2222222222

Rendez-Vous Report

Pricing Pressure

Alternative capital is shaking up the reinsurance market, while issues such as Big Data are moving onto the agenda.
By: | August 4, 2014 • 6 min read

The café terraces of Monte Carlo will be bathed in sunshine, literally and figuratively, when reinsurers and brokers meet for Les Rendez-vous de Septembre (RVS), commencing Sept. 9.

Monaco is one of the few European locations to avoid the dark economic clouds that descended on the continent in the wake of the banking sector’s meltdown and ensuing financial crisis. Following five years of austerity, voters used the European Parliament elections in May this year to voice their dissatisfaction.

Yet, despite this sullen atmosphere, the biggest casualties of boom-to-bust such as Spain, Ireland and Greece have been steadily pulling out of recession over the past year.

Advertisement




While Munich Re is averse to speculating on the mood that is likely to prevail at 2014 RVS, its latest Insurance Market Outlook (PDF), published in May, predicted that a broad-based economic recovery across many countries would see global insurance premium growth accelerate to 2.8 percent this year, from 2.1 percent last year, with a further improvement to 3.2 percent in 2015.

Munich Re’s chief economist, Michael Menhart, noted that the pick-up comes after three years of relatively low growth rates.

“In many cases, reinsurance has been used as a means of managing any potential earnings volatility arising from these larger retained portions.” — Charles Whitmore, managing director, head of the property solutions group, Guy Carpenter

Charles Whitmore, managing director, head of the property solutions group at Guy Carpenter, said the “improving economic environment in Europe has enabled insurance carriers to repair balance sheets and press ahead with consolidation and increased retention appetites.”

“In many cases, reinsurance has been used as a means of managing any potential earnings volatility arising from these larger retained portions.”

This generally optimistic outlook was tempered by the fact that Munich Re expects reinsurance premium growth to be more modest than that for primary insurance.

Over the next six years, the German reinsurer expects average growth in global reinsurance markets in real terms of little more than 2 percent per year. RVS attendees will also look back on this year’s January 1 and April 1 renewals, where pricing pressures saw declines of as much as 20 percent for U.S. CAT business.

As Munich Re’s report noted, while the potential of the world’s emerging markets — particularly the so-called BRIC economies of Brazil, Russia, India and China — was a hot topic a few years back, for the time being the major industrialized nations are back in the driving seat.

While the group expects China’s premium volume (which was around $284 billion in 2013) to double by the end of the decade, it will still lag way behind the United States, whose premium volume it predicts will pass the $1,624 billion level by 2020.

Possibly the biggest BRIC disappointment — which attendees may seek to explain — is Brazil. Hopes were high when the country began liberalizing its reinsurance market six years ago, ending the near-70 year monopoly of state-owned IRB.

Within four years, more than 100 reinsurers had established a presence in the country. However, this summer’s World Cup underscored how the economic optimism in 2007, when Brazil won the rights to stage the contest, has steadily dissipated.

Insurer confidence on the country’s economic outlook has fallen to a record low and Standard & Poor’s is among those warning that profitability in the Brazilian reinsurance market remains elusive.

Many reinsurers instead appear to be focusing on gaining a presence in India, once the long-delayed Insurance Laws (Amendment) Bill 2008, which would allow foreign reinsurers to set up offices in the country, is finally cleared by parliament.

France’s biggest reinsurer, Scor, is among those that have signaled their intent to add an Indian operation. Such hopes will have been encouraged by the landslide election victory in May of Narendra Modi. India’s 15th prime minister swept to power on a promise to kick-start an underperforming economy, which reinsurers hope will mean an end to the stalling in opening up its market.

The Top Three

But which trio of issues is most likely to dominate the discussions in Monaco?

“We can be certain that one of the prime themes, as always, will be the prognosis for reinsurance pricing, capacity, [and] terms and conditions at the coming January renewal,” said Christopher Klein, managing director and head of Europe, the Middle East and Africa (EMEA) strategy at Guy Carpenter.

