The daily work of the world's farmers -- from a smallholder's one or two acres/hectares to major agribusinesses -- sustains us all. However, they face myriad challenges, not the least of which is access to agricultural insurance, due to constraints placed on insurance products and the complexity of assessing agricultural risks. Now, thanks to technological innovations, including better methods of crop data collection and agricultural intelligence (AgI) analyses, insurance companies can lower operational costs, improve underwriting performance, offer appropriate insurance quotes and more effectively track the facts on the ground.

Here are just a few ways digitization and other technologies can boost agricultural insurance:

Upgrade data collection

Digital, on-field data collection - with data points including time, location and user stamps - provides insights for effective underwriting and claims management while reducing operational costs.

Technology minimizes human errors and allows complex output, such as damage calculations based on the estimated value of the crops when a damaging event occurs, to be automated and flow seamlessly from the field to the decision-makers' desks, in real time.

These real-time insights improve the efficiency of insurance operations, while creating a structured database of on-field events, making it easier to spot patterns or irregularities that could focus in-person field inspections later.

Streamline quotation

Forget multiple forms and interminable waiting. Digitization at the point of sale smooths the application and quotation process and enhances user buy-in. AgI can be used to create risk models including more accurate quotations in the fields. This can lower premium costs as automation slashes administrative and operational expenses.

See also: Climate Change and Product Liability

Facilitate underwriting

Digitized field data makes it easier to analyze multiple geospatial data sets. Factor in altitude, soil type, climate history, claims history, etc., for a more complete picture of risk patterns. Moreover, the data sets can be used to determine individual risk -- by examining, for example, specific farms and comparing them with equivalent farms in the same region cultivating the same crops. Is one farm employing a different farming method that results in better harvests than the other farm? What are the other variables? These insights can help insurers select "good" risks, the key to achieving a profitable business line.

Optimize monitoring and claims management

Insurers get the critical insights they need to determine immediate and longer-term risk and know where to concentrate their resources using real-time data when tracking remote data sources such as vegetation indices from satellite and weather stations. Perhaps a remote field inspection based on the comparison of data from several insured farms may reveal that one is having issues others aren't experiencing. The insurer can then send someone for an in-person inspection to identify the key variables, whether it's a pest infestation, improper irrigation practices or any impediments to the farmer's success. Answers to these questions and more form the data that will prevent losses for all parties.

Enable farmer education

Lack of understanding by the farming community of the nitty gritty of agricultural insurance is one reason for their inability to access its benefits. For example, parametric insurance, in which payouts to the insured are based on outward or visible guidelines (e.g., level of rainfall) instead of measured and verified damages, may be a hard-to-digest concept for some farmers. Technology can go far in providing insurance education. Imagine a tool that can mimic payout situations to help farmers understand how to apply the parametric insurance concept to their real lives. This will be necessary to win over farmers and increase agricultural insurance's market penetration.

A focus on innovation at the farm and insurance levels can bring significant changes to the state of global agriculture, adding levels of stability to farming that were previously impossible. The more stable the agricultural environment, the easier it will be to maintain stronger supply chains focused on ensuring the world's growing population has enough to eat during these times of extreme climate change.

The cyber insurance industry, battered by a seemingly unending onslaught of claims, is reaching a breaking point. According to the FBI’s latest Internet Crime Report, cyber-related complaints have increased by more than 180% over the last five years, resulting in $18.7 billion in losses. Last year, some carriers ended up paying out more in claims than they received from premiums. As a result, the industry is now demanding that customers reduce their exposure or face steep price increases or quite possibly cancellations. 

In an effort to shore up the industry, some insurance providers are taking a more hands-on approach in an effort to reduce their client’s risk. At the forefront is an attempt to mitigate human error, the crux of the problem. According to a 2021 Data Breach Investigations Report from Verizon, accidental clicks or other mistakes make up 85% of successful hacks. This has led insurers in search of cybersecurity training programs that have been independently verified to actually change human behavior.

No longer optional 

Survival of the cyber insurance industry is paramount. According to the National Cyber Security Alliance, 60% of small to medium-sized businesses (SMBs) fold within six months of a cyberattack. Yet, while SMBs cannot afford to go without cyber insurance, many soon won’t be able to afford the insurance itself.

Business owners and CEOs are feeling the seriousness of the situation when their renewal letters arrive. Premiums – which increased by as much as 300% in 2021, according to a report by Risk Placement Services – are expected to escalate at an even more dramatic pace. At the same time, insurers are adding exclusions and limiting coverage, and some are even exiting the market.   

“For some underwriters, the risk in offering cybersecurity coverage is simply too great at this point,” said Mark Weir, who has spent over 30 years in the insurance industry and is now managing director of LCM Solutions, a Canadian consulting firm. “In spite of the fact that taking risks is their business, insurance is an industry that doesn’t like uncertainty.” 

In the early days of cyber insurance, the one thing guaranteed was hefty profits. Insurance companies were eager to get into the market because demand was high and the perceived risk was low. 

“Initially, companies were offering cyber insurance thinking they would never actually have a claim,” explains Jeremy Harris, CEO of Mindshare IT, a managed service provider offering both IT and cybersecurity services. “Now they find themselves in a sticky situation and are looking for solutions.” 

