2016 Most Dangerous Emerging Risks

The Fractured Future

Is our world coming apart at the seams?
By: | April 4, 2016 • 5 min read

Clipped genetic codes and broken bridges; fragmented communication; electricity networks so vulnerable to interference it’s a wonder we still have the lights on.

Advertisement




As we developed our list of Most Dangerous Emerging Risks for 2016, images of fissures and fractures surfaced again and again.

In this issue, we examine four emerging, dangerous risks. We define a Most Dangerous Emerging Risk as a risk with the potential to cause widespread losses, but for which insurance coverage may be in a nascent stage of development.

On one front, we look at our tendency to self-curate media sources to the degree that informed, official statements get overlooked. Look no further than the phenomenon of parents bypassing vaccinations for their children, fed by an erroneous correlation between inoculation and autism.

We all fear terror attacks. We all worry about cyber hacks. Combine the two and you get the possibility that a cyber attack on our grid could cascade into widespread business interruption and public
disarray for months on end.

On another front, we pronounce a day of reckoning due to a shortfall in both the political will and the resources to maintain our country’s infrastructure. The thousands of children exposed to lead in Flint’s drinking water and the 90,000 metric tons of methane released from a gas well in Porter Ranch, Calif., provide foreboding data points.

Another emerging concern is our new ability to cut and paste DNA strands, and the potential that gene-edited products could hit store shelves before the risk is adequately measured.

We all fear terror attacks. We all worry about cyber hacks.

Combine the two and you get a dangerous emerging risk, the possibility that a cyber attack on our grid could cascade into widespread business interruption and public disarray for months on end.

We spoke to a number of industry experts to create the 2016 Most Dangerous Emerging Risks list; carriers, brokers and vendors were consulted.

Advertisement




The spirit of this exercise is to foster a dialogue in the risk management community about what insurance products might be useful and what risk mitigation strategies companies should be considering right now.

As the years unfold, we see companies and public entities reacting to emerging risks and taking steps to mitigate them. What follows is a list of some risks we’ve written about in the past and measures being taken to mitigate those risks. &

Mitigating Dangerous Emerging Risks

Since 2011, Risk & Insurance® identified and reported on the Most Dangerous Emerging Risks. Here is a look at how some of those risks are now being addressed.

2011: Social Media Threats

hackEmployee and customer posts to Facebook, Twitter and other social media harm corporate reputations. Companies invested in analytical and monitoring tools and created crisis management plans to respond to critical or brand-damaging posts. Some companies fought back using legal means. One car dealership in Massachusetts obtained a $700,000 attachment on the real estate holdings and bank accounts of individuals who posted defamatory statements about the company online.

2011: Rising Sea Levels

floodClimate change is resulting in rising sea levels and increased inland flood risk. Local governments are responding to climate change by analyzing specific threats and taking action. In Boston and New York, wastewater treatment plants will be constructed nearly two feet higher than the plants they are replacing. In the San Francisco Bay area, the region is considering a limit on development near the water and the construction of levees and sea walls to keep the sea from encroaching.

2012: Typhoons

typhoonThe semiconductor industry face supply chain risks because many of its crucial suppliers in the straits of Taiwan are vulnerable to Pacific storms. More companies established relationships with alternative suppliers not located in the same geographic areas or countries. Korea, China and Japan have all become manufacturing locations competing with Taiwan. In addition, some companies are considering reshoring operations to the United States.

2012: Agroterrorism

cowsWe wrote about the potential for terrorists to introduce disease into the U.S. cattle population, decimating ranchers and food suppliers. Food production plants have installed security padlocks and fencing, while milk producers and transporters have security on trucks that will let the company know if the product has been accessed. In 2013, the Food and Drug Administration upgraded its Food Defense Mitigation Strategies Database to provide food processors and distributors with a tool to protect food against intentional contamination. The tool provides a range of preventive measures companies can take to better protect their facilities, personnel and products.

2012: The Pharma-Water Syndrome

waterHormonal and developmental imbalances in juveniles are a sign that drinking water is adulterated with discarded medications. Some municipalities are testing fish and water samples to determine the amount of chemicals in the water. Many local governments created drug take-back programs that allow residents to drop off unused medications, and the Environmental Protection Agency issued guidelines to discourage hospitals and nursing homes from flushing unused drugs down drains or toilets.

2013/2015: Concussions

brainIn 2013, the potential liability resulting from concussions spread from the National Football League to all professional contact sports. In 2015, the exposure reaches athletes of all ages, from college down to community sports leagues. Ivy League coaches are eliminating tackling at practices to prevent concussions while some high school districts have eliminated football from their sports schedules.

Forty-nine states and the District of Columbia enacted strong youth sports concussion safety laws.

2014: Drone Hacking

dronesDevastation could occur if terrorists hacked drones and aimed them at airplanes or other targets. Police in the Netherlands joined forces with Guard From Above to use trained eagles to snatch rogue drones in mid-air. European aerospace conglomerate Airbus uses a combination of radars, infrared cameras and direction finders to identify possible rogue drones. A UK start-up called Open Works Engineering launched an anti-drone net bazooka that can capture a rogue drone in a net and deliver it intact via a combination of a compressed-gas-powered smart launcher and an intelligent programmable projectile.

