P&C Market Update: Market Continues to Soften, Competition Continues to Rise

Posted by on June 12, 2015 | Be the First to Comment

MU-June 2015 Blog Image-500x247

The US property and casualty insurance market has seen a surplus of growth in the last several years, leading to ample capacity and favorable rates. Overall, it continues to be a buyer-friendly environment that is not expected to change soon, barring a catastrophic event. In this Market Update, Lockton provides current insight into this trend’s effects on clients’ insurance programs.

For property, the increased capacity and decreased rates are prompting traditional insurers to become more competitive to maintain market share. This has led to lower prices and a variety of options for buyers in both the capital and middle markets.

The abundance of capacity in casualty has created what some refer to as “E&S creep.” Historically only accessible through wholesalers, excess and surplus (E&S) lines are now entering the retail space and producing greater competition for standard lines markets. The sourcing of capital is evolving and going to have a continued impact on the market.

Market Update Infographic-June15

The competitive trend is also reaching into workers’ compensation. Data from Lockton’s own analytics group on policy rate changes in guaranteed-cost and loss-sensitive programs are featured, highlighting a decrease in rates for both.

Read more about these developments along with special updates in cyber (including its impact on the financial services and healthcare sectors), surety, construction, and energy in Lockton’s latest Property & Casualty Update.

Print Friendly

Cyber Bits and Bytes

Posted by on June 2, 2015 | Be the First to Comment

Global Cyber


IRS Data Breach

Everyone in the U.S. has probably heard about the breach that the Internal Revenue Service (IRS) disclosed this past week. For those unfamiliar with the event, criminals reportedly located in Russia used personal identifiable information (PII) of taxpayers (possibly obtained as a result of healthcare data breaches such as the ones suffered by Anthem and Premera earlier this year) to obtain transcripts of the individuals’ prior tax return filings.

They tried to get roughly 200,000 returns. They succeeded about half of the time.

They used the information obtained to file fraudulent tax returns for 2015, and received more than $50 million in refunds from the IRS.

It remains to be seen whether the IRS did anything wrong. The criminals were able to access the system because they had (or could guess) the answers to security questions on the IRS website. You’ve seen these types of questions: “What is your mother’s maiden name?” and “Where was your first job?” are typical. You’d be amazed to learn how easy it can be to get information like that from social media sites like Facebook. Once they had all of the necessary information the criminals were able to walk right through the front door of the IRS site, so to speak.

Depending on how clumsy the criminals were, it may have been possible for the IRS to see that numerous requests for tax returns were originating from computers located in Russia. My guess is the thieves covered their tracks. In any event, the moral of the story is companies should try to adopt security measures that are less easy to defeat.


Ordering a Taxi with an App on Your Phone is Great, but . . .

Earlier this month Meru Cabs in India learned that logs of users’ PII obtained from the company’s smart phone app for booking taxis had been breached. The data included users’ mobile numbers, email addresses, pickup and drop locations, masked credit card numbers, and payment notification logs. The unencrypted logs were available on a publicly accessible web server. It isn’t clear how long the information was accessible, but the company reportedly resolved the problem within an hour after learning about it. Other reports suggest that the fix took longer.

A few important takeaways from this:

1. Companies need to be careful about how they implement mobile apps.
Mobile apps can be a critical part of the business of a company like Meru Cabs. That being the case, a company may be tempted to rush a mobile app out before the app and/or supporting systems are fully ready. From what I’ve read, I don’t think there was a fault in the Meru Cabs app. The problem seems to have been on the servers with which the app communicated. While it is dangerous to extrapolate too much from what may have been a simple transitory mistake, this breach is a good cautionary tale and reminder: companies need to take the time to carefully configure mobile apps and supporting systems, and design them from the outset with privacy in mind.

2. A breach like this can really hurt.
Meru Cabs is a good-sized company. They operate more than 3,000 taxis and serve more than 1 million passengers a month in four cities. A mobile app gone bad could significantly damage its reputation. (Don’t believe me? I’ll bet Starbucks might.) An event like this could require expensive PR efforts to restore its good name. It could also result in significant lost business while the company’s reputation is being repaired. Meru Cabs was recently attempting to raise $100 million to fund expansion of its business. Reputational damage could have impacted that effort.Chances are the company has no insurance that would respond to PR and business losses. (I don’t think any insurance product would cover investor funding the company was unable to get.)It is important for companies with similar risks to understand that insurance is available for reputational loss. Done properly, the policy will be a highly customized product developed through extensive consultation with the client and the underwriters. Lockton’s Global Technology & Privacy Practice has experience with such products and can assist interested companies.

3. Data breaches are a global problem; they can happen anywhere.
With so many high-profile data breaches happening in the U.S. over the past couple of years, it would be easy to overlook the very real risks that exist in the rest of the world. Cyber risk truly is a global problem.


Australia Privacy Management Framework

Earlier this month the Office of the Australian Information Commissioner (OAIC) issued its Privacy Management Framework. The framework sets out the OAIC’s expectations with respect to companies’ compliance with the Australian Privacy Principles. It establishes a four-step process that companies should undertake to assure they are meeting their privacy obligations.

