Key risks facing businesses-¯and-¯their-¯insurers
In an increasingly connected world, no business stands immune from the impact of far-flung events, particularly as technology develops bringing new risks as well as opportunities for insurers.
Now, two major reports have highlighted the key risks facing businesses and their insurers in the year ahead.
Firstly, economic and political polarisation will rise this year, warns the World Economic Forum in its Global Risks Report 2020. More than 750 global experts and decision-makers were asked to rank their biggest concerns in terms of likelihood and impact. 78% said they expect "economic confrontations" and "domestic political polarisation" to rise in 2020, according to the report, produced with Marsh & McLennan Companies and Zurich Insurance Group.
Meanwhile, research by the Centre for Risk Studies in its 2019 update to the Global Risk Index sees a uniform increase in gross domestic product (GDP) at risk across all 279 cities reviewed. The key points of the 2019 update include the continued rise of cyberattack risk, the continued likelihood of commodity price volatility and sustained levels of high risk from geopolitical events and financial crises.
GDP AT RISK
Overall, the Centre for Risk Studies' analysis shows a 5.6% increase in GDP at risk from 2018 to £444bn in 2019. Drivers of this increase include growth in the economy, increasing likelihood of loss from emerging threats such as cyberattack and shifts in the patterns of potential loss to threaten higher-growth economic regions.
Its 2019 update sees an increase in risk from cyberattacks, social unrest, commodity price shocks, heatwave, freeze and, to a lesser extent, solar storms. The top three individual threat types are market crash, with GDP at risk of £84bn, about a fifth of total GDP at risk; interstate conflict at £65bn, 14% of total GDP at risk; and tropical windstorm, £51bn or 11% of total risk. Cyberattack rises to sixth among the threat rankings at £31bn -- 7% of total risk GDP at risk.
Cyberattack has moved up one place, surpassing civil conflict in the 2019 index. The report shows that the capacity for cyberattacks to cause severe economic damage continues to rise. This is a threat to be closely monitored as the increasing number and severity of attacks is countered by capabilities to protect against them.
The top 10 cities by risk exposure are: Tokyo, New York, Manila, Istanbul, Taipei, Osaka, Los Angeles, London, Baghdad and Shanghai. There is good news for insurers, however. The report notes that, while shocks to the global economy are largely inevitable, mitigation of losses -- including through insurance -- is an essential consideration in understanding those losses.
It points out that, if the rate of recovery of each of the slowest-recovering cities were improved by just one level, then their relative risk exposure would reduce by 11%. If the rate of recovery of all cities having the lowest two levels (101 cities in total) were to be increased up to the highest recovery level -- enjoyed by Tokyo, London, Singapore, Zurich and San Jose among others -- their relative risk exposure would reduce by 31%.
The report suggests: "Closing this protection gap is crucial, given the role played by ex-ante protection measures such as insurance payouts in funding the recovery process of cities. The time a city takes to recover also depends on access to funding (including insurance and aid)."
5.6% increase in global GDP at risk from 2018 to 2019 Source: Centre for Risk Studies
CYBER THREATS RISING
Meanwhile, Aon warns that ransomware has increased significantly in both frequency and severity. It also warns of unfounded concerns being raised about the potential linkage between having cyber insurance and being a ransomware target.
In its Cyber Insights for Insurers, Aon says the implementation of the General Data Protection Regulation was a watershed event and has inspired new regulation in other jurisdictions. Mostly notably, businesses in the US are now contemplating their compliance requirements under the California Consumer Privacy Act (CCPA).
In a clear warning for insurers, Dawn Kristy, cyber expert for Aon's Reinsurance Solutions business, says: "Under CCPA, statutory damages eliminate the difficult task of calculating actual damages caused by a breach, which could encourage an uptick in lawsuits by data-breach plaintiffs.
"Cyber claim frequency is likely to increase due to the expanded definition of personal information. Moreover, the private right of action also paves the way for greater litigation, if the courts do in fact clamp down on the ongoing ambiguity in the Article III 'standing to sue' rulings."
She adds: "Cyber claim severity is also likely to increase due to non-compliance fines and penalties as well as actual damages or statutory damages soon to be in play under the private right of action."
However, there is a silver lining. Ms Kristy notes: "With restrictions on class-action lawsuits, the impact to severity is likely to be moderated. Businesses may find it easier to demonstrate that they did not violate their 'duty to maintain reasonable security procedures and practices'."
Because fines and penalties are more likely insurable in California, there could be an uptick in demand for cover -- ultimately more good news for insurers.
TYPES OF THREAT
The top three individual threat types according to the Centre for Risk Studies are:The top three individual threat types according to the Centre for Risk Studies are:
- Market crash with GDP at risk of £84bn
- Interstate conflict with GDP at risk of £65bn
- Tropical windstorm with GDP at risk of £51bn
Liz Booth is contributing editor for the CII