Tag Archives: hartwig

Cyber Risk: The Expanding Threat

Summary

— Interest in cyber insurance and risk has grown beyond expectations in 2014 and 2015 as a result of high-profile data breaches, including a massive data breach at health insurer Anthem that exposed data on 78.8 million customers and employees and another at Premera Blue Cross that compromised the records of 11 million customers. The U.S. government has also been targeted by hackers in two separate attacks in May 2015 that compromised personnel records on as many as 14 million current and former civilian government employees. A state-sponsored attack against Sony Pictures Entertainment, allegedly by North Korea, made headlines in late 2014.

— Cyber attacks and breaches have grown in frequency, and loss costs are on the rise. In 2014, the number of U.S. data breaches tracked hit a record 783, with 85.6 million records exposed. In the first half of 2015, some 400 data breach events have been publicly disclosed as of June 30, with 117.6 million records exposed. These figures do not include the many attacks that go unreported. In addition, many attacks go undetected. Despite conflicting analyses, the costs associated with these losses are increasing. McAfee and CSIS estimated the likely cost to the global economy from cyber crime is $445 billion a year, with a range of between $375 billion and $575 billion.

–Insurers are issuing an increasing number of cyber insurance policies and becoming more skilled and experienced at underwriting and pricing this rapidly evolving risk. More than 60 carriers now offer stand-alone cyber insurance policies and insurance broker Marsh estimates the U.S. cyber insurance market was worth more than $2 billion in gross written premiums in 2014, with some estimates suggesting it has the potential to grow to $5 billion by 2018 and $7.5 billion by 2020. Industry experts indicate rates are rising, especially in business segments hit hard by breaches over the past two years.

— Some observers believe that cyber exposure is greater than the insurance industry’s ability to adequately underwrite the risk. Cyberattacks have the potential to be massive and wide-ranging because of the connected nature of this risk, which can make it difficult for insurers to assess the likely severity. Several insurers have warned that the scope of the exposures is too broad to be covered by the private sector alone, and a few observers see a need for government coverage akin to the terrorism risk insurance programs in place in several countries.

See the full white paper here.

Are Market Cycles Finally Ending?

The property/casualty industry has been characterized by its market cycles since… well, forever. These cycles are multi-year affairs, where loss ratios rise and fall in step with rising and falling prices. In a hard market, as prices are rising, carriers are opportunistic and try to “make hay while the sun shines” – increasing prices wherever the market will let them. In a soft market, as prices are declining, carriers often face the opposite choice – how low will they let prices go before throwing in the towel and letting a lower-priced competitor take a good account?

Many assume that the market cycles are a result of prices moving in reaction to changes in loss ratio. For example, losses start trending up, so the market reacts with higher prices. But the market overreacts, increasing price too much, which results in very low loss ratios, increased competition and price decreases into a softening market. Lather, rinse, repeat.

But is that what’s really happening?

What’s Driving the Cycles?

Raj Bohra at Willis Re does great work every year looking at market cycles by line of business. In one of his recent studies, a graph of past workers’ compensation market cycles was particularly intriguing.

chart1

This is an aggregate view of the work comp industry results. The blue line is accident year loss ratio, 1987 to present. See the volatility? Loss ratio is bouncing up and down between 60% and 100%.

Now look at the red line. This is the price line. We see volatility in price, as well, and this makes sense. But what’s the driver here? Is price reacting to loss ratio, or are movements in loss ratio a result of changes in price?

To find the answer, look at the green line. This is the historic loss rate per dollar of payroll. Surprisingly, this line is totally flat from 1995 to the present. In other words, on an aggregate basis, there has been no fundamental change in loss rate for the past 20 years. All of the cycles in the market are the result of just one thing: price movement.

Unfortunately, it appears we have done this to ourselves.

Breaking the Cycle

As carriers move to more sophisticated pricing using predictive analytics, can we hope for an end to market cycles? Robert Hartwig, economist and president of the Insurance Information Institute, thinks so. “You’re not going to see the vast swings you did 10 or 15 years ago, where one year it’s up 30% and two years later it’s down 20%,” he says. The reason is that “pricing is basically stable…the industry has gotten just more educated about the risk that they’re pricing.”