It is noteworthy that the framework stresses compliance with the OAIC’s guidance regarding data breach notifications. The guidance strongly recommends notifying affected individuals when a breach “creates a real risk of serious harm to the individual.” This stops short of a mandatory notification requirement such as those that exist in the U.S., but it may well signify a regulatory expectation that notice will be given. Companies in Australia may ignore that at their peril.

Any company located or doing business in Australia needs to become familiar with the Privacy Management Framework as soon as possible.


Ponemon Data Breach Report Released

The Ponemon Institute’s annual reports on the cost of data breaches are always eagerly anticipated because they provide benchmarks used by many to evaluate the potential financial ramifications of a breach. Their global and country-specific 2015 Cost of Data Breach Study reports are available here.


White Papers You Should Read

Members of Lockton’s Global Technology & Privacy Practice have recently published two excellent white papers.

Inside the Mind of a Cyber Underwriter, written by the Lockton London office’s Max Perkins, gives an underwriter’s point of view on the current cyber insurance environment. Max provides excellent and very timely advice for companies navigating these turbulent times.

Michael Born in Kansas City wrote The Law Firm Cyber Landscape. Michael does a fantastic job of covering the cyber risks a law firm faces, how a firm’s existing insurance might or might not respond, and the benefits of a specialized cyber policy.

 

Print Friendly

Flood Coverage Draws Client Interest

Posted by on May 27, 2015 | Be the First to Comment

Lockton’s Property Practice Leader, Mike Andler, spoke with A.M. BestTV recently about how most clients are currently concerned about cyber risk, flood issues, and supply chain issues.

Specifically about flood coverage, Andler describes how clients are looking for a replacement solution to the government-based program, the National Flood Insurance program. While the current rates are competitive from a buyer’s perspective, they do not create enough surplus in a government program to cover the losses on the risk.

View the video below to hear more of Andler’s expertise on flood coverage drawing client interest, in addition to how the insurance industry is responding to the three topics clients are concerned about, and the current role that limits are playing in each of them.

Print Friendly

Employees’ Mental Health Should Not be Overlooked

Posted by on May 12, 2015 | Be the First to Comment

Mental Health
Risk managers need to assess where responsibility for managing mental health risk sits and to focus on evidence-based, decision-making to improve outcomes for employer and employee alike
.

Employee risk is now firmly on the agenda for corporates and multinationals. The well-worn mantra that people are a firm’s greatest asset has matured into a recognition that human capital assets require just as much care and attention – if not more – from a risk management point of view as any other key business asset.

The downside risks of getting it wrong are clear. It is no coincidence that employee risk strategies are being put at the centre of leading organisations’ approach to people management just as mental health becomes the issue of the day for many boards. The mental health debate is accelerating fast, evidenced by the language we are starting to use to discuss the challenges. For example, “cancer” as a generic term is becoming outdated; we understand that there are different cancers with different impacts, outcomes and treatments. The language of mental health is also changing; we talk about stress, anxiety, depression, depersonalisation as different conditions, requiring different approaches and solutions.

According to the OECD Policy Framework published in March 2015, at any given moment, some 20 percent of the working age population suffers from a mental illness, and 50 percent of workers will suffer a period of poor mental health during their lifetime. If labour markets are to function well, it is therefore important that policymakers address the interplay between mental health and work[i].

Reporting and Screening

Our research suggests large companies are finding it difficult to deliver against the mental health agenda when it comes to reporting and screening. For instance, analysis of the public filings and websites of the FTSE 100 which we conducted recently uncovered that 88 percent of the FTSE 100 did not report on their 2014 mental health statistics. Only four FTSE 100 companies (GlaxoSmithKline, Reed Elsevier, Royal Mail and WPP) met the criteria for all of the aspects covered in the Lockton analysis, which ranged from having employee wellbeing programmes in place through to acknowledging mental health issues in their workforce and specifically reporting mental health stats.

Figure 1: FTSE 100 Mental Health Programmes and Reporting (2014)
EmployeeMentalHealth-LON-LMU Blog1

EmployeeMentalHealth-LON-LMU Blog2

EmployeeMentalHealth-LON-LMU Blog3

While 89 percent of the FTSE 100 now report on employee wellbeing generally, 47 percent have employee assistance programmes, and 31 percent have health and wellness screening programmes in place. When it comes to mental health more specifically, only 42 percent of the FTSE 100 acknowledges mental health as an issue, only 30 percent reported they have programmes specifically targeted at mental health in their workforce, and only 12 percent reported the volume of mental health cases in their workforce in 2014.

This is despite the fact that just over two-fifths of organisations have noticed an increase in reported mental health problems among employees in the past 12 months, with larger organisations particularly likely to report an increase, according to the Chartered Institute of Personnel and Development[ii].

Careful planning and ongoing vigilance – and then reporting and measuring progress and success – is therefore vital. Employees need to know exactly where to go and who to contact if they experience mental health challenges while in post. They also need the security of knowing that mental health will be treated exactly as what it is – an illness – and given the proper support, treatment and confidence to return to work when fit to do so. Mental health must not be stigmatised or downplayed; if the fear factor is there, employees will not feel able to speak out and the problems are likely to increase.

