Insurance fundamentals in turmoil

This article is part of EsadeGeo's series on transformational dynamics

Insurance has a history with roots going back thousands of years; it has traditionally been a conservative business that, it could be argued, made significant contributions to economic stability and even wellbeing. Climate change and digitalization are two major forces at play that are affecting virtually every aspect of life—including the landscape of business risk. These two forces are also shaking up the insurance industry--forcing both insurers and buyers of insurance policies (individuals and organizations alike) to rethink their options fundamentally—including the actuarial basis on which insurance companies had traditionally relied. 

The impact of climate change (and other high impact but even less predictable events like the COVID pandemic we are still going through) has shaken up the economics of catastrophic insurance offerings for both individual consumers and businesses. Unexpected impacts have had the immediate effect of increasing the liabilities of insurers (and re-insurers); subsequently they are affecting both coverage options and pricing.

Natural catastrophe losses have increased markedly in recent years

Insurance has a long tradition and has tended to be a very conservative industry employing agents to manage client relationships and ruled by actuarial tables and similar parameters. Part of its conservative tradition had been to invest its funds in low-risk securities (in the US, for instance, bonds and short-term securities represented 67% of assets at the end of 2019 and stocks accounted for only 13%). In the environment of low interest rates that have persisted for over a decade this means that returns to investments by insurers have been abnormally low and have presented heightened challenges in matching investment returns with payouts—even more if natural catastrophes result in greater than expected losses.

Natural catastrophe losses have increased markedly in recent years—probably faster than projections have been adjusted. Data from Swiss Re (specifically about insured risk losses from storms, floods and wildfires but likely to be representative of the evolution of overall natural catastrophe losses) show particularly steep increases since 2005 (using 3-year averages ending in the year indicated to dilute the impact of unusual one-year incidences). While no direct connection can be shown for individual catastrophes, the overall trend is generally considered to result from the impact of climate change.

How coverage for catastrophic risks evolves will depend in part on the availability of a re-insurance “cascade” with government-sponsored pools, stop-loss commitments and other guarantees possibly at the top. And countries where the government supplements to private re-insurance is an option may become more attractive for certain types of businesses than those where it is not.

As other industries, insurance has been impacted by technology and is in the process of being thoroughly disrupted as digitalization and connectivity are shaking up the fundamentals of consumer insurance in many ways. Personalization is crucial for acquiring new customers—with retention made more challenging by the availability comparison sites, ratings and testimonials a click away for the most common policies, such as for life, home and car insurance. This is creating a very fertile ground for new entrants, including the emergence of “digital-first” insurers and the dominant digital mega corporations entering the consumer insurance space and accelerating its disruption.

The rapid expansion of, among other things, the Internet of Things has also opened the door for data-driven insurance offerings with wide-ranging effects on insurance coverage and rates and, especially, adding to the ongoing transformative impetus for consumer insurance—which will be interesting to watch as it evolves.

Digitalization and connectivity are shaking up the fundamentals of consumer insurance in many ways

However, given the focus of this Transformational Dynamics series, we look here at business (or commercial) insurance—where the nature and cost of coverage has been rapidly transforming and is now becoming, for many sectors, an important ingredient for strategic and risk management. Some of the changes underway will, of course, affect both consumers and businesses. Autonomous vehicles are a good example: they will challenge the existing boundaries of motorized accident liability with implications for individual consumers, large fleet-owning businesses and everybody in-between.

Of the many areas of business insurance coverage (including various types of workplace liability), and besides catastrophic impacts, two areas that had not been typically part of the insurance coverage portfolio of companies are behind the recent insurance rate increases—which have been significant as the chart (with data from Marsh’s Global Insurance Market Index) shows. One is professional liability, mainly concerning directors and officers, reflecting the growing expectations by stakeholders and regulators for transparency, fiduciary probity, avoidance of conflicts of interest and, more generally, sound corporate governance.

The other is cyber security—and this, not surprisingly is where rate increases have been greatest and where coverage boundaries are having to be drawn anew. Traditional forms of business insurance (including business interruption which is in principle related to cyber security but separate, in practice) do not provide coverage against most of the new risks that are emerging from the digitalization of enterprise operations—both internally and in managing client, supplier or partner data.

Digitalization has made every company more exposed to cyberattacks—which can range from hijacking client data, to preventing access to websites or services through “denial of service” attacks, to disrupting or disabling operations by introducing malware into the company’s computer systems. Besides the costs of the disturbance cyberattacks are increasingly designed to provide the basis for extortion or ransom demands—something that has been facilitated by another aspect of digitalization: cryptocurrencies.

Just a few years ago virtually no company had coverage for cyber security; the proportion of large companies that have some kind of cyber security insurance coverage has been increasing very rapidly—with bursts of coverage purchase occurring as major hacking and ransomware incidents become known. It is estimated that about three-quarters of major companies in the US and Europe have cyber security insurance and market research from Gartner indicates that the business of cyber security insurance is growing at about 25% per year, as more companies adopt it and as the coverage they seek expands.

About three-quarters of major companies in the US and Europe have cyber security insurance

The boundaries of cyber coverage are elusive. The question of coverage under traditional property and casualty policies for losses arising from cyberattacks or breakdowns was a manifestation of that; it has been a grey area and the subject of many disputes. As a result, most new property and casualty policies are explicitly excluding or including losses resulting from cyberattacks.

Unlike traditional lines of business where standardized policies provide liability or accidental coverage, cyber insurance policy language is not standardized. The features of cyber events, including a limited loss history, the unreliability of past data for predicting future events, and the possibility of a large-scale attack where losses are correlated across companies and industries, make it difficult to write comprehensive policies.

The evolution of cyber insurance is indicative of how the challenges have evolved—both for insurers and unsured. Cyber coverage can take two main forms: third-party and first-party. Early cyber coverage policies (starting in the 1990s) were of the third-party type—designed to reimburse companies for the costs incurred by their clients because of data breaches, malware infections, or other cyberattacks in which the insured entity was at fault.

The evolution of cyber insurance is indicative of how the challenges have evolved, both for insurers and unsured

Subsequently first-party policies expanded insurance coverage to reimburse for the costs of a cyberattack that directly affects the insured entity’s business. First-party policies can be broad or very specific, depending on the needs of the company, and may cover ransom payments and post-cyberattack expenses such as crisis management consultants to restore brand reputations.

But rate increases only tell part of the story of changes underway in business insurance. The nature of the coverage available is also shifting—either shrinking or expanding, depending on the case. In both the cases of climate change impact and of digitalization vulnerabilities new risks have emerged for which there is no historical data on which to base insurance rate setting. In addition, force majeure clauses will be the subject of redefinition, negotiation and, likely, litigation.

Climate change impacts and the cyber vulnerabilities resulting from digitalization have added to the range of risk that companies have to manage—significantly for any industry and critically for some industries and geographies. Where the cost/benefit calculation of insurance coverage fits in the overall scheme of a company’s risk management and how to manage the relationship with insurers will become increasingly important strategic challenges.