Cyber security can still feel vague for many people whose knowledge is often limited to malware and ransomware. However, from a risk perspective, the threat of cyberattacks to individuals, businesses and the government is wide-ranging and has grown exponentially in the last few decades. Current geopolitical and economic conditions, specifically those tied to the conflict in Ukraine, have increased cyber risks as nation-state actors continue to orchestrate more prolific cyberattacks against other countries. Preparing for these risks has challenged insurers and businesses through safety protocols, frequent assessments and evolving industry-wide mitigation strategies.

Is the threat of escalating cyberattacks real?

Simply put, the threat is very real. In April 2022, Microsoft released an in-depth report “detailing the relentless and destructive Russian cyberattacks we’ve observed in a hybrid war against Ukraine.” The Microsoft report described how, for the first time in history, the world observed a conflict where a nation’s “use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians.” 

In the weeks and months leading up to Russia’s military offensive into Ukraine, multiple cyber security researchers identified highly destructive malware suspected of being from Russian nation-state actors. While destructive malware is not new, the volume of new malware that masquerades as ransomware before deploying the destructive phase of the malware is most concerning. 

Ransomware continues to be a booming business. With any new piece of malware, there are unique deployment and infection vectors that raise tension for companies and governments as they work to strengthen their cyber practices. While security professionals are tracking and mitigating risks, there is no guarantee that highly sophisticated and dangerous nation-state-originated malware will stay contained to the geographical regions of their intended targets. This malware may be obtained and modified by other nation-states, criminal hacking groups and various malicious actors to create new variants for nefarious, profitable gain. As companies improve their security posture and data protection methods, criminal groups continually look for proverbial bigger sticks to carry to coerce companies into paying ransoms. 

Impact of the conflict in Ukraine on cyber recovery efforts

In addition to the organized weaponization of cyberattacks, the current conflict in Ukraine has affected an already sluggish supply chain system of technology parts. The global microchip supply suffered significantly during the COVID-19 pandemic, while the demand for devices using microchips soared overnight as people began to rely more on digital communications. The shortage worsened immensely with the conflict in Ukraine. Microchips require specific lasers in their manufacturing process, and one of the materials critical to operating those lasers is semiconductor-grade neon. Two Ukrainian companies supplied approximately half of the world’s semiconductor-grade neon to the global marketplace. When those companies shut down following Russia’s invasion of Ukraine, 50% of the global semiconductor-grade neon disappeared from the manufacturing pipeline. Experts predict that if the Ukraine conflict continues to drag on, it will likely further affect the broader supply chain and the ability to manufacture products that use microchips.   

That means if large-scale, destructive cyberattacks occurred, victims may be unable to buy or source enough devices to get back online. Additionally, there is concern about inflationary prices associated with this scenario. A potential destructive cyberattack could effectively shut down essential services and businesses for weeks or months in a world where most of our day-to-day tasks have become digitized.  

Broader connectivity of risks

We are in an increasingly connected world, meaning there are more complex and often unrecognized connections across firms than ever. Increased market concentration, paired with complex and often unrecognized connections across firms (including shared technologies and third-party service providers), can result in a single or near-single point of failure. In any industry, this could create a correlated, systemic cyber event.

As more organizations purchase cyber insurance, from 26% in 2016 to 47% in 2020, cyber insurers are reviewing their portfolios to determine their exposure to evolving categories of systemic risk and taking steps to ensure solvency should a systemic cyber loss occur. A 2018 Lloyd’s of London study modeled the potential insured loss of $19.49 billion resulting from a five- to 11-day outage at one cloud provider. That’s nearly double the estimated annual cyber insurance premiums of $8 billion to $10 billion, so it’s clear why insurers are concerned.  

See also: October ITL Focus: Cyber Threats

Next step for cyber insurers

Aon’s Cyber Security and Supply Chain white paper suggests the following strategies to mitigate the effects of a cyberattack. 

• Ensure cybersecurity teams are up to date with existing threats
• Ensure a disaster recovery plan and assess supply chain redundancies for devices, identifying alternative sources of devices in case of an emergency
• Confirm an incident response plan and run tabletop exercises to prepare for the worst-case scenario
• Maintain good cyber practices, including: 
  • Have sufficient network segmentation
  • Arrange off-site and offline backups
  • Use endpoint detection and response (EDR) solutions
  • Employ internal monitoring 
  • Implement phishing prevention
  • Mandate cyber security awareness training for all employees

Additional services to consider include: 

• Conducting a Threat Hunt or Adversary Simulation—both of which can help detect a malicious actor lurking in your system before a breach
• Implementing procedures to minimize credential theft, prevent account abuse and secure internet-facing systems and remote access 
• Consider risk transfer solutions either through traditional cyber insurance or other alternative methods

Cyber risks are not limited to global conflict and will have a major impact for all stakeholders. But mitigation techniques and partnerships with strategic consultants such as Aon will help as we ride out the latest risk management issues.

