2017 Most Dangerous Emerging Risks

Coastal Mortgage Value Collapse

As seas rise, so does the risk that buyers will become leery of taking on mortgages along our coasts. 
By: | April 7, 2017 • 7 min read

Rising seas encroach on our cities and towns at rates exponentially greater than before.


So-called King Tides, urged on by climate change and brought about by the close alignment of the sun, the moon and the earth are already producing flooding in Miami 10 days a year.

Debate the cause if you want to expend more hot air denying science. But it’s a fact that resale values of coastal homes in Miami, Atlantic City and Norfolk, Va. are already starting to erode.

These bellwether locations signify a growing and alarming threat; that continually rising seas will damage coastal residential and commercial property values to the point that property owners will flee those markets in droves, thus precipitating a mortgage value collapse that could equal or exceed the mortgage crisis that rocked the global economy in 2008.

“Insurance deals with extreme weather and billions of dollars of losses, but what we are talking about is uninsured loss of fair market value that is trillions of dollars in losses and I am not talking about in 2100, I’m talking about the next mortgage cycle,” said Albert Slap, president of Coastal Risk Consulting, a Florida firm that provides lot by lot modeling of flood risk.

Models created by Coastal Risk Consulting show flooding rates of Miami properties are going to rise substantially between now and 2050, within that 30–year mortgage cycle he refers to.

Albert Slap, president, Coastal Risk Consulting

“The results of our modeling and that of NOAA and many others shows that the increase in flooding on people’s properties, due to astronomy and physics, not weather, is alarming and significant and in all likelihood is not backstopped by insurance,” Slap said.

Adding to the threat is that real estate agents and homeowners aren’t incentivized or required to reveal how frequently properties flood, or how exposed they are to flooding.

“Forty percent of Americans live on the coast, which means you have trillions of dollars at risk for climate change that hasn’t been modeled for default increases,” Slap said.

The Pew Charitable Trusts, as part of its testimony to Congress as the National Flood Insurance Program undergoes review, is asking that all homeowners be required to report on that risk.

Many coastal homes are backstopped by the NFIP, which is still billions in debt from its losses in the Katrina-Wilma-Rita hurricane cycle of 2005.

Private sector insurers are eyeing ways to write more flood business. But if the NFIP suffers further losses, and private sector insurers retreat, what then?

“If you look at it systematically, if a broad number of insurance companies decide that they need to triple homeowners insurance rates, or they need to pull out of a local market, that would create a lot of problems in terms of the value of the properties that are in that locale,” said Cynthia McHale, president of insurance for Ceres, a nonprofit that advocates for sustainable business practices.

In November, Sean Becketti, the chief economist for the economic and housing research group at Freddie Mac, the federally backed housing lender, co-authored a paper that documented this very risk.

The paper referenced the fact that daily high-water levels in Miami are increasing at a rate of an inch per year, much faster than the rate of global sea-level rise. Other cities along the Eastern seaboard are experiencing a 10-fold increase in the frequency of flooding, according to Freddie Mac.

“A large share of homeowners’ wealth is locked up in the equity in their homes,” Becketti wrote.

“If those homes become uninsurable and unmarketable, the values of the homes will plummet, perhaps to zero.”

“Forty percent of Americans live on the coast, which means you have trillions of dollars at risk for climate change that hasn’t been modeled for default increases.” —Albert Slap, president, Coastal Risk Consulting

In the housing crisis of 2008, according to Becketti, a significant percentage of borrowers continued to make their mortgage payments even though the value of their homes was less than their mortgages.

Cynthia McHale, president of insurance, Ceres

“It is less likely that borrowers will continue to make mortgage payments if their homes are literally underwater,” Becketti said.

“As a result, lenders, servicers and mortgage insurers are likely to suffer large losses,” he said.

Insurers would suffer, according to Ceres’ McHale, and not just as backers of insurance policies.

“Insurance companies themselves are major commercial and residential mortgage holders,” she said.

“They assume that the property is going to hold its value and act as collateral if needed. If it doesn’t hold its value, where is the collateral?”

