Tag Archives: prevention

Future of Insurance Is… Not Insurance

The classical insurance business model has been successful for a long time but does not stack up to modern standards. Nowadays, just a policy no longer provides the best solution for managing risks. Why wait until something happens, when the technology and data are available to actually reduce the chance or impact of an unforeseen event? 

There is only one sensible way forward: to rebalance insurance and prevention. Integrate data, services and insurance policies and help customers manage risks in a way they feel comfortable with. 

I’ve named this the transformation from managing policies to managing risks. Connected Insurance, Smart Home/Smart Mobility or IOT-based insurance are relevant terms in this context. You would expect that insurers are well underway in preparing for this future.

The pressure to rebalance insurance with prevention is building

There are several drivers contributing toward the momentum for integrated, prevention-based safety and continuity solutions. Increased volatility and changing risks (related to climate, health, cyber, demography) are making safety and prevention particularly relevant and a traditional policy even less effective. The spread of connected devices and the rise of smart home offers significant potential to develop new value propositions. It’s becoming increasingly hard to explain to customers why “just a policy” is the best solution. 

Large-scale adoption is still something for the future 

I do see pockets of innovation in risk management and prevention initiatives. But the scale remains limited. It seems the devil is in the scale up. I have seen a lot of initiatives driven by motivated innovators that haven’t scaled up to serve a substantial portion of the customer base. Why? Let’s take a closer look at some barriers:

Barrier #1 – Not easy to find the right model

It’s one thing to set up a small operation or minimal viable product (MVP) safety and prevention concept that serves some customers. That already may be challenging for an average insurer, and scaling up requires something else: a sustainable business model, strong and stable partnerships and, not unimportant, insight to choose a scalable model that is attractive to customers. Too often, insurers take a plunge and create a safety and prevention solution with the best intentions, only to find it will never fly on a larger scale. That doesn’t mean safety and prevention concepts don’t work – it only proves that making the right design choices is not easy. If it didn’t work, you evaluate, regroup and try again with better design and implementation choices.

See also: A Self-Destructive Cycle in Insurance  

Barrier #2 – Chicken-and-Egg Business Case 

In decision making driven by business cases, a concept will get a fair chance when it makes financial sense within the current business model. That requires robust proof from actual data. Without data, no initiatives. Without initiatives, no data. That explains why so many risk and prevention activities remain largely driven from marketing and innovation budgets – that’s a different business case altogether. Large-scale adoption of prevention concepts is therefore limited to customer segments with high risks (e.g. young drivers), markets with mandatory safety requirements and those insurers that have a particularly effective internal prevention champion. Important, admirable but hardly fertile soil for building large-scale prevention concepts.

Barrier #3: Stove pipes blur the 20-20 view

What will be the total damages of a two-sided car accident? The actual impact may be much higher than is covered in the two associated car insurance policies. Indemnity, medical costs, inability to work, impact on employability, economic activity and personal life: The actual amount of the damage affects auto, health, income and liability business lines across multiple insurance companies. Different insurers handling parts of damages and liabilities not only increases overall costs but blurs the total costs to society of such an event. Prevention concepts should be judged with total costs to society in mind, not only by individual insurers from the perspective of an individual business line. 

Barrier #4: Important but not urgent

In many insurance organisations, a lot of change capacity is required to tackle legacy and regulatory requirements. A shift in business model is not something you can do on the side. Organizations should find the balance between innovation horizons and separate existing and new businesses, but that’s easier said than done. And let’s not forget: there might be an initial fear of cannibalization if premiums go down because of higher safety. 

Jumpstarting the shift toward building better solutions to manage risk 

Let’s create effective partnerships with players that jointly invest in safety and prevention. There must be a winning combination among insurers, re-insurers, Big Tech/IoT firms, players in adjacent industries, insurtechs, academic communities and non-profit organizations. 

Such a rich eco-system should be able to integrate data across traditional product lines, companies and other stakeholders to balance investment decisions with more weight attributed to the total costs to society. 

