Navigating Risk Management Around the Globe

Over the past few years, I’ve had the wonderful opportunity to travel the world and visit factories, distribution centers, ports, warehouses, and several offices for the company where I work. Apart from being a great way to see the world, it has also been an opportunity to learn from the ways different cultures see and manage risk.

Coming from Latin America, it was clear to me that the concept of risk management was something not highly promoted or recognized in the region. Companies that operated locally took the approach of using intermediaries to transfer their risks to insurance companies. Occasionally I would find buyers focused on managing their own risks efficiently. But that was more than a decade ago. During my most recent trips to South America, I had the opportunity to see the implementation of a regional affinity program—a collaboration between a well-known broker and our company’s financial operations. In this case, those involved were highly educated in insurance concepts and their understanding of risk acceptance was completely in line with more developed markets.

Another interesting aspect of dealing with this program was the strong relationship between the broker and our office. It was a very cordial and open communication that transcended the usually formal interaction between these parties—and included text messages flying back and forth to get the deal done. In a way, the warm personality of South Americans permeated the business environment. So when it comes to this colorful part of the world, business is, in fact, personal.

European markets have had the opportunity to evolve over centuries and this is clearly represented in the broadness of coverages available. The highly tailored wordings, both inside and outside of Lloyds, give a global insurance program more complexity when it includes exposures in Europe.

In a way, Europe continues to be an innovation hub but with difficulties in exporting those advancements. There are still great products and coverages in the insurance market that have not found their way to the Americas—and only on a limited basis to Asia. There are reasons behind this, however. While the nature of exposures in Europe continue to be unique in multiple ways, one reason these solutions have not fully taken off is that other markets do not yet fully recognize the need for them.

Asia marked, for me, a huge difference in how I saw the business relationship around insurance and the implementation of risk management. Those markets are inherently independent from the broker relationship and thus are inclined to build direct dealings with insurers. This proves to be difficult when a foreign multinational attempts to combine Asian exposures with a global program. There is reluctance to work with intermediaries and it can take time to transform the carrier-insured liaison, which can only happen after a trusting relationship is built.

Have you recognized patterns in some regions? Do you think that analyzing and exploring this kind of multicultural risk management would be of benefit to organizations?

Ransomware Attacks Increase, With U.S. the Primary Target

Ransomware attacks constituted the greatest cybercrime danger in 2016 as the volume and value of attacks rose sharply, according to a new report from internet security firm Symantec.

“Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangerous and wide-ranging malware,” according to “Internet Security Threat Report (ISTR), April 2017.”

The average ransom amount involved in such attacks jumped 266% to $1,077 during 2016 from just $294 in 2015. Symantec also found that frequency increased, with detection of ransomware up 36% to 463,000 from 340,000 in 2015; or 1,271 per day in 2016 compared to 933 per day in 2015.

The United States saw the largest share of these attacks by far at 34%, followed by Japan (9%) and Italy (7%). “The statistics indicate that attackers are largely concentrating their efforts on developed, stable economies,” Symantec said. Further, research from Norton Cyber Security Insight team said that 34% of those attacked will pay the ransom, but that figure jumps to 64% for U.S. victims, “providing some indication as to why the country is so heavily targeted,” the Symantec report said.

Another indicator of rising ransomware activity is the tripling of new families of ransomware to 101 in 2016 from just 30 in both 2105 and 2014. While the number of new variants (distinct variants of existing ransomware families) declined 29% to 241,000 from 342,000 in 2015, this “suggests that more attackers are opting to start with a clean slate by creating a new family of ransomware rather than tweaking existing families by creating new variants,” the report said.

The proportion of ransomware infections on consumer computers rose only marginally to 69% from 67% in 2015 as the rate of infections for enterprise and other organizations dropped accordingly to 31% from 33% in 2015. Consumer infections totaled between 59% and 79% for every month except December, when they fell to 51%.

Beyond the top threat of ransomware, the report discusses exposures including “New frontiers: Internet of Things, mobile, & cloud threats,” and has a section that lists multiple challenges from malware, spam and phishing via email. Email, for example, was a major avenue of attack in 2016, “used by everyone from state- sponsored cyber espionage groups to mass-mailing ransomware gangs,” it said, adding that one in 131 sent during 2016 were malicious, the highest incidence in five years.

Symantec also discusses a few of the largest cybercrimes of the year, including the theft of $81 million from the central bank of Bangladesh and alleged tampering with the U.S. electoral process. “Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record,” according to the report.