In the final two weeks of 2022, an arctic high-pressure system, guided by a south-bound polar jet stream, pushed frigid air across Canada and the U.S., reaching the Gulf Coast region. The combination of widespread freezing temperatures, strong winds and extensive precipitation exceeded forecasters' expectations. Hundreds of winter weather alerts were issued, and 60% of the U.S. population was affected by Winter Storm Elliott. The impact was significant. At least 69 deaths in the U.S. have been attributed to the storm to date, of which 38 perished in the historical blizzard conditions in Buffalo, New York. The U.S. insured losses are estimated to be $5.4 billion across the 42 states affected by the storm, according to the catastrophic modeling firm Karen Clark & Co. 

The havoc caused by Winter Storm Elliott is a stark reminder of the power of nature and the exposure the winter season can bring. This event highlights the importance of preparedness and provides several fundamental lessons to better manage winter risks and advance business resilience. 

1. Ensure snow and ice maintenance programs are in place 

Preparedness before the storm is paramount. The new U.S. NOAA Winter Storm Severity Index (WSSI) can be referenced to monitor the potential winter weather conditions and the magnitude of impacts on people, property and processes for any business. A winter weather checklist is also a useful tool to ensure the organization is prepared before conditions deteriorate. 

The snow and ice accumulations were of great concern with Winter Storm Elliott. Roof collapses can occur when the weight of accumulated snow and ice exceeds the live load capacity of the roof structure. Planning, preparation and prompt action to safely remove accumulated snow will help minimize the risk of snow loading and roof collapse.  

Snow and ice accumulation are also the root cause for the majority of slips and falls on exterior surfaces.  Building owners have a legal responsibility to mitigate snow- and ice-related walking hazards on property to protect the general public and employees from injury. A snow removal contract or an internal removal plan to clear access to hydrants, sidewalks, entryways and parking lots can reduce the risk of falls and injuries. Ice prevention using salt, brine and other chemicals on walkways can act as a freeze point depressant on wet surfaces when temperature drops occur.  

2. Confirm workers have proper gear to reduce cold stress and health risks 

Depending on the wind chill and duration of exposure, significant injuries can happen in minutes during a winter storm. In addition, sudden temperature drops and high wind can suddenly change an organization’s risk profile. Winter Storm Elliott dramatically dropped temperatures by 30 to 50 degrees in Colorado and Wyoming. While individuals acclimatized to their environment may fare better than those who are not, everyone is at risk for weather-related injuries, including: 

• Hypothermia occurs when the body temperature drops below 95°F. Because symptoms of hypothermia often go undetected, serious damage to one’s nervous system and organs, even death, may occur. 
• Frostbite occurs when extremities are exposed to lower temperatures and high winds, causing the skin to freeze, and may result in permanent injury to affected areas.  Frostbite affects the extremities, including fingers, toes, nose, ears, cheeks and chin. 
• Heart attacks can occur when the body is not acclimated to the cold weather and works harder to maintain body heat. A seven- to 10-day acclimation period is recommended to reduce cold stress. 

All employees need to understand the additional strain that winter weather brings. It is important to ensure outdoor workers work in pairs, stay informed of their job site weather conditions, wear proper clothing and understand weather-related injury symptoms to enable immediate emergency procedures to be activated, when needed.  

3. Take steps to minimize the risk to drivers and vehicles 

Roadway conditions quickly deteriorated across Canada and the U.S. when Winter Storm Elliott arrived.  Travel warnings and bans must not be ignored or taken lightly. Each year in the U.S., more than 1,300 people are killed and more than 116,800 people are injured in vehicle crashes on snowy, slushy or icy pavement. In Buffalo, several people perished in their cars when emergency responders were not able to respond to all distress calls during the height of the storm. Employees required to drive in winter weather need to understand the dangers, preparation steps and what to do in an emergency to survive.

See also: Hurricane Season: More Trouble Ahead?

4. Plan for winter utility impacts and outages for vulnerable supplies and operations  

Water damage from burst pipes is expected to be the greatest loss driver for Winter Storm Elliott (e.g., sprinkler systems, potable water). In fact, Memphis, Tenn/. alone reported 30 water main breaks. Tanker trucks were required to pump water into area hospitals for boilers that provide heat and steam for sterilization.  

Consider the use of Internet of Things (IoT) technology to reduce the occurrence and impact of frozen water pipes. Wireless sensors are used to monitor and alarm for freezing temperatures before a pipe freeze occurs or for the presence of water if frozen pipes result in a water intrusion incident. Sensors properly placed in a facility can provide insights into unheated spaces that may need to be better protected from freezes. This cost-effective technology can also be connected to control valves to automatically shut off the water when a leak occurs to minimize damage.   

At one point during Winter Storm Elliott, more than 1.7 million customers were without power on the East Coast. Rolling blackouts, which are becoming more common, were implemented to meet the electricity demand in some areas of Tennessee and North Carolina. Business continuity strategies can help prepare for the potential extended water and power outages that may occur during winter storms. 

5. Plan for transportation delays and travel system failures

Time-sensitive and temperature-sensitive supply chains were most vulnerable to Winter Storm Elliott’s power and reach (e.g., holiday deliveries, fresh food and medicine). Businesses can help prevent costly delays by planning ahead for the impact of winter weather on supply chains.  

The ability to understand and minimize the impact to business operations is a core risk management discipline that will enable a business to be resilient as disruptive incidents, supply/demand shifts and other dramatic changes occur. Knowledge and awareness can help business leaders better prepare for emerging risks and potentially disruptive events.

