2017 Most Dangerous Emerging Risks
Artificial Intelligence Ties Liability in Knots
Despite dire predictions of an “Automation Apocalypse,” it turns out that automation has only obliterated one job in the last 60 years. (Sorry, elevator operators.) However, the steady encroachment into the workplace of automation, robotics and cutting edge technologies is all too real. Robots aren’t just making cars and widgets and filling warehouse orders. They’re harvesting crops, flipping burgers, making pizza and folding laundry — just for starters.
For businesses, the potential boons are obvious: reduced labor and operational costs, reduced turnover and fewer injuries from repetitive tasks, increased overall safety, production speed and quality. Some economists project that current trends will eventually lead to lower prices and increased demand.
Unfortunately all of that silver lining isn’t without its dark clouds. The potential risks are evolving just as fast as the technology itself, and both insurers and insureds will be hard-pressed to keep up. Questions of liability and coverage and product response are becoming increasingly murky.
Yesterday’s loss scenarios were more or less straightforward. If a truck fails to brake and the resulting crash causes a loss, where does the liability lie? The operator? The truck manufacturer? The brake manufacturer? There might be disputes over fault, but at least the possibilities were limited.
Now you have the same crash in an autonomous truck and the questions can make your head spin. Was the circuitry at fault? A chip? Was there a fault in the programming? Was there a connectivity issue? Was it hacked? Did the machine choose not to apply the brakes because of a specific set of circumstances presented?
Having a confluence of factors contributing to losses is not anything new in the insurance industry said Gail McGiffin, principal in the EY insurance practice and leader of underwriting, product, policy and billing solutions. What is new “is the breadth of everything that technology touches these days,” she said. The result being that you’re no longer talking about the combination of one or two technologies, it may be more like five technologies or more contributing to the complexity of an exposure.
“You have to think about some of these emerging technologies — that combination of artificial intelligence with machine learning, with semantic web, with predictive models — all being in operation,” she said.
“Dissecting the exposures introduced by individual technologies is challenging enough but understanding the compounded effect of this multitude of technologies and how it’s contributing to exposure and product response — that is the next major challenge area that we’re facing in the industry.”
If a piece of equipment has embedded intelligence, “whether it’s analytics, whether it’s robotic process automation, whatever the case may be — there’s a shift of liability that’s tacit and implicit inside of the underlying product or service,” agreed John Lucker, principal and global advanced analytics market leader with Deloitte & Touche.
What’s unclear at the moment said Greg Hendrick, president of property & casualty insurance and reinsurance at XL Catlin, “is how it’s all going to come together when you actually have something unfortunate happen — who’s going to pay what? That’s the interesting thing about this emerging risk: What normally was perceived as a usual course of action for liability could shift as you see more and more technology, more and more autonomy, enter your vehicles and your manufacturing process.”
Divvying Up Liability
For all parties connected to a loss, the challenge will be not only trying to sleuth out the root cause, but then teasing out an answer to the question of whose policy, and which line will respond to the loss.
“From the insurance side of this, I think the biggest risk is that they just don’t know what the risks are.” — John Lucker, principal, global advanced analytics market leader, Deloitte & Touche
Let’s say a programming error created a serious security flaw in one piece of software operating a fleet of autonomous industrial vehicles or machines. A hacker exploited the flaw and caused the entire fleet to unexpectedly halt, rendering every unit permanently inoperable.
Multiple crashes arose from the unexpected stalls as well as significant business interruption losses. The manufacturer took a stiff reputational hit for its inability to make good on contracts for days or weeks while trying to get back up and running. How can the company expect their program to respond?
The company’s property policy might not exclude coverage for physical damage and business interruption caused by a cyber attack. But then again, it just might.
On the other hand, its cyber policy might only cover the loss of data in the event of an attack, but not property damage. Would the equipment manufacturer’s product liability policy respond? The software developer’s errors and omissions policy might respond, but maybe not, if the damage was caused by the attacker rather than by the programming error directly.
With each loss scenario composed of its own unique set of variables, questions about where liability rests are likely to result in a lot of finger-pointing between stakeholders.
“If there’s a part that goes bad and it’s just a one-off, then maybe we have a product liability issue,” said Lucker.
“If there are a couple hundred [pieces of equipment affected], maybe it’s a product recall liability issue. It could be errors and omissions — the engineer could have made a mistake, the programmer could have made an error. It could be directors and officers liability — this could have been an issue that was discussed in the boardroom and the board didn’t react appropriately so these other liabilities could flow upwards to the boardroom.
“We’ve shifted something that used to be fairly simple — who’s at fault and who’s going to pay for it — to a complex suite of problems and products that makes either personal or commercial risk management much more complicated,” he added.
In one sense, it’s not that different from a simple failure of a mechanical part, said John Denton, managing director at Marsh USA. The manufacturer of a defective part or the manufacturer of equipment incorporating that defective part have historically been assigned liability for any accidents arising out of that defect.