In other words, Hartwig is telling us that more sophisticated pricing is putting an end to extreme market cycles.

The “what goes up must come down” mentality of market cycles is becoming obsolete. We see now that market cycles are fed by pricing inefficiency, and more carriers are making pricing decisions based on individual risks, rather than reacting to broader market trends. Of course, when we use the terms “sophisticated pricing” and “individual risk,” what we’re really talking about is the effective use of predictive analytics in risk selection and pricing.

Predictive Analytics – Opportunity and Vulnerability in the Cycle

Market cycles aren’t going to ever truly die. There will still be shock industry events, or changes in trends that will drive price changes. In “the old days,” these were the catalysts that got the pendulum to start swinging.

With the move to increased usage of predictive analytics, these events will expose the winners and losers when it comes to pricing sophistication. When carriers know what they insure, they can make the rational pricing decisions at the account level, regardless of the price direction in the larger market. In a hard market, when prices are rising, they accumulate the best new business by (correctly) offering them quotes below the market. In a soft market, when prices are declining, they will shed the worst renewal business to their naïve competitors, which are unwittingly offering up unprofitable quotes.

chart2

Surprisingly, for carriers using predictive analytics, market cycles present an opportunity to increase profitability, regardless of cycle direction. For the unfortunate carriers not using predictive analytics, the onset of each new cycle phase presents a new threat to portfolio profitability.

Simply accepting that profitability will wax and wane with market cycles isn’t keeping up with the times. Though the length and intensity may change, markets will continue to cycle. Sophisticated carriers know that these cycles present not a threat to profits, but new opportunities for differentiation. Modern approaches to policy acquisition and retention are much more focused on individual risk pricing and selection that incorporate data analytics. The good news is that these data-driven carriers are much more in control of their own destiny, and less subject to market fluctuations as a result.

5 Ways Insurance Supports the Economy

Insurance affects everything, and everything affects insurance. It is generally understood that insurance allows those who participate in the economy to produce goods and services without the paralyzing fear that some adverse incident could leave them destitute or unable to function. However, few people are aware of the extraordinary impact the industry has on state, local and national economies. Here are five ways that happens:

Driving Economic Progress

The insurance industry is a major U.S. employer, providing some 2.6 million jobs, according to the Current Population Survey from the U.S. Department of Labor.

Insurers contribute more than $413 billion to the nation’s gross domestic product.

In 2013, property/casualty insurers and life insurers incurred federal and foreign taxes of about $20.6 billion. Insurance companies, including life/health and property/casualty companies, paid $17.4 billion in premium taxes to the 50 states in 2013, or about 2% of all state taxes.

Investing in Capital Markets

Insurance companies also help support the economy by investing the funds they collect for providing insurance protection. The industry’s financial assets were about $6 trillion in 2013, including $1.2 trillion for the property/casualty sector and $4.7 trillion for the life sector.

In 2013 alone, property/casualty insurers’ holdings in municipal bonds totaled $326 billion, according to the Federal Reserve. Life insurers held $1.8 trillion in corporate stocks and $2.2 trillion in corporate and foreign bonds in 2013, according to the Federal Reserve.

Supporting Resiliency and Disaster Recovery

Property/casualty insurers covered $35 billion in catastrophe losses in the U.S. in 2012 and $12.9 billion in 2013, according to the Property Claim Services (PCS) division of Verisk.

Supporting Businesses, Workers, Communities

Property/casualty insurers pay out billions of dollars each year to settle claims.  Many of the payments go to local businesses, such as auto repair companies, enabling them to provide jobs and pay taxes that support the local economy.

Life insurance benefits and claims totaled $586 billion in 2013, including life insurance death benefits, annuity benefits, disability benefits and other payouts. The largest payout, $249 billion, was for surrender benefits and withdrawals from life insurance contracts made to policyholders who terminated their policies early or withdrew cash from their policies.

Empowering Lenders

Specialized insurance products protect lenders and borrowers, shielding businesses such as exporters from customer defaults and facilitating the financing of mortgages and other transactions. These products include credit insurance for short-term receivables.

Credit insurance protects merchants, exporters, manufacturers and other businesses from losses or damages resulting from the nonpayment of debts owed them for goods and services provided in the normal course of business. Credit insurance facilitates financing, enabling insured companies to get better credit terms from banks.

