The Actuarial Cyber Coverage Conundrum

Are insurance companies collecting enough money to cover future cyber events?

Nobody really knows, but there is reason for concern.

Insurance companies are offering more cyber coverage to gain market share. At the same time, data hackers too often elude cyber security experts. In fact, the amount of cyber incidents, including data breaches, continue to climb just as insurers fear a cyber hurricane that could wipe out major systems practically at the same time.

These are just some of the topics covered in my article, “Cyber Insurance: The Actuarial Conundrum, which was published today in Actuarial Review, the magazine of the Casualty Actuarial Society

My article defines the conundrum that actuaries face and also examines topics that should interest the non-actuary including the insurance market and the challenges of cyber security.

Here’s the conundrum: how can actuaries appropriately price ever-changing cyber risk when data is scarce and models remain under development?

Besides digging into the conundrum’s implications, my article also offers ways actuaries can, as they do with other insurance lines, get more deeply involved in the underwriting process. The article also offers alternative ways actuaries can gain potentially relevant data and develop models.

I hope you find the piece to be both enlightening and helpful.

To read my other articles on cyber insurance, click here

TRIA Passes, Awaits Obama’s Autograph

After a retiring Senator put the kibosh on reauthorizing the the Terrorism Risk Insurance Act as part of the Cromnibus bill last month, a new Congress reauthorized the federal terrorism coverage backstop yesterday.

The bill, which demonstrated bipartisan support by a vote of 93 to 4, now awaits President Barack Obama’s signature

The “Terrorism Risk Reauthorization Act of 2015 (H.R. 26),” the bill:

  • extends TRIA for six years;
  • incrementally raises the program’s trigger from $100 million to $200 million in total insurance losses beginning 2016;
  • increases insurer co-share from 15 to 20 percent.
  • raises the aggregate amount the insurance industry has to absorb TRIA eligibility from $27.5 billion to $37.5 billion. To put this in perspective, losses from 9/11, which is about $43 billion would qualify for TRIA. The industry would be responsible for the first $37.5 billion, leaving a balance of $ 5.5 billion for the industry to borrow and pay back.

TRIA passage was especially important for workers’ compensation insurance. Unlike other lines, workers’  compensation cannot limit coverage due to nuclear, biological, chemical or radiological, (NBCR) attacks. 

I have written several blogs concerning TRIA — especially the actuarial and workers’ compensation implications. The most blog recent can be found by clicking here. 

_______________
Like what you see? Then follow me!
_______________

 

 

 

Cyber Coverage and the Actuarial Challenge

Major cyber attacks are almost becoming the flavor of the month. Sony, JP Morgan, the Home Depot, the U.S. Postal Service, the Target Corporation — the list goes on and on.

If there is anything more challenging than preventing cyber attacks, it is figuring out how to cover the growing risk.

As I cover in my recently released Contingencies article, “Plugging Data Security Breaches,” underwriting is especially difficult. Since the cyber insurance market is growing exponentially, carriers are eager to snap up market share. Meanwhile, their actuaries are concerned about carrying greater liability and pricing.

When it comes to pricing, like any emerging type of insurance, lack of historical data is a big actuarial challenge. Without historical data, actuaries cannot drive using the rear view mirror. Unfortunately, at some point, it seems there will be enough cyber breaches to address that challenge.

At the same time, actuaries will need to use future-forward data and assumptions to prepare for the unimaginable. As I cover in an Actuarial Review article, these challenges are similar for actuaries dealing with terrorism coverage. Because cyber risks and attacks are becoming more serious and hard to anticipate, I predict that the federal government will eventually offer a backstop for cyber insurance just like for terrorism coverage. Technological innovations, as outlined in a previous Contingencies article, will help actuaries rise to these challenges.

_______________
Without historical data, actuaries cannot drive using the rear view mirror.
_______________

The good news is that insurers are getting smarter on how they offer cyber coverage and pricing. To even procure cyber coverage, customers must demonstrate meaningful and defined risk management strategies. I predict that insurers will require even more risk management as best practices continue to emerge.