The information, examples and suggestions presented in this material have been developed from sources believed to be reliable, but they should not be construed as legal or other professional advice. CNA accepts no responsibility for the accuracy or completeness of this material and recommends the consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual situations. This material is for illustrative purposes and is not intended to constitute a contract. Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice. “CNA” is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the “CNA” trademark in connection with insurance underwriting and claims activities. Copyright © 2023 CNA. All rights reserved.

It's a sign of the times at Tesla that I need to specify which issue is the moment of truth that I refer to in the headline. I'm not talking about the high-profile lawsuit that began last week into whether CEO Elon Musk owes damages to investors who bought stock in 2018 when he tweeted, falsely, that he had "funding secured" to take the company private. Nor am I talking about the crash in Tesla's stock price over the past year, partly caused by Musk's very public flailing at Twitter, which has, in my view, alienated both investors and potential customers at all Musk's companies. 

No, I'm talking about testimony that recently surfaced about a key video that Tesla used six years ago to sell the idea that its cars could drive entirely on their own. The testimony, from a deposition last July by a senior Tesla executive, acknowledged that the video was staged. Coming at a time of mounting lawsuits that claim an overreliance on Tesla self-driving technology led to accidents, including fatalities, the testimony could be extremely damaging.

It could help undermine a key selling point for Tesla and Musk, who hoped to leverage self-driving into all kinds of additional revenue streams, including insurance -- he has said he can charge extremely low rates because his technology is supposedly so much safer than human drivers are. The testimony, together with all the lawsuits, could also deliver a real black eye to the whole self-driving movement. 

Here is the video from October 2016, complete with "Paint It, Black" musical background, still available on the Tesla website. It begins with this notice: "The person in the driver's seat is only there for legal reasons. He is not doing anything. The car is driving itself." The video shows the car leaving a home and driving, in traffic on side streets and a freeway, before parallel parking by an office in Palo Alto, Calif. Musk promoted the video on Twitter as evidence that "Tesla drives itself." 

Now, here is the Reuters story in which the Tesla executive debunks the video, as part of testimony in a trial about whether Tesla is liable for a crash that killed a former Apple engineer. The Tesla executive says engineers carefully mapped a single route for the car to take and trained it for that one route -- having to intervene multiple times to prevent the car from making mistakes. During one attempt at parking, the car backed into a fence. 

So, it was hardly true in 2016 that "Tesla drives itself." And it still isn't true, according to recent reporting -- a fact that will surely bedevil the company as it defends itself against the various lawsuits. 

A long piece last week in the New York Times magazine about Tesla found that lots of enthusiasts were willing to essentially be guinea pigs for its autonomous driving technology, carefully monitoring for and correcting unsafe behavior by their cars while letting Tesla collect real-world data about problems to be addressed. But the piece also documented a wide array of potentially serious problems. 

For instance, as the author rode in a Tesla with a man named Alford, and it tried to make a left turn: 

"The Tesla started creeping out, trying to get a clearer look at the cars coming from our left. It inched forward, inched forward, until once again we were fully in the lane of traffic. There was nothing stopping the Tesla from accelerating and completing the turn, but instead it just sat there. At the same time, a tricked-out Honda Accord sped toward us, about three seconds away from hitting the driver-side door. Alford quickly took over and punched the accelerator, and we escaped safely....

"It was a rough ride home from there. At a standard left turn at a traffic light, the system freaked out and tried to go right. Alford had to take over. And then, as we approached a cloverleaf on-ramp to the highway, the car started to accelerate. To stay on the ramp, we needed to make an arcing right turn; in front of us was a steep drop-off into a construction site with no guard rails. The car showed no sign of turning. We crossed a solid white line, milliseconds away from jumping off the road when, at last, the wheel jerked sharply to the right, and we hugged the road again. This time, [Tesla's self-driving technology] had corrected itself, but if it hadn’t, the crash would have surely killed us."

A Fortune columnist says,"2023 should prove a watershed year in determining whether Tesla’s deeds amounted to legally protected speech, careless embellishment, violations of civil and criminal law, or something in between."

So, the short answer on what happens to Tesla and self-driving more broadly is: Stay tuned.

But I'll attempt a slightly longer answer.

I think Tesla self-driving is in trouble and believe that the various lawsuits, buttressed by the testimony debunking the self-driving video, will force some kind of retrenchment of the company's aspirations. 

That will surely cause heartburn for other self-driving companies, but shouldn't be a massive obstacle for Google's Waymo, GM's Cruise and a few others, which have taken a very different, "slow and steady wins the race" sort of approach.

We'll see.

Cheers,

Paul

Risk management in modern non-financial companies is very different compared with, say, five years ago. The level of risk management maturity, for lack of a better word, has grown significantly.

As more and more companies across the globe are looking to implement robust risk management, the demand for risk management consultants is also growing. Unfortunately, not all risk consultants are able to generate long-term value for their clients. Here are three reasons why:

A. Selling the wrong product

Non-financial companies want to buy, and many risk consultants continue to sell, risk assessments, risk management frameworks, risk appetite statements and risk profiles. What do all these products have in common? I am being intentionally provocative here, so I will say all these products are missing the point completely. One thing they have in common – they are designed to measure, capture or document risks, making us all believe that risks and their mitigation are the ultimate goals of the exercise. 

