Category Archives: Risk Management

A Race against the Clock to Address TRIA Issues

Posted on by

Failure by the Senate to reauthorize the Terrorism Risk Insurance Act (TRIA) has left unanswered questions for insurance buyers facing renewals on terrorism coverage—which some in the insurance industry are scrambling to answer.

Because TRIA renewal was recently passed by a majority in the House of Representatives, the industry was optimistic about its renewal before its expiration. But at this point, the Dec. 31 deadline looms large.

AIR-Worldwide explained in an email notice that commercial insurers will no longer be required to offer terrorism coverage beginning Jan. 1. Without a federal backstop, they said, insurers may seek to limit underwriting for high concentrations of risks in major cities. This could cause terrorism insurance coverage to become unavailable or unaffordable.

AIR continued:

Insurers that do continue to offer commercial terrorism insurance would likely be required to maintain higher capital standards in order to avoid negative rating implications. Where coverage for terrorism-related events is still available, prices for this coverage will increase.

In the absence of TRIA, the workers’ compensation insurance market would be particularly vulnerable to terror attack losses. State workers compensation statutes offer insurers less flexibility to control terrorism risk through modifications such as policy limits or coverage exclusions. With or without TRIA, it is mandatory for U.S. employers to provide workers’ compensation coverage. If coverage is not available, employers may be forced to purchase insurance in the residual markets or self-insure.

online pharmacy lariam with best prices today in the USA

This could result in large amounts of risk being transferred to the residual market in a few states.

Allowing TRIA to expire would have widespread implications, not only for the insurance industry, but also for the broader economy. Construction and real estate business sectors may be unable to obtain financing without adequate terrorism coverage in place. If insurers limit underwriting following an expiration of TRIA, businesses with high concentrations of employees could have difficulty obtaining coverage for workers’ compensation, including higher education institutions, hotels, airports, hospitals, and financial services, among many others.

In an advisory to its clients, Willis addressed considerations and offered preliminary guidance.

The broker noted several scenarios, depending on how a company has organized its terrorism risk transfer program:

• For terrorism coverage that is currently embedded in all-risk property, liability and workers compensation programs there are three potential scenarios:

1. If there are no sunset clauses–contract provisions which may allow the insurer to exclude coverage for terrorism in the event that TRIA is not reauthorized–or reservation of rights clauses related to TRIA expiration, the program will run until its natural expiration. Market disruption may impact renewal pricing if no action has been taken on TRIA.

2. If there is a TRIA-related sunset clause, the terrorism coverage will expire after Dec.

online pharmacy norvasc with best prices today in the USA

31. Policyholders should assess the need for insurance coverage and seek stand-alone coverage or a sunset clause extension.

online pharmacy abilify with best prices today in the USA

3. If there is a reservation of rights which allows carriers to modify the terrorism coverage as a result of TRIA expiration, a coverage extension should be negotiated if possible, and stand-alone alternatives should be sought.

Stand-alone Terrorism coverage – In this case, Willis said it does not anticipate immediate changes due to TRIA’s expiration. This is because most stand-alone placements do not have sunset clauses or reservation of rights endorsements related to TRIA expiration. While there may be market disruption to consider at renewal, for the time being, TRIA is a non-issue for these placements.

Captives – In all cases where it places terrorism reinsurance behind a captive program, Willis said the reinsurance arrangement this year has been organized to convert from quota share reinsurance of the captive—when a primary insurer and reinsurer establish a fixed percentage for sharing amounts of insurance, premiums and losses—to primary reinsurance of the captive (in anticipation of TRIA’s expiration). Reinsurance coverage agreements should be read carefully to determine the new limit. The new primary limits are likely to approximate their existing quota share capacity. Willis recommends that any capacity that does convert should remain as reinsurance of the captive. This would maintain captive involvement, should TRIA be reauthorized in early 2015, and avoid any direct self-procurement or frictional costs during the transition. A program may also include excess capacity which, in many cases, should drop down to provide excess over revised captive limits, Willis advised.

Insurance Industry ‘Disappointed’ by Senate’s Non-Renewal of TRIA

Posted on by

Last week’s optimism about the possible reauthorization of the Terrorism Risk Insurance Act was replaced by “disappointment” today, as the insurance industry sounded off about the Senate’s failure to pass the House-approved TRIA bill before adjourning. TRIA, the federal insurance backstop that requires insurers to offer terrorism insurance coverage to policyholders, is set to expire on Dec. 31, 2014. More than 60 percent of all U.S. businesses purchase terrorism insurance coverage, according to Marsh USA.

