Hurricane Katrina, which pummeled the Gulf Coast of the United States 10 years ago on Aug. 29, has proven to be the deadliest and costliest disaster on record. The 2005 Atlantic hurricane season was the most active in recorded history with more than 30 tropical and subtropical storms, including 15 hurricanes.

According to the study, Hurricane Katrina 10: Catastrophe Management and Global Windstorm Peril Review by Allianz Global Corporate & Specialty, it was predicted that hurricanes would become more frequent and intense after 2005, however, “In reality, the exact opposite has occurred,” Andrew Higgins, technical manager, Americas at Allianz Risk Consulting explained in the report. Instead, there has been a reduction in Atlantic hurricane activity during the last 10 years, with 2013 seeing the fewest Atlantic basin hurricanes since 1983. “These results illustrate the fact that we do not fully understand the complex climate variables that affect hurricane activity,” he said.

Because Katrina’s impact was so devastating and widespread, many changes have since been made. New Orleans has built a new system of levees, for example. Flooding caused by Katrina revealed the state of the levee systems in the U.S. to be substandard and in need of repairs estimated at $100 billion,the National Committee on Levee Safety found. “There are many levee systems throughout the U.S. that would reveal similar deficiencies if subjected to the same level of scrutiny as those in New Orleans,” according to the study.

“Katrina will always be remembered as an extraordinary natural disaster that affected millions of individuals and businesses and left an indelible impact on the global insurance industry,” Hugh Burgess, head of corporate lines at AGCS, said in a statement. “Even without considering the influence of climate change, the prospect of increasing losses due to storms is more of a result of continued economic development in hazard-prone developed coastal areas. Preparedness limits windstorm exposure and Katrina has taught us many lessons on this front.”

Top lessons from Hurricane Katrina:

1. Storm surge impact and risk modeling

“Storm surge modeling prior to Katrina essentially assumed that the height of the storm surge was a function of the maximum sustained winds,” Higgins said. “Katrina clearly showed that there are other factors that affect storm surge height… We have learned that in addition to wind speed, the physical size of the hurricane can affect the storm surge. Camille’s hurricane-force winds extended 60 miles from the storm center, while Katrina’s extended 120 miles. The larger size of Katrina was a major factor in pushing more water onto the shore.”

2. Flooding threat

The flooding caused by Katrina showed that the conditions of the levee systems in the U.S. are very poor. “The 2013 Report Card for America’s infrastructure developed by the American Society of Civil Engineers rates the levees in the U.S. as a D-,” Higgins said.

3. Wind damage prevention

Substantial wind damage occurred to structures that experienced hurricane force winds from Katrina, despite the fact that the recorded wind speeds were less than the wind design speeds. So what happened? “Most of the wind damage occurred to the building envelope,” Higgins explained. “That includes the roof covering, walls and windows. If the building codes had been strictly followed, the wind damage would have been greatly reduced. Poor workmanship and a lack of knowledge were the primary culprits.” He added, “Today, the Gulf Coast is in a better position to withstand the effects of a hurricane due to better education, improved construction guidelines and increased third party inspection.”

4. The importance of business continuity

After widespread catastrophes businesses typically relocate, meaning the client base can diminish until recovery progresses. The key to recovery is to establish a plan in advance that identifies clear priorities for attention to crucial operations, so the business can get back up-and-running as quickly as possible.

5. Insurance coverage issues

While insurance claims settlement levels from Katrina were high, it’s imperative to know what’s protected ahead of time. Many insureds were surprised to find out they were not covered for storm surge losses, the main coverage issue resulting from the storm. Whether damage was caused by wind or water became a key focus of post-Katrina litigation.

6.  Unexpected impact of demand surge

Demand surge is a post-catastrophe complication which can have not only catastrophe-related consequences in terms of rising prices due to a shortage of available goods, but other loss consequences as well. For example, a shortage of American-made drywall because of the demands of rebuilding led to a significant increase in imports of defective drywall manufactured in China. This resulted in a number of environmental issues and eventual litigation, particularly in the storm-affected states of Florida and Louisiana.

Allianz concluded that businesses need to start early to prepare for the worst-case scenario. “Businesses need to be sure to have tested business continuity plans and especially communications cascades in place and have insurance policies at a safe location,” advised Andreas Shell, Head of short-tail claims at AGCS. “Creating a separate booking account to which businesses can record hurricane-related damages to easily identify the loss incurred can also help.”

Terry Campbell, regional claims head, Americas at AGCS noted that every company should take these steps to ensure the claims settlement process runs as smoothly as possible after a windstorm event: “Follow the protocol outlined in the catastrophe response plan. If there isn’t one in place, one should be immediately developed for that event. Ensure there is adequate staff to respond and that there is ongoing communication to include scheduled meetings to discuss progress as well as issues, problems etc. These can be done as frequently as necessary,” he said.

{ 0 comments }

Organizations of all sizes, across all industries have become data breach victims as cyber crooks become more sophisticated in identifying vulnerable targets. Attackers can compromise an organization within scant minutes in 60% of breaches, reports the latest Verizon Data Breach Investigations Report. Still, insiders persist as one of the biggest fraud perpetrators, costing organizations globally about $3.7 trillion annually in 2014, estimates the Association of Certified Fraud Examiners. The puzzling question is this: With the advances in technology, why aren’t organizations preventing these incidents and why aren’t the offenders being nabbed earlier?