“Not only will their mortgages be metaphorically underwater, they are going to be literally underwater,” said Slap.

“And there is no coming back from it.”

“The New York Times” published a piece in November that detailed the case of Roy and Carol Baker of Sarasota, Fla. The Bakers tried for months to sell their home in Siesta Key, according to the story, but buyers kept backing out when they discovered the annual flood insurance premium was about $7,000.

“This experience will become more common, economists say, as the federal government shifts away from subsidizing flood insurance rates to get premiums closer to reflecting the true market cost of the risk,” reporter Ian Urbina wrote in his piece.

The Climate Race

What Becketti, Slap and others say is true, said Helen Thompson, a director, commercial marketing at Esri, the mapping and analytics company that works with insurers and property owners.


But she said there is a solution, the public and private sector working together to address the problem: That and about $4 trillion.

“The challenge for a lot of people is to understand the scope and the scale of this issue, and in some ways, like the mortgage bubble before, if you are ignorant of the problem, you can’t fix it,” she said.

“I think taking action means crafting a discussion of the problem and moderated expressions of what those solutions are, based on science and analysis and not hyperbole,” she said.

It’s well documented how dire the nation’s infrastructure needs are.

Thompson compares the current dilemma posed by climate change and sea rise in the U.S. and elsewhere to the cholera epidemic that ravaged London in the mid-19th century. What’s needed now, she said, is something akin to the massive public works projects that were undertaken to provide Londoners with cleaner drinking water.

“They realized the social and political cost of this,” Thompson said.

“We need to change our thinking to say this is not just about handing debt to our children, it’s about maintaining the same level of opportunity and quality of life for our children,” she said.

Thompson points to China, which she says is investing in climate change-resistant ports and additional infrastructure internationally to remain economically competitive.

“It’s in their best interests as a global manufacturing hub to mitigate the cost and the impact of climate change because of how much collateral damage it will do to their economies,” Thompson said.

Helen Thompson, director, commercial marketing, Esri

She said the U.S. needs to go down the same path, and step on it.

“I call it the ‘climate race,’ like the space race,” she said.

“The infrastructure needs to be created to deal with this, and the United States is massively lagging.”

Slap envisions another solution, a “climate ready” mortgage program, similar to the federal government’s energy efficient mortgage program, which gives property owners federally guaranteed loans to make energy efficiency upgrades.

Such a program would provide loans for sewage backflow preventers, changing the grade on a driveway, or elevating a home on a platform

Thompson said the massive infrastructure projects she envisions could include moving the vital container operations at the Port of Miami inland and constructing a berm to defend against sea water.

Office building owners in Lower Manhattan, which was so damaged by Superstorm Sandy, are increasingly investing in flood prevention barricades and moving critical building components like HVAC and plumbing components to higher floors.

Americans just got a chilling reminder of the dangers presented by changing weather patterns and crumbling infrastructure. Fears that the Oroville Dam on California’s Feather River would buckle under heavy rainfall got everyone’s attention.


“People are looking at that and saying, ‘We didn’t realize what this change in weather patterns means in the long term,’ ” Thompson said, and they are relating the Oroville event to infrastructure in their own towns and the risks they present.

As the NFIP undergoes its annual review in Congress, Slap said administrators would do well to exclude King Tide events.

“If you were to go to NFIP and ask them if they cover King Tide flooding, they would say, ‘If it meets our definition of flood then we must cover it.’ This is a red flag, because what you are saying is the government and the taxpayers are covering sea level rise and that is not something we can afford,” Slap said. &


2017 Most Dangerous Emerging Risks

Artificial Intelligence Ties Liability in Knots

The same technologies that drive business forward are upending the nature of loss exposures and presenting new coverage challenges.



Cyber Business Interruption

Attacks on internet infrastructure begin, leaving unknown risks for insureds and insurers alike.



U.S. Economic Nationalism

Nationalistic policies aim to boost American wealth and prosperity, but they may do long-term economic damage.