In the past, almost all incidents were covered regardless of fault. Today, if a company fails to properly train employees or demonstrates poor security hygiene and gets hacked, its claim may be denied, and future access to coverage could be in jeopardy.

See also: Cyber Insurance Market Hardens

Dramatic rise in attacks

The cyber insurance industry may have become a victim of its own success. As insurers began to offer more coverage, businesses may not have felt the need to be as vigilant in their defenses. Often, they would quickly pay ransomware, assuming they would be reimbursed. As a result, cybercriminals had incentives to target companies with cyber insurance policies in place.

Now, with escalating attacks and shrinking coverage, insurers are trying to actuate companies to be more vigorous in reducing risk, including pushing for more stringent employee education on cybersecurity issues.

Many experts feel training is crucial to slow successful phishing breaches, which account for an overwhelming majority of attacks. Phishing, along with vishing (over the phone), smishing (via text) and pharming (visiting fraudulent websites), often leads to the deployment of malicious software, such as ransomware. 

A growing number of new regulations now require a number of industries to add education to their security programs, but some top executives question whether these generic training programs work as advertised.   

“Our view is training that does not impact risky behaviors is a waste of time and money for our clients,” says Kirsten Bay, CEO of Cysurance, which writes policies to protect against privacy breaches, identity theft, system damage and other cybercrimes.

Bay says Cysurance was looking for a training platform that took into account how different personality types perceive and respond to risks, such as an email with a link or attachment. The platform would then target those specific people with consistent, continuing training materials that would evoke a change in actions.  

“For us, the goal is to find proven ways to detect and prevent harm, which then lowers the risk of both a security event for our clients and also a future claim,” Bay explains. 

“I think what you're seeing with the better security training companies out there is that they really focus on the individual’s personality and train them accordingly,” Harris says. “Those that have metrics proving a reduction in potential breaches are rising to the top.”

Personalized behavioral training

Some personalized training programs have demonstrated they greatly reduce the rate of phishing failures. For example, at cyberconIQ, we have found we can cut failures from a national average rate of 15% to 18%, to less than 2% after just 30 days. We use a 40-question assessment, akin to a Myers-Briggs personality test, to assess the susceptibility of each employee. Then, we use machine learning to develop a customized approach for each, to correct key motivating factors that drive underlying online behavior and measurably lower their vulnerability to fraud.  

“What we look for is to develop a ‘culture of compliance,” Weir remarked. “However, what helps one person, may not be helpful to another. So, this idea of first evaluating the psychology of the individual and then educating that person based on their natural propensity is a game-changer. I think it is going to be what keeps the cyber insurance industry afloat.” 

By partnering with a cyber training company that provides verified proof of reducing claims, insurance companies can greatly minimize their risks and therefore reduce the costs of their coverages. 

“I give a lot of credit to those insurance companies who are smart enough to realize they have to help their clients mitigate risk,” Harris concludes. “It’s for the good of these small companies as well as the overall health of the cyber insurance industry.”

The California insurance commissioner and the California Department of Insurance (CDI) issued a bulletin regarding industry bias and discrimination. The bulletin acknowledged allegations of bias and discrimination in the industry and gave notice to insurance players that the CDI is watching and that "bias and discrimination in any form will be investigated and will not be tolerated."

The bulletin is addressed to "All Admitted and Non-Admitted Insurance Companies, Licensees and Other Interested Parties" - clearly intending to cause awareness and attention beyond the carrier ecosystem.

So, what does this mean? California has been a leader in following Europe regarding consumer protection laws. The state previously followed the E.U.'s lead when it came to GDPR and implemented the California Consumer Protection Act (CCPA). Recent news from California indicates a similar pattern when it comes to AI regulation; the largest state in the U.S. - and the sixth-largest economy in the world - is likely on a faster path to follow the lead of recent regulations in the E.U.

For example, the CDI bulletin follows recent developments regarding the regulation of AI in recruiting and hiring practices in California.

See also: Key to Competitive Carrier Strategies

There are already laws in place that can be enforced when it comes to the misuse of AI, especially in cases of bias and discrimination. The bulletin cites these as "laws prohibiting discrimination with regard to insurance ratemaking, laws prohibiting discrimination in claims handling practices, laws prohibiting discrimination when accepting insurance applications and laws prohibiting discrimination when canceling or nonrenewing insurance policies."

This latest bulletin comes amid a growing area of concern and topic of discussion in the U.S. and around the world: responsible and ethical AI practices. One key challenge for the insurance industry, along with other sectors, is missing (currently protected) data. Legally, insurers can't collect certain protected data, such as race. Without this data, how can companies institute corrective measures against bias and discrimination?

Another trend is that, while the adoption of AI technology continues to expand, governance best practices have been lagging.

The CDI bulletin addresses that issue directly by stating, "The department reserves the right to audit and examine all insurer business practices including an insurer's marketing, rating, claim and underwriting criteria, programs, algorithms and models."

The wording around "business practices" signals an expectation that industry players enact life cycle governance and risk management controls. Companies without strong policies and documentation will find themselves in a very awkward position should CDI choose to exercise this right.