Over the years, this tendency to treat risk management as a separate, standalone (some go as far as to say independent) process with its own inputs (data, interviews, experts) and outputs (risk reports, risk matrices, risk registers) created a whole community of risk consultants who seem to be missing the plot completely. Risk management is not really about dealing with risks; risk management is about helping companies achieve their objectives and make better decisions.

Okay, sometimes it may be useful to capture risks for the sake of risks and discuss them with the management team, but this should be more an exception than a norm.

So if risk management is not about risk assessments or risks, then what?

I believe that risk management is ultimately about changing how companies make decisions and operate with risks in mind.

See also: Cognitive Biases and Risk Management

The two modern trends in risk management by far are: integration into business processes/decision-making and human and cultural factors. Yet, it seems most of the modern risk consultants completely ignore both of them. For example:

• It is fundamentally wrong measuring risk level when instead you could measure the impact risks have on key objectives or business decisions using budget@risk, schedule@risk, profit@risk or KPI@risk.
• I believe any qualitative risk analysis based on expert opinions is evil. More on this here: https://www.linkedin.com/pulse/risk-management-used-science-became-art-now-its-just-sidorenko-crmp
• It is wrong to have a risk management framework document, when instead you can integrate risk management principles and procedures into operational policies and procedures, like budgeting, planning, procurement and so on. I bet this example upset quite a few of you.
• It is a mistake try and use a single enterprise-wide approach (sometimes referred to as ERM) to measure different risks. Different risks, different types of decisions and different business processes deserve unique risk methodologies, risk criteria and risk analysis tools.

Reality is, most risk management consultants sell completely wrong products. Management doesn’t care about risks, they care about making decisions that will hold up in court, making money and meeting KPIs. No wonder modern risk management is mainly lip service.

The funny thing is that corporate risk managers make exactly the same mistakes. They, too, need to show value from risk management and fail to do so by focusing on risks (their domain) instead of business processes or decisions (business domain).

B. Confusing risk management with compliance

Did you know that, unlike many other ISO standards, the ISO31000:2009 is not intended for certification? This was a conscious decision made by the people working on the standard at the time. It is a guidance document.

Risk management is just not black and white. For example, risk management is about integrating into decision making and business processes, but every organization will find its unique way of doing so.

Many consultants make a huge mistake by insisting on a single version of the truth. Non-financial regulators or government agencies make even bigger mistake by taking guidelines and making them compulsory. Like COSO:ERM in the U.S., a bad document made obligatory for listed companies.

By far the best way to assess risk management effectiveness is by applying a risk management maturity model. Just keep in mind that most existing maturity models were created by consultants who miss the big picture.

C. Failing to see the intimate details

One of my good friends, Anna Korbut, a few years ago said an interesting thing – “Risk management is a very intimate affair.” I liked this phrase, so I have used it ever since. Risk management truly is intimate and unique. I have been working in risk management for over 13 years in four different countries, I have seen close to 300 risk management implementations and yet every single one was unique in some way.

Unfortunately, many consultants fail to dig deep enough to see how risk management is really implemented into organizational processes and into the overall culture of the organization.

Risk management goes against human nature (see research by D. Kahnemann and A. Tversky), so most of the time risk managers use techniques that are borderline neuro-linguistic programming or building an internal intelligence network. Here are just two examples:

• I personally created a table tennis tournament in the company where I used to work to get an opportunity to meet all business units in informal settings and build rapport. This had a bigger positive impact than monthly executive risk committee meetings where all the same department heads were present.
• A colleague of mine created the whole operational planning procedure within the company to reinforce the need to discuss risks on a daily basis.

See also: From Risk Transfer to Risk Prevention

The key takeaway is – unless specifically asked most risk managers will never disclose how they really build risk management culture within the organization or how they integrate risk analysis into the business. According to ISO31000:2009, risk management is coordinated activities to direct and control an organization with regard to risk. It consists of about a thousand small things that risk managers do on a daily basis, most of which may not directly relate to risk. Yet it is those small things that build risk management culture within the organization. Unfortunately, most risk consultants are quick to jump to conclusions and do not bother to dig deep enough to see all the nuances.

Risk management in every company is unique, it is the risk consultant’s job to figure out how it all comes together to build a better risk-based organization.

P.S. Remember that if your consultant is showing signs of any of the above, it’s time to have an honest chat with him/her.

With high inflation and pandemic tendencies holding on, consumer preferences and buying behaviors have shifted over the past few years. They come with consequences.

The first is that almost all consumers - 90% - have noticed price increases in recent months, and they're taking action. Many consumers are reducing their spending. 58% of consumers said they would cut back on non-food spending during the holiday season this past year. About 60% said they would buy fewer gifts for fewer people. As a result, gift spending was expected to drop by $30 billion in 2022.

Consumers are also changing their habits to save on staples like food and gas. AAA reports that 64% of adults have changed their driving habits or have made lifestyle changes. Research from Cambridge Mobile Telematics shows that Americans with gas-powered vehicles drove less as gas prices increased in early summer.

