise. 

Over the years, this tendency to treat risk management as a separate, standalone (some go as far as to say independent) process with its own inputs (data, interviews, experts) and outputs (risk reports, risk matrices, risk registers) created a whole community of risk consultants who seem to be missing the plot completely. Risk management is not really about dealing with risks; risk management is about helping companies achieve their objectives and make better decisions.

Okay, sometimes it may be useful to capture risks for the sake of risks and discuss them with the management team, but this should be more an exception than a norm.

So if risk management is not about risk assessments or risks, then what?

I believe that risk management is ultimately about changing how companies make decisions and operate with risks in mind.

See also: Cognitive Biases and Risk Management

The two modern trends in risk management by far are: integration into business processes/decision-making and human and cultural factors. Yet, it seems most of the modern risk consultants completely ignore both of them. For example:

• It is fundamentally wrong measuring risk level when instead you could measure the impact risks have on key objectives or business decisions using budget@risk, schedule@risk, profit@risk or KPI@risk.
• I believe any qualitative risk analysis based on expert opinions is evil. More on this here: https://www.linkedin.com/pulse/risk-management-used-science-became-art-now-its-just-sidorenko-crmp
• It is wrong to have a risk management framework document, when instead you can integrate risk management principles and procedures into operational policies and procedures, like budgeting, planning, procurement and so on. I bet this example upset quite a few of you.
• It is a mistake try and use a single enterprise-wide approach (sometimes referred to as ERM) to measure different risks. Different risks, different types of decisions and different business processes deserve unique risk methodologies, risk criteria and risk analysis tools.

Reality is, most risk management consultants sell completely wrong products. Management doesn’t care about risks, they care about making decisions that will hold up in court, making money and meeting KPIs. No wonder modern risk management is mainly lip service.

The funny thing is that corporate risk managers make exactly the same mistakes. They, too, need to show value from risk management and fail to do so by focusing on risks (their domain) instead of business processes or decisions (business domain).

B. Confusing risk management with compliance

Did you know that, unlike many other ISO standards, the ISO31000:2009 is not intended for certification? This was a conscious decision made by the people working on the standard at the time. It is a guidance document.

Risk management is just not black and white. For example, risk management is about integrating into decision making and business processes, but every organization will find its unique way of doing so.

Many consultants make a huge mistake by insisting on a single version of the truth. Non-financial regulators or government agencies make even bigger mistake by taking guidelines and making them compulsory. Like COSO:ERM in the U.S., a bad document made obligatory for listed companies.

By far the best way to assess risk management effectiveness is by applying a risk management maturity model. Just keep in mind that most existing maturity models were created by consultants who miss the big picture.

C. Failing to see the intimate details

One of my good friends, Anna Korbut, a few years ago said an interesting thing – “Risk management is a very intimate affair.” I liked this phrase, so I have used it ever since. Risk management truly is intimate and unique. I have been working in risk management for over 13 years in four different countries, I have seen close to 300 risk management implementations and yet every single one was unique in some way.

Unfortunately, many consultants fail to dig deep enough to see how risk management is really implemented into organizational processes and into the overall culture of the organization.

Risk management goes against human nature (see research by D. Kahnemann and A. Tversky), so most of the time risk managers use techniques that are borderline neuro-linguistic programming or building an internal intelligence network. Here are just two examples:

• I personally created a table tennis tournament in the company where I used to work to get an opportunity to meet all business units in informal settings and build rapport. This had a bigger positive impact than monthly executive risk committee meetings where all the same department heads were present.
• A colleague of mine created the whole operational planning procedure within the company to reinforce the need to discuss risks on a daily basis.

See also: From Risk Transfer to Risk Prevention

The key takeaway is – unless specifically asked most risk managers will never disclose how they really build risk management culture within the organization or how they integrate risk analysis into the business. According to ISO31000:2009, risk management is coordinated activities to direct and control an organization with regard to risk. It consists of about a thousand small things that risk managers do on a daily basis, most of which may not directly relate to risk. Yet it is those small things that build risk management culture within the organization. Unfortunately, most risk consultants are quick to jump to conclusions and do not bother to dig deep enough to see all the nuances.

Risk management in every company is unique, it is the risk consultant’s job to figure out how it all comes together to build a better risk-based organization.

P.S. Remember that if your consultant is showing signs of any of the above, it’s time to have an honest chat with him/her.

With high inflation and pandemic tendencies holding on, consumer preferences and buying behaviors have shifted over the past few years. They come with consequences.

