The Twitterverse got its chance to pose cyber risk questions to a panel of distinguished experts at the NetDiligence® Cyber Risk Summit in Santa Monica on October 16. RMS and NetDiligence teamed up to host a live #ChatCyberRisk Q&A session at the conference. The experts on hand included Vinny Sakore, Chief Technology Officer, NetDiligence; Russell Thomas, Principal Engineer – Cyber, RMS and Christos Mitas, Vice President – Model Development, RMS.
Which cyberattacks will grow in prominence?
Vinny Sakore sees more and more attacks against individuals – especially high
net worth individuals, with personal cyber insurance coverage becoming an
important issue in the future.
And the biggest driver of cyber risk for organizations? Russell Thomas stated that the main ones remain; contagious malware (including ransomware) and data theft/exfiltration will continue to be the most prominent types of attacks with potential for severe or catastrophic loss to victims. The number of attacks will also grow as more firms, government organizations, schools, etc. become more dependent on automated processes and e-commerce. Financial risk due to business interruption stands out as the immediate risk driver; in a 2018 survey of 1,300 global companies, 34 percent of companies reported business interruption due to cyberattack.
If on-the-ground underwriters can get risk insight instantly – and can make a quick check simply by entering a location rather than waiting for a risk analyst or trying to gather public data themselves, it has the potential to radically improve underwriting performance. We are seeing this change beginning to happen with SiteIQ, a recently launched application that utilizes the RMS open platform – Risk Intelligence™.
uses our trusted risk model data – the same data used across a client’s
organization, to deliver hazard risk scores instantly for a location, to help underwriters
make better decisions on whether to reject, accept or refer a risk for further
analysis. Using the same risk data throughout means that new risks reflect a
business’s acceptance criteria, bringing harmony to the book of business.
By making SiteIQ quick and simple to use, underwriters see it as a useful tool in their armory, knowing they can get valuable, modeled risk insight whenever they need it. The breadth of the instant insight adds to its usefulness, covering many available perils, with outputs including risk scores, loss costs – all presented in a highly visual, intuitive app.
We keep going back to users to find out how they are using SiteIQ and what they would like to see in terms of developments. And, in its first few months since launch, thanks to client feedback, RMS has now released the third iteration since launch – SiteIQ version 1.3.
The death of Abu Bakr al-Baghdadi is a significant blow to the global salafi-jihadist movement. Since al-Baghdadi declared himself caliph of IS in the summer of 2014, his name has been used to lure new recruits and to help coalesce the myriad of salafi-jihadist groups to a common cause of forming a caliphate. The vision of a caliphate bestowed power and legitimacy to al-Baghdadi’s cause, inspired online masses, and drew an unprecedented number of foreign fighters all across the globe into its ranks. But al-Baghdadi’s death together with the demise of the caliph, has adversely impacted their cause and makes it more difficult for followers to be inspired to join their movement.
While al-Baghdadi’s death will adversely affect the ideological narrative within the global salafist movement, this does not quell the threat from IS and their associated groups for three primary reasons. First, al-Baghdadi’s death will not impact the core operations of IS. Given that he has been in hiding for many years now, command and control of IS fighters and the group’s affiliates have not been directly dependent on him for their ongoing undertakings. Core leaders of IS still remain operational and while military pressure on IS has made analysis of its leadership challenging, most counter terrorism experts agree that there is a succession plan to put a new leader in place.
As my colleague Mohsen Rahnama reminded us in his recent blog, the last destructive earthquake to strike Northern California was on October 17, 1989. Loma Prieta was a magnitude 6.9 earthquake which resulted in 63 deaths and about four thousand injuries. The epicenter was about ten miles northeast of Santa Cruz, and seismic waves took about 30 seconds to reach San Francisco. But there was no way of communicating any earthquake early warning to residents of the Marina district of San Francisco, which suffered some of the worst damage from shaking and fire outbreak.
On October 17, 2019, the thirtieth anniversary of this earthquake, the California Governor’s Office of Emergency Services unveiled a smartphone app from the University of California, Berkeley Seismological Lab that will give all Californians the opportunity to receive earthquake early warnings.
Governor Gavin Newsom, who happened to be in the Marina district at the time of the 1989 earthquake, has urged people to download the MyShake app. This app (myshake.berkeley.edu) is available on the Apple App Store and Google Play, and relies on the ShakeAlert earthquake early warning system, developed by the U.S. Geological Survey (USGS).
Thirty years ago, the Mw6.9 Loma Prieta Earthquake
struck the San Francisco Bay Area. When looking back at disasters, it is always
particularly relevant to understand the moment in time impacted. The Loma
Prieta Earthquake struck on Tuesday, October 17, 1989 at 5:04 p.m. local time,
but it was no ordinary Tuesday afternoon. Game Three of the Major League
Baseball 1989 World Series was to start at 5:35 p.m. between the two Bay Area
teams: the Oakland Athletics and the San Francisco Giants.