BlackBar

2016’s Most Dangerous Emerging Risks

01b_cover_story_crackCrumbling Infrastructure: Day of Reckoning Our health and economy are increasingly exposed to a long-documented but ignored risk.

01c_cover_story_leadCyber Grid Attack: A Cascading Impact The aggregated impact of a cyber attack on the U.S. power grid causes huge economic losses and upheaval.

01d_cover_story_vaccineFragmented Voice of Authority: Experts Can Speak but Who’s Listening? Myopic decision-making fostered by self-selected information sources results in societal and economic harm.

01e_cover_story_dnaGene Editing: The Devil’s in the DNA Biotechnology breakthroughs can provide great benefits to society, but the risks can’t be ignored.

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

2017 RIMS

Resilience in Face of Cyber

New cyber model platforms will help insurers better manage aggregation risk within their books of business.
By: | April 26, 2017 • 3 min read

As insurers become increasingly concerned about the aggregation of cyber risk exposures in their portfolios, new tools are being developed to help them better assess and manage those exposures.

One of those tools, a comprehensive cyber risk modeling application for the insurance and reinsurance markets, was announced on April 24 by AIR Worldwide.

Advertisement




Last year at RIMS, AIR announced the release of the industry’s first open source deterministic cyber risk scenario, subsequently releasing a series of scenarios throughout the year, and offering the service to insurers on a consulting basis.

Its latest release, ARC– Analytics of Risk from Cyber — continues that work by offering the modeling platform for license to insurance clients for internal use rather than on a consulting basis. ARC is separate from AIR’s Touchstone platform, allowing for more flexibility in the rapidly changing cyber environment.

ARC allows insurers to get a better picture of their exposures across an entire book of business, with the help of a comprehensive industry exposure database that combines data from multiple public and commercial sources.

Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

The recent attacks on Dyn and Amazon Web Services (AWS) provide perfect examples of how the ARC platform can be used to enhance the industry’s resilience, said Scott Stransky, assistant vice president and principal scientist for AIR Worldwide.

Stransky noted that insurers don’t necessarily have visibility into which of their insureds use Dyn, Amazon Web Services, Rackspace, or other common internet services providers.

In the Dyn and AWS events, there was little insured loss because the downtime fell largely just under policy waiting periods.

But,” said Stransky, “it got our clients thinking, well it happened for a few hours – could it happen for longer? And what does that do to us if it does? … This is really where our model can be very helpful.”

The purpose of having this model is to make the world more resilient … that’s really the goal.” Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

AIR has run the Dyn incident through its model, with the parameters of a single day of downtime impacting the Fortune 1000. Then it did the same with the AWS event.

When we run Fortune 1000 for Dyn for one day, we get a half a billion dollars of loss,” said Stransky. “Taking it one step further – we’ve run the same exercise for AWS for one day, through the Fortune 1000 only, and the losses are about $3 billion.”

So once you expand it out to millions of businesses, the losses would be much higher,” he added.

The ARC platform allows insurers to assess cyber exposures including “silent cyber,” across the spectrum of business, be it D&O, E&O, general liability or property. There are 18 scenarios that can be modeled, with the capability to adjust variables broadly for a better handle on events of varying severity and scope.

Looking ahead, AIR is taking a closer look at what Stransky calls “silent silent cyber,” the complex indirect and difficult to assess or insure potential impacts of any given cyber event.

Stransky cites the 2014 hack of the National Weather Service website as an example. For several days after the hack, no satellite weather imagery was available to be fed into weather models.

Imagine there was a hurricane happening during the time there was no weather service imagery,” he said. “[So] the models wouldn’t have been as accurate; people wouldn’t have had as much advance warning; they wouldn’t have evacuated as quickly or boarded up their homes.”

It’s possible that the losses would be significantly higher in such a scenario, but there would be no way to quantify how much of it could be attributed to the cyber attack and how much was strictly the result of the hurricane itself.

It’s very, very indirect,” said Stransky, citing the recent hack of the Dallas tornado sirens as another example. Not only did the situation jam up the 911 system, potentially exacerbating any number of crisis events, but such a false alarm could lead to increased losses in the future.

The next time if there’s a real tornado, people make think, ‘Oh, its just some hack,’ ” he said. “So if there’s a real tornado, who knows what’s going to happen.”

Advertisement




Modeling for “silent silent cyber” remains elusive. But platforms like ARC are a step in the right direction for ensuring the continued health and strength of the insurance industry in the face of the ever-changing specter of cyber exposure.

Because we have this model, insurers are now able to manage the risks better, to be more resilient against cyber attacks, to really understand their portfolios,” said Stransky. “So when it does happen, they’ll be able to respond, they’ll be able to pay out the claims properly, they’ll be prepared.

The purpose of having this model is to make the world more resilient … that’s really the goal.”

Additional stories from RIMS 2017:

Blockchain Pros and Cons

If barriers to implementation are brought down, blockchain offers potential for financial institutions.

Embrace the Internet of Things

Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.

Feeling Unprepared to Deal With Risks

Damage to brand and reputation ranked as the top risk concern of risk managers throughout the world.

Reviewing Medical Marijuana Claims

Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.

RIMS Conference Held in Birthplace of Insurance in US

Carriers continue their vital role of helping insureds mitigate risks and promote safety.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]