There have been additional developments in AI regulations, as well. Movement in AI-related regulation has been growing significantly and consistently for the past couple of years. We can expect there will be more pressure to come from governing bodies in relation to AI technology use in business as well as its impact on society as a whole.

While the California letter takes a very concerned tone regarding big data, algorithms and AI, there is still immense potential for these technologies to improve our everyday lives. The potential to provide better pricing, new products, improved customer experiences and more availability and competition stand out for the insurance business, in particular. The challenge is how to implement this innovation responsibly and ethically.

Insurance is built on decades of historical data, so we should expect and plan for that data to reflect societal inequities and injustices. If we want to disrupt insurance with innovative data and technologies, we need our leading corporations and executives to "own the history" and create more robust governance, reviews and policies across their advanced technologies. We need insurers and their partners to go beyond good intentions to build a better future.

From the Editor: The Boundless Future for AI When I think of the potential for artificial intelligence, I hark back to my days at the Wall Street Journal, taking notes in my home-brewed shorthand in one of those long, skinny notebooks you may have seen reporters carrying around in their suitcoat pockets. I still break out in a sweat when I recall interviewing the president of Mexico in the mid-'90s, in Spanish. I only knew how to take notes in English, so I had to translate on the fly, while still thinking about my line of questioning—and concentrating furiously so I would quote him so accurately that I wouldn't cause an international incident.  While AI would have been zero help back then, today it's remarkable. I just record an interview on my phone, and AI transcribes the conservation in real time with remarkable accuracy. That's true even when I'm talking to someone with a heavy, non-American accent. Even if I somehow resurrected my long-lost Spanish or French and conducted an interview in a foreign language today, the AI would transcribe it, and I could have Google Translate produce an English version in no time. Sure, there'd be issues to iron out, but that always happens in an interview anyway, and the AI links the text to the relevant spot in the recording, so I can easily decide for myself what was said. No sweat required. So, if you want to think about where AI can go from here, you can look back 25-plus years and see that the difference between then and now is, well, like magic, and then start to think about 10, 15 or 25 years from now. Cheers, Paul "When you ask for several years of claims data so you can train the AI, you find you're dealing with all kinds of messy issues. Unfortunately, nobody with decision authority thought about the kind of data you’d need in the future for AI...and it may be a while before they do." —Tom Warden, CLARA Analytics Read the Full Interview READ MORE Role of NLP in Claims Management Natural language processing can transform a burdensome process, freeing claims professionals to apply their expertise where it makes the biggest difference. Read More Elon Musk Is Wrong About Artificial Intelligence In painting a rosy and likely unrealistic picture of what AI can and can't do, Elon Musk has, in our view, misled the public about how far we still have to go. Read More 'Intelligent Decision-Making' Is the Future An increase in digitization, the rise of AI and better value-tracking methodologies have paved the way for more advanced technology like "intelligent decision-making." Read More The Risks of AI and Machine Learning If the proper guardrails and governance are not put into place early, insurers could face legal, regulatory, reputational, operational and strategic consequences down the road. Read More How AI Can Solve Prior Authorization Physicians spend nearly two full business days per week on prior authorization requests as part of an antiquated, manual process. Read More The Way to Address Climate Change Climate change is one of the most pressing issues in the insurance industry today, but forward-thinking insurers have found the way to combat it: AI. Read More FEATURED THOUGHT LEADERS Kieran Wilcox Vivek Wadhwa Stuart Rose Anthony Habayeb Mark Scott Guy Attar View all ITL FOCUS topics

Early in the year, I was working on an assignment and needed a change management maturity model. I was surprised that, with the exception of one from Prosci and another from the Change Management Institute (CMI) (slide 9 of the presentation here), there didn’t seem to be much out there.

Neither of the big-name versions quite hit the spot for me. For me, the Prosci version has some good content in the accompanying article, but not so much in the model itself. And I personally don’t find the CMI’s three dimensions of Driving, Receiving and Implementing very helpful for telling me how to improve an organization’s change management capabilities.

It was a short assignment, and time was pressing, so I made do with what I had. But for the past few months I’ve been waiting for a chance to have a go myself. And now that chance has come.

Here, then, is my own change management maturity model:

See also: COVID-19: Implications for Business Models

As a dyed-in-the-wool management consultant, I couldn’t help but start with the three old stalwarts of People, Process and Technology. Though for change management, I felt that useful Tools and Templates, in whatever formats, should be the focus rather than technology in the IT sense. That’s not to say that technology is ignored – it just comes in at an advanced level of Tools and Templates maturity.

Process and People are, as you would expect, covering the “how” of change management and the extent to which people have the skills and expertise to drive it.

However, I did feel it important that the Process dimension reflect both:

• The importance of having proper project management in place before trying to add change management; and
• The need to support non-waterfall delivery approaches such as agile, and to be able to accommodate those from a change management perspective.

At this point, I shared my thinking with my friend Katherine Rozakis of Toptal, and she persuaded me that:

• Where People, Process and Technology are found, Strategy and Governance are likely to be needed, too; and
• Communication and Engagement are such critical components of change management that they demand a dimension of their own.

So I added those as my fourth and fifth dimensions.

