The Actuarial Cyber Coverage Conundrum

Are insurance companies collecting enough money to cover future cyber events?

Nobody really knows, but there is reason for concern.

Insurance companies are offering more cyber coverage to gain market share. At the same time, data hackers too often elude cyber security experts. In fact, the amount of cyber incidents, including data breaches, continue to climb just as insurers fear a cyber hurricane that could wipe out major systems practically at the same time.

These are just some of the topics covered in my article, “Cyber Insurance: The Actuarial Conundrum, which was published today in Actuarial Review, the magazine of the Casualty Actuarial Society

My article defines the conundrum that actuaries face and also examines topics that should interest the non-actuary including the insurance market and the challenges of cyber security.

Here’s the conundrum: how can actuaries appropriately price ever-changing cyber risk when data is scarce and models remain under development?

Besides digging into the conundrum’s implications, my article also offers ways actuaries can, as they do with other insurance lines, get more deeply involved in the underwriting process. The article also offers alternative ways actuaries can gain potentially relevant data and develop models.

I hope you find the piece to be both enlightening and helpful.

To read my other articles on cyber insurance, click here

TRIA Passes, Awaits Obama’s Autograph

After a retiring Senator put the kibosh on reauthorizing the the Terrorism Risk Insurance Act as part of the Cromnibus bill last month, a new Congress reauthorized the federal terrorism coverage backstop yesterday.

The bill, which demonstrated bipartisan support by a vote of 93 to 4, now awaits President Barack Obama’s signature

The “Terrorism Risk Reauthorization Act of 2015 (H.R. 26),” the bill:

  • extends TRIA for six years;
  • incrementally raises the program’s trigger from $100 million to $200 million in total insurance losses beginning 2016;
  • increases insurer co-share from 15 to 20 percent.
  • raises the aggregate amount the insurance industry has to absorb TRIA eligibility from $27.5 billion to $37.5 billion. To put this in perspective, losses from 9/11, which is about $43 billion would qualify for TRIA. The industry would be responsible for the first $37.5 billion, leaving a balance of $ 5.5 billion for the industry to borrow and pay back.

TRIA passage was especially important for workers’ compensation insurance. Unlike other lines, workers’  compensation cannot limit coverage due to nuclear, biological, chemical or radiological, (NBCR) attacks. 

I have written several blogs concerning TRIA — especially the actuarial and workers’ compensation implications. The most blog recent can be found by clicking here. 

_______________
Like what you see? Then follow me!
_______________

 

 

 

Cyber Coverage and the Actuarial Challenge

Major cyber attacks are almost becoming the flavor of the month. Sony, JP Morgan, the Home Depot, the U.S. Postal Service, the Target Corporation — the list goes on and on.

If there is anything more challenging than preventing cyber attacks, it is figuring out how to cover the growing risk.

As I cover in my recently released Contingencies article, “Plugging Data Security Breaches,” underwriting is especially difficult. Since the cyber insurance market is growing exponentially, carriers are eager to snap up market share. Meanwhile, their actuaries are concerned about carrying greater liability and pricing.

When it comes to pricing, like any emerging type of insurance, lack of historical data is a big actuarial challenge. Without historical data, actuaries cannot drive using the rear view mirror. Unfortunately, at some point, it seems there will be enough cyber breaches to address that challenge.

At the same time, actuaries will need to use future-forward data and assumptions to prepare for the unimaginable. As I cover in an Actuarial Review article, these challenges are similar for actuaries dealing with terrorism coverage. Because cyber risks and attacks are becoming more serious and hard to anticipate, I predict that the federal government will eventually offer a backstop for cyber insurance just like for terrorism coverage. Technological innovations, as outlined in a previous Contingencies article, will help actuaries rise to these challenges.

_______________
Without historical data, actuaries cannot drive using the rear view mirror.
_______________

The good news is that insurers are getting smarter on how they offer cyber coverage and pricing. To even procure cyber coverage, customers must demonstrate meaningful and defined risk management strategies. I predict that insurers will require even more risk management as best practices continue to emerge.

Cyber Terrorism Threat Continues to Emerge

As for predicting the unimaginable, cyber attacks are also rising to the level of acts of terrorism. A year ago when the Target breach was making headlines, companies were concerned about facing the liabilities for cyber attacks that usually went after the personal and financial information of their companies and customers.