Foreign Economic Nationalism

Economic nationalism is upsetting the risk management landscape by presenting challenges in once stable environments.


Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Risk Focus: Cyber

Expanding Cyber BI

Cyber business interruption insurance is a thriving market, but growth carries the threat of a mega-loss. 
By: | March 5, 2018 • 7 min read

Lingering hopes that large-scale cyber attack might be a once-in-a-lifetime event were dashed last year. The four-day WannaCry ransomware strike in May across 150 countries targeted more than 300,000 computers running Microsoft Windows. A month later, NotPetya hit multinationals ranging from Danish shipping firm Maersk to pharmaceutical giant Merck.


Maersk’s chairman, Jim Hagemann Snabe, revealed at this year’s Davos summit that NotPetya shut down most of the group’s network. While it was replacing 45,000 PCs and 4,000 servers, freight transactions had to be completed manually. The combined cost of business interruption and rebuilding the system was up to $300 million.

Merck’s CFO Robert Davis told investors that its NotPetya bill included $135 million in lost sales plus $175 million in additional costs. Fellow victims FedEx and French construction group Saint Gobain reported similar financial hits from lost business and clean-up costs.

The fast-expanding world of cryptocurrencies is also increasingly targeted. Echoes of the 2014 hack that triggered the collapse of Bitcoin exchange Mt. Gox emerged this January when Japanese cryptocurrency exchange Coincheck pledged to repay customers $500 million stolen by hackers in a cyber heist.

The size and scope of last summer’s attacks accelerated discussions on both sides of the Atlantic, between risk managers and brokers seeking more comprehensive cyber business interruption insurance products.

It also recently persuaded Pool Re, the UK’s terrorism reinsurance pool set up 25 years ago after bomb attacks in London’s financial quarter, to announce that from April its cover will extend to include material damage and direct BI resulting from acts of terrorism using a cyber trigger.

“The threat from a cyber attack is evident, and businesses have become increasingly concerned about the extensive repercussions these types of attacks could have on them,” said Pool Re’s chief, Julian Enoizi. “This was a clear gap in our coverage which left businesses potentially exposed.”

Shifting Focus

Development of cyber BI insurance to date reveals something of a transatlantic divide, said Hans Allnutt, head of cyber and data risk at international law firm DAC Beachcroft. The first U.S. mainstream cyber insurance products were a response to California’s data security and breach notification legislation in 2003.

Jimaan Sané, technology underwriter, Beazley

Of more recent vintage, Europe’s first cyber policies’ wordings initially reflected U.S. wordings, with the focus on data breaches. “So underwriters had to innovate and push hard on other areas of cyber cover, particularly BI and cyber crimes such as ransomware demands and distributed denial of service attacks,” said Allnut.

“Europe now has regulation coming up this May in the form of the General Data Protection Regulation across the EU, so the focus has essentially come full circle.”

Cyber insurance policies also provide a degree of cover for BI resulting from one of three main triggers, said Jimaan Sané, technology underwriter for specialist insurer Beazley. “First is the malicious-type trigger, where the system goes down or an outage results directly from a hack.

“Second is any incident involving negligence — the so-called ‘fat finger’ — where human or operational error causes a loss or there has been failure to upgrade or maintain the system. Third is any broader unplanned outage that hits either the company or anyone on which it relies, such as a service provider.”

The importance of cyber BI covering negligent acts in addition to phishing and social engineering attacks was underlined by last May’s IT meltdown suffered by airline BA.

This was triggered by a technician who switched off and then reconnected the power supply to BA’s data center, physically damaging servers and distribution panels.

Compensating delayed passengers cost the company around $80 million, although the bill fell short of the $461 million operational error loss suffered by Knight Capital in 2012, which pushed it close to bankruptcy and decimated its share price.

Mistaken Assumption

Awareness of potentially huge BI losses resulting from cyber attack was heightened by well-publicized hacks suffered by retailers such as Target and Home Depot in late 2013 and 2014, said Matt Kletzli, SVP and head of management liability at Victor O. Schinnerer & Company.