From my many years seeing the change management aspects of projects and programs being de-scoped, de-funded or just downright ignored, I also believe that an organization’s Culture, specifically in relation to its understanding and acceptance of the need for professional change management, is often the critical missing piece. So I made Culture my sixth, and final, dimension.

Today, most means of protection are “mounted.” This means that information systems are designed separately from security systems. Protection is implemented on top of the infrastructure, like a network. But this approach does not always work, especially in post-COVID times, when the number of phishing threats has increased by 600%. Every day, mass media report about leaks, hacks, blackmail and other cyber incidents. Standard protection is becoming scarce, so organizations have turned to a new and promising trend in cyber resilience – Security by Design (SbD). What is its essence and how does it help businesses?

How has COVID-19 affected cyber resilience?

A cyber-resilient organization can withstand cyber-attacks and recover quickly, without significant damage. Whereas cybersecurity combines tools and technologies that keep attackers away, cyber resilience focuses on addressing the business impact of attacks.

To implement cyber resilience, it is necessary to perform four important operations:

• protection
• detection
• response
• recovery

Cyber ​​resilience shapes long-term thinking. An organization creates a fault-tolerant system that ensures business continuity.

Even though the number of cyberattacks is growing together with the increasing number of applications, IoT devices and Internet users, a real cyber boom occurred in 2020. Attackers took advantage of the situation with COVID-19 and began to send out emails everywhere allegedly on behalf of the World Health Organization (WHO), tricking people into clicking on a link that would ostensibly provide recommendations on combating coronavirus or list statistics for a particular region.

The next situation that created a stir among criminals was the transition of employees to remote work. This is where incidents with organizations that did not prepare virtual private network (VPN) servers for possible attacks rained down. Corporate denial-of-service (DoS) attacks became commonplace. The attackers used corporate emails to send purportedly updated workplace policies concerning COVID-19 to remote employees.

For organizations, these risks can cost $3.9 million to cope with blackmail, $20 million in GDPR fines, financial losses due to downtime and loss of reputation. That is why organizations should rethink their “cyber defense after incident” approach and move toward an embedded solution: Security by Design.

Infographic 1: https://www.amdhservicesltd.com/wp-content/uploads/2021/12/CyberResiliencyInfographic-scaled.jpg

See also: Time to Focus on Cyber Resilience

Security by Design: What defines this approach to cyber resilience?

Security by Design refers to how organizations think about cybersecurity at the start of a project. Developers design an application so as to reduce the number of vulnerabilities that can compromise the company's security.

The security lifecycle is the same as the software development life cycle (SDLC) of a product: it starts with an idea and ends with delivery and support. During software creation, specialists constantly monitor possible cybersecurity risks and eliminate them.

Security by Design includes the following processes and practices:

Checkpoints

Checkpoints are temporary points in the software life cycle. At each point, the security of the system is assessed, and the decision is made to continue or terminate the project.

Actions

These are the procedures that keep a system secure. For example, the same technical tasks that test the stability of the system are performed alongside software development.

Plan

A plan defines the steps that need to be taken when creating software to achieve the goal of Security by Design.

With the Security by Design approach, developers implement security early in the SDLC. System or application security is planned as part of the architecture from the start.

Security specifications are encoded in templates and ensure that the desired configuration is present. At the same time, if the infrastructure changes, it is not necessary to do an audit. An in-depth security assessment is also not required if infrastructure patterns change significantly. With Security by Design, there is less repetitive work to be done and more attention to real problems is paid.

Infographic 2: https://personalinteractor.eu/wp-content/uploads/2015/11/secure-by-design.jpg

Principles of Security by Design

For Security by Design to function, you need to keep to its three principles.

Principle 1. Minimum attack surface area.

An attack surface includes all external points of entry and communication of the system. The attack surface can be associated with:

• software (OS, libraries, read/write access);
• a network (open ports, active IP address, network flows, protocols);
• a human (phishing, social engineering).

A defense system with a wide attack surface is more vulnerable to cyber threats because it is more difficult to set up. When all entry points are defined, it is worth involving proven monitoring and protection tools. A very complex and vulnerable security system should be constantly assessed for reliability.

To reduce the attack surface, it's important to strengthen defense and close underused services and ports. This will limit the likelihood of remote interaction with this system.

Principle 2: Least privilege.

The administrator should only have access to certain administrative zones. Tasks, roles and rights should be distributed among employees who interact with a corporate network. When the environment is partitioned, it is more difficult to compromise it. Even if an attack occurs, it will have limited consequences.

Principle 3. Defense in depth.

Defense in depth means that a combination of security methods or tools is used to prevent hacks. To set up such a defense, you should take the following steps:

• set security goals
• create a system architecture to define control and evaluation points
• develop a defense policy
• regularly monitor the protection against attacks

Infographic 3: https://blogs.sap.com/wp-content/uploads/2021/11/2sec.jpg 

See also: Raising the Bar on Data Privacy

Why is Security by Design important for companies?

Security by Design is important for the following reasons:

Security is harder to implement in an evolving system

Moreover, it may take time and additional funds to correct the problems that have arisen in the reliability of a system. In a competitive environment where time to market can make or break a business, leaders are looking to accelerate product development. Therefore, the development and testing of cybersecurity are often ignored, because they consider it unnecessary work.

