About Hilary Tuttle

Hilary Tuttle is the editor of the Risk Management Monitor and Risk Management magazine.

EgyptAir Flight MS 804 Crash Confirmed, Killing 66

Egyptian authorities believe they have found debris from EgyptAir Flight MS 804, but the search remains on for the wreckage of the Airbus A320 traveling from Paris to Cairo that vanished from the radar and crashed into the Mediterranean early this morning.

According to the Greece’s defense minister, Greek controllers attempted to contact the aircraft when it crossed through the country’s airspace but could not get a response. The plane made “sudden swerves” before dropping from 37,000 to 15,000 feet and disappearing from radar. The small commercial jet was about half full, carrying 66 passengers from a range of nations, including 30 from Egypt, 15 from France, two Iraqis, and one person each from Britain, Belgium, Kuwait, Saudi Arabia, Sudan, Chad, Portugal, Algeria and Canada.

egyptair map reuters

No cause has been officially identified, but many security analysts and government officials believe that an act of terrorism may have downed the plane. There were no documented red flags before the plane disappeared: local weather was good, the plane was on its fifth flight of the day, the pilot and copilot had logged a significant amount of flying experience, and Greek aviation officials said the pilots did not mention any issues.

According to Reuters, Egyptian Prime Minister Sherif Ismail said it was too early to rule out any possible explanation, and French President Francois Hollande told reporters, “No hypothesis can be ruled out, nor can any be favored over another.” Egypt’s civil aviation minister said a terrorist attack was more likely than a technical failure, however. Two U.S. officials told CNN that the government is operating on an initial theory the flight was taken down by a bomb, but cautioned this is not yet supported by a “smoking gun.” No terrorist groups have yet claimed responsibility for the crash.

As Time noted:

Egypt has been the victim of terrorism in the skies relatively recently. Last October, a Metrojet charter plane filled with Russian tourists crashed into the Sinai Desert shortly after taking off from the Egyptian Red Sea resort of Sharm el-Sheikh, headed to St. Petersburg, Russia. All 224 passengers died in the crash. Investigators quickly speculated that a home-made bomb had been placed aboard the aircraft and in February the Islamic State, or ISIS, claimed responsibility, saying that it had indeed smuggled an explosive device aboard the aircraft.

In March, a passenger aboard an EgyptAir plane flying from Alexandria to Cairo hijacked the plane wearing a fake suicide belt, an incident that raised deep concerns among aviation authorities about the anti-terrorist measures in place on EgyptAir flights, and at Egyptian airports.

Beyond the region, a number of high-profile losses have hit the aviation industry as a whole over the past two years, including the disappearance of Malaysia Airlines flight MH370 and the crash of MH17, a Boeing 777 shot down over Ukraine. As we reported at the time, however, crashes actually continue to decrease. While the insured losses from a plane crash can be significant, the capacity in the aviation insurance market has continued to keep rates stable and relatively low.

In the terrorism insurance market, recent losses have also not yet borne out a concrete impact on rates or capacity. While some European markets have recently reduced their underwriting appetite, terrorism coverage has primarily broadened, with significant capacity and rates that remain relatively low.

As Business Insurance recently reported, the terror attacks in Paris and Brussels have prompted an increase in the take-up rate for event coverage to add to buyers’ terrorism insurance programs. Tim Davies, head of sabotage and terrorism at London specialty insurer Sompo Canopius, told the magazine that many buyers have been adding liability and event cancellation coverage, prompted by the continued relatively low rates. Despite the spike in attacks in Europe, Richard Sawyer, director and head of North American terrorism at Aon Risk Solutions, told AM Best last week that rates for terror coverage should remain relatively stable unless the frequency of attacks escalates.

Financial Services IT Overconfident in Breach Detection Skills

Despite the doubling of data breaches in the banking, credit and financial sectors between 2014 and 2015, most IT professionals in financial services are overconfident in their abilities to detect and remediate data breaches. According to a new study by endpoint detection, security and compliance company Tripwire, 60% of these professionals either did not know or had only a general idea of how long it would take to isolate or remove an unauthorized device from the organization’s networks, but 87% said they could do so within minutes or hours.

When it comes to detecting suspicious and risky activity, confidence routinely exceeded capability. While 92% believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network, for example, 77% said they automatically discover 80% or less of the devices on their networks. Three out of 10 do not detect all attempts to gain unauthorized access to files or network-accessible file shares. When it comes to patching vulnerabilities, 40% said that less than 80% of patches are successfully fixed in a typical cycle.

The confidence but lack of comprehension may reflect that many of the protections in place are motivated by compliance more than security, Tripwire asserts.