Despite the apparent rising threat level portrayed in the report, the cyber insurance landscape remains untamed, Risk Management Magazine reported in April. Potential customers would be wise to educate themselves prior to approaching the market.

Total Cost of Risk Drops for Third Straight Year, RIMS Finds

Despite the challenges of a slowed economy in an election year, a shifting risk landscape as a result of technological advances, and a slow to negative growth rate in some sectors, 2016 saw the total cost of risk (TCOR) decline for the third consecutive year, according to the 2017 RIMS Benchmark Survey.

Even in the face of such uncertainties, the TCOR per $1,000 of revenue continued to drop, ending at $10.07 in 2016. The main drivers were declines in all lines excluding fidelity, surety and crime costs, according to the report. TCOR is defined in the survey as the cost of insurance, plus the costs of the losses retained and the administrative costs of the risk management department.

The survey encompasses industry data from 759 organizations and contains policy-level information from 10 coverage groups, subdivided into 90 lines of business.

Uncertainty around policies in the new presidential administration will continue to dominate in 2017, as the nation’s trade policy, regulatory reform and tax system could see changes, RIMS reported. The new political regime is also expected to reduce regulatory oversight at the state, federal and international levels.

Key findings from this year’s RIMS Benchmark Survey include:

  • Technological advances have caused a seismic shift in the risk landscape, creating new types of claims and forcing insurers to consider new products and solutions for customers.
  • Insurers ended 2016 with average capital and surplus at the highest level in 10 years. However, excess capacity is undermining profitability, as seen by falling net income and return on average equity.
  • The personal insurance space is in the midst of a consumer-centric revolution, offering customers new transaction platforms, better metrics and more flexible pricing and coverage options. Commercial insurance is expected to adopt a similar focus, transforming the way business is transacted.
  • Predicted rate increases for cyber, E&O and workers compensation failed to materialize across the board. Projections for 2017 are more moderate, with property and most liability lines flat to down 10%.
  • Emerging trends in the 2017 risk landscape include the tech revolution, security issues, natural catastrophes and political upheaval.

“The RIMS Benchmark Survey chronicles the evolution of corporate risk management costs over time. This year’s edition highlights how risk managers have effectively managed costs in a time of evolving risks and demands, enabling them to do more with less,” said Jim Blinn, executive vice president of client solutions at Advisen.

And the 2017 RIMS Awards Go to…

PHILADELPHIA—At today’s RIMS 2017 Awards Luncheon, the society issued its top honors for achievement in the risk management and insurance industry.

Scott B. Clark, area senior vice president and enterprise risk management consultant at Arthur J. Gallagher & Co., received the society’s most prestigious honor, the Harry and Dorothy Goodell Award. Named after RIMS’ first president, the award recognizes outstanding service and achievement in furthering the goals of the society and the discipline of risk management.

Richard Hackenburg and Glen Frederick were this year’s inductees into the Risk Management Hall of Fame, presented in conjunction with AIG.

In his 45-year risk management career, including leadership roles at Willis and XL Insurance, Hackenberg’s received the 1993 Goodell Award and served as president of RIMS in 1985 and later as chairman of the Spencer Educational Foundation, where he remains a director emeritus.

Frederick, former director of risk management client services with the government of British Columbia, received the Goodell Award in 2011 and, the same year, the Donald M. Stuart award for outstanding contribution to the risk management profession in Canada. He served as chair of the RIMS Canada Council in 2006 and co-chair of the RIMS Canada Conference in 2003. Frederick’s 30-year career also included leading implementation of the enterprise risk management strategy for the Vancouver organizing committee (VANOC) and the International Olympic Committee (IOC) to manage risks associated with the 2010 Olympic Games—the first to use an ERM strategy, which is now required for all Olympic games.

“Industry heroes like Richard Hackenburg and Glen Frederick were selfless, giving back to the risk management community and paving the way for future practitioners,” said RIMS CEO Mary Roth. “It is an honor to join AIG in inducting these risk management stalwarts into the Risk Management Hall of Fame.”

The RIMS Rising Star Award, issued to risk management professionals who are under 35 or have less than seven years of experience in the industry, was given to William Lehman. An insurance specialist at Cook Group Incorporated, Lehman was recognized for demonstrating exceptional initiative, volunteerism, professional development, achievement, and leadership potential.

Debra Samuel, manager of insurance and risk management at Arconic Inc., was recognized for exceptional service to strengthen and support the strategic initiatives of RIMS with the RIMS Ambassadors Group award. This year’s Cristy Award for the highest marks on the three Associate of Risk Management exams went to Michael Ratto, risk procurement manager at Kraemer North America.