Sandra Fenters Featured in Cyber Security Article

Posted on by

Rolling the Dice on Emerging Risks

Captives seen as promising solution for reining in costs related to cyberattacks, political instability, extreme weather and other serious concerns in the years ahead.

By Bruce Shutan

Published in Self Insured Magazine, March 2020 edition

Since the most serious insurance risks will continue to evolve in an ever-changing world, top priorities may shift right alongside the moving targets of catastrophe. But one prudent strategy remains the same: the use of captive insurance to avoid financial ruin. Industry observers say this alternative risk transfer vehicle will keep powering organizations through a maze of uncertainty that includes cyberattacks, political instability, extreme weather, supply chain disruption, the mounting use of drones and legalized marijuana.

Captives can help minimize any losses from cyberattacks by offering a layer of protection beyond where the commercial insurance marketplace is willing to tread and speed a return to business as usual, says Harry Tipper, III, chief operating officer – insurance, for CaptiveOne Advisors LLC. They serve as a risk-management mechanism that may include state-of-the-art cybersecurity insurance inclusive of a financing mechanism for cyber intrusions.

“Think of a cyber incident your company may experience,” explains Tipper, who moderated a workshop on using captives to cover emerging risks at SIIA’s 2019 national conference in San Francisco. “A captive insurer may not solve the problem of a cyberattack, but it can help provide funds by which you can start to bring in the experts who can do some additional security work, as well as providing the funds needed to hire a public-relations firm that can rebuild your brand or reputation.”

Captives help fill gaps resulting from numerous exclusions in cyber insurance policies, notes Sandra Fenters, President, Capterra Risk Solutions, LLC and a member of SIIA’s Captive Insurance Committee.

“That’s why we’ll write a difference-in-conditions policy,” she says. “A lot of times they keep their traditional policy and buy expanded coverages.”

One such example is an act of war, which is typically found in property insurance policies and other types of coverage. Fenters recalls how Merck & Co. lost $1.3 billion in a June 2017 cyberattack traced to Russia’s military intelligence agency, which crippled more than 30,000 laptop and desktop computers. Most of the pharmaceutical giant’s 30 insurers and reinsurers denied coverage and the case was later litigated.

Captive solutions come in various shapes and sizes – from individual and group captives to heterogeneous and homogeneous entities. One example that Tipper cites is a trade association that forms a captive insurer to make some of these insurance coverages and services available at a discount as a benefit of membership.

His company’s clients include smaller businesses that don’t necessarily have the resources for costly cybersecurity as a shield for personally protected information or confidential health information. In many cases, he says they have to balance the breadth of coverage with budget constraints, particularly in the area of ancillary risk management/risk mitigation services.

Sandra Fenters

Tipper recalls a conversation he had about three years ago with one vendor that his company was considering to provide cybersecurity services to its clients. It guaranteed that its firewalls and real-time threat analysis would eliminate any cyber incursions, but the cost of this platinum service was an eye-popping $250,000 a month. He describes the amount as “unfathomable” to smaller businesses which currently must rely on the services of third-party vendors, the commercial equivalent of LifeLock, Norton or McAfee, to provide them with cybersecurity.

Cyber insurance is one of the most expansive policies in the market with at least 10 insuring agreements largely because there are so many disparate areas to address, Fenters surmises. There’s a myriad of subcategories under the cyber-risk umbrella, including computer security and privacy breaches, cyber theft, espionage, extortion and cyber terrorism.

CHAIN REACTION TO CYBERATTACKS

The frightening part is that these episodes bleed into larger business concerns that include loss of revenue, reputational damage, business continuity and supply chain disruption. “It’s a massive exposure that touches the most exposure points I’ve ever seen,” she opines. Countering cyberattacks and data breaches, which have increased exponentially, is a chief concern across all organizations between a deepening global interconnectedness, as well as an explosion of mobile devices and social media.

Despite these mounting risks, her client base has been fortunate thus far. The closest any of them have come to a cyberattack was when a distributor of fuel products lost nearly $50,000 in damages from someone stealing credit card information from a gas station pump.

However, newer worries are fast emerging over a related area, which is the uncertain impact of political risks in an increasingly unstable geopolitical environment. She cites several examples
that include government confiscation of property, civil commotion, an inability to convert foreign currency, terrorism and trade embargoes.

“There are a number of political risks that we see many of our captives writing administrative-action type policies to cover,” Fenters reports.

Supply chain disruptions in an increasingly global economy are another emerging area of mounting concern among smaller American businesses. While politics makes some coverage problematic currently, Tipper’s current firm has worked with its clients to provide a means within a captive insurance vehicle to develop a funding mechanism in the event trade disputes have to be litigated outside the U.S. in the supplier’s home country’s courts where it can be much more expensive.

“We’ve seen and heard horror stories of the impact on supply chains from governmental intervention,” he notes, “and have at least found a partial solution.”

In this case, he says many of his clients are following a simple, prudent risk management
strategy by choosing a heterogenous group of suppliers or vendors that’s not limited geographically.  “It’s acting in the same way that you don’t put all your investment portfolio into one sector of the economy.” The biggest challenge to the supply chain now is underwriting political risk, he adds.

