Over the past decade, the Global Risks Report has expanded its scope from analyzing the connected and rapidly evolving nature of global risks to also putting forward solutions and calling for public-private collaboration in strengthening resilience. Now in its 11th edition, the report describes a world in which risks are becoming more imminent and have wide-ranging impact: Tensions between countries affect businesses; unresolved, protracted crises have resulted in the largest number of refugees globally since World War II; terrorist attacks take an increasing toll on human lives and stifle economies; droughts occur in California, and floods happen in South Asia; and rapid advances in technologies are coupled with ever-growing cyber fragilities and persistent unemployment and underemployment.
Implications of sweeping digitization (also termed the “Fourth Industrial Revolution”) – ranging from transformations that are the result of rising cyber connectivity to the potential effects of innovations on socioeconomic equality and global security – remain far from fully understood. At the same time, climate change is unequivocally happening, and there is no turning back time.
The increasing volatility, complexity and ambiguity of the world not only heightens uncertainty around the “which,” “when,” “where” and “who” of addressing global risks but also clouds the solutions space. We need clear thinking about new levers that will enable a wide range of stakeholders to jointly address global risks, which cannot be dealt with in a centralized way.
Taken together, the situation calls for a resilience imperative – an urgent necessity to find new avenues and more opportunities to mitigate, adapt to and build resilience against global risks and threats through collaboration among different stakeholders.
By putting the resilience imperative at its core, this year’s Global Risks Report combines four parts to present an analysis of different aspects of global risks – across both global risks and stakeholders – focused as much on the search for solutions as on the analysis of the risks themselves.
With the recent terrorist attack in San Bernardino, CA, fresh on people’s minds, workplace violence has received major media coverage, but little to no attention is paid to deaths by suicide even though rates in the U.S. have gone up considerably in recent years. Suicides claim an average of 36,000 lives annually, and, while most people take their lives in or near home, suicide on the job is also increasing.
The Bureau of Labor Statistics reported that workplace suicides rose to 282 in 2013, the highest level since the numbers have been reported. In 2014, the suicide rate went down slightly to 271, but that is still the second highest level. The annual average number of suicides deaths that occurred at work during the time period 2003 – 2014 is 237, for a total of 2,848. Since 2007, the numbers have been above the average.
Source: U.S. Department of Labor, Bureau of Labor Statistics, Census of Fatal Occupational Injuries
The rise in suicide rates at work is even more significant given that overall homicides in the workplace have been steadily decreasing since the mid-’90s.
The obvious question is: Why is this startling rise in suicide rates at work occurring?
“The reasons for suicide are complex, no matter where they take place,” said Christine Montier, CMO of the American Foundation for Suicide Prevention. “Usually, many factors are at play.”
Many suicide prevention experts linked the increase in one way or another to the Great Recession. I believe the recession played a major role because it put a triple whammy on people. Housing, which has traditionally been the major investment and retirement source for Americans, was in the toilet. Foreclosures were at an all-time high. Companies were laying off people, and job prospects were slim.
I believe that many working people experienced daily stress about employment. Every day, they might be laid off. Many were severely overworked because they needed to pick up the slack caused by reductions in workforces. They faced continuous fear of taking time off for vacations or illness and had few options to leave because jobs elsewhere were scarce.
Put all these issues in the pot together, and some people could not see their way out of their dilemma except through suicide.
Researchers in a study published by the American Journal of Preventive Medicine suspect that suicides occur at work because the perpetrators wanted to protect family and friends from discovering their bodies.
In the midst of the fear of terrorist attacks and active shooting incidents, organizations are significantly challenged in how to deal with the spectrum of violence they may face. However, it is critical that organizations not shy away from addressing these issues and muster the resources to engage their employees.
Managers need clear guidelines on healthy approaches to manage and prevent violence in the multiple forms it can take. Two industries that have taken the issue of suicides at work head-on are construction and law enforcement.
What can management do?
Stop thinking and acting like “it couldn’t happen at your company.” Provide regular communications through the channels that are most effective in your company regarding the potential warning signs that employees or others are at risk of acting in a violent manner. See a list of the classic early warning signs of workplace violence here. Many of the signs are also telltale signs symptoms of depression and suicidal behavior.