Consumers are also less loyal today. More consumers reported switching to a new brand or a different retailer in 2022 than at any point in the past few years. Price is driving their decision. 78% of Gen Z, 74% of millennials, 74% of Gen X and 73% of Boomers say price is one of the most important buying factors. McKinsey also says consumers want to try something different. Businesses need to balance innovation with pricing to win.

Consumers are making more purchases online than ever before. They're also expanding their shopping options. E-commerce was expected to account for over 20% of all retail sales by the end of 2022, double their count from 2017. But it isn't just e-commerce giants like Amazon that are benefiting from digital sales. Forrester reports that 38% of U.S. shoppers are making purchases through social media. TikTok users are twice as likely to make a purchase through the app as users on other platforms.

All of these storylines point to three trends: Consumers are more price-sensitive, more digital and less loyal today than they were just a few years ago.

No wonder telematics is more popular than ever with consumers.

Consumers can save significantly on their cost of insurance - upwards of $200 to $300 per policy term every six to 12 months - by switching to a telematics-based policy. As a result, consumers who enroll in these programs are more satisfied with what they pay for insurance. J.D. Power research shows that telematics consumers have higher price satisfaction by nearly 60 points compared with general consumers.

"The only way for insurers to stay competitive in this environment of steadily rising premiums and over-inflated vehicle valuations is to tailor policies to the individual," said Marty Ellingsworth, executive managing director, J.D. Power Insurance Intelligence.

Telematics consumers are also more loyal. Among consumers who typically shop yearly for new insurance policies, telematics consumers are 40% more likely to stay with their current carrier, J.D. Power says. Telematics consumers are also more likely to say they'll definitely renew their policy.

"[Telematics policies have] the potential to create the kind of personalized customer experience that builds long-term loyalty and advocacy," Ellingsworth said.

See also: Telematics Consumers Are Ready to Roll

Consumers have noticed, and telematics adoption is accelerating.

In its latest report on the insurance industry, TransUnion found that insurers are offering telematics to more consumers than ever, and consumers are opting into programs at record levels. From November 2021 through March 2022, the number of people offered telematics programs increased from 32% to 40%, a 25% increase. Consumers choosing telematics programs skyrocketed from 49% to 65%, a 32% increase.

Is telematics at a tipping point? Insurers think so.

"Telematics usage is increasing, and Nationwide expects the usage-based insurance trend to continue," said Nationwide's VP of Personal Lines Product Development. "In 2020, customer interest in telematics increased by 30%, and Nationwide is projecting 70% (or more) of new business will come from usage-based insurance programs by 2025."

Last year, USAA saw enrollment rates in its telematics program dramatically increase. It reported that daily driver enrollment in its SafePilot telematics program was over 200% higher than in 2020, and policy growth year-over-year was nearly 75%. Almost half of all policyholders opted into the program.

Randy Termeer, USAA's SVP of GM auto and small commercial, commented on USAA's growth: "Demand for behavior- and usage-based insurance continues to grow, and we are thrilled to be able to offer personalized pricing and solutions to more of our members."

In a Wall Street Journal report on how parents are helping their teen children drive safer, a State Farm spokesperson said the company saw a 67% increase in customers signing up for the app in the last year.

Travelers, which launched a continuous program - IntelliDrivePlus - reported that their original telematics program grew 50% in 2021. Michael Klein, executive vice president and president of personal insurance, said: "Consumers are increasingly comfortable with pricing that reflects their driving behaviors. IntelliDrivePlus builds on that momentum and offers our customers even more options to personalize their insurance."

On top of this momentum, the record-high inflation rates and increased frequency and severity have made telematics more urgent than ever. Add to these factors an uncertain economic outlook, and you have a situation that could accelerate telematics adoption even further.

Price-conscious consumers will shop more often, searching for ways to save with digital products. Telematics helps insurers capture the market's shifting needs, and, in McKinsey's words, "balance innovation with pricing to win." It helps them address consumers' new financial realities with programs that help them lower their insurance costs while increasing engagement and brand loyalty.

It is both stability and change in the Allianz Risk Barometer 2023. Cyber incidents and business interruption rank as the biggest company concerns for the second year in succession (both with 34% of all responses). However, it is macroeconomic developments such as inflation, financial market volatility and a looming recession (up from #10 to #3 year-on-year), as well as the impact of the energy crisis (a new entry at #4) that are the top risers in this year’s list of global business risks, as the economic and political consequences of the world in the aftermath of COVID-19 and the Ukraine war take hold.

Such pressing concerns call for immediate action from companies, explaining why both natural catastrophes (from #3 to #6) and climate change (#6 to #7) drop in the annual rankings, as does pandemic outbreak (from #4 to #13) as vaccines have brought an end to lockdowns and restrictions. Political risks and violence is another new entry in the top 10 global risks at #10, while shortage of skilled workforce rises to #8. Changes in legislation and regulation remains a key risk at #5, while fire/explosion drops two positions to #9. 

For the U.S., business interruption tops the list, again followed by cyber incidents. For the first time, macroeconomic developments hit the U.S. list in the third spot. View the full global, country and industry risk rankings.

The Allianz Risk Barometer is an annual business risk ranking compiled by Allianz Group’s corporate insurer Allianz Global Corporate & Specialty (AGCS), together with other Allianz entities, which incorporates the views of 2,712 risk management experts in 94 countries and territories, including CEOs, risk managers, brokers and insurance experts. It is being published for the 12th time.

