3 Uninsurable Risks Facing Hospitality Companies Today
Hospitality companies face a wide variety of risks, but some are becoming more difficult to cover in a sustainable way (or at all) thanks to worsening weather, an over-reliance on digital tools and sophisticated cyber spies. Here are the top three increasingly uninsurable risks facing hospitality companies today:
1) CAT-Related Property Exposure
After heavy catastrophe losses in 2017 and 2018, most sectors are dealing with rising property premiums and tightening terms and conditions. Rate increases vary widely, but in general “single digit increases are the new flat,” said David Owen, CPCU, area senior vice president, Gallagher.
Hospitality is more acutely impacted by this trend since many hotels are located on hurricane-exposed coastlines.
“In 2019, there have been shocking changes in the way that property underwriters, especially hospitality property underwriters, are operating,” Owen said. “Across the board, carriers are raising rates, tightening terms and conditions, and reducing capacity.”
According to Owen, firmness in the property market is a consequence of two significant factors. First is that catastrophe losses from the previous two years far exceeded what insurers expected, even from a heavy season.
“Underwriters didn’t appreciate how severe hurricanes, wildfires and floods are becoming. And the models didn’t appreciate the inflation in the cost of construction materials or labor.” – David Owen, CPCU, area senior vice president, Gallagher
“Underwriters didn’t appreciate how severe hurricanes, wildfires and floods are becoming. And the models didn’t appreciate the inflation in the cost of construction materials or labor. So the damage was more severe than expected, but also more expensive to repair. A building that they thought would take $10 million to repair could actually take $20 million,” he said.
The second factor, in itself is a consequence of unanticipated loss costs, was that major players like AIG and FM Global cut their capacity in half. Where they once offered $50 million in primary property capacity for hospitality, they now only go to $25 million.
“Now you have these gaping holes in your tower to fill. You can go to other carriers to piece it together, but they are unlikely to be as competitive as far as the terms and the pricing,” Owen said.
Many property carriers now cover certain perils only on a sub-limited basis — including fire, flood, or wind damage — that previously fell under a single policy limit. They are also turning to percentage-based deductibles rather than flat rates.
Barring adequate insurance coverage, Owen offered four steps risk managers should take in order to make the best of what’s available on the market:
- Be willing to take increased deductibles and retentions.
- Evaluate difference-in-condition policies from multiple carriers in order to take advantage of the best premium rates for specific perils.
- Meet with incumbent underwriters face to face at least 3 months prior to renewal, and start shopping for quotes early. “In a soft market, brokers used to be able to go out every three to four years to get 30 to 40 quotes and boil everything down. Now you may have to do that every year; that’s what this market dictates.”
- Put together best in class submissions for underwriters. This arms them with the authority they need to get approval from referral managers for the terms and pricing you want.
2) Intellectual Property Theft
Hotels rely on proprietary dynamic pricing tools to set competitive rates and ensure profitability. Increasingly, foreign competitors have targeted these tools in cyber espionage campaigns in order to gain an edge.
“If those tools are compromised, disclosed or taken down by a cyber attack or network issue, hospitality organizations will struggle to maximize their ability to be profitable,” said Ryan Griffin, Senior Vice President, Marsh JLT Specialty.
“Our clients understand the impact. They are using historical data to measure the business interruption impact to their revenue if these tools go down. The problem is getting the insurance companies to understand it,” Griffin said.
“Today this risk is not affirmatively covered or covered adequately. If there is an interruption or compromise of these tools, it’s important to quantify the impact on profitability and make sure that underwriters acknowledge this under a policy.”
3) Loyalty Program Cyber Security
Loyalty and rewards programs are a cornerstone of hotels’ strategies to attract and retain customers. And yet, their value to the business is not often quantified.
Similar to dynamic pricing tools, unscrupulous competitors may target brand loyalty programs in order to steal the intellectual property needed to implement similar programs at their own organizations. Such programs are also rich with customer PII.
“Components of these programs are likely inadequately insured against cyber attacks. The customer data has to be consistent with their program criteria in order for them to be effective, so what happens if the underlying data is corrupted?” Griffin said. “Hits to those programs could have severe consequences that aren’t being addressed under traditional insurance products.”
While hospitality risk managers understand the risk and have worked to build information security around program data, the insurance market is lagging behind in creating products to backup those efforts.
If there’s a breach of customer data in the loyalty program, for example, hotels often give away free points or benefits to impacted customers in order to help heal the reputational damage and hopefully prevent those customers from going to another brand. These “free” rewards still have a cost for hotels, but carriers are hesitant to reimburse it.
“I think there’s a reticence for insurers to reimburse hospitality companies for the benefits they give to their customers. Right now insurers are just not ready to reimburse a hotel for gifting reward points to customers following a data breach,” Griffin said.
“Right now hotels don’t have a good way to use rewards as loss mitigation following a cyber breach, because insurers aren’t affirmatively on board for that strategy.” &