Typically, 5:04 p.m. would represent the height of rush hour in the Bay Area, but because of the game a significant component of the workforce had left work early or had stayed late to watch it. While 63 lives were lost, this loss level was much lower than it might have been given the level of damage that impacted highways across the region including the failures of the Nimitz Freeway and the San Francisco–Oakland Bay Bridge.
I was at Stanford University in the Terman Engineering Building studying when the earthquake struck. The Stanford campus made up of numerous historical buildings saw substantial damage. In all, more than 200 structures were impacted. The restoration of the damage took more than a decade to fix and cost Stanford more than US$160 million. Classes were canceled for more than a week. Students were locked out of damaged buildings which meant they could not access their research samples, data and equipment. Adding to the stress were the innumerable aftershocks. For those of us studying engineering, it really brought home the importance of our work.
Risk scoring is a fundamental part of the property and casualty underwriting process, allowing underwriters to sort and rank the quality of submissions. This process culminates in critical business decisions on quoting, declination, referral, and pricing, which taken together can make the difference between an insurer’s survival and its failure. The best insurers make these decisions in a manner that is disciplined, consistent, and data-driven. Those who fail to do this fall prey to adverse selection, pay high reinsurance costs, and suffer at the hands of disapproving rating agencies.
Given this high stakes game, why does the industry continue to rely on oversimplified, unproven, and outdated risk scores for natural catastrophe underwriting?
At this year’s RMS Terrorism Risk Summit, we focused attention on the U.S. landscape. The main issue these days in terrorism insurance discussions relates to the Terrorism Risk Insurance Protection and Reauthorization Act (TRIPRA), which will expire at the end of December 2020 if not reauthorized. This important legislation is also known by other acronyms including TRIA (Terrorism Risk Insurance Act) and TRIP (Terrorism Risk Insurance Program). In discussing the U.S. federal backstop for certified acts of terrorism, all these names are synonymous.
To help make sense of the
speculation and various policy options, RMS was proud to host Scott Williamson,
Vice President and Director of Financial Analytics at the Reinsurance
Association of America (RAA). Mr. Williamson has developed legislative
models to assist the RAA in its advocacy on issues such as TRIA.
At the RMS event, Mr. Williamson provided an overview of the current TRIA structure and explored some alternative modifications to the program that were considered to make a legislative recommendation. This included an evaluation of multiple ‘what-if’ scenarios, using a range of attack modes and targets, and various assumptions regarding the compounded average growth rate of the U.S. economy. For this study, RMS partnered with RAA to estimate economic losses due to a range of scenario terrorism events for property and workers’ compensation lines of businesses, using its latest Terrorism Model and Economic Exposure Data.
Despite the paucity of large-scale terrorism attacks in North America, the multifaceted terrorism threat in the U.S. continues to be a significant one that must be managed by the (re)insurance risk management industry, according to experts at this year’s RMS Terrorism Risk Summit.
The theme for this year’s summit, held in New York on September 25, focused on the multifaceted terrorism threat landscape in the U.S. and how the peril can be managed by the insurance industry. While terrorism insurance take-up rates remain healthy, and the U.S. Government Terrorism Risk Insurance Program (TRIP) backstop offers reassurance in the event of a large-scale attack, the uncertainty around TRIP’s pending renewal at the end of 2020 and the fluid threat environment have given (re)insurers some pause for thought.
The invited speakers for this year‘s summit included Ambassador Dan Benjamin, director of The John Sloan Dickey Center at Dartmouth University, Steven Simon, professor of security studies at Colby College and Scott Williamson, vice president and director of Financial Analytics at Reinsurance Association of America (RAA).
Japan continues to assess the extent of the damage caused by
Typhoon Hagibis, which made landfall near the Izu Peninsula in Shizuoka
Prefecture on Saturday, October 12. Current reports state that at least 66
people have been killed, dozens of people are missing, and hundreds are injured.
At this time, the worst impacted prefectures include Nagano, Saitama,
Shizuoka, and Fukushima.
However, the full extent of the damage is not expected to be known for several days as rescue operations and official damage assessments continue – rescuers cannot reach some areas due to high water levels. The Japanese Prime Minister, Shinzo Abe, stated that there is no plan to slow rescue operations, with around 13,000 police, 66,000 firefighters and 31,000 Self-Defense Forces personnel involved. The numbers of structures and properties affected is predicted to rise.
RMS launches new exposure management application focused on the portfolio manager – ExposureIQ on the new cloud platform, Risk Intelligence™.
The role of a portfolio manager is a demanding one. It represents a high-wire balancing act between managing profitability and growth on one hand and keeping within exposed limits and minimizing risk accumulation and potential losses on the other. It is the portfolio manager who must uncover the “hot spots” if an individual line of business, geography, or risk type is looking under pressure as a loss driver – and highlight the “cold spots” where segments have growth potential.
They are always under the watchful eye of regulators and governance functions who need regular reports to show that the business is sticking to its stringent boundaries and limits. And if all this wasn’t enough, they are also on the frontline when a cat event strikes and on duty throughout to regularly update and reveal the impact of the event on the portfolio before, during, and post-event.