The recently launched OPIN initiative may provide the much-needed lubricant by developing open standards and API definitions for data exchange, enabling a coordinated approach across regions, markets and traditional business lines.

Transforming a business is always challenging, but even more so when you’re in it. No single player in today’s value chain is going to succeed on its own. The key is to create a collaborative solution combining the strength of several players. The future belongs to those who can forge such an alliance.

Active Shooter Scenarios

Campus safety and security is a topic of increasing concern on both a personal and institutional level. On-campus shootings can no longer be viewed as singular, isolated events. The good news is that the chance of an active shooter incident taking place on campus is pretty small. However, because of the random nature of such events, all institutions need to be prepared. Planning for an active shooter threat has become an unfortunately necessary part of the framework of institutional safety and risk management best practices.

Active Shooter Defined

According to the U.S. Department of Homeland Security, an active shooter is an individual actively engaged in killing or attempting to kill people in a confined and populated area; in most cases, active shooters use firearms(s), and there is no pattern or method to their selection of victims. Active shooter situations are unpredictable and evolve quickly. Typically, the immediate deployment of law enforcement is required to stop the shooting and mitigate harm to victims. Because active shooter situations are often over within 10 to 15 minutes, before law enforcement arrives on the scene, individuals must be prepared both mentally and physically to deal with an active shooter situation.

Colleges and universities understand the need for emergency response plans for many different types of disasters and typically already have processes and procedures in place to address multiple types of disasters. Planning for an active shooter threat can and should be integrated into an institution’s overall emergency and disaster preparedness plans. While many of the components are similar for most natural and man-made disasters, the inclusion of an active shooter plan generates an even greater immediacy for response. There are several considerations when it comes to the development and implementation of an emergency response plan to address any threat. These include the three Ps: Prevention, Preparedness and Post-Event Management and Recovery, each of which will be discussed in greater detail below.

See Also: “Boss, Can I Carry While I’m Working?”

  • PREVENTION

Engage in Threat Assessment

Probing how threats develop can mitigate, diffuse or even eliminate a situation before it occurs. Active shooters do not develop in a vacuum. A joint study by the U.S. Department of Education, the Secret Service and the Federal Bureau of Investigation concluded that individual attackers do not simply “snap” before engaging in violence; rather, they often exhibit behaviors that signal an attack is going to occur. The study recommends the use of threat assessment teams to identify and respond to students and employees.

As part of the threat identification and assessment process, an institution may elect to conduct pre-employment background checks to identify past patterns of violent behavior. While the background check process may not be a perfect indicator of future behavior, it does provide a useful mechanism for vetting a prospective employee. If triggering behavior is found, the threat assessment team can be used to evaluate the information and determine whether further action or intervention is needed. 

Encourage Training and Education

An essential component of prevention is training the campus community on how to identify both trigger behaviors and events that may trigger a potential incident.

Supervisor and Faculty Training: Train faculty on how to recognize early warning signs of individuals in distress. Supervisors/faculty should be aware of major personal events in the lives of their employees, as many incidents of violence occur in close proximity to such events.

Student/Community Training: Educate the campus community on how to recognize warning signs of individuals in distress and provide a mechanism for sharing that information.

Develop and Communicate Reporting Procedures

All employees and students should know how and where to report violent acts or threats of violence. Information regarding the function of the threat assessment team or other similar programs should be provided to the entire campus community. The institution should also have an internal tracking system of all threats and incidents of violence.

Continuing Staff and Student Evaluations

When appropriate, obtain psychological evaluations for students or employees exhibiting seriously dysfunctional behaviors.

  • PREPAREDNESS

Leverage Community Relationships

There are many programs and resources in communities that can assist with the development of active shooter response plans.