Cyber Terrorism Threat Continues to Emerge

As for predicting the unimaginable, cyber attacks are also rising to the level of acts of terrorism. A year ago when the Target breach was making headlines, companies were concerned about facing the liabilities for cyber attacks that usually went after the personal and financial information of their companies and customers.

The recent cyber attack on Sony however, is a different animal when hackers threaten violence at movie theaters that show a particular film. This is especially true if the CIA is right and the attack came from the North Korean government. Even if the current theory, that former Sony employees were behind the attack, is correct, this new way of threatening businesses and individuals is likely to be another factor actuaries will need to consider when pricing coverage.


The truth is, nobody knows what is next. While my new article also talks about a Cybergeddon that could cripple the U.S. economy or even worldwide, there is also grave concern that attackers will destroy utility computer systems, which has repercussions too terrible to imagine.


If the past is the best predictor of the future, I have full faith that actuaries will work through their challenges. After all, they are not just number crunchers, but creative thinkers who can use technology to its best advantage.

TRIA Re-Authorization Could Be in Jeopardy

Update 12/10/2014 5:12 p.m.: House passes TRIA by 417-7 votes. Total support from Democrats; 7 nays from Republicans. It’s off to the Senate….

With Congress having 21 days to re-authorize the Terrorism Risk Insurance Act (TRIA), passage has been stalled and removed from cromnibus budget negotiations, putting the program at risk.

Some fear the move could jeopardize TRIA re-authorization, which would adversely affect workers’ compensation and other commercial insurance.

As of yesterday afternoon, TRIA was one of the major remaining roadblocks in cromnibus negotiations, according to Politico. (For those who do not live inside-the-beltway politics, cromnibus refers to measures Congress has approved to keep the federal government funded to avoid a shutdown.)

At issue is Republicans’ desire to revise the 2010 Dodd-Frank Act, which created the Federal Insurance Office and financial regulations. House Financial Services Chairman Jeb Hensarling (R-Texas) is pushing changes to Dodd-Frank, while Sen. Chuck Schumer (D-New York), who introduced the most active TRIA legislation, is resisting such changes.

In response, House Republicans created a standalone bill they hope will force the Senate’s hand by passing TRIA with their Dodd-Frank changes, according to Politico. The House Rules Committee posted TRIA bill language yesterday as well.

_______________
Some fear the move could jeopardize TRIA re-authorization,
which would adversely affect
workers’ compensation and other commercial insurance.

_______________

As I wrote about in previous blogs, without passage, workers’ compensation faces financial liabilities because it must cover work-related terrorism exposure, which could result in premium increases in states where the unthinkable occurs.

No passage will also make other types of commercial insurance, including property coverage, much more expensive and difficult to obtain. As I covered in Actuarial Review, terrorism insurance is difficult to price because there have been few terrorist events on American soil (thank God) and future terrorism treats are difficult to anticipate.

No TRIA also means no Super Bowl because game organizers will not be able to obtain affordable terrorism coverage, according to BusinessWeek. The NFL has joined with other professional sports leagues and 80 business groups nationwide to form the Coalition to Insure Against Terrorism (CIAT) to urge Congress to reauthorize of TRIA legislation.

Not everyone is a fan of TRIA re-authorization. Conservatives view TRIA as a waste of taxpayer dollars. In a recent National Review blog, writer Mark Calabria called TRIA “no more than corporate welfare wrapped up in the flag.”

Given the growing terrorism risks due to ISIL and other terrorist organizations, passing TRIA makes total sense. My hope is enough lawmakers agree.

 

 

 

 

 

 

 

Let’s Get TRIA Passed Before Holiday Recess

Congress has 43 days — that’s six weeks from tomorrow — to pass a re-extension to the Terrorism Risk Insurance Act (TRIA).

If Congress does not pass the re-extension, a couple things happen.

1) Since terrorism risk is very expensive and difficult to predict, insurers will likely to raise premiums or back out of the market.

2) Workers’ compensation faces limitless liabilities because it must cover work-related terrorism exposure, which could result in premium increases in states where the unthinkable occurs.

The whole point of TRIA is ensuring that terrorism coverage is accessible and affordable by offering a federally-supported backstop.