For the full report from which this article is adapted, click here. 

TRIA Non-Renewal: Effect on P&C?

Losses stemming from the destruction of the World Trade Center and other buildings by terrorists on Sept. 11, 2001, totaled about $31.6 billion, including commercial liability and group life insurance claims — not adjusted for inflation — or $42.1 billion in 2012 dollars. About two-thirds of these losses were paid for by reinsurers, companies that provide insurance for insurers.

Concerned about the limited availability of terrorism coverage in high-risk areas and its impact on the economy, Congress passed the Terrorism Risk Insurance Act (TRIA). The act provides a temporary program that, in the event of major terrorist attack, allows the insurance industry and federal government to share losses according to a specific formula. TRIA was signed into law on Nov. 26, 2002, and renewed for two years in December 2005. Passage of TRIA enabled a market for terrorism insurance to begin to develop because the federal backstop effectively limits insurers’ losses, greatly simplifying the underwriting process. TRIA was extended for seven years to 2014 in December 2007. The new law is known as the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA) of 2007.

This week, Congress failed to reauthorize TRIA before members adjourned for the holiday recess. Now, with the expiration of the law on Dec. 31, some businesses may be left without insurance coverage in the event of a terrorist attack on the U.S. Both houses of Congress have been discussing legislation that would set out the federal government’s involvement in funding potential terrorism losses, but bills proposed by the two houses earlier this year differed, and no extension was passed.

A report from the Wharton Risk Management and Decision Processes Center found that, under the current TRIA program, some insurers have already reached a level of exposure to losses from a terrorist attack that could jeopardize their ability to pay claims, based on a critical measure of solvency: the ratio of an insurer’s TRIA deductible amount in relation to its surplus. The report, “TRIA After 2014: Examining Risk Sharing Under Current and Alternative Designs,” found that as the deductible percentage rises, as it does under the Senate bill and proposals put forward in the House, more insurers have a deductible-to-surplus ratio that is above an acceptable level. The report also sets out in detail the amount the American taxpayer and federal government would have to pay under differing scenarios.

A RAND Corp. study published in April 2014 found that in a terrorist attack with losses of as much as $50 billion, the federal government would spend more dealing with the losses than if it had continued to support a national terrorism risk insurance program, because it would likely pay out more in disaster assistance.

A report by the President’s Working Group on Financial Markets made public in April 2014 generally supports the insurance industry’s view that the expiration of TRIA would make terrorism coverage more expensive and difficult to obtain.

The insurance broker Marsh released its annual study of the market, “2014 Terrorism Risk Insurance Report,” in April. Among its many findings is that uncertainty surrounding the potential expiration of TRIA significantly affected the property/casualty insurance market. Some employers with large concentrations of workers and companies with property exposures in major U.S. cities found that terrorism insurance capacity was limited and prices higher, and some could not obtain coverage at all. If the law is allowed to expire or is significantly changed, the market is likely to become more volatile with higher prices and limited coverage, the study concludes.

Before Sept. 11, 2001, insurers provided terrorism coverage to their commercial insurance customers essentially free of charge because the chance of property damage from terrorist acts was considered remote. After Sept. 11, insurers began to reassess the risk. For a while, terrorism coverage was scarce. Reinsurers were unwilling to reinsure policies in urban areas perceived to be vulnerable to attack. Primary insurers filed requests with their state insurance departments for permission to exclude terrorism coverage from their commercial policies.

From an insurance viewpoint, terrorism risk is very different from the kind of risks typically insured. To be readily insurable, risks have to have certain characteristics.

The risk must be measurable. Insurers must be able to determine the possible or probable number of events (frequency) likely to result in claims and the maximum size or cost (severity) of these events. For example, insurers know from experience about how many car crashes to expect per 100,000 miles driven for any geographic area and what these crashes are likely to cost. As a result, they can charge a premium equal to the risk they are assuming in issuing an auto insurance policy.

A large number of people or businesses must be exposed to the risk of loss, but only a few must actually experience one, so that the premiums of those that do not file claims can fund the losses of those who do.

Losses must be random as regards time, location and magnitude.