Include local law enforcement agencies, SWAT teams and fire and emergency responders in early stages of the plan development to promote good relations and to help the agencies become more familiar with the campus environment and facilities. The police can explain what actions they typically take during incidents involving threats and active violence situations that can be included in the institution’s plan. Provide police with floor plans and the ability to access locked and secured areas.

Invite law enforcement agencies, SWAT teams and security experts to educate employees on how to recognize and respond to violence on campus. Such experts can provide crime prevention information, conduct building security inspections and teach individuals how to react and avoid becoming a victim.

Review Resources and Security

Periodic review of security policies and procedures will help minimize the institution’s vulnerability to violence and other forms of crime.

  • Routinely inspect and test appropriate physical security measures such as electronic access control systems, silent alarms and closed-circuit cameras in a manner consistent with applicable state and federal laws.
  • Conduct risk assessments to determine mitigation strategies at points of entry.
  • Develop, maintain and review systems for automatic lockdown. Conduct lockdown training routinely.
  • Place active shooter trauma kits in various locations on the campus. Train employees on how to control hemorrhaging, including the use of tourniquets.
  • Provide panic or silent alarms in high-risk areas such as main reception locations and the human resources department.
  • Implement an emergency reverse 911 system to alert individuals both on and off campus. Periodically test the system to serve as training and verification that the equipment is functioning properly.
  • Equip all doors so that they lock from the inside.
  • Install a telephone or other type of emergency call system in every room.
  • Install an external communication system to alert individuals outside the facility.

Develop and Communicate Lockdown Procedures

Lockdown is a procedure used when there is an immediate threat to the building occupants. Institutions should have at least two levels of lockdown – sometimes called “hard lockdown” and “soft lockdown.”

Hard Lockdown: This is the usual response when there is an intruder inside the building or if there is another serious, immediate threat. In the event of a hard lockdown, students, faculty and staff are instructed to secure themselves in the room they are in and not to leave until the situation has been curtailed. This allows emergency responders to secure the students and staff in place, address the immediate threat and remove any innocent bystanders to an area of safety.

Soft Lockdown: This is used when there is a threat outside the building but there is no immediate threat to individuals inside the building. During a soft lockdown, the building perimeter is secured and staff members are stationed at the doors to be sure no one goes in or out of the facility. Depending on the situation, activities may take place as usual. A soft lockdown might be appropriate if the police are looking for a felon in the area or if there is a toxic spill or other threat where individuals are safer and better managed inside.

Evacuation Procedures Communication/Training

Evacuation of the facility can follow the same routes used for fire evacuation if the incident is confined to a specific location. Otherwise, other exits may need to be considered. Designate a floor or location monitor to assist with the evacuation and inventory of evacuees for accountability to authorities. Establish a meeting point away from the facility.

Develop a Communication System

Perhaps the most crucial component of an active shooter response plan is the network of communication systems. Immediate activation of systems is critical to saving lives because many mass shootings are over and bystanders are injured or dead before police can respond.

Create a Crisis Response Box

A crisis response box has one primary purpose: provide immediate information to designated campus staff for effective management of a major critical incident.

If a crisis is in progress, this is not the time to collect information. It is the time to act upon information.

Knowing what information to collect, how to organize it and how to use it during a crisis can mean faster response time.

Create an Incident Command Center Plan

The National Incident Management System (NIMS) is a nationally recognized emergency operations plan that is adapted for large critical incidents where multi-agency response is required. NIMS facilitates priority-setting, interagency cooperation and the efficient flow of resources and information.

The location of an incident command center should be in a secure area within sight and sound of potential incidents with staging areas located nearby.

See Also: Thought Leader in Action: At U. of C.

  • POST-EVENT MANAGEMENT AND RECOVERY

To ensure a smooth transition from response to recovery, plans that went into effect during the event should be de-escalated and integrated into the plan for moving forward. This will include aspects such as:

  • Media and information management
  • Impact assessment
  • Facility and environmental rebuilding
  • Restoring student, staff and community confidence

Conclusion

Though an active shooter situation is unlikely to occur at most colleges and universities, it is still essential to be prepared. Failure to do so can cause the loss of lives, severe financial repercussions and reputational damage that could take years to reverse.

