Property Risk

Beyond Protected

Research-based engineering and predictive analytics help underwriters take on bigger risks.
By: | December 14, 2016 • 8 min read

Properties designated as Highly Protected Risks (HPRs) can get significantly greater policy limits with a much lower rating structure for their P&C exposures if they continue to keep pace with technology.

Advertisement




Highly Protected Risk properties often are subject to a much lower than normal probability of loss by virtue of low hazard occupancy or property type, superior construction, special fire protection equipment and procedures and management commitment to loss prevention.

It used to be a property could attain HPR status with just state-of-the-art fire sprinkler systems. Risk managers now need to think HPR 2.0, experts say, and expand the concept beyond sprinklers to the risk exposures that develop in tandem with new upgrades.

“The idea that the majority of loss is preventable has been the center of our business model for 180 years,” said Brion Callori, senior vice president of engineering and research at FM Global, one of the first and largest HPR insurers.

“The amazing thing is how well it still works,” he said. “I think this is why it’s gotten more industry interest in last five to 10 years.”

Brion Callori, senior vice president of engineering and research, FM Global

Brion Callori, senior vice president of engineering and research, FM Global

Underwriters are quantifying and underwriting the exposures that face a single building, a campus, a system, or even a supply chain by using modern tools such as computer models, heat maps and predictive analysis.

Solar panels, clean rooms, data storage and mega warehouses are all examples of property uses adding new hazards. As HPR engineers study those additions, they are also able to design ways to tackle the hazards they create.

Take for example, automatic storage and retrieval systems used in warehouses built larger today with narrower aisles and higher stacking. The ability to store more inventory becomes more important as space grows increasingly expensive. Research on the most advanced sprinkler technologies available aims to protect products, help reduce losses and minimize business interruptions.

“As we move to a just-in-time, more global economy, that’s where the clients’ exposures have changed in the past 30 years; they are all over the world.” — Mike Martin, EVP, general manager of national insurance property, Liberty Mutual

More carriers, armed with research and statistics, have a new perspective on HPRs and are willing to invest in the market. The more “protected” a risk is against specific exposures, the more capacity an underwriter will commit, with broader terms and at a better price.

“As it expands in different industry groups, the HPR engineering and underwriting has been able to expand to follow that and meet the exposure of these different facilities,” said Greg DiPrato, senior vice president of the global property practice at Lockton.

The modern HPR method is based on a system FM Global created nearly two centuries ago to identify ways to reduce losses from fire, explosions or natural disasters at mills. To this day, FM Global engineers continually research how to improve on safety measures such as using more efficient fire suppression, finding the strongest roofing materials or identifying less risky locations.

Liberty Mutual Insurance is another leading HPR insurer with a long history of finding solutions to risk exposures with help from a dedicated team of engineers.

“The definition of highly protected risk has really not changed, not one bit,” said Mike Martin, EVP and general manager of national insurance property at Liberty Mutual. “As we move to a just-in-time, more global economy, that’s where the clients’ exposures have changed in the past 30 years; they are all over the world.”

Research-Based Engineering

The traditional insurance model is an actuarial model, where you look at the losses that happen in an occupancy or an industry class, project forward and say those are the losses you expect in the future, Callori said.

HPR designation for FM Global goes along with what’s called research-based engineering aimed at preventing loss. It’s tough to justify the return on investment for becoming HPR based only on reduced pricing or increased capacity in today’s marketplace.

Advertisement




“We want to learn from the losses that happened in the past and figure out how to prevent them from happening in the future,” said Callori. “Our clients can take control of their own destiny going forward, and the way we do that is through the engineering.”

“The buyers look for someone that can really add the value to the partnership and help them manage their total cost of risk, not only just the physical loss but also the business continuity,” Martin said.

While most new construction in the U.S. today is built to fire code, which usually confers HPR status, it’s what you put into it and what you do with it once it’s finished that can take away an HPR designation. Conversely, the exposures in almost any building can be adapted to attain HPR status, as long as you are willing to invest in the requirements, Lockton’s DiPrato said.

When a warehouse built to store steel is then converted to plastic products containing lithium ion batteries, it may lose its HPR status because the existing shelves and sprinkler system can’t adequately contain a lithium ion or plastic fire.

Adding solar panels atop a building creates a load factor, wind exposure and voltage exposure to firefighters that must be addressed. The HPR engineers will find ways to protect the buildings, DiPrato said.

“Everybody is worried about cyber hackers from another country, yet still the easiest way to get to your servers is for someone to just walk into your building if they are not questioned.”— Brion Callori, senior vice president of engineering and research, FM Global

After engineers identify a building’s hazards and make their recommendations on how to reduce losses, the client often must prioritize the budget to incorporate everything that’s recommended at every location, Callori said.

