Are companies prepared for skyrocketing energy costs to combat extreme heat? Can farmers handle average crop losses of up to 73%? Should businesses invest in oceanfront property that is virtually guaranteed to flood? Because of climate change, these are just some of the crucial questions the United States will face before the end of the century, according to “Risky Business: The Economic Risks of Climate Change in the United States,” a report co-chaired by business experts Michael R. Bloomberg, Henry Paulson and Tom Steyer. The report quantifies and publicizes the economic risks posed by a changing climate. While climate change can be a politicized topic, there is little controversy that the phenomenon presents a great deal of risk to everyone, from individuals to institutions.

Decision-makers already use risk analysis to address uncertain situations, routinely evaluating potential threats and challenges such as bad investments or schedule delays. The report adds climate change to the risks that all decision-makers should account for. Robert E. Rubin, co-chair of the Council on Foreign Relations and member of the report’s risk committee, said, “Companies should disclose both their potential exposure to climate risk, and the potential costs they may someday be required to absorb to address carbon emissions.”

The report uses risk analysis, Monte Carlo simulation (MCS) and models to illustrate how different regions are likely to be affected by climate change. The project’s simulation also analyzes efforts to mitigate climate change, showing a changed distribution of probabilities if those efforts are made in the coming years. “As there a very high number of permutations and combinations of weather events, it would be very difficult to analyze these meaningfully using an averaged or deterministic approach,” said Robert Kinghorn, associate director at the consulting firm KPMG Australia. “MCS overcomes this by allowing thousands of possible combinations of extreme weather events to be analyzed.”

MCS can illustrate the potential costs if no adaptation takes place, or if adaptation is employed. The “Risky Business” report demonstrates that ignoring climate change risks will lead to disaster, while taking steps now will have a big impact. Luckily we have tools to face these challenges.

Many forward-thinking business and communities have already applied MCS to climate change risk analysis. For example, AECOM, a professional technical and management support company, used MCS software and optimization techniques to evaluate the risk and costs of climate-change-related flooding of the Narrabeen Lagoon near Sydney, Australia.

AECOM was asked by the Australian Federal Government to conduct an economic analysis of climate change impacts on infrastructure. When the Narrabeen lagoon’s entrance is blocked, it can fill like a bathtub, flooding the surrounding land and houses. The community can tackle this problem in various ways—such as a lagoon entrance opening, levee construction, flood awareness and planning controls. Because climate change is expected to increase flooding in the Narrabeen catchment over the coming century, decision-makers needed a clearer understanding of the different possible adaptation measures.

“The objective of the study was to use an economic cost-benefit analysis to identify both what measures government should invest in to prevent the impacts from flood events and when they should invest,” said Kinghorn, who, along with his KPMG colleague Lisa Crowley, developed, designed and ran the project as previous employees of AECOM.

Kinghorn and Crowley estimated the social benefits of adaptation to climate change in terms of willingness to pay, rather than just costs avoided. Using MCS, they generated more realistic probabilities of overall costs and benefits, and modeling the expected future values of variables such as rainfall.

As the report states, even modest global emission reductions can avoid up to 80% of projected economic costs resulting from increased heat-related mortality and energy demand. While many companies may be resistant to change, the report makes an undeniable case; we cannot afford to ignore the momentous climate risks that threaten our near- and long-term future. “Responding to climate change is no longer a problem without a solution, said Crowley. ”It is not a question of do I need to respond, but how do I respond. An effective response to climate change is possible. The complex set of climate change data can be processed through a cost benefit analysis using MCS, producing a set of economic indicators to inform a more meaningful decision-making process on how and when to respond.”


Over the past 40 years, tidal flooding has quadrupled in many low-lying areas, but that change is accelerating due to sea level rising. According to a new study, even moderate rising could as much as triple coastal flooding events in many communities in the next 15 years. Based on even moderate projections for sea level rise from the 2014 National Climate Assessment, the Union of Concerned Scientists’ study “Encroaching Tides” calls attention to the threat of routine tidal flooding to much of the East and Gulf Coasts. As opposed to storm surges, tidal flooding occurs far more regularly, bringing water above the base sea level during routine tide patterns or, for example, twice a month due to the moon’s increased gravitational pull.

With anticipated sea level rise, even daily tides may flood many areas, according to the report. As the base sea level changes, deviations take on new meanings–which can have drastic implications for property.

Flood Levels

Further, as sea levels continue to rise, tidal flooding events will become notably more extensive, with accompanying increases in disruptions and damage. As illustrated below, even minor flooding events will impact larger regions, and putting more property on the front line of regular flooding.

Moderate Miami Flooding

The duration of these events will also increase, potentially straining existing public infrastructure, demanding more emergency assistance, and leading to regular business interruption. Flood-prone areas in five of the 52 mid-Atlantic communities studied could be inundated more than 10% of the time, for example. In all of the communities studied, the number of tidal flooding incidents increased dramatically in projections for 2030 and 2045.

Tidal Flooding Chart


Takeover by ransomware–malware installed on computers that allows criminals to remotely lock the computer and demand a ransom to release files and programs–is a concern to 88% of IT professionals, a study by Spiceworks found. What’s more, almost one-third of IT pros have experienced a ransomeware attack at their organization.

