This article was originally published in The Insurer, click here to access the original article.
Examples of data theft continue to stream through; no one brand seems immune from having to announce major losses of customer data records. Uber paid US$148 million to settle a legal action over a cyberattack in 2016 that exposed data from 57 million customers and drivers. Forbes reported that Yahoo agreed to pay a US$50 million settlement to roughly 200 million people affected by the email service’s 2013 data breach.
It is still the case that data theft is the leading source of loss for both insurers and reinsurers that cover cyber. The cyber insurance market is still in an early growth stage as the overall economic impact on the global economy from cyberattacks in 2017 was estimated at US$600 billion. Insured loss for standalone cyber policies was a fraction of this, at around US$1 billion to US$1.5 billion. But with cyber risk continually evolving, insurers may have to contend with a new, growing source of loss as cyber attackers are turning to ransomware, as it offers a potentially easier and more lucrative attack method.
Ransomware sees malware infiltrated into the networks of a company and disables servers or locks up data until a ransom is paid. This contagious malware, of which WannaCry and NotPetya are probably the most renowned examples, can even plague companies with high standards of security, and has the ability to scale and to cause systemic loss to thousands of companies. Attackers have also stolen data from a company, and then attempt to extort a ransom from the victim company in return for the data.
Overall, the number of ransomware attacks are increasing each year, and for cyber attackers there is the easy availability of ransomware to buy on the dark web. As outlined in our recent RMS Cyber Risk Outlook Report, estimates of ransomware extorted in 2017 exceed five billion dollars, a 15-fold increase over the previous two years.
The World Economic Forum (WEF) Global Risk Report was released a week ago, in time to generate discussion and provoke debate at the WEF Annual Meeting in Davos.
Among the headlines of the Global Risk Report, as in every annual update, there are two lists of the top five risks for 2019, according to their expected Likelihood and Impact. These lists are based on the WEF Global Risks Perception Survey conducted four months ago, with around a thousand responses from the WEF’s multi-stakeholder communities, professional networks of its Advisory Board, and members of the Institute of Risk Management.
There is a sense about these top five lists, that they are reactive – reflecting what has recently happened, more than being an effective and objective analysis of risk. We know that the most dangerous events are precisely those which one has not recently witnessed and that arrive as something of a surprise.
In my recent article in Reactions entitled Why Long-term NFIP Reform is a Must, I looked back at the flood events of 2018 through the lens of the need to reform the National Flood Insurance Program (NFIP). I made the argument that the NFIP is not effectively covering communities at risk or supporting the development of a private market that support that same goal.
Looking at Hurricane Florence, its impacts exemplify the type of event from which our communities need to recover from by leveraging the NFIP and a more robust private market. Both North Carolina and South Carolina each broke records for the amount of rainfall caused by a tropical cyclone. While the flooding due to storm surge was significant in areas such as New Bern, the majority of the flood damage was driven by that record rainfall in the inland areas.
The areas most impacted had the lowest take-up rates for flood insurance – the take-up rate for NFIP policies is less than two percent in the inland counties of North Carolina and South Carolina, while take-up rates in most coastal counties generally range from 10 to 25 percent. As a result, RMS analysis found that Florence caused US$3 billion to US$6 billion in uninsured losses, or about 4-5 times the losses expected to be incurred by the NFIP.
It is now exactly a quarter of a century, on January 17, 1994, since the last significant U.S. earthquake disaster. A previously unknown blind thrust ruptured beneath Northridge, in the San Fernando Valley north of Los Angeles. Casualties were fortunately modest (57 deaths) because the Mw6.7 shock happened at 4.30 a.m. local time, but the damage was significant – estimated as at least US$30 billion in 1994 prices, as the fault lay directly underneath the city.
Sooner or later California will experience another Mw6.7-7.5 earthquake disaster, in the highly populated San Francisco Bay Area or under sprawling greater Los Angeles. Year-on-year, while the probability rises, the proportion of the affected population with any previous disaster experience dwindles. When it happens, in all senses of the word – it will be a great shock.
One prediction is inevitable: after the next big Bay Area or LA earthquake, there will be large numbers of uninsured homeowners, landlords and small business owners looking for compensation. Given the high deductible and low take-up rates for earthquake insurance, as much as 90 percent of the residential losses will not be covered by insurance payouts: a far higher percentage than in 1994.
And the question is then, will the Federal Government response match that which followed Hurricane Maria, or can we expect it to be more like the aftermath of Hurricane Katrina. Or to put it another way: will California be “Puerto Rico” or “New Orleans”?
As we move full steam in to 2019, it is worth remembering that some good progress was made during 2018 with regards to advancing the private flood insurance market in the U.S. – even though Congress struggled with reform of the National Flood Insurance Program (NFIP).