But such a rush will result in security problems and even greater costs in the future. Experts say that addressing protection issues at an early stage costs one one-hundredth as much as at a later stage. Companies that provide cybersecurity resilience services can help you avoid this waste.

Popular IoT devices are not always reliable

Users are buying IoT devices for their homes more often and trust them with personal information. But this trust is not always proven efficient.

Hackers exploit consumer devices' weak security and 24/7 connectivity (toasters, washing machines or webcams). Even though IoT devices have limited power and memory, they can be gathered in botnets into a huge army of robots. Compromised devices are used to hack into equipment on the same network, steal personal data or perform other illegal activities.

The number of cyberattacks is growing

There are at least 20 types of cyber attacks in the world, and this list is regularly updated with new advanced types. Approximately 300,000 items of malware are generated daily by cybercriminals, and a hacker attack occurs every 39 seconds. Moreover, both small and large organizations suffer from such incidents.

This statistic suggests that Security by Design will soon be no longer a recommendation but a vital part of the cybersecurity resilience of companies of all levels and sizes.

Conclusion

The pandemic has forced businesses to go online and embrace digital business practices. As business models become dependent on technology, companies should pay more attention to cybersecurity and increase investment in tools for reducing cyber risks.

One-size-fits-all cybersecurity solutions are rarely appropriate for specific organizations with different IT infrastructures. Therefore, it will be better to have a reliable cyber security partner – an IT company that will conduct cyber resilience assessment and create a custom solution to protect company assets.

The flash flooding in Texas over the weekend and into Monday crystallizes a concern that has increasingly troubled climate scientists, something that might be called "super rain." 

The issue is partly the sheer amount of rain that can fall in a single storm because global warming lets summer air carry much more moisture. Even more, the issue is how fast that rain can fall. The flooding in Texas, for instance, occurred not just because more than 15 inches of rain fell in parts of Dallas in a 24-hour period on Sunday and Monday (more than two summers' worth of rain) but because three inches of that rain fell in a single hour on Sunday -- almost half a summer's worth of rain, just like that.

Hotter weather exacerbates the problem by baking the ground, creating conditions where more water runs off rather than being absorbed. Wildfires increasingly expose more ground to the effects of that hotter weather. And, as cities grow, they pave over more ground that could absorb rain, yet sewer systems haven't been upgraded.  

Sounds like a job for insurance, right? By pricing the growing risk accurately, insurers can send important signals to policyholders, and risk managers can counsel cities, business and individuals about how to better protect their properties against "super rain." 

“The infrastructure we have is really built for a climate we are not living in anymore,” said Andreas Prein, a scientist at the National Center for Atmospheric Research (NCAR) who studies extreme precipitation.

The Washington Post article that quoted Prein also said that "an analysis of weather data by the nonprofit group Climate Central found that nearly three-quarters of locations the group examined around the country have experienced an increase in the amount of rain falling on their annual wettest day since 1950 — particularly along the Gulf Coast and Mid-Atlantic. The numbers show that 2021 was a record-setting year for extreme rainfall events, with dozens of places logging their wettest day in generations."

"Super rain" exacerbated the flash flooding late last month in eastern Kentucky and St. Louis. The Washington Post reported:

“'What happened was way more than the system — any system — can handle,' Sean Hadley, spokesman for the Metropolitan St. Louis Sewer District, said of the recent storms that dumped more than 9 inches of rain there in a matter of hours, shattering the previous daily record from 1915.

"The record-crushing rain in St. Louis inundated storm drains and creeks. Sewage backed up into homes. The River des Peres swelled beyond its banks. The area’s sprawling drainage systems, parts of which date to the 19th century, were quickly overwhelmed.

“'It was just too much water,' Hadley said."

The article added:

"The problem of more frequent and extreme precipitation is not only national but also global. Europe saw deadly flooding after severe rains last summer. Parts of Australia have endured tremendous rainfall in recent days, putting Sydney on track for its wettest year on record. Parts of China have experienced devastating floods this summer, fueled by rainfall that, at least in one area, dumped 3.3 inches in a single hour."

A CNN article says the flooding in Texas occurred partly because of what it calls "flash drought." The state had suffered from its second-longest drought since weather records began to be kept in the late 1800s, then, whoosh, the rock-hard ground gets hammered by a massive rain storm.

Even Texas' cherished football fields fell victim. The picture below is from the SMU stadium, where that artificial turf is going to need some work.

The CNN article adds: "A larger share of precipitation in recent years has come during 'intense single-day events,' and the likelihood of sudden shifts from severe drought to heavy rain will become more common on a warming planet, scientists say. Indeed, nine of the top 10 years for extreme one-day precipitation events have occurred since 1996."

A problem as large and complex as "super rain" won't be easy to address. Cities will have to update their sewer systems and rethink how water runs off after a storm -- some cities have begun removing pavement in certain areas and are experimenting with other ways to have land soak up water in a storm. Weather forecasting will need to continue to improve, so businesses and people get more warning and can get valuable assets -- including themselves -- out of harm's way. 