To help with that, engineers, such as those at FM Global and Liberty Mutual, have developed predictive analytics tools to help clients focus their limited capital for the most effective route to attaining highly protected risk status.

To help clients determine where best to invest, FM Global offers clients four predictive analytics tools: Risk Mark; Locations Predisposed; Relative Likelihood and Equipment Factors. These tools look at a structure, its location, its use and the machinery inside and make recommendation about likely losses and best value for investing in loss mitigation.

A quick review of losses at properties that follow recommended safety improvements compared with those that didn’t shows the HPR buildings had less loss, Callori said.  For example, 86 percent of the dollar value for 126 large losses at FM Global locations last year happened at non-HPR facilities.

What’s Next? Cyber and Energy HPR

“As a client develops a facility for their needs, the carrier engineers are brought into the process,” DiPrato said. “Lockton has broker engineers that work as consultants to the client and help in those discussions with the insurance carrier. There’s a lot that goes on to keep everything on an HPR status as technology keeps developing.”

Engineers are beginning to take the HPR approach to new directions, such as confronting alternative energy storage and cyber hazards. Field engineers look at physical security exposures and develop ways to protect against cyber hazards using HPR techniques in new ways.

“Everybody is worried about cyber hackers from another country, yet still the easiest way to get to your servers is for someone to just walk into your building if they are not questioned,” Callori said. “The HPR definition can evolve to hopefully protect [against] cyber hazards.

“We’re working on developing a tool that we think is going to be very valuable for the risk managers to actually understand what their exposures are,” Callori said. “That will be straight from HPR.”

Underwriters are going to start to think about HPR cyber protection in the same way they do about fire, said Michael Korn, a managing principal and leader of the national property practice at Integro Insurance Brokers. What are the data controls that are in place? Do you have really robust encryption? Do you have firewalls? How do you back up your information? What employee controls do you have over information?

Playing in the Primary

The most common HPR programs are structured as single carrier; quota share; and shared and layered, said Korn.

Each insurance company “has a particular appetite for where they like to play in a program,” he said.

Michael Korn, managing principal; leader of the national property practice, Integro Insurance Brokers

Michael Korn, managing principal; leader of the national property practice, Integro Insurance Brokers

“You have to put it together as part of a jigsaw puzzle,” said DiPrato. The way the market is today, with a lot of capacity and a lot of players out there, you can put together a lot of options, he said.

“The better the risk — the more HPR it is — the more underwriters are interested in being on it because the chances of having a loss are so much less,” Korn said. Some insurers have very large amounts of capacity and will do a single carrier deal.

Some larger risks might have 15 carriers, and each one is doing a different piece of the puzzle, Korn said.  For example, if a client needs $2 billion worth of capacity, a broker might set up a quota share, where one carrier assumes 30 percent of the program. The broker then builds a tower that goes all the way up to full value with additional quota share players, Korn said.

In a shared and layered program of the same size, a broker can set up a primary layer of $500 million, for example, and add additional layers to reach the needed $2 billion capacity.

Advertisement




The lower in the tower, the more premium the insurer gets because the chance of impact from a loss is much greater. Those insurers that write excess of the primary get less premium because they take on less risk.

“You approach certain insurers with the idea they want to play in the primary,” Korn said.

Other insurers are more capacity players and typically don’t offer engineering services. They “like to play in the excess,” Korn said. They put up capacity rather than engineering services and receive less premium, Korn said.

The value proposition for Liberty, “is not just the pure insurance product, but things that aren’t covered such as protecting a client’s market share, helping with revenue streams and also reputational risk,” Martin said. “Our loss prevention solutions support a good risk management team, helping them avoid some of those things.” &

Juliann Walsh is a staff writer at Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Black Swan: Cloud Attack

Breaking Clouds

A combination of physical and cyber attacks on multiple data centers for cloud service providers causes economic havoc. Even the most well-prepared companies are thrown into paralyzing coverage confusion.
By: | July 27, 2017 • 10 min read

Scenario

By month 16 of the new presidential administration, the Sunshine Brigade is more than ready to act.

Stoked by their anger over rampant economic inequality, the mostly college-educated group of what might best be called upper-middle-class anarchists — many of them from California, Oregon and Washington State — put in motion the gears of a plan more than two years in the making.

Their logic, to them at least, is unimpeachable. Continued consolidation of economic power into the hands of fewer and fewer corporations is creating a world where the rich increasingly exploit and shut out the poor.

Advertisement




The rise of the techno giants is accelerating this trend, according to the Sunshine Brigade’s de facto leader Emily Brookes, an All-American rugby player and a graduate of Reed College in Oregon.