In 2023, the top four risks in the Allianz Risk Barometer are broadly consistent across all company sizes globally – large, medium and small – as well as across core European economies and the U.S. (energy crisis excepted). Risk concerns for businesses in Asia Pacific and African countries show some deviation, reflecting the different impact of the war in Ukraine and its economic and political repercussions. 

See also: Cybersecurity Trends in 2023

Digital and disruption dangers 

Cyber incidents, such as IT outages, ransomware attacks or data breaches, ranks as the most important risk globally for the second year in succession – the first time this has occurred. It also ranks as the top peril in 19 different countries, among them Canada, France, Japan, India and the U.K. It is the risk that small companies (<$250 million annual revenue) are most worried about.

According to the Allianz Cyber Center of Competence, the frequency of ransomware attacks remains elevated in 2023, while the average cost of a data breach is at an all-time high at $4.35 million and expected to surpass $5 million in 2023. The conflict in Ukraine and wider geopolitical tensions are heightening the risk of a large-scale cyber-attack by state-sponsored actors. In addition, there is also a growing shortage of cyber security professionals, which brings challenges when it comes to improving security.

For businesses in many countries, 2023 is likely to be another year of heightened risks for business interruption (BI) because many business models are vulnerable to sudden shocks and change, which in turn affect profits and revenues. Ranking #2 globally, BI is the number one risk in countries such as Brazil, Germany, Mexico, Netherlands, Singapore, South Korea, Sweden and the U.S. 

The scope of disruptive sources is wide. Cyber is the cause of BI that companies fear most (45% of responses); the second most important cause is the energy crisis (35%), followed by natural catastrophes (31%). The skyrocketing cost of energy has forced some energy-intensive industries to use energy more efficiently, move production to alternative locations or even consider temporary shutdowns. The resulting shortages threaten to cause supply disruption across several critical industries in Europe, including food, agriculture, chemicals, pharmaceuticals, construction and manufacturing, although warm winter conditions in Europe and stabilization of the price of gas is helping to ease the energy situation. 

A possible global recession is another likely source of disruption in 2023, with potential for supplier failure and insolvency, which is a particular concern for companies with single or limited critical suppliers. According to Allianz Trade, global business insolvencies are likely to rise significantly in 2023:  up 19%.

Macroeconomic malaise

Macroeconomic developments such as inflation or economic and financial market volatility rank as the third top risk for companies globally in 2023 (25%), up from #10 in 2022 – the first time this risk has appeared in the top three for a decade. All three major economic areas – the U.S., China and Europe – are in a crisis mode at the same time, albeit for different reasons, according to Allianz Research, which forecasts recession in Europe and the U.S. in 2023. Inflation is a particular concern as it is eating into the price structure and profitability margins of many companies. Like the real economy, the financial markets are facing a difficult year, as central banks drain excess system-wide liquidity and trading volumes even in historically liquid markets decline. 

See also: Key D&O Risk Trends for 2023

Risk risers and fallers

The energy crisis is the biggest risk riser in the Allianz Risk Barometer, appearing for the first time at #4 (22%). Some industries, such as chemicals, fertilizers, glass, and aluminum manufacturing, can be reliant on a single source of energy – Russian gas in the case of many European countries – and are therefore vulnerable to disruption to energy supply or price increases. If such base industries struggle, repercussions can be felt further down the value chain in other sectors. According to Allianz Trade, the energy crisis will remain the largest profitability shock for European countries in particular. At current levels, energy prices would wipe out the profits of most non-financial corporates as pricing power is diminishing amid slowing demand.

Driven by 2022 being another year of turmoil with conflict and civil unrest dominating the news, political risks and violence is a new entry at #10 (13%). Aside from war, companies are also concerned about increasing disruption from strikes, riots and civil commotion activity as the cost-of-living crisis affects many countries.

Despite dropping in the ranking year-on-year, natural catastrophes (19%) and climate change (17%) remain major concerns for businesses. In a year that included Hurricane Ian, one of the most powerful storms recorded in the U.S., record-breaking heatwaves, droughts and winter storms around the world and $100 billion-plus of insured losses, natural catastrophes still rank in the top seven global risks. 

To read the full report, please visit Allianz Risk Barometer 2023.

In this whitepaper, discover an investigative tool that helps insurers identify and eliminate fraud, waste, and abuse while minimizing human intervention in claims processing. Armed with an automated investigative workflow, insurers are better positioned to achieve overall business objectives and deliver on their organizational mission with recouped time and labor.

Download Whitepaper

Sponsored by Daisy Intelligence 

When it comes to workers’ compensation, the undisputed common quest of insurers and claims managers is to ensure that workers – especially those with serious injuries – receive the most appropriate care for a faster, more optimal recovery. When injured workers are at risk for temporary or permanent disability, there is an additional concern. Without vigilance, their condition can worsen, and they may be unable to return to work. Longer recovery periods can be costly. When employees are permanently disabled, the financial drain of replacement and disability compensation can be exorbitant.