The recent cyber attack on Sony however, is a different animal when hackers threaten violence at movie theaters that show a particular film. This is especially true if the CIA is right and the attack came from the North Korean government. Even if the current theory, that former Sony employees were behind the attack, is correct, this new way of threatening businesses and individuals is likely to be another factor actuaries will need to consider when pricing coverage.


The truth is, nobody knows what is next. While my new article also talks about a Cybergeddon that could cripple the U.S. economy or even worldwide, there is also grave concern that attackers will destroy utility computer systems, which has repercussions too terrible to imagine.


If the past is the best predictor of the future, I have full faith that actuaries will work through their challenges. After all, they are not just number crunchers, but creative thinkers who can use technology to its best advantage.

TRIA Reauthorization Bill Dies Due to One Retiring Republican Senator

The U.S. Senate adjourned yesterday without passing the bill that would reauthorize the Terrorism Risk Insurance Act (TRIA), which is set to expire December 31st. 

In other words, TRIA will not be passed this year.

And I am shocked. The general anticipation in Comp Land was that TRIA would pass but with more financial burden on insurance companies.

TRIA is very important to the economy.  The reason for TRIA is to help businesses afford terrorism coverage after 9/11 because insurers quit offering it or it was just too expensive.

The rules are a bit different for workers’ compensation carriers. They must cover all work-related occupational illnesses, injuries and deaths and cannot make an exception for those caused by terrorism. For this reason, the risk of losing carriers or risking high premiums can cripple state economies should a terrorist attack occur.

It is unreasonable to ask insurers to foot the bill for terrorist attacks
when it is the federal government that handles risk mitigation.

How could this happen when terrorism threats seem to grow on an almost a daily basis and the current political environment seems to be more concerned with ideals rather than reality? The insurance industry says it cannot absorb another 9/11. Given the low investment income and other challenges, this is quite possible.

Passage was looking promising last week when the U.S. House of Representatives agreed to reauthorize TRIA by a vote of 417-7, reflecting amazing bipartisan support. The seven house members who voted against it were all Republicans.

Blockages this time was also due to a Republican. Retiring Sen. Tom Coburn (R-OK) kept the bill from passage because it lacked a provision for states to opt out of a program unrelated to TRIA. U.S. Senate Majority Leader Henry Reid (D-Nev.) would not agree to add the measure, according to Politico

That’s right, TRIA did not pass due to an opt-out provision being demanded from one senator who is retiring anyway.

Since I am not a beltway insider, I don’t know where this notion came from, but I suspect it had little to do with TRIA’s merits. My guess is this has more to do with growing political tensions about states rights due to unilateral actions made by the Obama Administration. TRIA was re-authorized twice before.

Coburn might not realize a very significant fact that makes terrorism insurance different from any other. That is, insurance companies, which can encourage risk management to curtail potential losses in other lines, are dependent on government security and action to do the same. It is unreasonable to ask insurers to foot the bill for terrorist attacks when it is the federal government that handles risk mitigation. 

TRIA has had its challenges all along. Lawmakers wanted the insurance industry to carry a greater financial burden with higher deductibles. Some conservative Republicans did not like it on the principle that the government should not be expanding its reach. Others viewed it as a form of corporate welfare. Last week, the bill was pulled from cromnibus negotiations, because Republicans wanted revisions to the 2010 Dodd-Frank Act. Sen. Chuck Schumer (D-New York), who had introduced the most active TRIA legislation, refused to compromise.

The concept of government-sponsored terrorism coverage and/or backstop is nothing new. Several countries, including Britian, France, Spain, The Netherlands and Germany, offer some type of terrorism backup or fund, according to a report by Willis.

As sure as the day is long, TRIA will be introduced in the next Congress. Hopefully, the new Congress will be more sensible.

To learn more, check out my Actuarial Review article by clicking here.

Like What You See?
Then Follow Me!

TRIA Re-Authorization Could Be in Jeopardy

Update 12/10/2014 5:12 p.m.: House passes TRIA by 417-7 votes. Total support from Democrats; 7 nays from Republicans. It’s off to the Senate….

