2017 Most Dangerous Emerging Risks

Artificial Intelligence Ties Liability in Knots

The same technologies that are driving business forward are upending the nature of loss exposures and presenting new coverage challenges.
By: | April 7, 2017 • 7 min read

Despite dire predictions of an “Automation Apocalypse,” it turns out that automation has only obliterated one job in the last 60 years. (Sorry, elevator operators.) However, the steady encroachment into the workplace of automation, robotics and cutting edge technologies is all too real. Robots aren’t just making cars and widgets and filling warehouse orders. They’re harvesting crops, flipping burgers, making pizza and folding laundry — just for starters.

Advertisement




For businesses, the potential boons are obvious: reduced labor and operational costs, reduced turnover and fewer injuries from repetitive tasks, increased overall safety, production speed and quality. Some economists project that current trends will eventually lead to lower prices and increased demand.

Unfortunately all of that silver lining isn’t without its dark clouds. The potential risks are evolving just as fast as the technology itself, and both insurers and insureds will be hard-pressed to keep up. Questions of liability and coverage and product response are becoming increasingly murky.

Yesterday’s loss scenarios were more or less straightforward. If a truck fails to brake and the resulting crash causes a loss, where does the liability lie? The operator? The truck manufacturer? The brake manufacturer? There might be disputes over fault, but at least the possibilities were limited.

Now you have the same crash in an autonomous truck and the questions can make your head spin.  Was the circuitry at fault? A chip? Was there a fault in the programming? Was there a connectivity issue? Was it hacked? Did the machine choose not to apply the brakes because of a specific set of circumstances presented?

Having a confluence of factors contributing to losses is not anything new in the insurance industry said Gail McGiffin, principal in the EY insurance practice and leader of underwriting, product, policy and billing solutions. What is new “is the breadth of everything that technology touches these days,” she said. The result being that you’re no longer talking about the combination of one or two technologies, it may be more like five technologies or more contributing to the complexity of an exposure.

John Lucker, principal and global advanced analytics market leader, Deloitte & Touche

“You have to think about some of these emerging technologies — that combination of artificial intelligence with machine learning, with semantic web, with predictive models — all being in operation,” she said.

“Dissecting the exposures introduced by individual technologies is challenging enough but understanding the compounded effect of this multitude of technologies and how it’s contributing to exposure and product response — that is the next major challenge area that we’re facing in the industry.”

If a piece of equipment has embedded intelligence, “whether it’s analytics, whether it’s robotic process automation, whatever the case may be — there’s a shift of liability that’s tacit and implicit inside of the underlying product or service,” agreed John Lucker, principal and global advanced analytics market leader with Deloitte & Touche.

What’s unclear at the moment said Greg Hendrick, president of property & casualty insurance and reinsurance at XL Catlin, “is how it’s all going to come together when you actually have something unfortunate happen — who’s going to pay what? That’s the interesting thing about this emerging risk: What normally was perceived as a usual course of action for liability could shift as you see more and more technology, more and more autonomy, enter your vehicles and your manufacturing process.”

Divvying Up Liability

For all parties connected to a loss, the challenge will be not only trying to sleuth out the root cause, but then teasing out an answer to the question of whose policy, and which line will respond to the loss.

“From the insurance side of this, I think the biggest risk is that they just don’t know what the risks are.”   — John Lucker, principal, global advanced analytics market leader, Deloitte & Touche

Let’s say a programming error created a serious security flaw in one piece of software operating a fleet of autonomous industrial vehicles or machines. A hacker exploited the flaw and caused the entire fleet to unexpectedly halt, rendering every unit permanently inoperable.

Multiple crashes arose from the unexpected stalls as well as significant business interruption losses. The manufacturer took a stiff reputational hit for its inability to make good on contracts for days or weeks while trying to get back up and running. How can the company expect their program to respond?

Advertisement




The company’s property policy might not exclude coverage for physical damage and business interruption caused by a cyber attack. But then again, it just might.

On the other hand, its cyber policy might only cover the loss of data in the event of an attack, but not property damage. Would the equipment manufacturer’s product liability policy respond? The software developer’s errors and omissions policy might respond, but maybe not, if the damage was caused by the attacker rather than by the programming error directly.

With each loss scenario composed of its own unique set of variables, questions about where liability rests are likely to result in a lot of finger-pointing between stakeholders.

“If there’s a part that goes bad and it’s just a one-off, then maybe we have a product liability issue,” said Lucker.