Insofar as acts of terrorism are intentional, terrorism risk doesn’t have these characteristics. In addition, no one knows what the worst-case scenario might be. There have been few terrorist attacks, so there is little data on which to base estimates of future losses, either in terms of frequency or severity. Terrorism losses are also likely to be concentrated geographically, since terrorism is usually targeted to produce a significant economic or psychological impact. This leads to a situation known in the insurance industry as adverse selection, where only the people most at risk purchase coverage, the same people who are likely to file claims. Moreover, terrorism losses are never random. They are carefully planned and often coordinated.

To underwrite terrorism insurance — to decide whether to offer coverage and what price to charge — insurers must be able to quantify the risk: the likelihood of an event and the amount of damage it would cause. Increasingly, they are using sophisticated modeling tools to assess this risk. According to the modeling firm AIR Worldwide, the way terrorism risk is measured is not much different from assessments of natural disaster risk, except that the data used for terrorism are more subject to uncertainty. It is easier to project the risk of damage in a particular location from an earthquake of a given intensity or a Category 5 hurricane than a terrorist attack because insurers have had so much more experience with natural disasters than with terrorist attacks, and therefore the data to incorporate into models are readily available.

One problem insurers face is the accumulation of risk. They need to know not only the likelihood and extent of damage to a particular building but also the company’s accumulated risk from insuring multiple buildings within a given geographical area, including the implications of fire following a terrorist attack. In addition, in the U.S., workers’ compensation insurers face concentrations of risk from injuries to workers caused by terrorism attacks. Workers’ compensation policies provide coverage for loss of income and medical and rehabilitation treatment from “first dollar,” that is, without deductibles.

Extending the Terrorism Risk Insurance Act (TRIA):

There is general agreement that TRIA has helped insurance companies provide terrorism coverage because the federal government’s involvement offers a measure of certainty as to the maximum size of losses insurers would have to pay and allows them to plan for the future. However, when the act came up for renewal in 2005 and in 2007, there were some who believed that market forces should be allowed to deal with the problem. Both the U.S. Government Accountability Office and the President’s Working Group on Financial Markets published reports on terrorism insurance in September 2006. The two reports essentially supported the insurance industry in its evaluation of nuclear, biological, chemical and radiological (NBCR) risk — that it is uninsurable — but the President’s Working Group said that the existence of TRIA had inhibited the development of a more robust market for terrorism insurance, a point on which the industry disagrees. TRIA is the reason that coverage is available, insurers say. The structure of the program has encouraged the development of reinsurance for the layers of risk that insurers must bear themselves — deductible amounts and coinsurance — which in turn allows primary insurers to provide coverage. Without TRIA, there would be no private market for terrorism insurance.

Studies by various organizations have supported a temporary continuation of the program in some form, including the University of Pennsylvania’s Wharton School, the RAND Corp. and the Organization of Economic Cooperation and Development (OECD), an organization of 30 member countries, many of which have addressed the risk of terrorism through a public/private partnership. The OECD said in an analysis that financial markets have shown very little appetite for terrorism risk because of the enormousness and unpredictability of the exposure. RAND argued not only that TRIA should be extended but also that Congress should act to increase the business community’s purchase of terrorism insurance and lower its price. RAND also advocated mandatory coverage for some “vital systems,” establishing an oversight board and increasing efforts to mitigate the risks.

For the full report from which this is excerpted, click here.

New Regulation After a Disaster: More Harm Than Good?

This business of insurance requires a certain level of clairvoyance, and no one owns a crystal-clear crystal ball. What we do own is historical data on the impact and aftermath of large-scale disasters – and like most of what’s in the rearview mirror, that image is sharp yet fleeting. Some may forget the lessons of the last disaster too soon, while others cast past events into stone as the basis for managing future catastrophes. What’s worse, however, is when a disaster prompts knee-jerk reactions that do more harm to the market than good.

Just like anyone else, insurers need certainty that the rules put in place to manage risk, pay claims and protect policyholders won’t change unexpectedly and immediately after Mother Nature plays her game.