The answer to the insider fraud dilemma lies in a lag in robust risk-management technologies that help organizations identify and prevent insider fraud, especially in such industries as banking. With this type of breach, tracking behavior becomes a key component of managing risks and threats proactively. While basic data tracking isn’t new, what is fresh is grasping the internal behavior of employees in a real time, comprehensive view across multiple platforms and applications.

Unfortunately, disparate legacy systems that don’t share information easily create larger problems by limiting an organization’s ability to monitor across all systems. And siloed information makes it impossible to find “normal” employee behavior that should serve as a benchmark for day-to-day activity.

For example, banks must be on the lookout continually for employees who exhibit illegal behavior when, say, handling a dormant bank account, who are manipulating customer information or who collude with colleagues. By benchmarking regular employee activity and leveraging link analysis to spot relationships across accounts or employees, banks also can monitor for and spot instances of employee negligence that can offer cyber crooks easy access to customer data.

Sophisticated surveillance technology exists that lets organizations monitor and detect suspicious behavior in real time, then analyze and develop an evidence trail. Organizations can use the following activities to help identify and prevent an internal threat before it escalates and triggers substantial monetary and brand damage.

  • Monitor all user activity: It is critical to establish what is normal and what is abnormal. Each organization has different user personas with unique activities considered “normal.” By defining organizational benchmarks for normal versus abnormal activity, risk managers can identify inconsistencies in employee behavioral patterns. Visibility into user activity across applications and networks enables them to highlight incidents that warrant deeper analysis and determine threats.
  • Track behavior in real time: Rather than analyze data retroactively, organizations should adopt a solution which can alert from the moment data is captured from the corporate applications and networks. Long-lead systems or those heavily reliant on log-file data don’t allow for real-time tracking and often result in discovering a breach after the fact.

Enable searchability: Organizations can deploy a user-friendly monitoring system with Google-like searchability features with highly specific behavioral criteria. Moving beyond clunky legacy systems to technology that is intuitive eliminates user error and enables more advanced rule-based monitoring.

  • Record screen activity: Gaining visual evidence of illegal activity while it occurs is critical for use during an investigation. Technology that records screen-by-screen activity at the application level creates the comprehensive data trail needed for courtroom presentation.

A combination of these activities can assist organizations in identifying anomalies in employee behavior, track digital activities and contrast them with an employee’s normal routine or that of a peer group’s pattern. If incongruities appear, advanced risk-management technology develops a data trail and a case strong enough to stand up in court. Leveraging these measures, insider fraud can be discovered at an earlier stage to prevent customer data breaches and malicious attacks.

{ 0 comments }

Maintaining enterprise security only gets more difficult, as additional means of cyberattack and increasingly sophisticated techniques are added to attackers’ arsenal.

“Our personal and professional attack surfaces have never been greater, and they are only expected to grow as organizations and individuals continue to increase their reliance on the digitally connected world for a variety of tasks,” explained researchers from network infrastructure and security services company Verisign. “Security practitioners must not only protect their enterprise assets, but also guard against threats to their supply chain and other business ecosystems. These threats, coupled with the cyber threat landscape’s continuous evolution in terms or actors, tactics and motivations, have created a situation where organizations must now move toward an intelligence-driven, holistic security approach to keep pace with the rapid changes in attackers’ tactics, techniques and procedures (TTPs).”

According to Verisign’s “2015 Cyber Threats and Trends: What You Need to Know to Protect Your Data,” the top cyberrisks from 2014 and the first half of 2015 came from:

  • attacks on point-of-sale (POS) systems
  • banking trojans and downloaders
  • various forms of hacktivism
  • critical infrastructure attacks
  • open-source software exploitation
  • vulnerability research “crowdsourcing”

Check out the infographic below for some of the report’s key insights into the top cyberthreats and the biggest vulnerabilities for enterprise security:

verasign cyber threats trends 2015

{ 0 comments }

Here are a few articles that caught my attention this week, highlighting some relevant issues impacting the world of risk and insurance. They include a look behind the recent toxic chemical spill into the Animas River in Colorado, how Bumble Bee’s outdated ovens caused a workers death, the DOJ’s expectations with compliance programs and the U.S. government’s appeal of the ruling on the AIG bailout.

What the Gold Mine Disaster Tells Us

The New York Times: The General Mining Law of 1872 is among the last surviving statutes of the boisterous era of westward expansion. Signed by Ulysses S. Grant, it establishes the basic rules for mining hard-rock minerals like gold, copper and uranium on public lands.

Bumble Bee Foods to Pay $6 million in Death of Worker in Pressure Cooker

Los Angeles Times: On one of his early morning shifts, Jose Melena stepped into a 35-foot-long cylinder-shaped oven at the Bumble Bee Foods plant in Santa Fe Springs. The 62-year-old father of six needed to make a quick repair inside the massive industrial pressure cooker, which is used to sterilize thousands of cans of tuna at a time.

What the DOJ Expects of ‘Effective’ Compliance Programs

National Law Review: If you have been keeping up with current U.S. Department of Justice (DOJ) antitrust investigations, you have no doubt noticed the hefty criminal fines that have been paid by violators of U.S. antitrust laws. In recent years, the United States government has literally collected billions of dollars in criminal fines.

U.S. Government Appeals Judge’s Ruling Over 2008 AIG Bailout

Reuters: The United States filed an appeal on Wednesday against a U.S. judge’s ruling in June that sided with former American International Group chief executive Maurice “Hank” Greenberg on a legal claim over the company’s 2008 bailout.

{ 0 comments }