Webinar: Cyber Business Interruption and the Impact on the Pharmaceutical and Manufacturing Industry
While the cyber headlines continually report on the latest data breaches, the potentially biggest loss has nothing to do with privacy. Rather, the past year has featured an abundance of examples of the substantial costs involved with business interruption, extra expense, and supply chain interruption caused by cyber-attacks.
Perhaps none is more illustrative than the estimated nearly $1 billion Merck suffered due to NotPetya. It was an operational nightmare – disrupting not only manufacturing but research and sales as well. The insurance market, particularly the property market, is taking pause. What is the intent of their existing coverage for cyber related losses, and how will they manage coverage going forward?
In this webinar, we will discuss the following:
»Identify the interaction between product, property, cyber, and other insurance policies
»Pinpoint exposures including supply chain and other vulnerabilities
»Implement or revise a program to effectively cover cyber risks
In our first paper, we reviewed how expected value is inadequate as a standalone measure of risk, and we made the case that loss volatility should also impact risk financing decisions. In the following example,we examine how correlations among risks may impact the overall volatility of an entity’s retained loss exposure.
Large risk bearing organizations are typically concerned with more than one potential cause of loss or line of insurance coverage; however, we frequently see individual exposures considered in isolation with minimal regard for how correlation may impact the overall corporate risk profile. The simplified case below illustrates the impact that the consideration of dependence may have on a risk financing decision making process.
Company ABC is assessing the risk associated with two exposures: Risk X and Risk Y. Risk X is larger than Risk Y in expected value terms, but Risk Y possesses a proportionally larger amount of volatility.
Beecher Carlson Adds Industry Veteran, Jeff Rhoades, J.D., LL.M.; Continues to Expand Energy Practice Footprint
Beecher Carlson Insurance Services, LLC (“Beecher Carlson”), a specialized large account insurance broker, is expanding the West Coast operations of…
We are so excited to have Dr. Short bringing her expertise to the Brown & Brown family of companies! Strategic…
Exclusive Offering for Beecher Carlson CyberSelect Policy Holders: Ensure Your Company’s Compliance with the GDPR
The upcoming European Union GDPR has many companies worried about the data they collect or control – for good reason. In the face of gross negligence, four percent of global annual turnover or €20 million euro (whichever is greater) is a staggering loss for any corporation. The GDPR’s language is broad, leaving many legal specialists wondering how regulators will impose the layers of fines and how severely companies will be judged. Almost every firm agrees that the maximum fines will be imposed on negligent companies that do not place a high importance on the information and data European Union residents entrust to them. Working with a third-party forensics company prior to a breach can provide organizations the counsel needed to assess compliance with the GDPR and better prepare for the eventuality of future states and nations updating their own cyber policies. Fortunately, The Crypsis Group (“Crypsis”) offers GDPR Compliance Check, a unique service provided to Beecher Carlson’s CyberSelectTM policy holders at a discounted rate, to help alleviate the headache and anxiety that accompanies stiff cyber regulations.
While many companies have already taken steps to comply with the GDPR, others are just beginning the process. Crypsis offers a one-hour free consultation to evaluate your company’s current risks and to establish whether you are a data processor or controller. The GDPR requirements vary between the two classifications. If you have already performed the Data Mapping and Impact Assessments (offered through GDPR Compliance Check), Crypsis offers a GAP Assessment to identify gaps and provide detailed recommendations to address and remediate deficiencies. Unique to GDPR Compliance Check is the inclusion of the Technical Advisory Service, which includes 15 hours of consulting at a discounted rate to provide companies’ internal teams a resource as they work to achieve compliance.
As the insurance market becomes more capital efficient, many risk managers are looking into innovative structures for financing risk. Prior to assessing the organizational value that can be added by any new program structure, Beecher Carlson recommends a brief review of volatility in the context of uncertain loss outcomes to refresh one’s familiarity with the quantitative tools used to evaluate the relative merits of competing risk financing strategies.
A few simplifying assumptions made as we review volatility are as follows:
Risk managers will look to finance losses in the most capital efficient manner available.
Risk managers, for the purposes of this review, consider risk on a line by line basis without regard for risk interconnectivity.
A credible stochastic model has been estimated for each source of risk, and actual losses will be known and paid at the end of the year.
Risk transfer counterparties hold capital to support each assumed risk at the 90% confidence level, and they back surplus with cash.
We understand that the assumptions are somewhat academic, but they are necessary for us to illustrate these ideas both simply and succinctly.
Volatility is defined as a quantitative measure of the potential for losses to differ from their expected value for a specific underwriting year, based on all information known about the corporation’s exposure to loss at the outset of that year.
A simplified risk transfer market pricing mechanism can be described by the following equation:
Market premium = E(loss + LAE) + Administrative charge + Capital charge*
*computed using a market derived carrier WACC value and a risk-specific marginal economic capital requirement estimate
In the following example, we will look at two sources of risk for Company A. Both risks have an expected annual loss pick of $1,000,000. Risk X is less volatile than Risk Y.
Volatility aversion dictates that the market premium for Risk Y be larger than for Risk X. In practice, market participants charge for volatility; this is the case whether the participant is a (re)insurance company underwriter or an institutional investor providing P&C risk capital through an alternative financing mechanism. Merely knowing the expected value of loss associated with a risk is not sufficient to assess its value in the risk transfer market…
Download the remainder of the whitepaper here.