With Congress having 21 days to re-authorize the Terrorism Risk Insurance Act (TRIA), passage has been stalled and removed from cromnibus budget negotiations, putting the program at risk.

Some fear the move could jeopardize TRIA re-authorization, which would adversely affect workers’ compensation and other commercial insurance.

As of yesterday afternoon, TRIA was one of the major remaining roadblocks in cromnibus negotiations, according to Politico. (For those who do not live inside-the-beltway politics, cromnibus refers to measures Congress has approved to keep the federal government funded to avoid a shutdown.)

At issue is Republicans’ desire to revise the 2010 Dodd-Frank Act, which created the Federal Insurance Office and financial regulations. House Financial Services Chairman Jeb Hensarling (R-Texas) is pushing changes to Dodd-Frank, while Sen. Chuck Schumer (D-New York), who introduced the most active TRIA legislation, is resisting such changes.

In response, House Republicans created a standalone bill they hope will force the Senate’s hand by passing TRIA with their Dodd-Frank changes, according to Politico. The House Rules Committee posted TRIA bill language yesterday as well.

_______________
Some fear the move could jeopardize TRIA re-authorization,
which would adversely affect
workers’ compensation and other commercial insurance.

_______________

As I wrote about in previous blogs, without passage, workers’ compensation faces financial liabilities because it must cover work-related terrorism exposure, which could result in premium increases in states where the unthinkable occurs.

No passage will also make other types of commercial insurance, including property coverage, much more expensive and difficult to obtain. As I covered in Actuarial Review, terrorism insurance is difficult to price because there have been few terrorist events on American soil (thank God) and future terrorism treats are difficult to anticipate.

No TRIA also means no Super Bowl because game organizers will not be able to obtain affordable terrorism coverage, according to BusinessWeek. The NFL has joined with other professional sports leagues and 80 business groups nationwide to form the Coalition to Insure Against Terrorism (CIAT) to urge Congress to reauthorize of TRIA legislation.

Not everyone is a fan of TRIA re-authorization. Conservatives view TRIA as a waste of taxpayer dollars. In a recent National Review blog, writer Mark Calabria called TRIA “no more than corporate welfare wrapped up in the flag.”

Given the growing terrorism risks due to ISIL and other terrorist organizations, passing TRIA makes total sense. My hope is enough lawmakers agree.

 

 

 

 

 

 

 

Let’s Get TRIA Passed Before Holiday Recess

Congress has 43 days — that’s six weeks from tomorrow — to pass a re-extension to the Terrorism Risk Insurance Act (TRIA).

If Congress does not pass the re-extension, a couple things happen.

1) Since terrorism risk is very expensive and difficult to predict, insurers will likely to raise premiums or back out of the market.

2) Workers’ compensation faces limitless liabilities because it must cover work-related terrorism exposure, which could result in premium increases in states where the unthinkable occurs.

The whole point of TRIA is ensuring that terrorism coverage is accessible and affordable by offering a federally-supported backstop.

If you have a problem with the government getting involved in offering insurance, consider that terrorism risk mitigation depends on government security efforts that insurers cannot incentivize. That makes terrorism coverage quite unique.

_______________
…if the trigger and co-share change too much,
there is the risk carriers will bail out of the market.
_______________

As I explain a past blog and my article, The TRIA Challenge,” prices could already be poised for premium increases due to recent foreign policy decisions that leave the nation more vulnerable to terrorist attacks. Companies need terrorism coverage more than ever.

So what’s the hold up?

To oversimplify, some members of Congress would like to see the insurance industry carry more risk by raising the program “trigger,” or when TRIA can take effect, beyond the current $5 million. (The Boston Marathon Bombing did not reach the $5 million threshold so the insurance industry covered it without TRIA.)

Current legislation would also boosts insurers’ co-share, which is currently 15 percent.

That’s like your health insurance company changing its terms and expecting you to pay a higher deductible and higher co-payments.

Therefore, if the trigger and co-share change too much, there is the risk that carriers will bail out of the market.

Terrorism groups are getting bigger and stronger – and they clearly make it known that they want to attack the United States again. Businesses must be ready.

It’s really quite simple. Businesses need affordable terrorism coverage. Therefore, Congress should pass a re-extension to TRIA.