Additional resources for university risk managers and administrators are available in the complete Encampus Active Shooter Resource Guide, which is available for download here.

New Perspectives on Cyber Security

The world continues to buzz about cyber security (or, perhaps we should say, insecurity). Now we have the Chinese government apparently admitting that it has a cyberwarfare capability: not just one unit, but three. Other nations, including the U.S., Japan and some European nations, are talking about their ineffective defenses and the need to develop an offensive capability.

What can the targets, not only any public or private company, but each of us as an individual target (yes, our personal devices are constantly under attack), do about this?

The first step is to get our collective heads out of the sand and understand that we are all, collectively and individually, at risk. The level of successful attacks is enormous (a billion records with personal information were hacked in 2014, according to IBM, as reported here). According to a survey discussed in Fortune, 71% of companies admit they were hacked last year, and the majority expect to be hacked this year. However, nearly a quarter, according to Fortune, have not only kept their heads in the sand but do so with unbelievable confidence; they think a successful cyber attack is “not likely” in the next 12 months. The trouble is that very often successful attacks are not detected! It took a long time before JPMorgan Chase found out it had been hacked, and even longer before it knew the extent of the damage.

Organizations need to be ready to respond effectively and fast!

The JPMorgan Chase article reports that, “The people with knowledge of the investigation said it would take months for the bank to swap out its programs and applications and renegotiate licensing deals with its technology suppliers, possibly giving the hackers time to mine the bank’s systems for unpatched, or undiscovered, vulnerabilities that would allow them re-entry into JPMorgan’s systems.”

All is for naught if successful intrusions are not detected and responses are not initiated on a timely basis. In the Target case, reports say that the security monitoring service detected suspicious activity, but the company did not respond. According to ComputerWeekly.com, many companies make the mistake of “over-focusing on prevention and not paying enough attention to detection and response. Organizations need to accept that breaches are inevitable and develop and test response plans, differentiating between different types of attacks to highlight the important ones.”

Another insightful article discusses the critical need for pre-planned response capabilities. IT cannot do it all itself; business executives need to not only be involved but actively work to ensure their operations can survive a successful intrusion.

What else should we do?

We have to stop using passwords like “password,” the name of a pet or our birthday. Password managers are excellent tools (see this article on the top-rated products) and merit serious consideration. I have one. (BTW, I don’t plan to replace it with the latest idea from Yahoo of one-time text messages. However, I do like the fingerprint authentication on my iPhone.)

A risk-based approach to cyber security is the right path, in my view. But that does mean that organizations have to continuously monitor new and emerging risks, or new observations about existing risks. An example is a new article on insecure mobile apps — both from in-house developers and from external sources.

Organizations need to allocate resources to cyber and information security commensurate with the risks, and individuals have to take the time to update the software on their personal devices. Internal audit departments should make sure they have the talent to make a difference, providing objective evaluations and practical suggestions for improvement.

Companies and individuals, both, need to make sure they apply all the security patches released by software vendors. They address the vulnerabilities most often targeted, and, when there is a breach, very often it’s because the patches have not been applied.

As individuals, we should have a credit-monitoring service (I do), set up alerts for suspicious activity on bank accounts and use all the anti-virus and spam protection that is reasonable to apply.

Finally, as individuals and as organizations, we need to make sure we and our people are alert to hackers’ attempts through malware, social engineering and so on. It is distressing that so many successful intrusions start with somebody clicking where they should not be clicking.

How to Prevent Workplace Violence

Recent workplace and school shooting incidents underscore the importance of having comprehensive prevention and response policies and plans in place. We are finally coming to grips with the reality that workplaces are veritable lightning rods for violence.