Current research shows that a more patient-focused and supportive approach to injured employees can improve health outcomes and spending. A well-trained, multidisciplinary team offering immediate assistance and patient advocacy allows injured employees to get quality care and compassion when they need it. Companies that have implemented a patient-focused, early intervention claims management model report many key improvements over traditional case management, including: 

• A faster return to work delivers more cost savings and more productive employees. Collaboration between employers and case managers resulted in a 50% decrease in the number of injured workers on one firm’s Total Temporary Disability (TTD) report, leading to a faster return to work and lower medical costs.  
• Lower usage of potentially dangerous prescription drugs. In one instance, narcotics usage dropped from 18% to just 3.7% of claims.
• Cost savings. One company saw case management costs go down $11,000 in one year and savings go up $1.5 million. It also experienced a 39% reduction in average costs paid per claim and a 37% reduction in the total costs incurred year over year. 

In addition to improved outcomes, lower costs and a faster return to work, relationships between the employer and the injured worker are reinforced in this model. By using nurse case managers to coordinate care, the patient and family are freed from the worry of navigating a complex healthcare system on their own. This advocacy assures them that the care plan is always moving forward. The additional coordination, concern and empathy during the recovery process reassures injured workers that their employers are looking out for their well-being. By transforming the sometimes adversarial relationships between employer and employee that can occur when cases are not monitored, the model makes litigation less likely. For example, one CorVel customer reported a 41% drop in litigated claims when case management services were used. 

See also: Claims and Effective Risk Management

Here are the components of a patient-centered approach that works to achieve these positive outcomes: 

• Early intervention and communication. The initial interaction is conducted by an advocacy nurse who can quickly assess the injury. The early intervention directs the patient to the right care providers, at the right time, for optimal care. The stage is set for the creation of a personalized treatment program.
• Close assessment. A dedicated team of nurses and coordinators work closely with adjusters, providers and employees to ensure an effective and timely return to work and maximum medical improvement.
• Advocacy and information sharing. Using a single database that includes claims and care information streamlines claims management. This shared information improves the accuracy of the initial claims report, links all partners and data and can dramatically enhance care efficiencies.
• Technology. Fully implementing a patient-centered model requires different process flows. Innovative technology and communication tools result in better tracking temporary total disability (TTD) claims. Automated alerts can help inform case managers of emerging problems so that they can be quickly rectified to keep the care plan on track.
• Follow-up. Regular follow-up by nurse case managers and the support team helps ensure that appointments are kept, that team members are expediting care and that the appropriate specialists and ancillary benefit services are brought in as needed. This follow-through also ensures that the patient and family know, understand and participate in the care plan.
• Screening. A myriad of complications can hurt an injured worker’s recovery. From depression to drug addiction to family issues, nurse case managers also screen for potential mental health and social determinants of health concerns. By identifying problems that may affect recovery, nurse case managers can identify and procure the appropriate resources to support injured workers in their journey to get well.

Early interventions can reduce claims costs, speed recovery and avoid disability while also building trust between workers and employers and minimizing the risk of litigation. By embracing the vision of a patient-focused approach, employers and claims managers create a claims management process that is not only cost-effective but ensures improved care for injured employees.

With the U.S. possibly facing a recession in 2023, expense control has become a priority for many businesses. Recent layoffs at tech firms such as Meta (formerly Facebook) and Peloton could be a portent of cutbacks to come. 

While payers may have enjoyed decades of robust profits, they are not immune from these financial pressures. Two major payers recently announced layoffs of hundreds of employees. Another major payer-provider system reported a multibillion-dollar loss for the first nine months of 2022. Belt-tightening is likely on the horizon for even more insurers.

Layoffs tend to be the most visible response for large organizations to cut costs during a downturn, as well as cutting benefits or perks and restricting travel for work purposes. While those approaches can and do save money, they come at the risk of sapped employee morale and lost productivity.

There are ways to take a more holistic approach toward expense reduction by increasing the efficiency of the overall organization. For a health insurer, that focus is the tens of millions of claims submitted and processed daily.

Better Management of Payment Review Today

Faulty billing practices are commonplace in the insurance sector. Various studies conclude that hospital billing errors occur anywhere from 7% to 75% of the time. According to the White House Office of Management and Budget, nearly a quarter of Medicare fee-for-service and Medicaid claims were incorrect last year. 

Reviewing provider payments is a critical function of health insurers. However, reviews of claims for errors, overcharges or other issues are almost entirely retrospective, after the claim has been paid. Reviews usually take weeks – if not months or even years – after a claim has been filed. 

Payers and providers regularly face lawsuits and huge federal fines for overbilling. The U.S. Justice Department reported that settlements and judgments related to false healthcare claims totaled $5 billion in the last fiscal year.

Retrospective payment review is encouraged by laws in numerous states that financially penalize insurers if they do not pay claims within a mandated period, usually 45 days. As late payments must include hefty interest, plans often take a “pay now, ask questions later” approach.

Post-payment reviews also tend to drive up costs for insurers and reduce their operational efficiency. Trying to adjust a payment months after it has been made can create friction with the specific provider and even an insurer’s entire provider network. If a provider appeals the decision, it can take months of work for both sides to resolve the problem, diverting resources from more important tasks. 

See also: Payment Processes Must Be Simplified

Prepayment Review’s Advantages

The alternative is to pursue a different strategy: prepayment claims review.