“A major terrorist attack occurring without a TRIA law on the books will be far more disruptive to the U.S. economy than one where TRIA is in place,” Robert Hartwig, Ph.D., president of the Insurance Information Institute and economist said in a statement. “Terrorism insurance policies are going to lapse in 2015, and insurers will be under no obligation to renew them, adversely impacting the construction, energy and real estate industries, among others. For instance, a theatre owner hosting a controversial movie premiere on Christmas Day may have insurance coverage for losses triggered by an act of terrorism but this same business might not have it if a comparable attack were to occur on New Year’s Day.”

The Coalition to Insure Against Terrorism (CIAT) spokesperson Marty DePoy said, “CIAT is incredibly disappointed that the Senate chose to adjourn without reauthorizing the Terrorism Risk Insurance Act, a program that since 9/11 has provided critical stability to the marketplace against another terrorist attack. This is a bipartisan failure; the 113th Congress has let down American workers, American businesses and jeopardized U.S. economic and national security. CIAT urges the new Congress to make TRIA reauthorization its top priority in January and immediately vote to extend the program for the long-term.”

RIMS President Carolyn Snow echoed disappointment. “We are extremely disappointed that Congress failed to pass an extension of TRIA, despite strong bipartisan support.

buy sildalis online www.methanol.org/wp-content/uploads/2022/08/png/sildalis.html no prescription pharmacy

The program’s expiration will have many negative repercussions for commercial insurance consumers, the countless organizations they represent and the U.S. economy as a whole.”

She noted that since its inception, “TRIA has stabilized the marketplace by providing adequate capacity at affordable rates. Its expiration will almost certainly cause rates to rise, placing many lending agreements in jeopardy and forcing some organizations to self-insure or simply go without.”

Leigh Ann Pusey, president and CEO of the American Insurance Association (AIA), said AIA is “incredibly disappointed,” adding that by letting TRIA lapse, “Congress has failed to protect taxpayers and the economy.”

She said, “Without TRIA in place on Jan. 1, insurers will be forced to assess their exposures. The program’s lapse will significantly jeopardize the terrorism insurance marketplace that currently protects our nation’s economy against major acts of terrorism. We strongly urge the new Congress to take up the House-Senate negotiated TRIA reauthorization package as its first item of business when it returns in January in order to minimize marketplace disruptions.

buy stendra online www.methanol.org/wp-content/uploads/2022/08/png/stendra.html no prescription pharmacy

Global risk advisor, Willis expressed disappointment as well, noting that its biggest concern is that Clients “will need help in reevaluating their risk exposures according to the changed environment where TRIA is no longer available as a back stop for the insurance market place. Of particular concern is where clients have loan covenants that determine the type and amount of terrorism insurance coverage that is required.”

Mike Becker, executive vice president and chief executive officer of the National Association of Professional Insurance Agents observed, “Disagreement won the day and politics took precedence over protecting the American people. There was overwhelming bipartisan support to renew TRIA, with both parties showing strong leadership to get a compromise deal done in recent weeks. That support was nearly unanimous, with the House approving the TRIA renewal deal 417-7 last week, and the Senate having already passed a similar version 93-4 last July.”

Snow concluded, “RIMS and many other organizations have been pushing Congress to pass an extension for the past two years but Congress senselessly ignored those concerns and waited until the very last moment. This delay has ultimately led to the worst possible outcome.”

Lessons Learned from Data Breaches

Posted on by

Recent data breaches have left some large organizations reeling as they deal with the aftermath. They include the Target data breach, compromises at Home Depot, JP Morgan, USPS (which exposed employee Social Security Numbers and other data) and, most recently, Sony Pictures. The Sony hack also proved to be embarrassing to some of the company’s executives, as private email correspondences were exposed.

Collateral damage from data breach is significant: one in nine customers affected by a data breach stopped shopping at a particular retailer. According to LifeLock, a recent survey of corporate executive decision-makers found that while concern for a breach is 4 or 5 on a 5-point scale, only 10% to 20% of their total cyber security budgets go to breach remediation. Establishing an incident response plan in advance can reduce the cost per compromised record by $17.