Advertisement




“A second topic will be the continuing influx of new capital into the reinsurance sector from so-called nontraditional sectors, despite the surplus of capacity.

“In the absence of a market-changing loss, continuing pressure on prices and returns can be expected. However, to date, the greatest effect has tended to be in the North American catastrophe market. We will be interested to see if the new capital will start to make significant inroads into the EMEA and Asia Pacific (APAC) regions and non-catastrophe classes.

“Finally,” Klein added, “a favorite topic of discussion at Monte Carlo is speculation about corporate activity and consolidation. This year, we have witnessed some high-profile attempts at consolidation in Bermuda. Expect this topic to continue to make headlines.”

Bryon Ehrhart, chief executive, Aon Benfield Americas

Bryon Ehrhart, chief executive, Aon Benfield Americas

Bryon Ehrhart, chief executive of Aon Benfield Americas, predicted at last year’s RVS that a further $100 billion of alternative capital would enter the reinsurance market by 2018 and said that so far, this prediction is on track.

He cited the decision in early June by the European Central Bank to cut its main interest rate to a record low of 0.15 percent and entering into what the headlines call “uncharted territory” by reducing its interest rate on deposits to a negative figure for the first time, of -0.1 percent.

This could mean that the predicted figure of $100 billion needs revising upwards. As he pointed out, major pension funds are making promises to retirees of returns of 4 percent upwards, against returns on conventional investments that are typically 1.25 percent to 1.5 percent.

Ehrhart cited two relatively recent entrants: Stone Ridge Asset Management — which launched two reinsurance-linked funds as recently as November 2012 and already has $2.5 billion under management — and LGT Capital Partners.

“The impact of the hedge fund reinsurers has been fairly transformative,” he said.

“They have put forward material capacity at very low prices and opened up a whole new set of opportunities for our clients.”

Inevitably, these pricing pressures continue to impact the long-established carriers. As A.M. Best commented earlier this summer, global reinsurance companies in the first quarter of 2014 benefited from below-average catastrophe losses and most continued to report favorable reserve releases, yet those that are publicly traded saw their stock lag the market. From a group of 20, only Bermuda’s Maiden Holdings managed a strong gain (of over 14 percent). The ratings agencies will doubtless dissect this overall sluggish performance at Monte Carlo.

Big Data and El Niño

What else is likely to be on this year’s agenda? The big keynote session or “presentation-debate” will be on Big Data and its potential to significantly change how reinsurers do business. While details of participants were sketchy at the time of writing, the session will be chaired by Michel Liès, chief executive of Swiss Re and the reinsurer said that it “wants to examine with RVS participants and clients how Big Data can enable new business opportunities and how privacy concerns can be addressed.”

Gretchen Hayes, managing director, global strategic advisory at Guy Carpenter, noted the “reinsurance industry is still at the beginning stages when it comes to the potential and competitive advantages of Big Data in combination with predictive analytics.”

“As these technologies continue to advance, insurance companies are reaping the benefits of gathering and analyzing vast amounts of information that come through their own internal networks as well as that of their business partners and even through new external sources.”

Video: The Weather Channel reports on some of the possibilities associated with an El Niño in 2014.

With reports suggesting that there is a 90 percent chance that an El Niño will disrupt global weather patterns this year, the recurring climate phenomenon could also force itself on the discussions.

Beginning as a vast expanse of water in the Pacific that becomes abnormally warm, El Niño has the potential for adverse weather effects ranging from a weaker-than-usual monsoon season in India that starves its paddy fields of vital rain, to scorching heat and bush fires in Australia and sharply reduced fishing catches in South America.

Advertisement




The European Centre for Medium-Range Weather Forecasts predicts that the El Niño phenomenon is highly likely to occur this year; indeed, the organization believes it could potentially be the most damaging since 1997-98, which produced the hottest year on record and a string of natural catastrophes, an estimated 23,000 deaths and total economic losses in the region of $35 billion to $47 billion.