In an article titled, “Business Continuity for Small Businesses,” Dr. Robert F. Hester said, “Safety, security and preparedness aren’t routinely a focus in our lives. Being on guard is not something Americans are used to or like doing. Still. . . the threat never goes away; only fades in memory.”

Workplace violence reflects employee perceptions of their workplaces and their personal issues. Workplaces are veritable lightning rods for violence. Our job is to minimize the risk through strategies and preparation.

Minimizing risks requires a critical assessment of your workplace security; prevention and response procedures; physical security measures; and administrative and operational policies.

Workplaces must appreciate that unhappy employees don’t wake up one morning consumed with getting even. They don’t! The escalation toward homicidal retaliation probably started months earlier, if not years, and the clues were missed or misunderstood. Supervisors need to examine work sites for autocratic supervision, toxic employees and criminal elements.

Sometimes, workplace policies create misunderstandings, when the workforce is taken for granted, and that can lead to conflict. Supervisors and managers need to intervene swiftly by monitoring and then communicating. They can show sensitivity to changes in family, medical, personal, financial and workplace relationships that are often exacerbated by workplace relationships.

Workplace violence prevention really requires a comprehensive view of workplaces and how best to integrate resources, collaborate on strategies and coordinate efforts. (Developing Your Comprehensive Workplace Violence Prevention Policy/Plan).

Workplaces must review their policies and plans annually and design the right atmosphere. Workplaces must be critical of their capabilities and limitations by asking tough questions. We must not allow convenience to dictate management’s decisions and attitudes. Employees (supervisors and managers alike) must be held accountable for inappropriate conduct as part of building credibility in violence prevention.

We must ask the following questions:

  • Do we understand the risks?
  • Are we responding properly?
  • Do we monitor and track incidents, situations and people?
  • How could an incident happen?
  • What did we miss that could have prevented the outcome through care, consideration and attentiveness?
  • What did we take for granted and why?
  • How do we interact or fail to intervene?

I ask that senior leaders begin a process today to assess their workplace settings to uncover hazards and resolve security gaps. Why wait to answer such questions tomorrow when posed by the media, OSHA or a jury?

Research shows that people delay because of:

  1. Denial about whether they have a problem;
  2. The resources required;
  3. A belief that they can simply terminate troubled employees;
  4. An inability to act quickly;
  5. Lack of staff and support;
  6. The cost of training;
  7. The expense of hiring a consultant.

But there is a need to be prepared for the when it happens rather than if it happens. The threat can come from a: current employee, former employee, disgruntled customer, client, patient or student, criminal or a domestic/intimate partner. I will not scare readers with immaterial statistics not specific to your respective workplaces at this point, but I will implore you to take immediate action to improve your workplace security.

Model Errors in Disaster Planning

“All models are wrong; some are useful.” – George Box

We have spent three articles (article 1, article 2, article 3) explaining how catastrophe models provide a tool for much-needed innovation to the global insurance industry. Catastrophe models have covered for the lack of experience with many losses and let insurers properly price and underwrite risks, manage portfolios, allocate capital and design risk management strategies. Yet for all the practical benefits CAT models have infused into the industry, product innovation has stalled.

The halt in progress is a function of what models are and how they work. In fairness to those who do not put as much stock in the models as a useful tool, it is important to speak of the models’ limitations and where the next wave of innovation needs to come from.

Model Design

Models are sets of simplistic instructions that are used to explain phenomena and provide relevant insight on future events (for CAT models – estimating future catastrophic losses). We humans start using models at very early ages. No one would confuse a model airplane with a real one; however, if a parent wanted to simplify the laws of physics to explain to a child how planes fly, then a model airplane is a better tool than, say, a physics book or computer-aided design software. Conversely, if you are a college student studying engineering or aerodynamics, the reverse is true. In each case, we are attempting to use a tool – models of flight, in this instance – to explain how things work and to lend insight into what could happen based on historical data so that we can merge theory and practice into something useful. It is the constant iteration between theory and practice that allows an airplane manufacturer to build a new fighter jet, for instance. No manufacturer would foolishly build an airplane based on models no matter how scientifically advanced those models are, but those models would be incredibly useful in guiding the designers to experimental prototypes. We build models, test them, update them with new knowledge, test them again and repeat the process until we achieve desired results.