Sally Spencer-Thomas, Psy.D., co-founder of Working Minds, a Colorado-based workplace-suicide-prevention organization, described a giveaway that’s more obvious than one might suspect: The employee will tell you.
When contemplating suicide, a person can be entirely consumed by the thought, she said. The problem may be coded in conversation—the individual may talk about death often, for instance.
As uncomfortable as it may seem, it’s important to bite the bullet and ask the awkward questions. “It is very hard to resist a human who is coming at you with compassion,” Spencer-Thomas observed. She suggests that HR professionals frame their questions in an understanding manner, giving the employee the opportunity to explain his or her condition. Statements such as, “I’ve noticed that …,” “It’s understandable given …,” and “I’m wondering if it’s true for you…” should be followed by a nonjudgmental statement.
Promote resources available to help employees
If your firm has an employee assistance program (EAP) or your healthcare provider offers counseling service, make sure that managers are trained about the program and skilled in how to make an effective employee referral. If your employee usage rates are below your industry average, you need to assess why and take action to increase usage. Talking to a professional counselor can make a big difference to a troubled employee.
If your firm does not offer an EAP, then identify community resources that can assist your employees and keep the list current.
HR should also have a strategy to deal with the devastating impact of a homicide or suicide at work.
I believe the time has come for executives to take a comprehensive approach to violence that occurs in the workplace and especially to bring mental health and suicide issues out of the closet into mainstream workplace conversations. We are past the point where organizations can think of suicide as a dirty little secret and hope it will go away. The time has come for meaningful action.
Don’t wait until something happens and people lose their lives. If you really mean that your employees are your most important asset, now is the time to step up.
Are you covered for cyber-terrorism? If you have not purchased Cyberliability insurance, the answer is likely no. A General Liability policy needs bodily injury, property damage or possibly an advertising injury to respond. Property insurers don't view data as tangible property, and a property policy needs a peril like wind, fire or hail to respond to a loss. Crime policies cover embezzlement by employees. In the event of a cyber-terrorism loss, you can look to all of these policies for coverage, but there is only one policy that is designed specifically for this type of exposure — Cyberliability.
The next question is, what constitutes cyber-terrorism? When you think of activities committed by a terrorist, your first thoughts might be actions that lead to death or destruction of property. There are other ways terrorists can inflict harm, including through electronic means.
Below are scenarios that might be covered by a properly structured Cyberliability policy:
Sadly, the array of bad things for a terrorist to try extends far beyond the items listed above. They are out there working on ways to cause mayhem without leaving the comfort of wherever they may call home.
Hackers funded by a foreign government get into your insured's network and cause private information to be leaked into the public domain.
Hackers funded by a hostile party hijack an insured's network and computers and use them to cause a denial of service attack against other third parties, who then sue the insured for not preventing such an event.
Unnamed hackers from a foreign nation deliver a virus to an insured's network and wipe out 30,000 company laptops causing a business interruption loss.
Foreign-sponsored hackers launch denial of service attacks at everyone in the insured's industry in retaliation for some action taken by our own government. The business interruption may be covered, as well as a security breach arising from the attack.
Hackers penetrate the control system for a manufacturing client's assembly line and prevent them from producing their product.
Hackers replace a client's website with offensive or politically motivated content that causes people to sue for emotional distress, libel or slander.
Hackers penetrate an insured's network and threaten to release private records or intellectual property.
To most insurers, it won't matter who is behind the security breach. The hackers can be foreign-sponsored, the kid next door, a disgruntled former employee or an organized crime gang. Coverage should apply regardless of who funded the attack. Cyberliability insurance policies are there to respond to liability claims arising from a security breach as well as some first-party expenses. There are also policies that include coverage for data restoration expenses and business interruption losses.
You probably won't see a policy that states, “You are covered for cyber-terrorism;” however, you should look for any definition of what constitutes a hacker. We have yet to see any definition that differentiates between prankster hackers, criminal hackers, political hackers, organized crime hackers or any other group. It is in the policyholder's favor that the definition isn't limited by a detailed description.