“If there are a couple hundred [pieces of equipment affected], maybe it’s a product recall liability issue. It could be errors and omissions — the engineer could have made a mistake, the programmer could have made an error. It could be directors and officers liability — this could have been an issue that was discussed in the boardroom and the board didn’t react appropriately so these other liabilities could flow upwards to the boardroom.

“We’ve shifted something that used to be fairly simple — who’s at fault and who’s going to pay for it — to a complex suite of problems and products that makes either personal or commercial risk management much more complicated,” he added.

In one sense, it’s not that different from a simple failure of a mechanical part, said John Denton, managing director at Marsh USA. The manufacturer of a defective part or the manufacturer of equipment incorporating that defective part have historically been assigned liability for any accidents arising out of that defect.

“In the same way, the developer of the software or the manufacturer of the part that incorporates that software has that same liability from the software defect that the manufacturer of the part previously had,” he said.

The key difference in many cases, he said, may be that the software company or the manufacturer of the part using the software may not have experience with any significant third-party liability, and may not have a program that is designed to respond to that liability.

Claim Development Needed

“From the insurance side of this, I think the biggest risk is that they just don’t know what the risks are,” said Lucker.

Insurers are definitely asking questions, said Denton. But “time will tell whether they’re asking the right questions.”

The brunt of the challenge will necessarily fall to underwriters, who are going to have to become even more technologically savvy than ever before, said McGiffin.

Greg Hendrick, president of property & casualty insurance and reinsurance, XL Catlin

“This is about understanding technology in the world at large, and understanding it as a function of each of the industry segments you might be writing, and each one of the accounts, to be able to identify the proportion of risk introduced by these different elements — to be able to assess the risk, evaluate the mitigation that’s in place, and then make decisions and price the exposure … it’s just taking it to a whole new level of sophistication.”

Claim development is another key piece of the puzzle, she said.

“As we have more and more claim activity, claim adjudication, claim litigation, and we understand how the confluence of technologies and the modern work environment play out through claims, we learn how those losses are settled and the contribution of each technology — as well as the combination of technologies — to the root cause of loss.

“You can’t substitute the years of claim history that still have to happen.”

Even though underwriters will try to manage the exposures with existing policy forms and language, that claim development will be necessary to guide new products, said Hendrick.

“Quite often your best intentions of what you meant to spell out and what you did spell out end up being interpreted differently by a court of law,” he said.

Insurers, said Lucker, will have to “redraft and recraft” policies to create more clarity about the risks they’re taking on.

“Challenge yourself to constantly keep in tune with how your company’s risk profile is changing based on this technology revolution.”    — Greg Hendrick, president of property & casualty insurance and reinsurance, XL Catlin.

As that claims history develops, paths to subrogation may become less clear for insurers, said experts. Difficulties tracing through the supply chain to understand the role of each player will make it more challenging first to sort out which policy is the primary, but then to understand the litigation path to recover from other parties who share blame for the loss.

Advertisement




“In the end, the primary insurance policy, whatever it is … regulators are going to hold that insurer responsible for doing the right thing for the insured — getting a check cut or getting something fixed or making sure that somebody’s medical bills are paid,” said Lucker.

“The consumer has to be made whole in a fair way. How that gets sorted out behind the scenes among all of the various parties — that becomes the insurance companies’ problem or the insurance ecosystem’s problem.”

For their part, regulators, at some point, “are going to have to start thinking more about this tangled web of potential liability and all of this contractual finger-pointing and subrogation, and how the industry is going to sort this all out,” said Lucker.

“It’s going to produce a whole lot of litigation so this is a kind of permanent employment plan for the legal profession and it’s not going to be simple to sort out.”

Risk Managers Must Keep Pace

It’s unclear whether everyone along the chain of those who make and produce autonomous, robotic or intelligent equipment is up to speed on the shifting exposures, said Hendrick. But risk managers employing these technologies are definitely thinking about how this risk is evolving and how it could impact their organizations, he said.

“Whether it’s their commercial fleet of cars or commercial fleet of trucks, their warehouse equipment, their manufacturing equipment, their retail or office buildings … with more and more interconnectivity, they’re definitely starting to think about,  ‘OK where does liability sit, how does it arise, and who’s going to be responsible?’ ”

“There really isn’t an industry out there that’s not exposed to additional risks already as a result of this technology,” said Marsh’s Denton.