The first is that almost all consumers - 90% - have noticed price increases in recent months, and they're taking action. Many consumers are reducing their spending. 58% of consumers said they would cut back on non-food spending during the holiday season this past year. About 60% said they would buy fewer gifts for fewer people. As a result, gift spending was expected to drop by $30 billion in 2022.

Consumers are also changing their habits to save on staples like food and gas. AAA reports that 64% of adults have changed their driving habits or have made lifestyle changes. Research from Cambridge Mobile Telematics shows that Americans with gas-powered vehicles drove less as gas prices increased in early summer.

Consumers are also less loyal today. More consumers reported switching to a new brand or a different retailer in 2022 than at any point in the past few years. Price is driving their decision. 78% of Gen Z, 74% of millennials, 74% of Gen X and 73% of Boomers say price is one of the most important buying factors. McKinsey also says consumers want to try something different. Businesses need to balance innovation with pricing to win.

Consumers are making more purchases online than ever before. They're also expanding their shopping options. E-commerce was expected to account for over 20% of all retail sales by the end of 2022, double their count from 2017. But it isn't just e-commerce giants like Amazon that are benefiting from digital sales. Forrester reports that 38% of U.S. shoppers are making purchases through social media. TikTok users are twice as likely to make a purchase through the app as users on other platforms.

All of these storylines point to three trends: Consumers are more price-sensitive, more digital and less loyal today than they were just a few years ago.

No wonder telematics is more popular than ever with consumers.

Consumers can save significantly on their cost of insurance - upwards of $200 to $300 per policy term every six to 12 months - by switching to a telematics-based policy. As a result, consumers who enroll in these programs are more satisfied with what they pay for insurance. J.D. Power research shows that telematics consumers have higher price satisfaction by nearly 60 points compared with general consumers.

"The only way for insurers to stay competitive in this environment of steadily rising premiums and over-inflated vehicle valuations is to tailor policies to the individual," said Marty Ellingsworth, executive managing director, J.D. Power Insurance Intelligence.

Telematics consumers are also more loyal. Among consumers who typically shop yearly for new insurance policies, telematics consumers are 40% more likely to stay with their current carrier, J.D. Power says. Telematics consumers are also more likely to say they'll definitely renew their policy.

"[Telematics policies have] the potential to create the kind of personalized customer experience that builds long-term loyalty and advocacy," Ellingsworth said.

See also: Telematics Consumers Are Ready to Roll

Consumers have noticed, and telematics adoption is accelerating.

In its latest report on the insurance industry, TransUnion found that insurers are offering telematics to more consumers than ever, and consumers are opting into programs at record levels. From November 2021 through March 2022, the number of people offered telematics programs increased from 32% to 40%, a 25% increase. Consumers choosing telematics programs skyrocketed from 49% to 65%, a 32% increase.

Is telematics at a tipping point? Insurers think so.

"Telematics usage is increasing, and Nationwide expects the usage-based insurance trend to continue," said Nationwide's VP of Personal Lines Product Development. "In 2020, customer interest in telematics increased by 30%, and Nationwide is projecting 70% (or more) of new business will come from usage-based insurance programs by 2025."

Last year, USAA saw enrollment rates in its telematics program dramatically increase. It reported that daily driver enrollment in its SafePilot telematics program was over 200% higher than in 2020, and policy growth year-over-year was nearly 75%. Almost half of all policyholders opted into the program.

Randy Termeer, USAA's SVP of GM auto and small commercial, commented on USAA's growth: "Demand for behavior- and usage-based insurance continues to grow, and we are thrilled to be able to offer personalized pricing and solutions to more of our members."

In a Wall Street Journal report on how parents are helping their teen children drive safer, a State Farm spokesperson said the company saw a 67% increase in customers signing up for the app in the last year.

Travelers, which launched a continuous program - IntelliDrivePlus - reported that their original telematics program grew 50% in 2021. Michael Klein, executive vice president and president of personal insurance, said: "Consumers are increasingly comfortable with pricing that reflects their driving behaviors. IntelliDrivePlus builds on that momentum and offers our customers even more options to personalize their insurance."

On top of this momentum, the record-high inflation rates and increased frequency and severity have made telematics more urgent than ever. Add to these factors an uncertain economic outlook, and you have a situation that could accelerate telematics adoption even further.

Price-conscious consumers will shop more often, searching for ways to save with digital products. Telematics helps insurers capture the market's shifting needs, and, in McKinsey's words, "balance innovation with pricing to win." It helps them address consumers' new financial realities with programs that help them lower their insurance costs while increasing engagement and brand loyalty.