Graham Buck is a UK-based writer and has contributed to Risk & Insurance® since 1998. He can be reached at riskletters.com.

More from Risk & Insurance

More from Risk & Insurance

Cyber Resilience

No, Seriously. You Need a Comprehensive Cyber Incident Response Plan Before It’s Too Late.

Awareness of cyber risk is increasing, but some companies may be neglecting to prepare adequate response plans that could save them millions. 
By: | June 1, 2018 • 7 min read

To minimize the financial and reputational damage from a cyber attack, it is absolutely critical that businesses have a cyber incident response plan.

“Sadly, not all yet do,” said David Legassick, head of life sciences, tech and cyber, CNA Hardy.

Advertisement




In the event of a breach, a company must be able to quickly identify and contain the problem, assess the level of impact, communicate internally and externally, recover where possible any lost data or functionality needed to resume business operations and act quickly to manage potential reputational risk.

This can only be achieved with help from the right external experts and the design and practice of a well-honed internal response.

The first step a company must take, said Legassick, is to understand its cyber exposures through asset identification, classification, risk assessment and protection measures, both technological and human.

According to Raf Sanchez, international breach response manager, Beazley, cyber-response plans should be flexible and applicable to a wide range of incidents, “not just a list of consecutive steps.”

They also should bring together key stakeholders and specify end goals.

Jason J. Hogg, CEO, Aon Cyber Solutions

With bad actors becoming increasingly sophisticated and often acting in groups, attack vectors can hit companies from multiple angles simultaneously, meaning a holistic approach is essential, agreed Jason J. Hogg, CEO, Aon Cyber Solutions.

“Collaboration is key — you have to take silos down and work in a cross-functional manner.”

This means assembling a response team including individuals from IT, legal, operations, risk management, HR, finance and the board — each of whom must be well drilled in their responsibilities in the event of a breach.

“You can’t pick your players on the day of the game,” said Hogg. “Response times are critical, so speed and timing are of the essence. You should also have a very clear communication plan to keep the CEO and board of directors informed of recommended courses of action and timing expectations.”

People on the incident response team must have sufficient technical skills and access to critical third parties to be able to make decisions and move to contain incidents fast. Knowledge of the company’s data and network topology is also key, said Legassick.

“Perhaps most important of all,” he added, “is to capture in detail how, when, where and why an incident occurred so there is a feedback loop that ensures each threat makes the cyber defense stronger.”

Cyber insurance can play a key role by providing a range of experts such as forensic analysts to help manage a cyber breach quickly and effectively (as well as PR and legal help). However, the learning process should begin before a breach occurs.

Practice Makes Perfect

“Any incident response plan is only as strong as the practice that goes into it,” explained Mike Peters, vice president, IT, RIMS — who also conducts stress testing through his firm Sentinel Cyber Defense Advisors.

Advertisement




Unless companies have an ethical hacker or certified information security officer on board who can conduct sophisticated simulated attacks, Peters recommended they hire third-party experts to test their networks for weaknesses, remediate these issues and retest again for vulnerabilities that haven’t been patched or have newly appeared.

“You need to plan for every type of threat that’s out there,” he added.

Hogg agreed that bringing third parties in to conduct tests brings “fresh thinking, best practice and cross-pollination of learnings from testing plans across a multitude of industries and enterprises.”

“Collaboration is key — you have to take silos down and work in a cross-functional manner.” — Jason J. Hogg, CEO, Aon Cyber Solutions

Legassick added that companies should test their plans at least annually, updating procedures whenever there is a significant change in business activity, technology or location.

“As companies expand, cyber security is not always front of mind, but new operations and territories all expose a company to new risks.”