Most policies will be silent regarding the origin of the network attack; it remains your responsibility to be vigilant for any terrorism exclusion as well as acts of war exclusions. If you have been reading the newspapers lately, you have seen articles alleging that other nations have sponsored network attacks against companies and defense contractors in the United States. Some of those alleged foreign nations include Iran, China and North Korea. Our government hasn't classified those as acts of war, but at some point those actions could be deemed a precursor to war. A declaration of war usually requires a vote by Congress, which could take months, meaning that an insurer would likely have to wait to respond until the point a formal declaration of war is made. Insurers aren't intending to cover an aspect of war between two countries, but if an insured's computer network is collateral damage, they should provide coverage for the damages and liability.
A commonly asked Cyberliability question concerns the theft of intellectual property by a foreign nation, company or other party. Unfortunately that first-party loss is not contemplated in current Cyberliability insurance policies. There are intellectual property policies out there designed to defend and enforce patents, but it can be challenging to prove who took the information and how to find them. Those policies usually respond to claims once a competing product with the same or similar design(s) is sold on the open market. The theft of digital blueprints may not be enough to trigger these policies. There are also issues regarding the enforceability of intellectual property rights outside the United States.
A quick search of our major metropolitan newspapers shows that a number of industries are in the sights of a variety of hacker groups. The current list of primary targets includes financial institutions, power companies and defense contractors. In light of these ongoing activities of terrorists and state-sponsored hackers, it remains a good time to look at Cyberliability insurance. Your clients may not specifically be targeted by cyber-terrorists, but their network could suffer collateral damage or be used to inflict damage upon others.
Workers' compensation continues to be a challenged line, with historically poor results, a benign interest rate environment, and diminished prior year reserve redundancy. Another issue worth noting is the uncertainty around the potential 2014 extension of the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA), which has heightened the focus on aggregation of workers' compensation risk.
For years, carriers have monitored workers' compensation exposure aggregations (their cumulative exposures in a geographic area) as a way of assessing the potential impact that an earthquake would have on their book of business. Such analysis has been commonplace in earthquake prone areas, such as California, for many years. However, after the September 11, 2001 terrorist attack, workers' compensation carriers and reinsurers immediately began to focus on employee concentration in large cities which were deemed high risk targets for terrorist events.
Insurance carriers continue to view risks from a concentration perspective — both on an individual accounts basis as well as the aggregate across their portfolio and correlated lines of business. Some carriers will decline a risk outright simply because they are “overlined” in a particular zip code or city. Or, the carrier might impose a surcharge on the premium for the use of their limited capacity for a particularly large workers' compensation risk.
Reinsurers similarly set a maximum amount of capacity they can offer in a particular geographic area and for catastrophic loss scenarios. Insurers purchase this capacity as one way to reduce their potential to incur an outsized catastrophic loss and manage their modeled worst case scenario within their financial risk tolerance.
To that end, catastrophic models have been developed. Catastrophic models allow carriers to gauge their potential exposures in a geographic area under a variety of different event scenarios that are either probabilistic or deterministic in nature. During the last 10 years, carriers have made adjustments to their books of business according to the output of these models to limit their potential exposure to terrorist events — sometimes across multiple product lines.
A unique consideration with workers' compensation over other insurance contracts is workers' compensation policies have statutory coverage (in this case being synonymous with unlimited) rather than a stated limit which could cap a carrier's liability for a certain loss. Given the statutory nature of the coverage, it is difficult for carriers to estimate their maximum exposure to workers' compensation.
The issue of employee aggregation affects any employer with a large number of employees in a single location, but is highlighted in industries such as financial institutions, hospitals, defense contractors, higher education, hotels, professional services, and nuclear.
Impact Of Pending TRIPRA Expiration
Because of the significant financial impact of the September 11 terrorist attacks, Congress created the Federal Terrorism Risk Insurance Act (TRIA) to provide a financial backstop to the insurance industry that would cap losses in the event of another large-scale terrorist event. The Act was initially set to expire at the end of 2005, but because of the ongoing risk of terrorism, and the reliance on it by insurance carriers, it has been extended several times. It is now set to expire on December 31, 2014.