The design and use of CAT models follows this exact pattern. The first CAT models estimated loss by first calculating total industry losses and then proportionally allocating losses to insurers based on assumption of market share. That evolved into calculating loss estimates for specific locations at specific addresses. As technology advanced into the 1990s, model developers harnessed that computing power and were able to develop simulation programs to analyze more data, faster. The model vendors then added more models to cover more global peril regions. Today’s CAT models can even estimate construction type, height and building age if an insurer does not readily have that information.

As catastrophic events occur, modelers routinely compare the actual event losses with the models and measure how well or how poorly the models performed. Using actual incurred loss data helps calibrate the models and also enables modelers to better understand the areas in which improvements must be made to make them more resilient.

However, for all the effort and resources put into improving the models (model vendors spend millions of dollars each year on model research, development, improvement and quality assurance), there is still much work to be done to make them even more useful to the industry. In fact, virtually every model component has its limitations. A CAT model’s hazard module is a good example.

The hazard module takes into account the frequency and severity of potential disasters. Following the calamitous 2004 and 2005 U.S. hurricane seasons, the chief model vendors felt pressure to amend their base catalogs with something to reflect the new high-risk era we were in, that is, taking into account higher-than-average sea surface temperatures. These model changes dramatically affected reinsurance purchase decisions and account pricing. And yet, little followed. What was assumed to be the new normal of risk taking actually turned into one of the quietest periods on record.

Another example was the magnitude 9.0, 2011 Great Tōhuko Earthquake in Japan. The models had no events even close to this monster earthquake in their event catalogs. Every model clearly got it wrong, and, as a result, model vendors scrambled to fix this “error” in the model. Have the errors been corrected? Perhaps in these circumstances, but what other significant model errors exist that have yet to be corrected?

CAT model peer reviewers have also taken issue with actual event catalogs used in the modeling process to quantify catastrophic loss. For example, a problem for insurers is answering the type of question of: What is the probability of a Category 5 hurricane making landfall in New York City? Of course, no one can provide an answer with certainty. However, while no one can doubt the significance of the level of damage an event of that intensity would bring to New York City (Super Storm Sandy was not even a hurricane at landfall in 2012 and yet caused tens of billions of dollars in insured damages), the critical question for insurers is: Is this event rare enough that it can be ignored, or do we need to prepare for an event of that magnitude?

To place this into context, the Category 3, 1938 Long Island Express event would probably cause more than $50 billion in insured losses today, and that event did not even strike New York City. If a Category 5 hurricane hitting New York City was estimated to cause $100 billion in insured losses, then knowing whether this was a 1-in-10,000-year possibility or a 1-in-100-year possibility could mean the difference between solvency and insolvency for many carriers. If that type of storm was closer to a 1-in-100-year probability, then insurers have the obligation to manage their operations around this possibility; the consequences are too grave, otherwise.

Taking into account the various chances of a Category 5 directly striking New York City, what does that all mean? It means that adjustments in underwriting, pricing, accumulated capacity in that region and, of course, reinsurance design all need to be considered — or reconsidered, depending on an insurer’s present position relative to its risk appetite. Knowing the true probability is not possible at this time; we need more time and research to understand that. Unfortunately for insurers, rating agencies and regulators, we live in the present, and sole reliance on the models to provide “answers” is not enough.

Compounding this problem is that, regardless of the peril, errors exist in every model’s event catalog. These errors cannot even be avoided, and the problem escalates where our paucity of historical recordings and scientific experiments limit our industry’s ability to inch us closer and closer to greater certainty.