For smaller companies that might not have the resources or the expertise to develop an internal cyber response plan from whole cloth, some carriers offer their own cyber risk resources online.

Evan Fenaroli, an underwriting product manager with the Philadelphia Insurance Companies (PHLY), said his company hosts an eRiskHub, which gives PHLY clients a place to start looking for cyber event response answers.

That includes access to a pool of attorneys who can guide company executives in creating a plan.

“It’s something at the highest level that needs to be a priority,” Fenaroli said. For those just getting started, Fenaroli provided a checklist for consideration:

  • Purchase cyber insurance, read the policy and understand its notice requirements.
  • Work with an attorney to develop a cyber event response plan that you can customize to your business.
  • Identify stakeholders within the company who will own the plan and its execution.
  • Find outside forensics experts that the company can call in an emergency.
  • Identify a public relations expert who can be called in the case of an event that could be leaked to the press or otherwise become newsworthy.

“When all of these things fall into place, the outcome is far better in that there isn’t a panic,” said Fenaroli, who, like others, recommends the plan be tested at least annually.

Cyber’s Physical Threat

With the digital and physical worlds converging due to the rise of the Internet of Things, Hogg reminded companies: “You can’t just test in the virtual world — testing physical end-point security is critical too.”

Advertisement




How that testing is communicated to underwriters should also be a key focus, said Rich DePiero, head of cyber, North America, Swiss Re Corporate Solutions.

Don’t just report on what went well; it’s far more believable for an underwriter to hear what didn’t go well, he said.

“If I hear a client say it is perfect and then I look at some of the results of the responses to breaches last year, there is a disconnect. Help us understand what you learned and what you worked out. You want things to fail during these incident response tests, because that is how we learn,” he explained.

“Bringing in these outside firms, detailing what they learned and defining roles and responsibilities in the event of an incident is really the best practice, and we are seeing more and more companies do that.”

Support from the Board

Good cyber protection is built around a combination of process, technology, learning and people. While not every cyber incident needs to be reported to the boardroom, senior management has a key role in creating a culture of planning and risk awareness.

David Legassick, head of life sciences, tech and cyber, CNA Hardy

“Cyber is a boardroom risk. If it is not taken seriously at boardroom level, you are more than likely to suffer a network breach,” Legassick said.

However, getting board buy-in or buy-in from the C-suite is not always easy.

“C-suite executives often put off testing crisis plans as they get in the way of the day job. The irony here is obvious given how disruptive an incident can be,” said Sanchez.

“The C-suite must demonstrate its support for incident response planning and that it expects staff at all levels of the organization to play their part in recovering from serious incidents.”

“What these people need from the board is support,” said Jill Salmon, New York-based vice president, head of cyber/tech/MPL, Berkshire Hathaway Specialty Insurance.

“I don’t know that the information security folks are looking for direction from the board as much as they are looking for support from a resources standpoint and a visibility standpoint.

“They’ve got to be aware of what they need and they need to have the money to be able to build it up to that level,” she said.

Without that support, according to Legassick, failure to empower and encourage the IT team to manage cyber threats holistically through integration with the rest of the organization, particularly risk managers, becomes a common mistake.

He also warned that “blame culture” can prevent staff from escalating problems to management in a timely manner.

Collaboration and Communication

Given that cyber incident response truly is a team effort, it is therefore essential that a culture of collaboration, preparation and practice is embedded from the top down.

Advertisement




One of the biggest tripping points for companies — and an area that has done the most damage from a reputational perspective — is in how quickly and effectively the company communicates to the public in the aftermath of a cyber event.

Salmon said of all the cyber incident response plans she has seen, the companies that have impressed her most are those that have written mock press releases and rehearsed how they are going to respond to the media in the aftermath of an event.

“We have seen so many companies trip up in that regard,” she said. “There have been examples of companies taking too long and then not explaining why it took them so long. It’s like any other crisis — the way that you are communicating it to the public is really important.” &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected] Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]