“In the same way, the developer of the software or the manufacturer of the part that incorporates that software has that same liability from the software defect that the manufacturer of the part previously had,” he said.
The key difference in many cases, he said, may be that the software company or the manufacturer of the part using the software may not have experience with any significant third-party liability, and may not have a program that is designed to respond to that liability.
Claim Development Needed
“From the insurance side of this, I think the biggest risk is that they just don’t know what the risks are,” said Lucker.
Insurers are definitely asking questions, said Denton. But “time will tell whether they’re asking the right questions.”
The brunt of the challenge will necessarily fall to underwriters, who are going to have to become even more technologically savvy than ever before, said McGiffin.
“This is about understanding technology in the world at large, and understanding it as a function of each of the industry segments you might be writing, and each one of the accounts, to be able to identify the proportion of risk introduced by these different elements — to be able to assess the risk, evaluate the mitigation that’s in place, and then make decisions and price the exposure … it’s just taking it to a whole new level of sophistication.”
Claim development is another key piece of the puzzle, she said.
“As we have more and more claim activity, claim adjudication, claim litigation, and we understand how the confluence of technologies and the modern work environment play out through claims, we learn how those losses are settled and the contribution of each technology — as well as the combination of technologies — to the root cause of loss.
“You can’t substitute the years of claim history that still have to happen.”
Even though underwriters will try to manage the exposures with existing policy forms and language, that claim development will be necessary to guide new products, said Hendrick.
“Quite often your best intentions of what you meant to spell out and what you did spell out end up being interpreted differently by a court of law,” he said.
Insurers, said Lucker, will have to “redraft and recraft” policies to create more clarity about the risks they’re taking on.
“Challenge yourself to constantly keep in tune with how your company’s risk profile is changing based on this technology revolution.” — Greg Hendrick, president of property & casualty insurance and reinsurance, XL Catlin.
As that claims history develops, paths to subrogation may become less clear for insurers, said experts. Difficulties tracing through the supply chain to understand the role of each player will make it more challenging first to sort out which policy is the primary, but then to understand the litigation path to recover from other parties who share blame for the loss.
“In the end, the primary insurance policy, whatever it is … regulators are going to hold that insurer responsible for doing the right thing for the insured — getting a check cut or getting something fixed or making sure that somebody’s medical bills are paid,” said Lucker.
“The consumer has to be made whole in a fair way. How that gets sorted out behind the scenes among all of the various parties — that becomes the insurance companies’ problem or the insurance ecosystem’s problem.”
For their part, regulators, at some point, “are going to have to start thinking more about this tangled web of potential liability and all of this contractual finger-pointing and subrogation, and how the industry is going to sort this all out,” said Lucker.
“It’s going to produce a whole lot of litigation so this is a kind of permanent employment plan for the legal profession and it’s not going to be simple to sort out.”
Risk Managers Must Keep Pace
It’s unclear whether everyone along the chain of those who make and produce autonomous, robotic or intelligent equipment is up to speed on the shifting exposures, said Hendrick. But risk managers employing these technologies are definitely thinking about how this risk is evolving and how it could impact their organizations, he said.
“Whether it’s their commercial fleet of cars or commercial fleet of trucks, their warehouse equipment, their manufacturing equipment, their retail or office buildings … with more and more interconnectivity, they’re definitely starting to think about, ‘OK where does liability sit, how does it arise, and who’s going to be responsible?’ ”
“There really isn’t an industry out there that’s not exposed to additional risks already as a result of this technology,” said Marsh’s Denton.
“So everybody — whether industrial users, drivers, auto or refrigerator manufacturers — everybody’s got to grapple with this new technology and that potential increase in exposures and risks and how their insurance program will respond to that.”
That’s why no business can afford to simply renew their insurance program without due diligence, he added. “You can’t just renew your program with the same limits and the same type of coverage. As technology changes … the nature of the risk may increase or decrease or the size of the risk will change. You need to constantly evaluate your program to see if it responds to the potential magnitude of the exposure.”
Risk managers must be continually asking, “Are the products that I’ve historically bought the right ones to buy to protect the risks that I have now?” said Hendrick.
Companies will need to keep assessing their own programs as well as their suppliers’ programs to ensure they have the right amount of coverage in the new technology enabled world, he said.
The goal is to stay ahead of each wave of change and keep adapting, he added.
“Challenge yourself to constantly keep in tune with how your company’s risk profile is changing based on this technology revolution,” he said. &
________________________________________________________________
2017 Most Dangerous Emerging Risks
Cyber Business Interruption
Attacks on internet infrastructure begin, leaving unknown risks for insureds and insurers alike.
U.S. Economic Nationalism
Nationalistic policies aim to boost American wealth and prosperity, but they may do long-term economic damage.
Foreign Economic Nationalism
Economic nationalism is upsetting the risk management landscape by presenting challenges in once stable environments.
Coastal Mortgage Value Collapse
As climate change drives rising seas, so arises the risk that buyers will become leery of taking on mortgages along our coasts. Trillions in mortgage values are at stake unless the public and the private sector move quickly.