Earthquake models still lie beyond a comfortable reach of predictability. Some of the largest and most consequential earthquakes in U.S. history have occurred near New Madrid, MO. Scientists are still wrestling with the mechanics of that fault system. Thus, managing a portfolio of properties solely dependent on CAT model output is foolhardy at best. There is too much financial consequence from phenomena that scientists still do not understand.

Modelers also need to continuously assess property vulnerability when it comes to taking into consideration various building stock types with current building codes. Assessing this with imperfect data and across differing building codes and regulations is difficult. That is largely the reason that so-called “vulnerability curves” oftentimes are revised after spates of significant events. Understandably, each event yields additional data points for consideration, which must be taken into account in future model versions. Damage surveys following Hurricane Ike showed that the models underestimated contents vulnerability within large high-rises because of water damage caused by wind-driven rain.

As previously described, a model is a set of simplified instructions, which can be programmed to make various assumptions based on the input provided. Models, therefore, fall into the Garbage In – Garbage out complex. As insurers adapt to these new models, they often need to cajole their legacy IT systems to provide the required data to run the models. For many insurers, this is an expensive and resource-intensive process, often taking years.

Data Quality’s Importance

Currently, the quality of industry data to be used in such tools as CAT models is generally considered poor. Many insurers are inputting unchecked data into the models. For example, it is not uncommon that building construction type, occupancy, height and age, not to mention a property’s actual physical address, are unknown! For each  property whose primary and secondary risk characteristics are missing, the models must make assumptions regarding those precious missing inputs – even regarding where the property is located. This increases model uncertainty, which can lead to inaccurate assessment of an insurer’s risk exposure.

CAT modeling results are largely ineffective without quality data collection. For insurers, the key risk is that poor data quality could lead to a misunderstanding regarding what their exposure is to potential catastrophic events. This, in turn, will have an impact on portfolio management, possibly leading to unwanted exposure distribution and unexpected losses, which will affect both insurers’ and their reinsurers’ balance sheets. If model results are skewed as a result of poor data quality, this can lead to incorrect assumptions, inadequate capitalization and the failure to purchase sufficient reinsurance for insurers. Model results based on complete and accurate data ensures greater model output certainty and credibility.

The Future

Models are designed and built based on information from the past. Using them is like trying to drive a car by only looking in the rear view mirror; nonetheless, catastrophes, whether natural or man-made, are inevitable, and having a robust means to quantify them is critical to the global insurance marketplace and lifecycle.

Or is it?

Models, and CAT models in particular, provide a credible industry tool to simulate the future based on the past, but is it possible to simulate the future based on perceived trends and worst-case scenarios? Every CAT model has its imperfections, which must be taken into account, especially when employing modeling best practices. All key stakeholders in the global insurance market, from retail and wholesale brokers to reinsurance intermediaries, from insurers to reinsurers and to the capital markets and beyond, must understand the extent of those imperfections, how error-sensitive the models can be and how those imperfections must be accounted for to gain the most accurate insight into individual risks or entire risk portfolios. The difference in a few can mean a lot.

The next wave of innovation in property insurance will come from going back to insurance basics: managing risk for the customer. Despite model limitations, creative and innovative entrepreneurs will use models to bundle complex packages of risks that will be both profitable to the insurer and economical to the consumer. Consumers desiring to protect themselves from earthquake risks in California, hurricane risks in Florida and flood risks on the coast and inland will have more options. Insurers looking to deploy capital and find new avenues of growth will use CAT models to simulate millions of scenarios to custom create portfolios optimizing their capacity and create innovative product features to distinguish their products against competitors. Intermediaries will use the models to educate and craft effective risk management programs to maximize their clients’ profitability.

For all the benefit CAT models have provided the industry over the past 25 years, we are only driving the benefit down to the consumer in marginal ways. The successful property insurers of the future will be the ones who close the circle and use the models to create products that make the transfer of earthquake, hurricane and other catastrophic risks available and affordable.

In our next article, we will examine how we can use CAT models to solve some of the critical insurance problems we face.