But insurers can play a leading role. They can identify areas that are becoming increasingly vulnerable and, through pricing, signal the dangers to those who work or live there or are considering doing so. Insurers can also continue the steady -- but too slow -- progress on flood models to identify dangers. Many areas that haven't been designated as in flood plains are, we're learning, actually vulnerable, and models can incorporate much more information about elevation than they have historically -- if your house and mine are both in a high-risk area, but your house is built on ground just 15 feet higher than mine, you're in much better shape. 

Insurers, sometimes in concert with governments, can also counsel businesses and individuals about how to harden their properties against flooding threats, including those from "super rain." In addition, insurers can set up systems to warn clients of approaching weather dangers, as some auto insurers have begun to do when hail is possible. 

In a small first step, FM Global said recently that it will provide a 5% reduction in annual premium to policyholders to encourage them to better protect their property against wildfire, floods, hurricanes and other risks. The company estimates that the credits will total $300 million.

Others will, I hope, also experiment with ways to encourage prevention and protection. It'll always be a losing proposition when two summers' worth of rain hits you in a 24-hour period, a fifth of that in a single hour, but the problem figures to just keep getting worse, so we need to start tackling it.

Cheers,

Paul 

Climate change poses the most significant set of risks ever facing humanity. Here are a few facts to consider:

• The hottest decade in 125,000 years was 2010-2020.
• Atmospheric CO2 is at the highest level in 2 million years.
• 1.2 trillion tons of sea ice are melting annually, and the melting is accelerating.
• As temperatures rise, we are approaching a tipping point where the oceans, which have been absorbing CO2 emissions for over a century, will begin to release CO2, accelerating the impacts of climate change. 
• The impacts of climate change are resulting in serial multibillion-dollar catastrophe losses.  

Although there is a lot of discussion about the industry’s heroic response to the threats associated with climate change, we argue that the aggregate industry response is underwhelming. Some facts that support this point of view:

• There is a $1.4 trillion protection gap that is growing. I.e., the industry is competing for the easy risks and relying on individuals and the public sector to underwrite the difficult risks. 
• Finance and insurance together represent about 8% of U.S. GDP but only 1.7% of U.S. domestic R&D. 
• Although insurtech investment has increased dramatically in recent decades, only 10% of it is going toward product development, and only a small percentage of that is going toward building climate risk-relevant products. According to McKinsey, the result is that “[Premium] growth is coming from price increases rather than from volume or new risks covered, highlighting a risk that the industry might lose its relevance over time.”

It is undeniable that the industry in aggregate is retreating from risk, at a time when society needs it to run toward the most severe risks that threaten us. That is the definition of a market failure. The industry has a unique set of capabilities that could and must be fully deployed. 

The industry can and should invest in developing climate risk relevant products and services that enable it to meet the needs of customers. Specifically, the industry should invest in insurance products and services that will accelerate the transition to a low-carbon economy, encourage investments into resilient infrastructure and close the protection gap.

Paradigm Shifts

Running toward risk requires new capabilities and a new mindset. We think the following six areas provide opportunities for the sector to fundamentally change its approach and assumptions. We also think that these paradigm shifts present opportunities to both be successful from a business perspective and do good for society. 

Better Analyze and Communicate Risks

The industry needs better analytic tools for projecting risk-related costs three to 20-plus years into the future, factoring in changes in climate and resilience. These tools need to be applied in ways that benefit policyholders, not just to manage risk to carrier balance sheets. This approach must include providing climate risk-related insights to smaller, less sophisticated policyholders and to vulnerable populations.     

Although the industry needs new capabilities, the industry already has extensive risk-modeling capabilities that could better support the critical decisions policyholders are making today. The industry underestimates the value that policyholders, especially smaller and less sophisticated policyholders, can get from already available analytical approaches that are largely not made available to policyholders.  

Increase Price Transparency

Insurance pricing quantifies and signals how climate risks cascade down to individual policyholders. Unfortunately, insurance pricing is affected as much by other forces like market cycles and individual company competitive postures, which dilute the risk-signaling role that insurance prices should have. The biggest obstacle to price transparency is the combination of one-year policy terms, an overreliance on engineering policy language to avoid risks and marketing campaigns that focus on price but ignore risk.  This combination of tactics distorts policyholder understanding of their own risk and breeds distrust with the public when their losses end up not being covered. 

Increased price transparency will enable policyholders to better understand their risk and make better risk management decisions, including the buying of insurance. Customers will make better decisions if they start with a clear understanding of their total cost of risk over a long time horizon. The insurance industry is in the best position to communicate and help policyholders understand their risk. Efforts to do so will create true and trusted partner relationships with policyholders. 

See also: Time to Move Climate Risk Center-Stage

Expand Appetite for and Understanding of Complex and Cascading Risks

The scope and nature of risk is increasingly complex and connected, creating cascading loss events that are difficult to understand and underwrite. That doesn’t make them any less significant to policyholders. The industry needs to invest in better understanding complex systems. This will require moving beyond traditional actuarial modeling toward more significant investments into scenario planning using highly sophisticated digital twin technologies that capture second- and third-order interdependencies. 