After a natural disaster, “Monday morning quarterbacks” both proliferate and pontificate. Some of this can be positive. In fact, staring down disaster and deciding not to be a victim twice often triggers community conversations that lead to infrastructure improvements to help prevent such a scenario from ever getting a replay. However, not all hindsight is helpful, particularly when the rules going into the “game of risk” are not the same rules in the immediate aftermath. Think about it this way: You’ve got a team that runs drills, budgets for expenses and asks players to follow a certain game plan in preparation for the big football game. But on game day, the team arrived on the field to discover it’s not football they are playing, but lacrosse.

Of course, most rules have elasticity. Yet when the rules of insurance are changed after a hurricane, tornado, earthquake or flood, what sounds like a consumer-driven move often has unintended short- and long-range consequences that are truly not consumer friendly.

States make the rules

Contrary to public perception, insurance companies don’t set the rules. State legislators and regulators make the rules, which are codified within state statutes and the insurance contract. While the magnitude of recent disasters has made them game-changers, more often post-disaster moves result in actions that make it hard to figure out if anyone wins.

The most recent example is Superstorm Sandy. In New York, there were nearly 500,000 claims resulting from the October 2012 storm. Yet regulators mandated that claims adjusters needed to inspect properties within six days, rather than the 15 days that was in the rulebook before the storm. That may not sound like a big deal, but insurers weren’t handling Sandy claims in New York alone. There were almost as many claims in New Jersey and more than 60,000 claims in Connecticut. Getting to New York claimants faster made sense to New Yorkers, yet it sapped resources from deserving claimants in other states who also needed prompt attention.

Each state understandably, and admirably, wants to take care of its own. But in the immediate aftermath of a multi-state disaster, a stampede of mandates may be as disruptive as the disaster itself.

Policyholders pay the price

Unexpected requirements to hurry up the claims process puts speed at odds with thoroughness. That does not just mean the process is sloppy; rushing to close out a claim also raises costs. After Sandy, there were instances when insurers felt forced to pay out more in claims than what was warranted under the terms of the insurance contract. Insurers want to pay what they owe. No more, no less. Paying more than what is owed raises costs for everyone who was fortunate enough not to sustain damage. While getting more claims money sounds great from an individual claimant’s perspective, these additional, sometimes unwarranted, claims payouts are factored into determining surplus requirements for the next disaster. That makes all policyholders pay the price.

Insurance companies want to settle claims quickly. It’s in our DNA. There is little upside to drawing out the process when cause and effect are clear. But pushing speed over practicality is expensive for consumers and insurers alike.

Another program promulgated post-Sandy by both the New York Dept. of Financial Services and the New Jersey Dept. of Banking and Insurance was an emergency measure requiring mandatory participation by insurers in the mediation of non-flood claims if there was a claims dispute. Policyholders had to request mediation; insurers had to pay for it. It was a well-intentioned idea to keep litigation costs in check. The process was voluntary for policyholders, mandatory for insurance companies, and confusing for everyone. Because it was rolled out after the storm, there were a wide variety of interpretations of the process. Some people who were satisfied with their claim thought they had to attend a mediation. Storm survivors without flood insurance thought they had a chance of compensation with mediation. Don’t get me wrong: Mediation is a great option, and many other states have similar programs. However, quickly making a new program mandatory, without proper vetting and understanding by all parties involved, can make things more confusing than they need to be – particularly post-disaster when less confusion is what is needed.

Catastrophic events bring large losses, which causes insurers to review their underwriting performance. The only natural disaster that we can reasonably predict is a hurricane, and even before anyone knows exactly where a storm will make landfall, insurers review their portfolio of risk and determine how they’ll respond when the sky calms. Often, insurers will reevaluate their market position, which can lead to requests for rate increases, changes in coverage options, adjustments to terms and conditions and even making decisions to adjust their exposure in the market. These seemingly prudent moves aren’t easy to do and are made more complex after large-scale disaster.

After Sandy, New York regulators toyed with the idea (and rejected it) of restricting insurers from non-renewing no more than 2% of their book of business per territory. The current non-renewal limit is 4% on a statewide average. That’s not unlike forcing someone to put a purchase on their credit card that they know they can’t afford. Insurers decide to enter a market – or expand there – based on the rules and regulations currently in place. Where there is a pattern of restrictive, sudden rule changes post-disaster, few companies would choose to invest more capital there.