“So everybody — whether industrial users, drivers, auto or refrigerator manufacturers — everybody’s got to grapple with this new technology and that potential increase in exposures and risks and how their insurance program will respond to that.”

Advertisement




That’s why no business can afford to simply renew their insurance program without due diligence, he added. “You can’t just renew your program with the same limits and the same type of coverage. As technology changes … the nature of the risk may increase or decrease or the size of the risk will change. You need to constantly evaluate your program to see if it responds to the potential magnitude of the exposure.”

Risk managers must be continually asking, “Are the products that I’ve historically bought the right ones to buy to protect the risks that I have now?” said Hendrick.

Companies will need to keep assessing their own programs as well as their suppliers’ programs to ensure they have the right amount of coverage in the new technology enabled world, he said.

The goal is to stay ahead of each wave of change and keep adapting, he added.

“Challenge yourself to constantly keep in tune with how your company’s risk profile is changing based on this technology revolution,” he said. &

________________________________________________________________

2017 Most Dangerous Emerging Risks

Cyber Business Interruption

Attacks on internet infrastructure begin, leaving unknown risks for insureds and insurers alike.

 

 

U.S. Economic Nationalism

Nationalistic policies aim to boost American wealth and prosperity, but they may do long-term economic damage.

 

 

Foreign Economic Nationalism

Economic nationalism is upsetting the risk management landscape by presenting challenges in once stable environments.

 

 

Coastal Mortgage Value Collapse

As climate change drives rising seas, so arises the risk that buyers will become leery of taking on mortgages along our coasts.  Trillions in mortgage values are at stake unless the public and the private sector move quickly.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

2017 RIMS

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.
By: | April 19, 2017 • 2 min read
Topics: Cyber Risks | RIMS

“The sky is not falling” when it comes to cyber security, but the threat is a growing challenge for companies.

“I am not a cyber apocalyptic kind of guy,” said Gen. Michael Hayden, former head of the Central Intelligence Agency and National Security Agency, who currently is a principal at the Chertoff Group, a security consultancy.

Gen. Michael Hayden, former head of the CIA and NSA, and principal, The Chertoff Group

“There are lots of things to worry about in the cyber domain and you don’t have to be apocalyptic to be concerned,” said Hayden prior to his presentation at a Global Risk Forum sponsored by Lockton on Sunday afternoon on the geopolitical threats facing the United States.

“We have only begun to consider the threat as it currently exists in the cyber domain.”

Hayden said cyber risk is equal to the threat times your vulnerability to the threat, times the consequences of a successful attack.

At present, companies are focusing on the vulnerability aspect, and responding by building “high walls and deep moats” to keep attackers out, he said. If you do that successfully, it will prevent 80 percent of the attackers.

“It’s all about making yourself a tougher target than the next like target,” he said.

But that still leaves 20 percent vulnerability, so companies need to focus on the consequences: It’s about response, resiliency and recovery, he said.

The range of attackers is vast, including nations that have used cyber attacks to disrupt Sony (the North Koreans angry about a movie), the Sands Casino (Iranians angry about the owner’s comments about their country), and U.S. banks (Iranians seeking to disrupt iconic U.S. institutions after the Stuxnet attack on their nuclear program), he said.

“You don’t have to offend anybody to be a target,” he said. “It may be enough to be iconic.”

The world order that has existed for the past 75 years “is melting away” and the world is less stable.

And no matter how much private companies do, it may not be enough.

“The big questions in cyber now are law and policy,” Hayden said. “We have not yet decided as a people what we want or will allow our government to do to keep us safe in the cyber domain.”

The U.S. government defends the country’s land, sea and air, but when it comes to cyber, defenses have been mostly left to private enterprises, he said.

“I don’t know that we have quite decided the balance between the government’s role and the private sector’s role,” he said.

As for the government’s role in the geopolitical challenges facing it, Hayden said he has seen times that were more dangerous, but never more complicated.

The world order that has existed for the past 75 years “is melting away” and the world is less stable, he said.

Nations such as North Korea, Iran, Russia and Pakistan are “ambitious, brittle and nuclear.” The Islamic world is in a clash between secular and religious governance, and China, which he said is “competitive and occasionally confrontational” is facing its own demographic and economic challenges.

“It’s going to be a tough century,” Hayden said.

Anne Freedman is managing editor of Risk & Insurance. She can be reached at [email protected]