With a new presidential administration seemingly bent on increasing the economic advantages of the rich with no end in sight, nothing to do then but break things up; and in so doing break the hold of this technology oligarchy.

As Emily Brookes so forcefully put in her instant messages to the other members of the brigade: Break the Cloud.

With more than 500 members, many of them with ample financial and technical resources, the Sunshine Brigade is very capable of delivering on its plan for a two-pronged attack.

It is also radicalized enough to justify the loss of some human life, even its own countrymen, to “save” — in its collective logic — the tens of millions of global citizens that are living as virtual slaves in this callous, exploitative global economy.

With websites and digitally connected services large and small down for days, irritation turns to fear.

The first wave in the attack is an attempt to infect and shut down the data centers for the top three cloud service providers. It takes months to set up this offensive.

Rather than rely on a phishing scam from outside the firewalls of the service providers, The Sunshine Brigade uses its social and business connections to place three members on each of the cloud provider’s payrolls. An infected link from someone you know, someone in the cubicle right next to you, seems like an unstoppable play.

It only partially works. Only one of the cloud service providers is harmed when an unsuspecting employee clicks on a link from their traitorous co-worker. The released malware manages to cripple a major cloud service provider for 12 hours.

With millions of users affected, the act creates substantial disruption and garners global headlines. Insured losses are around $1.5 billion. But this is just the beginning.

The morning after, the Sunshine Brigade unleashes a far more devastating and far more ruthless Round Two.

Using self-driving trucks, the Sunshine Brigade smashes into five data centers; three on the West Coast, and two in the Midwest. Fourteen employees of those cloud servers are killed and another 23 injured; some of them critically.

This time the Brigade gets what it wanted. The physical damage to the data centers is substantial enough that it significantly affects three of the top four cloud service providers for five days.

With websites and digitally connected services large and small down for days, irritation turns to fear.

Small and mid-sized banks, which host their applications on clouds, are shut down. Small business owners and consumer banking customers immediately feel the brunt. Retailers that depend on clouds to host their inventory and transaction information are also hit hard.

But really, the blow falls everywhere.

In the U.S., transportation, financial, health, government and other crucial services grind to a halt in many cases.

Not everyone is disrupted. Some of the larger corporations are sophisticated enough in their risk management, those that used back-up clouds and had steadfast business resiliency plans suffer minimal disruption.

Many small to mid-size companies, though, cannot operate. Their employees can’t get to work and when they can, they sit idly in front of blank computer screens connected to useless servers.

For the man on the street, this is hell.

Advertisement




Long lines blossom at the likes of gas stations, banks and grocery stores. A population already on edge from a steady diet of social media provocation becomes even more inflamed.

By nightfall of Day Five, the three major cloud service providers are recovered, and digital “normalcy” begins to creep back. But for many small and medium-sized businesses, the recovery comes way too late.

Economic losses promise to register in the tens of billions. It’s not being too imaginative to think that losses could hit the $100 billion mark.

Two multinational insurers based in the U.S., three Lloyd’s syndicates and a Bermuda insurer signal to regulators that their aggregate cyber-related losses are so great that they will most likely become insolvent.

Emily Brookes and her cohorts were willing to kill more than a dozen people to promote their worldview. In their youthful naiveté, they could not know just how much suffering they would cause.

Observations

For some commercial insurance carriers, the aggregated losses from a prolonged disruption of cloud computing services could be catastrophic, or close to it.

“It’s on a par with any earthquake or hurricane or tornado,” said Scott Stransky, an associate vice president and principal scientist with the modeling firm AIR Worldwide.

AIR modeled the insured losses for the Fortune 1,000 were Amazon’s cloud service to go down for one day. They came up with a figure of $3 billion.

Now consider that most businesses in this country are small businesses, with not nearly the risk management sophistication of the Fortune 1000. Then consider a cloud interruption of five days or more.

Mark Greisiger, president, NetDiligence

“Almost any company you talk about today would rely to some extent on the cloud, either to host their website, to do invoicing, inventory, you name it — the cloud is being used across the board,” Stransky said.

“It’s a significant issue for insurers and one we think about a lot,” said Nick Economidis, an underwriter with specialty carrier Beazley.

“Should a cloud service provider go down, everybody who is working with that cloud service provider is impacted by that,” he said.

“Now, pretty much every software maker is on the cloud,” said Mark Greisiger, president of NetDiligence.

“In the old days, someone would come in and install software on your servers and come in annually for maintenance. That’s all gone bye-bye. Everybody who makes software is forcing you onto their private cloud,” Greisiger said.

The aggregation risk for carriers is complicated by the degree of transparency they have into which insured’s applications are hosted on which cloud provider.

Now here’s the even trickier part. Clouds outsource to other clouds.