BRACING FOR HEAVY WEATHER

Captives also help fill coverage gaps for other emerging risks, including the growing category of weather-related concerns. Tipper once ran a Bermuda-based company that focused on captives.
While there, the firms that create the hurricane models for the insurance industry added a severity component to the computer model that previously just calculated the frequency probability of a
hurricane or other catastrophic weather events occurring in a geographic area.

In response, several insurers writing property insurance asked several coastal communities
in the Northeast to absorb an increase to their deductibles on their property policies between
$25 million and $60 million in the space of just one renewal period because of concerns
about climate change and severe weather, he recalls.

“Fortunately with a little bit of work, a captive was used to fund that gap so that they could build
up a pool of resources over a period of time that in the event a severe storm came by and inflicted reasonably predicted damage, they would have the funding available to rebuild the community,” according to Tipper.

Rolling the Dice

Whereas the cyber area was a unique and highly specialized emerging risk 20 years ago, increasingly severe weather driven in large part by climate change is an emerging space for captive insurance, observes Mike Woytowicz, director of business development for Artex Risk Solutions’ International division. He’s based in Bermuda where hurricanes and Bermuda Triangle folklore are cultural markers.

Woytowicz recently helped incorporate a captive that essentially mirrors the weather derivative contracts available in the market for an energy distribution company to deal with Mother Nature’s
wrath. The captive is being used to “de-risk” electric operations and assist weather risk  management strategies by allowing the client enough flexibility to increase or decrease the insurance market attachment point (i.e., strike price) for various options available.

The arrangement, which ultimately provides less downside or upside volatility in the company’s operations, serves as a hedge on either side of what’s being bought in the traditional derivative marketplace to guard against soaring gas prices in frigid winters or much higher electricity costs in scorching hot summers.

“If they were buying a put or a call at, let’s say, $50 per kilowatt hour strike price,” Woytowicz explains, “we used the captive to fill that in below that strike which buys that strike down.”

The pricing becomes more affordable as carriers move away from the attachment point or strike price in the traditional marketplace because the lower the strike price, the quicker the derivative triggers.

A derivative contract also can be structured as an insurance policy that does not trade on the derivative market. Many organizations do not necessarily think of using insurance or a captive to also supplement or complement the same derivative strategy, according to Woytowicz.

BREAKEVEN POINT

While companies that increasingly use captives to rein in employee benefit costs on the medical stop-loss side can expect dividend payouts in good years, that experience doesn’t translate for weather-related risks. “The weather insurance market, in its current state, is pricing coverage at what seems to be basically breakeven,” Woytowicz reports.  “No one’s really making or losing money, or not like you see with a traditional insurance policy.”

There are other considerable differences such as a short tail vs. longer-tail nature. For example, he says while medical stop-loss isn’t exactly long tail, employers don’t necessarily know whether or not they’ve hit their aggregate until several months after claims have been sorted out and final bills are sent.

On the weather side, however, Woytowicz notes that the cost of oil or gas can be tracked on a daily basis. “There are energy transmission organizations that coordinate the movement of wholesale
electricity and they monitor and collect the pricing data for every hour of every day,” he says, “and if the price of energy hits the strike on any given day, you know instantly when the contract triggers, so it’s a bit different of an animal.”

DRONES AND MARIJUANA

Other emerging risks include the use of drones and legalization of marijuana across the U.S. dubbed “the green goldrush.” Fenters has many construction clients, whose industry is known for using drones to track the progress of a large or complex building projects, as well as on the agricultural side, which relies on drones to survey crops and make more effective use of the land.  Major retailers are also looking to follow Amazon’s lead by testing drones for home deliveries.

But the question is, how businesses can reap the benefits of an unmanned aircraft and protect themselves from the risk of property damage or loss of growth in that area? “Drones do crash,” Fenters says. “If the drone is carrying cargo, what safety features do they have to prevent damage? The FAA finally starting to come up with requirements for how to operate them and to meet the licensing requirements.” She notes that the Insurance Services Office is currently working on a drone-related product for property coverage.

As for marijuana, she reports that insurance carriers are scrambling to determine the ramifications of driving under the influence and other issues in states that legalize medical marijuana and/or recreational use. Fenters says another area of concern is the impact on workers’ compensation due to an accident in the workplace resulting from a poor decision by an employee under the influence of marijuana.

Meanwhile, the way emerging insurance risks are managed in the years ahead will offer an opportunity to break silos that have separated the risk management and insurance teams and more finance-focused derivative teams, which are purely focused on hedging. As global companies evolve, Woytowicz believes it is possible that risk managers will be increasing their collaboration with the derivative teams on strategies to minimize potential losses to a company’s balance sheet by either utilizing a captive and derivative combination.

Bruce Shutan is a Portland, Oregon-based freelance writer who has closely covered the employee benefits industry for more than 30 years.

Leave a Reply

Your email address will not be published. Required fields are marked *