According to Microsoft, ransomware is usually installed when a malicious email attachment is opened; or by clicking a malicious link in an email message, instant message or on a website, including a social networking site. Ransomware can even be installed when simply visiting a malicious website.

You can find out more about ransomware and what to do about it below:



Rapidly developing computer technologies and the unrelenting evolution of cyberrisks present one of the biggest challenges to the (re)insurance sector today. Liabilities from cyberattacks and threats to the data security of cloud computing and social media have become key emerging risks for carriers. The unprecedented rise in cyberattacks, in addition to the threat cyberrisk poses to global supply chains, has seen the cyberinsurance market grow significantly in recent years.

Client demand for cyber coverage has been growing, on average, 30% annually in the United States over the past several years, according to Marsh. While demand varies by industry, the one constant has been that more clients are investigating and analyzing existing traditional insurance coverage and whether they need standalone cyberrisk insurance coverage.

Because cyberrisk is associated with the use of technology and the handling of all data and information, the threat transcends a company’s information technology (IT) department as well as what is confined to the internet. To help overcome some misconceptions that still exist for cyberrisks, some clarity around business exposures is needed to understand the scope of the threat.

Cyberattacks pose a danger to global supply chains

Cyberrisks are not isolated and are usually connected to other risks. Many companies that are exposed to cyberrisks are, for example, also exposed in turn to risks to their supply chain. Due to technological innovation and advances, many parts of a company’s or industry’s supply chain have become interconnected and automated.

Most commercial entities today are exposed to these risks as a growing number of businesses become more interconnected globally. A single cyberattack has the potential to put an entire company’s supply chain at risk. Therefore, cybersecurity and supply chain risk management must be considered in conjunction with one another.

There are a range of risks when it comes to online/computer security. Cyberattacks can result in first party liability, including business interruption, computer security breaches, privacy breaches of confidential information and even third-party liability losses. Technology failures have begun to outpace adverse weather, fire and social unrest as the major force in disrupting a corporate supply chain, according to a recent Guy Carpenter report.

Everyone is at risk – individuals, companies and governments

In 2014, cyber issues have become more of a concern for companies that once felt they had relatively little exposure. In fact, cyberattacks were ranked fifth among the top five global risks in terms of likelihood in this year’s World Economic Forum’s annual Global Risks 2014 report.

Governments consider cyberattacks to be among the most serious economic and national security challenges now facing them. And through the ubiquitous use of the internet, mobile devices and social media, companies of all sizes and in all nations are now finding themselves at risk of falling prey to the full range of cyber perils. Such attacks can run from hackers shutting down a company’s network, gaining access to customers’ and employees’ personal and financial information, to the theft of business trade secrets.

More data laws and regulations in place

High-profile data breaches and other cybersecurity incidents have become more commonplace with increasingly onerous outcomes. Target, one of the largest retailers in the United States, suffered a massive cyberbreach late last year which involved the theft of approximately 40 million credit and debit card account details as well as personal data of nearly 70 million customers. The breach reportedly occurred when hackers used the retailer’s heating and cooling vendor’s system to navigate their way into the retailer’s records. The resulting publicity cost the company a significant amount in lost sales, loss of reputation, class action lawsuits, and may have contributed to the ouster of the chief executive officer. And most recently, a U.S.-based online auction site announced that hackers accessed the company’s 145 million user accounts and urged customers to change their passwords.

More recently, home improvement chain Home Depot became the victim of another credit card data breach and the FBI is reportedly investigating cyberattacks at some of the largest banks in the United States.

As cyber incidents affect both consumers and institutions, governments everywhere are putting more data privacy laws and regulations in place in regard to disclosure and other related safeguards. In the United States, there are laws that require the protection of both personal financial and health information. Last year, the U.S. Securities and Exchange Commission, which oversees publicly-traded companies, adopted a directive requiring certain regulated financial institutions and creditors to adopt and implement identity theft programs in light of the new cyber threats.

Risk mitigation and insurance

With governments considering and enacting new laws in response to the rising number of cyber events, companies, especially those in the United States, are taking a closer look at cyberrisk mitigation, including insurance coverage of breaches and attacks.

Media reports of serious data breaches have prompted more companies to buy cyber coverage of $100 million or more compared to the prior year, Marsh said in its March 2014 report Benchmarking Trends: Interest in Cyber Insurance Continues to Climb.

Traditional insurance products often do not cover risks that cover damages resulting from an incident like a computer breach. As such, specific cyber liability insurance may be necessary.

The very process of applying for cyberrisk insurance is a constructive exercise for raising awareness and identifying potential vulnerabilities. By engaging in that process, a company can perform a review of information security protocols with respect to access control, physical security, incident response and business continuity planning.

As a result, businesses and other institutions are finding that cyberinsurance products have been broadened to include coverage that now addresses nearly all aspects of technology-based risk faced by today’s companies. Carriers have been adapting their policies to include a variety of loss prevention and risk mitigation tools, ranging from turnkey breach response teams to pre-emptive risk analytics.

As cyberthreats become more severe, more frequent, and continue to change along with technological advances, the (re)insurance industry will continue to stay one step ahead by creating new forms of cyberrisk coverage to meet the needs of their clients.