Why the Terrorism Risk Insurance Act is Necessary

Screen Shot 2014-09-10 at 12.44.33 PM 2Tommorow is the 13th anniversary of Sept. 11, 2001, so it is fitting take a look at why the Terrorism Risk Insurance Act of 2002 needs its third re-extension.

I cover this in “The TRIA Challenge,” which was recently published in the Casualty Actuarial Society’s Actuarial Review magazine as the September/October cover story and includes a sidebar on TRIA’s impact on workers’ compensation. TRIA needs to be passed by December 31, 2104 to be extended.

I wrote my article in June — and what a difference the past few months have made in the nation’s concern regarding terrorist attacks by fundamentalist Islam groups.

As reported by The Hill, just yesterday, NBC News poll showed that 47 percent of Americans believe the U.S. is less safe than it was before September 11. That’s a huge difference from the 28 percent who felt that way last year and the two in 10 Americans who had those feelings a year after the 9/11 attacks.

Truly, the last couple months have been disturbing. Given the recent headlines about the terrorist group ISIS (called ISIL by President Obama) and the Israel’s conflict with another terror group, Hamas, and evidence of terrorists using the nation’s permeable southern border for entry, it is a wonder that more Americans are not concerned. (Or are too many Americans just not paying attention?)

_______________
For terrorism coverage, everything from U.S. foreign policy to a watchful security guard can affect the risk of terrorism attacks.
_______________

If you are interested in an explanation of TRIA or want to know the legislative progress, you will find that in my article. My piece also explores the challenge of pricing coverage with little relevant historical data (just like cyber coverage, which I cover in an upcoming article) and frightening actuarial cost estimates for a truck or nuclear bomb in Manhattan.

While there are those who want to reduce the role of government in many areas, the federal government should have a backstop for costs from unthinkable terrorist attacks. Terrorism coverage is the only coverage of which I am aware where the private insurance industry is covering risk when mitigation is mostly left up to government intelligence agencies and law enforcement. That is different from workers’ compensation, where insurers can reward safer workplace practices with the experience modifier or cyber coverage policies that require certain safeguards before selling coverage to organizations.

For terrorism coverage, everything from U.S. foreign policy to a watchful security guard can affect the risk of terrorism attacks. If the insurance industry perceives greater risk, then terrorism insurance prices can spike, and making terrorism courage available and affordable is the whole point behind TRIA. Meanwhile, legislative language has suggested an increase in insurer co-payments for TRIA, which the American Insurance Association opposes.

From an actuarial point of view, I like what Michael Angelina, the vice president of casualty for the American Academy of Actuaries, told me for the article. “If I feel the threat is more likely than prior belief, all else being equal, I am going to increase rates to account for this increase in frequency and additional uncertainty.”

Given that this week’s poll data shows that ordinary Americans feel less safe, it will be interesting to see how the actuarial community reaches its conclusions to develop future rates.

Like What You See?
Then Follow Me!

Reinsurance Surplus Subdues the Premium Tide

The reinsurance industry has reached its highest surplus in history – about $515B.Leader's Edge logo

This is despite the fact that 10 of 12 of the nation’s most costly storms happened in the past decade.

To find out why, check out my most recent Leader’s Edge article, “Survivor: The past decade set natural disaster records, yet most carriers went unscathed and its sidebar, Could Flood Insurance Go Private?

The primary reason for the reinsurance industry’s all-time high surplus can be answered by a James Carville quote.

“It’s the economy stupid.”

Thanks to the worst recession in U.S. history and its sluggish recovery, investors are finding reinsurance to be a more lucrative choice than traditional investments, like bonds.

This not only means that CAT reinsurers are handling some of the most expensive weather disaster years in history, but that larger insurers are generating enough investment money to keep premiums from rising as quickly as they otherwise would.

Reinsurance is looking pretty good right now, which is why some members of Congress are looking into potential ways that reinsurance can help underwrite the $22B debt-laden National Flood Insurance Program. (To read more about NFIP, check out my Contingencies article on the subject by clicking here.) That can be challenging, however, given the NFIP’s contradictory goals of providing affordable flood coverage to Americans while reaching toward Actuarial soundness.

I hope you’ll check out my article and let me know what you think.