When most people think of TRIA/TRIPRA, they think of the property insurance marketplace. Without this backstop in place, many high-profile properties would not be insurable in the commercial marketplace. However, workers' compensation is also deeply impacted, as there are large amounts of people working in highly concentrated areas.
Although the expiration of the Terrorism Risk Insurance Program Reauthorization Act is almost two years away, the impact of this is already being seen in the marketplace. Employers in certain industries, employers with large employee concentrations, or in certain cities can expect less available capacity with some carriers scaling because of the increased exposure to their balance sheet created by losing some or all of the protections provided under the Federal Terrorism Risk Insurance Act. This trend has the potential to escalate and broaden as we get closer to the TRIPRA expiration date.
In addition, more employers may face increased rates for their workers' compensation coverage because of the combination of less competition and capacity, as well as an increased potential exposure for the carriers. If a policy is being issued that provides coverage beyond the TRIPRA expiration date, and the future of the legislation is not known, carriers will likely price this under the assumption those protections will be allowed to sunset or may be significantly modified.
What To Expect At Renewal
When faced with a potentially challenging renewal and one that may be impacted by this issue, what can you do? We recommend starting the renewal process early, at least 120 days (or more) prior to the policy or program effective date. In the case of Marsh, we will work with you to develop a communications strategy and presentation tactic around all key risk exposures, including modeling and risk analytics in support of your renewal objectives.
For carrier presentations and Q-and-A, insureds must be thoroughly conversant with details of exposures and operations; mergers, acquisitions, and divestitures; loss trends, safety programs, and risk management practices; and future plans, to the extent that they can be shared publicly.
We will help you be familiar with respective insurers' cost of capital and pricing strategy — understanding how carriers evaluate your firm's experience and risk profile, and how they initially develop rates and premiums.
High quality data differentiates employers in the eyes of insurance carriers. In today's environment, it is imperative that organizations provide underwriters with complete, accurate, and thorough data and analysis in order to differentiate their risk profile.
There has already been a significant increase in questions that carriers are asking at renewal that focus on the risks associated with a potential terrorist event. Employers with a large concentration of workers, especially those in major metropolitan areas, should be prepared to provide the following details to carriers:
Information on employee marital/dependency status.
Employee telecommuting/hospitality practices and impact on concentration.
Physical security of the building including information about guards, surveillance cameras, parking areas, HVAC protections.
How access to the building is controlled.
Construction of the building and location of the offices.
Management policies around workplace violence, weapons, and employment screening.
Employee security procedures.
Emergency response/crisis management plan.
Fire/life safety program.
Crisis management procedures.
In addition, carriers may wish to send their loss control engineers for a physical inspection of larger facilities and to interview building/facility management.
The Increasing Demand For Better Data
Because both insurance carriers and reinsurers focus on catastrophic models, it is extremely important that employers provide the highest quality of employee accumulation data, as this will ensure they are favorably differentiated by insurance carriers.
If your company has multiple shifts or operates in a campus setting, make sure you report both the total number of employees and the number working during peak shifts — as well as the actual buildings where the employees are located.
The number of employees working during peak shifts is the actual exposure to a terrorist event, not the total number of employees. Also, some businesses have a large percentage of their workforce in the field or telecommuting, rather than the office where their payroll is assigned. Providing this information to carriers significantly reduces the potential exposures associated with employee concentration. In addition, identifying the actual building where employees work on a campus — rather than a single building — helps overcome pitfalls of the catastrophic model. This also better reflects an employer's exposure to catastrophic losses.
As options about future real estate plans are considered (i.e. in terms of consolidation of employees from multiple locations in a city to a single location, or the impact of closing or consolidating satellite locations and relocating employees in major metropolitan areas), it is wise to review and consider the potential impact on workers' compensation pricing and capacity.
Because of the current political and economic climate in the US, renewal of the TRIPRA by Congress is far from certain. Marsh is continuing to monitor this issue closely, and we are working with employers and insurance industry representatives to raise awareness of the important role that TRIPRA plays in the insurance marketplace.