Here’s five takeaway points from the past year:
1. Extending the Extension: The NFIP saw numerous extensions and a few short lapses. Just before the end of the year, Congress reauthorized the NFIP until May 31, 2019 right before the government shutdown commenced on December 22, 2018. But decisions by FEMA during the last week of the year brought uncertainty to the housing and insurance industry as it dealt with changing guidelines on whether policies could be sold or renewed during the shutdown. Ultimately, the NFIP is still operating, but the back and forth of 2018 did not bolster confidence in the stability of the program and left many asking … will 2019 be the breakthrough year?
2. FEMA Boosts the Private Flood Market: Although Congress struggled to act on the NFIP, FEMA did, with technical changes that came into force on October 1, 2018, to attract new private carriers and help existing carriers who participate in the NFIP “Write Your Own” (WYO) program.
First – removing a “non-compete” clause for carriers operating within WYO, now allows WYO carriers to offer their own private flood coverage as well as NFIP policies, with the condition that these businesses are kept separate. Second – policyholders can now cancel their NFIP policy mid-term, before its expiration date when a policyholder has obtained a duplicate policy. In combination, these steps removed hurdles that were hindering carriers from offering new flood products and making it difficult for consumers to purchase those products from the private market.
Indonesia was beset by disasters in 2018, including two high casualty local tsunamis: in coastal western Sulawesi – impacting the city of Palu, on September 28, and around the Sunda Strait, between Java and Sumatra, on December 22. These events may have appeared unusual, but the great subduction zone tsunamis, like those in the Indian Ocean in 2004 and Japan in 2011, have reset our imagination. Before 2004, forty years had passed without any transoceanic tsunamis. Overall, local tsunamis are more common, presenting many challenges in how they can be anticipated.
The Palu tsunami reminds us how “strike-slip” faults, involving only horizontal displacement can still generate tsunamis, first as a result of vertical displacement at “jogs”, where the fault rupture jumps alignment, as well as from triggered submarine landslides. It seems both factors were important in driving the Sulawesi tsunami that became amplified to more than four meters (13 feet) in the funnel-shaped Palu embayment.
The December 22 Sunda Strait tsunami was caused by a submarine landslide on the erupting Anak Krakatoa volcano and arrived without warning, in the dark of mid-evening. More than 400 people drowned mainly around a series of beach resorts in Banten and Lampung provinces, although water levels in the tsunami only reached a meter or two above sea level. An audience of 200 enjoying a concert at the Tanjung Lesung Beach Resort, staged directly on the beach by Indonesian rock band Seventeen were caught unaware. 29 concertgoers were killed together with four people associated with the band.
For the first part of Pete Dailey’s blog, Climate Change and NCA4: Part One, click here
What’s Climate Change Attribution?
Lately, the climate science community has spent considerable time on a topic called attribution. In this context, attribution refers to the portion of rising temperatures attributable to human activity via the burning of fossil fuels and release of greenhouse gases (GHGs). Today’s climate models can reconstruct historical temperature records, and then replay history “as if” GHGs had not been released. The difference between these simulated climates provides a means of quantifying the warming that stems directly from the emissions.
Extreme event attribution attempts to quantify the responsibility of climate change for a single weather event. It works by establishing whether climate change can be credited as a factor among all of the factors responsible for a catastrophic event, such as Hurricane Katrina, or the recent Camp Fire wildfire in Northern California – or for that matter any natural disaster. Such events have lots of environmental ingredients and extreme event attribution decides whether human-induced global warming is a significant one.
I am in Wellington, New Zealand, looking out from a rainy hotel window high over the city, admiring the older wooden houses on the forested slopes. Below there are four to eight story office and retail buildings, a number of which are shrouded in scaffolding, still repairing damage from the 2016 Kaikoura earthquake. The earthquake epicenter was some distance from the city, but the pattern of fault ruptures propelled long period ground shaking into the heart of Wellington.
In 1848, only eight years after the city was founded, a Mw7.5 earthquake on the far side of Cook Strait, shattered the town’s brick buildings. The Lieutenant Governor, Edward Eyre, forgetting his official role as colonial booster, declared the “… town of Wellington is in ruins … Terror and despair reign everywhere. Ships now in port … (are) crowded to excess with colonists abandoning the country.” However, the tremors declined, and the town survived.
Many ordinary houses were rebuilt using wood instead of brick. As a result, they suffered far less damage from a larger and closer Mw8.2 earthquake in 1855, that struck at the end of a two-day public holiday to celebrate the fifteenth anniversary of the city’s formation. This ruined all the remaining brick and stone commercial buildings including churches, barracks, the jail, and the colonial hospital. However, the earthquake delivered a tectonic bounty, raising the city by one to two meters (3.2 to 6.5 feet), turning the harbor into new land for development.