Support Community-based Solutions

Asset-specific risk assessment and underwriting ignores the complex connection issues and also puts the most vulnerable communities at risk of being left behind when it comes to getting insurance. The industry should be working with the public sector to figure out how to deliver solutions to whole communities in a way that leaves no stakeholders behind. Insurance carriers need to be building these capabilities now on their own terms, before governments and regulators force it upon them.

Promote Loss Prevention and Mitigation

The size and scope of climate risk is not transferable without investments in prevention and mitigation. All of the above paradigm shifts are designed to position the industry to better support loss prevention and mitigation. We believe that climate risk will require more carriers to make loss prevention and mitigation a strategic capability. Companies like FM Global and a number of technology-driven startups are leading the way. 

Companies will also need to more seriously consider how asset-side investments into resilient infrastructure can deliver indirect returns through better insurance underwriting results. It is not enough to just lobby the public sector to invest more into resilient infrastructure.  

Increase Outside Capital

The growth of ILS, catastrophe bonds and other forms of alternative risk capital have been tremendous over the past few decades. Regardless, the scope and nature of climate risks will require much more and different capital going forward. Mission-driven and non-risk-correlated capital providers, including public sector grant funding, can tolerate risks that are less palatable to traditional insurance providers. High-risk-correlated capital providers such as associations of carbon-intensive industries could invest capital that provides multiple return streams by mitigating losses to the collective. Traditional capital providers that are innovative will create opportunities for their own business models by helping non-traditional players to better understand risk and deploy capital more efficiently.  

Running Toward Risk

The industry has a long history of boldly leading the response to emerging risks, including the introduction of trans-global shipping in the 1600s, industrialization in the mid-1800s and electrification and the aerospace industry in the early 1900s. It’s time for the industry to step up on climate change. 

There is no doubt that climate risks may challenge the solvency of companies and maybe even the sector. It will also challenge the very fabric of society and potentially the existence of the planet as we know it.  Remaining solvent and generating profits, although important, are neither sufficient nor praiseworthy ambitions for a sector that exists solely to respond to risk. The industry should take bold steps to close the protection gap, accelerate the transition to a low-carbon economy and deliver security to the communities that are most vulnerable and least capable to respond to the impacts of climate change. Doing this will require significantly higher levels of R&D than most of the industry is used to. 

The companies that rise to meet these challenges will be greatly rewarded with less competition, customer recognition and regulatory favor. The winners of future market share will not be focused on how to avoid risk, they will be running toward risk with skill and confidence. 

As a driven entrepreneur, you will encounter challenges and rewards far beyond the average employee’s. Navigating these ups and downs can be as challenging as steering a ship through a storm on the high seas, but I’ve done both—and lived to tell it can be done.

Most entrepreneurs don’t just want to be entrepreneurs—they have to be entrepreneurs.

The lessons I learned sailing the seas have served me just as well on land. Here are seven tips about entrepreneurship that sailing has taught me:

1. Know the terminology

In sailing, understanding boating terms like aft, starboard and leeward is vital to working with your crew and operating your vessel. The same is true in business. If you can’t speak the language of your clients and your competition, your next deal may get lost in translation.

Attending conferences and taking courses are both great ways to learn new terms and highlight that there’s a reason why you’re the expert.

2. Know the destination

The captain and crew must know the final destination when sailing. Without a final destination and key waypoints, the team won’t know where the ship is going, and you’ll risk getting lost at sea. Scan the sailing route to port, starboard and ahead. Look for rocks, wrecks and lobster pots. There are always obstacles!

Similarly, a business leader must have a vision of what their business is all about: what it does, how it serves its stakeholders and where it is going. Moreover, a business leader must articulate this vision to inspire the team to work together toward a common goal.

3. Use trends like the wind

When sailing, jibing and tacking help you manipulate the winds to steer your vessel in the right direction. In business, trends are your winds, and you need to understand which direction they’re heading. Take a few minutes daily and bring yourself up to speed on the latest global and local trends.

Aggregators like Feedly or SmartNews, along with social media feeds, keep you on the cutting edge and aware of which way the wind is blowing.

4. Learn when to tighten or ease the sheet

The sheet is a line or rope used to adjust a sail against a force of wind. In business, you need to consider when to tighten or loosen your budget and your business’ growth in line with your sales cycle and market forces.

Markets ebb and flow, and your business will, too. Tracking these fluctuations over time will help inform the ideal time to launch marketing campaigns and hire employees or tighten the purse strings.

See also: The Evolution of Leadership Intelligence

5. Adjust quickly and wisely to a changing climate

The weather can change instantly when you’re sailing, and you need to know how to use the sails to compensate, navigate under harsh conditions and capitalize on whatever is thrown at you. It’s not much different when you’re a business leader.

Like the weather, business is constantly moving and changing. Whether you’re steering your ship at sea or driving your business on land, it takes experience and, at times, raw courage to weather the storm. So, see each storm as a chance to gain experience for the next one and know that sometimes you simply need to batten down the hatches – and wait it out.

6. Take care of your crew

As captain, you must take care of your crew and ensure there’s adequate food, water, sunscreen and other resources. Additionally, it’s the captain’s responsibility to intervene if crew members create a toxic environment or make others feel uncomfortable. When we win, we win together, and we always celebrate our successes.