If you have a problem with the government getting involved in offering insurance, consider that terrorism risk mitigation depends on government security efforts that insurers cannot incentivize. That makes terrorism coverage quite unique.

_______________
…if the trigger and co-share change too much,
there is the risk carriers will bail out of the market.
_______________

As I explain a past blog and my article, The TRIA Challenge,” prices could already be poised for premium increases due to recent foreign policy decisions that leave the nation more vulnerable to terrorist attacks. Companies need terrorism coverage more than ever.

So what’s the hold up?

To oversimplify, some members of Congress would like to see the insurance industry carry more risk by raising the program “trigger,” or when TRIA can take effect, beyond the current $5 million. (The Boston Marathon Bombing did not reach the $5 million threshold so the insurance industry covered it without TRIA.)

Current legislation would also boosts insurers’ co-share, which is currently 15 percent.

That’s like your health insurance company changing its terms and expecting you to pay a higher deductible and higher co-payments.

Therefore, if the trigger and co-share change too much, there is the risk that carriers will bail out of the market.

Terrorism groups are getting bigger and stronger – and they clearly make it known that they want to attack the United States again. Businesses must be ready.

It’s really quite simple. Businesses need affordable terrorism coverage. Therefore, Congress should pass a re-extension to TRIA.

Why the Terrorism Risk Insurance Act is Necessary

Screen Shot 2014-09-10 at 12.44.33 PM 2Tommorow is the 13th anniversary of Sept. 11, 2001, so it is fitting take a look at why the Terrorism Risk Insurance Act of 2002 needs its third re-extension.

I cover this in “The TRIA Challenge,” which was recently published in the Casualty Actuarial Society’s Actuarial Review magazine as the September/October cover story and includes a sidebar on TRIA’s impact on workers’ compensation. TRIA needs to be passed by December 31, 2104 to be extended.

I wrote my article in June — and what a difference the past few months have made in the nation’s concern regarding terrorist attacks by fundamentalist Islam groups.

As reported by The Hill, just yesterday, NBC News poll showed that 47 percent of Americans believe the U.S. is less safe than it was before September 11. That’s a huge difference from the 28 percent who felt that way last year and the two in 10 Americans who had those feelings a year after the 9/11 attacks.

Truly, the last couple months have been disturbing. Given the recent headlines about the terrorist group ISIS (called ISIL by President Obama) and the Israel’s conflict with another terror group, Hamas, and evidence of terrorists using the nation’s permeable southern border for entry, it is a wonder that more Americans are not concerned. (Or are too many Americans just not paying attention?)

_______________
For terrorism coverage, everything from U.S. foreign policy to a watchful security guard can affect the risk of terrorism attacks.
_______________

If you are interested in an explanation of TRIA or want to know the legislative progress, you will find that in my article. My piece also explores the challenge of pricing coverage with little relevant historical data (just like cyber coverage, which I cover in an upcoming article) and frightening actuarial cost estimates for a truck or nuclear bomb in Manhattan.

While there are those who want to reduce the role of government in many areas, the federal government should have a backstop for costs from unthinkable terrorist attacks. Terrorism coverage is the only coverage of which I am aware where the private insurance industry is covering risk when mitigation is mostly left up to government intelligence agencies and law enforcement. That is different from workers’ compensation, where insurers can reward safer workplace practices with the experience modifier or cyber coverage policies that require certain safeguards before selling coverage to organizations.

For terrorism coverage, everything from U.S. foreign policy to a watchful security guard can affect the risk of terrorism attacks. If the insurance industry perceives greater risk, then terrorism insurance prices can spike, and making terrorism courage available and affordable is the whole point behind TRIA. Meanwhile, legislative language has suggested an increase in insurer co-payments for TRIA, which the American Insurance Association opposes.

From an actuarial point of view, I like what Michael Angelina, the vice president of casualty for the American Academy of Actuaries, told me for the article. “If I feel the threat is more likely than prior belief, all else being equal, I am going to increase rates to account for this increase in frequency and additional uncertainty.”

Given that this week’s poll data shows that ordinary Americans feel less safe, it will be interesting to see how the actuarial community reaches its conclusions to develop future rates.

Like What You See?
Then Follow Me!