Risk managers need to be up-to-date with the latest thinking and skills in order to identify and mitigate mental health risk within the business. The Government’s Fit For Work guidance, plus the changes to the Mental Health Act are the “big two” but there are other, more granular regulatory and best practice changes underway which should also be assessed. Closely working with HR, line managers, and senior decision-makers can ensure the company’s approach to mental health risk is transparent, consistent and compliant is key.

Methodology

Organisations need help to approach mental illness effectively in terms of prevention, identification and intervention. They need a methodology which draws on various disparate data sources to accurately assess the mental health impact on their business. We find that an initial “deep dive” data-gathering exercise, coupled with additional external insight and benchmarking, enables an organisation to deal with this highly complex and sensitive area with greater confidence and focus.

Our industry is guilty of overuse of technical jargon and labeling of services; if someone is ill, they just want to get better. Whether support is sourced from an employee assistance programme, a private medical insurance scheme, a group income protection cover, or any other service the patient simply needs better signposting and an ease of navigation to access help. At the same time, the employer wants to meet their contractual and moral obligations in the most cost-effective way possible and expedite an employee’s return to health and therefore, productivity.

Risk managers need to asses where responsibility for managing mental health risk sits, and to focus on evidence-based decision-making to ensure good governance. Risk managers can become the catalyst for change when it comes to corporates’ approach to dealing with mental health issues and improve outcomes for employer and employee alike in doing so.

[i] OECD Policy Framework, 4 March 2015, p3
[ii] Absence Management, CIPD Annual Survey Report 2014, p6
This article first appeared in Insurance Day [insuranceday.com], as part of a special feature on Talent Management, 11 May 2015, and has been reproduced with the publisher’s permission. 

Print Friendly

Making the Most of China

Posted by on May 5, 2015 | Be the First to Comment

Shanghai, China.

Realizing the potential of the Chinese insurance market is not about offering more products, argues Lockton Asia’s head of Greater China Alex Yip. It is about demonstrating the actual risks businesses face in the wider China context.

There are numerous articles, reports and thought-leadership pieces on the great potential of the Asian insurance market. Typically, China and Indonesia appear at the top of people’s wish lists with their temptations of economic growth, growth potential and demographics. These are undeniable attractions to the insurance industry that is itself built around numbers, statistics, risk and rewards.

So, while there is undoubtedly opportunity, this is old news. In a market the size of China and Hong Kong there has always been opportunity. As a sector, insurance companies need to start talking about how to realize this potential because the things holding us back are industry issues, not those of individual companies and products. Companies that can differentiate themselves by adding real value to their clients’ businesses will have much to gain.

In China, a number of key factors are driving the development of the local insurance market. The most significant include:

  • The maturing of the local economy from rapid growth to sustained development
  • The rapid increase of competition in the Chinese insurance market
  • The impact of digital technology on consumer purchasing

Regulation will play an increasingly important role, though this is likely to be as a reaction to the way the industry develops.

In this context, insurance consumers – both businesses and individuals – are confronted with:

  • The increased commoditization of products
  • Declining service as a result of smaller margins
  • A confused offering of insurance solutions that do not actually cover the greatest threats to their business

Cyber insurance and reputation protection spring to mind as two areas of typical under-cover.

Increased Competition

The insurance sector in China has seen a boom in new market entrants as both foreign and domestic capital looks for a home. The market’s growth potential and solid returns through regular premiums have proven to be attractive investment. However, this increase in competition has both an upside and a downside for commercial and retail clients.

New entrants see potential in business volume, which leads to increased competition, commoditized products and reduced costs. For good companies – both brokers and insurers – this opens up opportunities for differentiation through quality offerings, but only if we are able to distinguish ourselves from the ‘sub-prime’ products and operators. However, sensible advice tends not to grab headlines. And this is a problem.

The insurance sector is not exactly well known for its ability to communicate to the wider commercial market. But if we are to realize the potential of the ‘value-added’ market, we need to get better at articulating the value we add to the domestic market. This is true for both foreign companies looking to enter China, and Chinese companies looking for expansion outside of China.

Realizing the potential of the Chinese market, therefore, may not be about more products. It might be more about demonstrating the actual risks certain businesses face in the wider China context. Risks such as political, cyber, D&O liabilities, supply chain risk, crisis response and reputation management are now equally as important as property, health and medical, and motor coverage.

To realize the (well-researched) potential of the China and Hong Kong insurance market, the best operators need to talk about the real risks businesses face. For a food producer or distributor, supply chain risk coverage is vital; for a business advisor, reputational management; for importers and retailers, trade disputes can be crippling.

Often businesses will spend more time worrying about their motor vehicle insurance or expat health coverage than about the risks which could cost tens of millions in damages and share value. It is here that the real value of insurance to Chinese companies can be realized, and the top players in the market need to start explaining this publicly and more clearly.

Print Friendly