While strengthening cybersecurity is important, the impact on breached organizations shows that preparing a response must be part of the breach-management equation. These breaches present an opportunity for business leaders and risk professionals to learn important lessons about how to protect their companies, customers and employees if a breach should occur.

Below are steps companies can take to establish a response plan, as well as information on the data breach landscape.

 

 

 

Risk Management, Board Collaboration Can Bolster Cyber Defense

Posted on by

Risk management executives are charged with preparing companies for, and protecting them from, a broad array of emerging risks. Today, there is perhaps no threat that poses more danger than a cyberattack, which could result in a data breach or compromising sensitive information. Given the rapid increase in frequency and severity of high-profile cyberattacks in recent months, organizations must confront cybersecurity issues with greater focus, specificity and commitment.

Of note, an astounding 43% of U.S. companies experienced a data breach in the past year, according to the Ponemon Institute’s 2014 annual study on data breach preparedness, a 10% increase from 2013. These alarming trends are compelling companies to create programs centered on cyber risk awareness, education and preparedness. These programs are vital to the company’s performance and growth; the 2014 Cost of Data Breach Study by IBM and the Ponemon Institute reveals that the average cost to a company from a data breach was about $3.5 million per breach in 2014 – a 15% increase since last year. A company’s intellectual property and customer data may also be compromised in a cyberattack, expanding potential casualties beyond financial losses.

Risk management executives cannot confront this issue alone. Because the responsibilities of management and boards of directors are not limited to having a thorough understanding of cybersecurity issues, they must also be aligned on a clear-cut strategy for both preventing and responding to cyberattacks. This strategy includes efforts to improve education, implement preparation measures before an attack strikes and continued adherence to best practices in all board-related activities.

Awareness and Education

At the most fundamental level, boardrooms must increase the company’s resiliency in the face of cybersecurity threats by increasing awareness of the topic and the associated risks. Unfortunately, boardrooms are struggling to properly educate directors on the topic: a 2012 Carnegie Mellon poll of how U.S. boards are managing cyber risks found that 71% rarely or never review privacy and security budgets, 80% rarely or never review roles and responsibilities, and nearly two-thirds rarely or never review top-level policies. Additionally, more than half of directors surveyed rarely review security program assessments. Every director should make cybersecurity a topic on the board’s agenda and ask questions if there is any confusion or doubt.

Preparation

Directors who are properly aware and educated on the topic of cybersecurity are therefore more prepared and versed in the case of a crisis, not only as individuals but as a collective management team. Given the potential economic consequences of these attacks, it is essential that boardrooms are aligned on the company’s response strategy. It is critical that there be a clear understanding among all levels of a management team about who is responsible for managing this issue. Directors who are familiar with their company’s IT department are better able to determine if the team is equipped to effectively address cybersecurity. Cyber policies must remain updated and understood by all in order to decrease chances for exposure.

Best Practices

A critical part of boardroom preparedness is ensuring that directors are pursuing best practices to decrease changes for exposure and there increase resiliency. There are several practices companies can adopt to ensure this level of preparation:

  • Education and preparation: Board members must be educated on cybersecurity and its risks so that they are prepared to manage any situation or crisis. Oftentimes, companies increase their vulnerability by failing to provide directors with the proper tools and information.
  • Secure communication: Companies must provide board members with a secure way to share and communicate about critically sensitive information. In order to prevent careless oversharing, this information should never be sent via email. Board members must have a thorough understanding of cloud services. Although these solutions provide an easy way to upload and download files, many have been successfully hacked, compromising private files and email addresses.
  • Collaborate and strategize: When directors have a clear understanding of cyber security and the associated risks, they are more equipped to collaborate and strategize around managing any issues related to cybersecurity. With increased board-level conversation about cybersecurity, directors are able to determine if managing cybersecurity is the purview of the audit committee, a separate committee, the company’s IT department or CIO.

Education, awareness and preparedness are critical components to help mitigate vulnerability and risks of cyberattacks. Boardrooms must be open to embracing new strategies and technologies in order to ensure their communication capabilities are secure while remaining fast and accessible. Organizations need to prioritize cybersecurity training to ensure that boardrooms are acting in the company’s best interest and are confident in its cyber crisis response strategy. Although risk has been an evolving factor impacting businesses of all types and sizes throughout history, cybersecurity presents a new challenge—and it is one that can be confronted successfully with the correct management strategy and tools.