However, the incidents didn’t initially alarm smaller, less high-profile businesses, which assumed they wouldn’t be similarly targeted.

“But perpetrators employing bots and ransomware set out to expose any firms with weaknesses in their system,” he added.

“Suddenly, smaller firms found that even when they weren’t themselves targeted, many of those around them had fallen victim to attacks. Awareness started to lift, as the focus moved from large, headline-grabbing attacks to more everyday incidents.”

Publications such as the Director’s Handbook of Cyber-Risk Oversight, issued by the National Association of Corporate Directors and the Internet Security Alliance fixed the issue firmly on boardroom agendas.

“What’s possibly of greater concern is the sheer number of different businesses that can be affected by a single cyber attack and the cost of getting them up and running again quickly.” — Jimaan Sané, technology underwriter, Beazley

Reformed ex-hackers were recruited to offer board members their insights into the most vulnerable points across the company’s systems — in much the same way as forger-turned-security-expert Frank Abagnale Jr., subject of the Spielberg biopic “Catch Me If You Can.”

There also has been an increasing focus on systemic risk related to cyber attacks. Allnutt cites “Business Blackout,” a July 2015 study by Lloyd’s of London and the Cambridge University’s Centre for Risk Studies.

This detailed analysis of what could result from a major cyber attack on America’s power grid predicted a cost to the U.S. economy of hundreds of billions and claims to the insurance industry totalling upwards of $21.4 billion.

Lloyd’s described the scenario as both “technologically possible” and “improbable.” Three years on, however, it appears less fanciful.

In January, the head of the UK’s National Cyber Security Centre, Ciaran Martin, said the UK had been fortunate in so far averting a ‘category one’ attack. A C1 would shut down the financial services sector on which the country relies heavily and other vital infrastructure. It was a case of “when, not if” such an assault would be launched, he warned.

AI: Friend or Foe?

Despite daunting potential financial losses, pioneers of cyber BI insurance such as Beazley, Zurich, AIG and Chubb now see new competitors in the market. Capacity is growing steadily, said Allnutt.

“Not only is cyber insurance a new product, it also offers a new source of premium revenue so there is considerable appetite for taking it on,” he added. “However, whilst most insurers are comfortable with the liability aspects of cyber risk; not all insurers are covering loss of income.”

Matt Kletzli, SVP and head of management liability, Victor O. Schinnerer & Company

Kletzli added that available products include several well-written, broad cyber coverages that take into account all types of potential cyber attack and don’t attempt to limit cover by applying a narrow definition of BI loss.

“It’s a rapidly-evolving coverage — and needs to be — in order to keep up with changing circumstances,” he said.

The good news, according to a Fitch report, is that the cyber loss ratio has been reduced to 45 percent as more companies buy cover and the market continues to expand, bringing down the size of the average loss.

“The bad news is that at cyber events, talk is regularly turning to ‘what will be the Hurricane Katrina-type event’ for the cyber market?” said Kletzli.

“What’s worse is that with hurricane losses, underwriters know which regions are most at risk, whereas cyber is a global risk and insurers potentially face huge aggregation.”


Nor is the advent of robotics and artificial intelligence (AI) necessarily cause for optimism. As Allnutt noted, while AI can potentially be used to decode malware, by the same token sophisticated criminals can employ it to develop new malware and escalate the ‘computer versus computer’ battle.

“The trend towards greater automation of business means that we can expect more incidents involving loss of income,” said Sané. “What’s possibly of greater concern is the sheer number of different businesses that can be affected by a single cyber attack and the cost of getting them up and running again quickly.

“We’re likely to see a growing number of attacks where the aim is to cause disruption, rather than demand a ransom.

“The paradox of cyber BI is that the more sophisticated your organization and the more it embraces automation, the bigger the potential impact when an outage does occur. Those old-fashioned businesses still reliant on traditional processes generally aren’t affected as much and incur smaller losses.” &

Graham Buck is editor of gtnews.com. He can be reached at riskletters.com.