“Compliance and security are not the same thing,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “While many of these best practices are mandated by compliance standards, they are often implemented in a ‘check-the-box’ fashion. Addressing compliance alone may keep the auditor at bay, but it can also leave gaps that can allow criminals to gain a foothold in an organization.”

Check out more of the study’s findings below:

financial services cyber risk management

Houston Faces ‘Largest Flooding Event Since Tropical Storm Allison’

Historic flooding has left the Houston metropolitan area inundated once again this week, killing at least seven people, flooding 1,000 homes and causing more than $5 billion in estimated damages in Harris County alone. Gov. Greg Abbott declared a state of disaster for nine counties in and around the Houston area. The widespread nature of the disaster prompted the city of Houston to call this the largest flood event since Tropical Storm Allison, which devastated southeast Texas in 2001, causing $9 billion in damage and $1.1 billion in insured losses.

According to Harris County Judge Ed Emmett, about 240 billion gallons of rain fell on the Houston area this week. That’s the equivalent of 363,400 Olympic-size swimming pools, CNN reported. After 10 inches of rainfall fell in six hours Sunday night into Monday, powerful, slow-moving thunderstorms had paralyzed the region Monday, but storms continued through Wednesday.

Having some of the hardest rainfall overnight helped a bit to mitigate the dangers this week. While this made it difficult to predict, it allowed people to better make choices about going out, as opposed to last year’s floods around Memorial Day, Emmett told the Houston Chronicle. Nevertheless, emergency crews made more than 1,200 high-water rescues, many residents had to evacuate to shelters, and for those who were able to shelter in place, 123,000 homes had no power at the height of the flooding. Officials have also expressed concern about two local dams that have been rated “extremely high risk and are at about 80% capacity, but they are not in immediate danger of failing.

As I wrote in Risk Management last year, the city’s rapid urbanization and approach to land development have made it extremely vulnerable to flooding perils because there is little land surface that can absorb water in foul weather. Rivers, bayous and other receptacles for runoff are easily overwhelmed and take a considerable amount of time to return to normal levels, making the heavy, concentrated, sustained rainfall seen this week even more dangerous in such an urbanized setting. Last May, record rainfall and severe thunderstorms caused tremendous damage across Texas and Oklahoma, killing 32 people and flooding more than 5,000 homes in the metro regions of Houston, Austin and Dallas.

With this latest storm, Houston again offers a powerful reminder about the natural catastrophe perils compounded by urbanization and the need to prepare, both in the form of routine disaster preparation and urban planning. From the August issue of Risk Management:

The city has invested hundreds of millions of dollars to battle the effects of urbanization. On Buffalo Bayou alone, for example, flood control efforts totaling half a billion dollars in the past decade have included bridge replacements, the addition of detention ponds for runoff, and creation of green spaces that serve as parks in normal weather while offering more land surface that can absorb water in foul weather.

But the investments are not enough. “Houston may be doing things to try to improve…but there’s a long history of pre-existing stuff that is still there,” Walter Peacock, an urban planning professor at Texas A&M and director of the school’s Hazard Reduction and Recovery Center, told Time. “Think about every time you put in a road or a mall and you add concrete—you’ve lost the ability of rain to get into the soil and you’ve lost that permeability. It’s now impermeable, and therefore you get more runoff.”

Temple University Wins 2016 Spencer-RIMS Challenge

spencer rims challenge 2016

SAN DIEGO—A team of students from Temple University won this year’s Spencer-RIMS Risk Management Challenge, concluding a three-month case-study challenge against 20 other universities. Team members Andrew Donchez, Carolyn Murset, Sean Preis and Zilong Zhao, advised by Associate Professor R. B. Drennan, will take home the competition’s $4,000.

This year, Lego provided a case study for teams from 21 universities to studied the risk portfolio and develop an array of proposed solutions. Eight teams were then invited to attend the RIMS 2016 Conference here in San Diego to present their findings to judges and an audience of risk professionals.

“All of the students who took part in the Spencer-RIMS Risk Challenge are winners,” said Ron Davis, the newly elected chair of the Spencer Educational Foundation. “Each university team was prepared, smart and successfully delivered innovative risk management solutions for a very complex situation. It is truly rewarding to see them have the opportunity to shine during this competition and validates the critical work we do to support tomorrow’s risk management professionals.”

“This competition reinforces that the risk management profession’s future is bright,” said RIMS CEO Mary Roth. “The Rising Risk Professional demographic of RIMS members continues to grow and their contributions and professional needs have directly influenced the resources and opportunities the Society delivers. We are so proud to be able to introduce these students to the energy and excitement of a RIMS Annual Conference and congratulate all of them for participating in the challenge.”

Second place went to Florida State University, while the team from Butler University took third. The Temple team won $4,000, FSU $3,000 and Butler $2,000 for their achievements.