“It’s almost becoming a spider’s web of interdependencies on who has access to what in terms of upstream and downstream providers,” Greisiger said.

Determining which of their insureds is hosted on which cloud, and in turn, where that cloud is outsourcing to other clouds can be very difficult for carriers to determine.

Even if a company is careful to diversify the risks they’re taking, they might not realize that a high percentage of insureds are even with the same cloud provider. They could be hit with devastating losses across their entire portfolio of business, said an executive with BDO consulting.

AIR’s Stransky said his company launched a product in April, ARC, which stands for Analytics of Risk from Cyber, which is designed to help carriers gain that much needed transparency.

Among insureds, surviving an event of this magnitude will depend not only on the sophistication of their risk management department, but on the company’s overall ability to negotiate contracts with vendors and suppliers that will indemnify the company in the case of a cloud outage of this duration.

It will also depend on organization’s understanding that there is no off-the-shelf solution that will prevent an event like this or make a company whole after it.

Shiraz Saeed, national practice leader, cyber, Starr Companies

Experts say contracts with cloud service providers, customers and suppliers must be structured so that a company is defended should it lose cloud access for as much as five days or more.

Best practices also include modeling just what your losses would look like in this area, and vetting your full portfolio of insurance policies to understand how each would respond.

One broker said buyers can’t be blamed if the complexities of the coverage issues at stake here are initially hard to grasp.

“It’s becoming a spider’s web of interdependencies on who has access to what.” —Mark Greisiger, president, NetDiligence

“I think it’s the broker’s job to inform the client of this exposure,” said Doug Friel, a vice president with JKJ Commercial Insurance, based in Newtown, Pa.

“You may have business interruption coverage for direct physical damage to your building. But have you ever thought about your business income if your IT structure goes down?” Friel said.

He said many buyers might not realize there is a difference.

Advertisement




Large businesses should have the resources to demand from their cloud service providers that they be indemnified for the entirety of a cloud failure event. There will be a fee for that, but it will be well worth paying, Friel said.

“You have to push,” Friel said. “They are going to say, ‘Here is our standard contract, sign it.’ ”

Don’t settle for that, he said, although many do in ignorance, he added.

“Where possible, we would look for clients to negotiate their contracts. These business relationships should be mutually beneficial, even if one of these events occur,” said Shiraz Saeed, national practice leader, cyber, for the Starr Companies.

It’s a partnership, he said.

“It shouldn’t be a zero sum game on either side. I think there should be an understanding of what the potential loss might be and then designing a contract around that,” he said.

While cloud service providers are known for having high grade security systems, most average organizations don’t have the means for that. But no matter what a company’s resources, the first step is modeling where your digital assets are, and what you and your customers stand to lose if you lose access to them.

“Most insureds don’t seem to understand the amount of individual loss that you could be subject to,” said Jim Evans, leader of insurance advisory services at BDO Consulting. “Usually this stuff is measured in hours,” he said. “But what if a cloud provider is out for three or four days?” he said.

“Trying to quantify what you did lose in an event is hard enough. Trying to do a modeling exercise about what you could lose? It’s something that just doesn’t get done enough,” he said.

Once you have an understanding of what you own and what you stand to lose, the next step is prioritizing the protection of the assets you have. That means drilling into your contract with your cloud service providers to get the maximum indemnification.

It also means spreading your risk so that if at all possible, not all of your assets or your customers’ assets are housed by one cloud service provider. Cloud platforms can be public, private, or a hybrid of the two.

Understanding where your assets are in that architecture is crucial. Spending the money to insure that they are protected behind a diverse menu of firewalls is highly advisable.

Navigating the different iterations of business interruption coverage in property, cyber and kidnap and ransom policies is also important.

Make sure your broker can provide clarity on the different types of coverages and tailor them to your needs, experts said.

The concept of design thinking is really what’s in play here. Organizations have to work with vendors in every aspect of their operations to design a risk management system that can sustain this kind of hit.

“Build a better mousetrap to protect yourself,” said JKJ’s Friel.

“Depending on your service, you need to have the best and the brightest designing this stuff. Spread the risk.”

“Don’t be afraid to ask for more,” he said.

Postscript

In engineering an attack on the cloud, Emily Brookes and her cohorts accomplished the opposite of what they set out to do.

Advertisement




Only the largest corporations with the most sophisticated risk management programs were able to survive the attempt to break the cloud with manageable losses.

Small businesses, the true backbone of the U.S. economy, suffered terribly. Entrepreneurs who put their life’s work into their business lost it in many cases.

Those on the lowest part of the economic scale, the working poor, lost their jobs and their ability to cover their rent and grocery bills. They joined the ranks of those subsidized by the government by the millions.  The attempt to break the cloud resulted in an even more polarized society. &

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]