Just like in business, leaders must maintain a safe and secure work environment, treat everyone with respect and dignity, create an atmosphere of empowerment and creativity to build confidence and self-esteem and permit them to grow in a way that gives meaning and purpose to their lives.

Whether in business or sailing, leaders must value each member as someone who keeps the boat sailing toward its intended objective.

7. Be decisive

It can take an entire crew to run a sailboat, but they won’t work effectively without a captain calling the shots. The crew relies on your vision, tenacity and experience to guide their actions. Without this direction, no one will know which way to travel.

As the captain of a ship or a business, you spend your days adjusting your sails, guiding the crew and navigating dangerous waters.

8.  Surprise

Yes, I said seven things… but as a sailor you always have a surprise or two thrown in. In February 2020, I was part of a multi-hull race crew, and we were practicing a few miles off St. Maarten when our catamaran de-masted. Fortunately, no one was injured, but we had a critical situation that none of us had experienced before. We made sure all were safe, came together, dragged the mast and the sails back on board and limped back to port to sail another day. When I got home, the following month we learned of COVID and the pandemic and had to change how we did business.

Be prepared for surprises. Keep your life jackets handy.

If you’re on the verge of starting a business or taking it in a new direction – always keep your hands on the helm and remember:

The pessimist complains about the wind.

The optimist expects it to change.

The leader trims the sails and sets a new course.

Extreme weather and a challenging insurance market are taking a toll on homeowners. 

The potential for fires, hurricanes and floods makes them feel very vulnerable when it comes to safeguarding their homes and to getting and retaining insurance at a reasonable premium, according to the Private Risk Management Association 2022 Outlook Survey (PRMA). The survey analyzed responses from 145 PRMA insurance agents and brokers representing 30,000 high-net-worth clients. The results give us insight into the mindset of clients and the stressors keeping them awake at night.  

Breaking Down the Data

Based on the data, there may be many more sleepless nights ahead. Extreme weather and climate-related events are becoming more prevalent and more costly. During the last five years, there were 89 weather and climate disasters in the U.S., causing $788 billion in damage, according to the National Oceanic and Atmospheric Administration. In 2022 so far, there have been nine events with losses exceeding $1 billion each. These extreme scenarios have had a devastating financial impact on insurers and homeowners. In some regions, the cost of coverage has increased by double digits. In markets such as Florida and California, concerns about whether coverage will be affordable and available weigh heavily on homeowners’ minds. According to the PRMA Outlook survey: 

• 78% of PRMA agents nationwide believe their clients are worried about the ability to get and retain coverage at a reasonable premium. 
• Nearly 62% say that the potential for catastrophic weather (hurricanes, floods, fires) makes their clients feel vulnerable.

See also: Extreme Weather, COVID, Home Claims

Ensuring Insurability: What Homeowners Can Do

As troubled as homeowners are by the thought of losing coverage, retaining it may rest in their hands. Risk management professionals must diligently work with their clients to educate them about steps to protect their homes better and ensure their homes’ insurability. Many factors can go into fortifying a home and protecting our families, but let’s focus on several practical steps.

1. Manage Risk. While so much is out of our control with weather, there is still so much within our control when it comes to safeguarding our homes. Regardless of location, all homeowners should consider:

• Creating a personal preparedness plan to secure their homes and protect their families. 
• Installing a leak detection system within the home to avoid water damage, which is one of the most common causes of claims. 
• Making sure there’s a properly installed and working sump pump, regardless of whether homeowners are in a flood zone.
• Taking other measures that depend on the homeowner’s location, such as landscaping maintenance. Trimming branches that hang over the home can prevent damage during a big storm or even help prevent the spread of fire.
• Upgrading windows and doors to impact-resistant or fire-resistant material.   

2. Work With an Insurance Professional. An insurance professional can advise homeowners by asking the right questions to ensure adequate coverage. We recommend meeting with your insurance adviser at least once a year. Be prepared to answer questions such as: 

• If your home suffered a total loss, how would you like it rebuilt?
• What recent renovations have been done to your home?
• With the increase in supplies and inflation, how much are you willing to pay out of pocket to repair your home?

3. Bring the Right People to the Table. Over half of risk managers believe clients do not have a good understanding of the importance of having the right people at the table, especially during a major construction project. However, insurance agents and carriers have learned a lot through the number of claims they have seen. The benefit of having them collaborate with a contractor before a construction project is critical to help minimize risks related to several factors such as security, water damage and fire safety. These mitigation techniques are easier to implement during the building process rather than after construction. 
4. Awareness of Other Exposures. With our PRMA membership seeing about a third of clients venturing into sharing economy activities, such as renting their swimming pools, cars, tennis courts or land, clients are often unaware of their unique exposures. This is another opportunity for families to communicate with their children and insurance adviser on how participating in such activities can affect their insurability. 

Homeowners do not have to become experts on any of these steps, but the more they communicate with an insurance professional they trust, the more likely they are to be prepared. And while insurers are there to guide them, it’s up to every homeowner to implement measures that reduce their risk and the possibility of losing coverage.