If an insurer decides to retreat from or exit a market, it’s not personal – it’s prudent. Restricting the ability to adapt to changes in risk exposure makes the market constrict. Florida’s experience is the test lab, if anyone is in need of proof.

The whole market suffers

The severity of losses following Hurricane Andrew in 1992 caught everyone by surprise. And, the resulting market crisis got worse when the insurance industry got bushwhacked. During a special session in 1993, the Florida Legislature imposed a six-month moratorium on cancellations and nonrenewal of personal property insurance policies. Then, things got worse. The moratorium was followed by a three-year phase-out plan that allowed an insurer to non-renew only up to 5% of its property policies within a 12-month period. That meant insurers were required to continue providing coverage at rates below what they needed. Yes, it was more than two decades ago, and we have long, painful memories and existing residual damage to show how those actions forced companies to remain strict on underwriting, even today. States that have imposed exit restrictions in the past may find that insurers do not want to enter or grow their business in the future.

It’s not only insurers that suffer financially from unanticipated actions. State resources suffer, too. In another special legislative session, the Florida Legislature changed the rules governing hurricane deductibles. Some people had the unfortunate experience of being hit by more than one storm during August and September 2004. To alleviate the financial hardship those storm victims were experiencing, the Legislature nixed the per event hurricane deductible and passed a law requiring only one annual hurricane season. The change cost the State of Florida money because reimbursements for multiple deductibles came from the Florida Hurricane Catastrophe Fund – the fund providing reinsurance for all insurers doing business in the state – reducing its assets by millions of dollars.** It cost all taxpayers dearly, including those who had no storm damage.

Unlike most other states, Florida’s largest insurance carrier is the state itself. Citizens Property Insurance Corp. was designed to be a state-run insurer of last resort; however, the company experienced tremendous growth following the 2004/2005 hurricane seasons when multiple storms hit and private insurers once again reevaluated their portfolios. The retreat was compounded by the fact that, in many areas of the state, Citizens was charging below market rates. The gap has been narrowed significantly in recent years, but it still exists.  The politicization of insurance in Florida is what made Citizens grow into the ninth largest insurer in the U.S. in 2012. Among the top 10 writers of insurers nationally, Citizens is the only insurer with all its business – and all its risk – in a single state.

Typically, insurers are expected to raise rates following a natural disaster if what happened seems to show that there is a greater chance for such an event to occur again. Florida’s hurricane history demonstrates it’s either boom or bust for insurers, and many carriers have posted losses even in the years that are hurricane-free.

Making sense out of chaos

Natural catastrophes are called disasters for a reason. It’s organized chaos – and sometimes, it’s unorganized chaos. To try to get their arms around the enormity of an event, regulators ask for claims data from carriers – and the thinking seems to be that more data is always better. The truth is that more data is expensive and time consuming to collect, especially when the requests entail delving into files that may not be catalogued in a format that insurance departments demand. Providing information for data reports is often not optional, and what regulators ask for after a major event is as changeable as the weather. Following Sandy, New York regulators made one-time data requests and gave insurers only a few hours to respond. Requests such as these could mean that the important work of handling claims gets delayed while employees have to divert their attention from taking care of people to taking care of paperwork.

Property insurance markets do benefit from regulation, but rules that change like the wind don’t help.

Natural disasters trigger emotional responses, and those responses are helpful in that they drive volunteers to show up to give both financially and physically to start the recovery process. But it’s the rational responses that bring the economic resources necessary to rebuild after disaster. The very rational action of paying claims that are owed is a responsible way to fulfill the parameters of the insurance contract in place at the time the disaster occurred.

What lawmakers and regulators should know is that working according to predictable outcomes is the key to balancing the needs of policyholders and businesses focused on recovery, and insurance is one of those businesses. There will always be multiple points of view, as well as numerous options. But disaster response and recovery should not be viewed as opposing forces protecting self-interest. Our collective focus should be on agreements in advance that serve everyone in the best way possible, knowing that the real risk and true costs of natural disasters remain unknown.

As we enter yet another hurricane season, it’s worthwhile to take a look at both market reaction and regulatory mandates that have proven to be, in effect, another disaster in the making.