Prepayment reviews are advantageous to payers for a variety of reasons:

• Because requesting payment be returned by a provider is more challenging than denying a claim at the outset, the provider experience is much improved. 
• The number of appeals tends to decline in a prepayment review environment. 
• Providers are less aggressive about appealing claims compared with when they have a payment taken directly out of their pockets. 
• A prepayment review process is often more defensible by insurers during any appeal. 
• Prepayment allows the turnaround time to approve fully vetted claims and accelerate their payment. 
• Prepayment reviews can also spot suspicious billing patterns early, possibly staving off lawsuits and fines from state and federal regulators.

Focusing on prepayment reviews improves the overall efficiency of any health insurer while possibly saving millions of dollars a year in overpayments.

An Alternative to Cutbacks?

With its promise to create efficiencies and cut costs, switching to prepayment review could save insurers from making painful layoffs. However, large corporations tend to be deliberative bodies, requiring both consensus and time to make significant changes. Making such a switch would require obtaining buy-in from senior management and conducting organization-wide assessments to determine how switching the payment review process will affect other operations. However, following such considerations the decision is usually to make the necessary changes and adopt prepayment. 

Prepayment reviews can save money and increase an organization’s efficiency by reducing the workload and friction of concluding retrospective payment reviews. It is a potential way to economize during recessionary times without resorting to layoffs.

From supply chain interruptions and skyrocketing input costs to increasingly extreme and volatile weather, the effects of climate change are already apparent for farmers, the consumers that depend on them and the providers that serve them.

Within the agricultural financial services sector, conventional methods and core assumptions of risk modeling and management are under strain. The simplest factors, from the cost of inputs to the global dispersal of crops, are in question. Even if farmers might have predicted developments like the 300% jump in glyphosate costs or shift of hazelnut crop production from the Mediterranean to Canada, the risk models that underpin the industry did not.

It’s clear that climate change poses new challenges, and no shortage of technology providers are claiming to offer the solution. In the sea of new technologies and science—from robotic equipment to genetic seed adaptations—it’s worth refocusing on what the industry actually needs for confident decision-making in an unpredictable environment. 

At Ceres Imaging, we have spent a decade collecting billions of measurements on tens of million of acres so we could fine tune data models and help customers adapt to change. We’ve learned that these four things make the difference:

1. Greater responsiveness

To maintain actuarial soundness in rapidly changing and widely varied conditions, it’s essential that carriers in the agricultural space develop less rigid, more dynamic risk-based pricing models that reflect conditions on the ground. By definition, that requires faster and more frequent capture, processing and analysis of data. 

Such responsiveness allows for a new dimension to strategic planning for financial services providers, enabling, for example, specific and localized recommendations for the optimal planting and harvesting times, ensuring optimal yields and mitigating grower losses. Policy products that better reflect the real differences in production risk based on grower strategies represent a significant opportunity for the sector—both to encourage desirable practices, such as data-driven crop management, and to buffer itself from increased risk due to the effects of climate change.

See also: Climate Change and Product Liability

2. Precision crop data

Aerial data can accurately detect temperature differences of 0.1 degree Celsius between plants, with an absolute accuracy within 1 degree Celsius. In combination with crop-specific data models, this level of detail allows us to provide crop health insights at the individual plant level to enable in-season adjustments in response to budgetary and sustainability guidelines. Growers using our crop health data average an 8% improvement in yield. 

Scientific precision unlocks immediate practical benefits for carriers, too. In the aftermath of an extreme weather event, for example, insurers no longer need to involve customers in a protracted process of estimation and verification of damage to a crop. Instead, carriers can measure and assess storm impacts more quickly and accurately, expediting the claims process without risk of an indemnity payment miscalculation. 

3. Efficient workflows

Discussion of automation in agriculture and adjacent industries often focuses on headline-grabbing technology like robotic harvesters or self-driving tractors. The enthusiasm for futuristic machines on the farm is understandable—but it belies the hidden potential of data-driven automation to affect day-to-day operations across the entire agribusiness ecosystem.

In building automated solutions for lenders and insurers, Ceres has found that providing precision crop boundary measurements and inventories creates a ripple effect of efficiency savings across the business. Prior to automation, an adjuster might have spent a day haphazardly traversing a territory to perform inspections, then the rest of the week filing repetitive reports. They can now begin with an optimized route, upload and share notes and photographs from the field with outside experts or colleagues and calculate claims automatically. This more streamlined process, powered by automation, saves upwards of 30% of an adjuster's time.

See also: Time to Move Climate Risk Center-Stage

4. Integrated technologies

While tools for fintech are growing more sophisticated, the deluge of variably validated field data can create its own set of challenges. Rotating among many sources of information takes time, adds unnecessary complexity and makes it more difficult to mine meaningful insights.

But it's now possible to create a dashboard that integrates, consolidates and synthesizes data from many sources. The dashboard can even seamlessly integrate insights from insurers' unique proprietary systems, combining precise aerial data, IOT field sensor feeds and satellite images.

While the increasingly visible effects of climate change do pose daunting obstacles to carriers operating in the agricultural space, existing and emerging technology can help the sector to adapt. It can generate crop data insights for efficiency savings at every stage of the business cycle: from product innovation and policy writing to crop monitoring and regulatory compliance.