3D Printing Offers New Risk Challenges
As commercial 3D printing advances from occasional to routine use, the product liability landscape will shift around it. Defective and counterfeit product exposures, among others, will arise for all participants along the manufacturing continuum, industry experts said.
In an adverse incident, said Rob Gaus, product risk leader, Marsh, liability will be apportioned among participants in the manufacturing and distribution stream: product manufacturer, printer manufacturer, software designer, feedstock supplier, distributor (especially if it modifies the product) and retailer (if the manufacturer is not well capitalized). No case law exists yet.
In 3D printing, a computer sends the software containing a product design to one or more printers, which builds the product, layer by layer, from many kinds of materials — plastics, metals, drugs, paints and even human tissue.
David Carlson, U.S. manufacturing and automotive practice leader, Marsh, said 3D-printed products are treated the same as any other new operation that poses new risks.
Underwriters and brokers must first assess the company’s risk management profile and risk appetite. When production, research and development teams look at technology, “they should loop in risk management. Risk management should be part of the continuum, or the company could get into sticky situations.”
The emerging risks include unregulated manufacturing, said Mark Schonfeld, a partner at Burns & Levinson LLP in Boston specializing in business and intellectual property law.
If 3D printing enables production of, say, just 100 hip implants or 100 hearing aids, such work will generally take place outside of a traditional mass-production factory, which is subject to government regulation and inspection.
“Insurance companies like FDA oversight of manufacturing because it makes products safer and helps identify responsibility when things go wrong,” Schonfeld said.
To protect themselves and their clients, Schonfeld advises insurers to keep abreast of technological developments, consult with a creative and knowledgeable attorney about how to address liability exposure, and adjust existing policies to be fair to consumers and prevent injury to the insurance company.
3D printing also raises the risk of counterfeit products, said Peter Dion, line of business director-product liability, Zurich Insurance. The digital “recipe” in the software design, and is vulnerable to capture, he said.
Although there is no encryption mechanism for the software, one solution might be to transfer the digital file in pieces only as they are needed by the printer to prevent capture of the entire design signature, Dion said.
Manufacturers have always struggled with counterfeit products, but 3D printing magnifies the risks because it can slash the time from product development to market-ready product to a matter of hours and requires no molds or prototypes. “Hackers can take the proprietary blueprint or software, send it to a third-world country, and have the product ready for market tomorrow,” said Carlson. “That’s a business disruption issue. Counterfeiters can put a company out of business.”
Drug manufacturers may subvert counterfeiters by adding tracer elements and watermarks to their formulations, which protects their reputations, profits and public health. “If the counterfeiters get the recipe wrong, they might not produce high-quality drugs for public consumption,” Carlson said.
Other manufacturers can also use watermarks and digital rights management (DRM) software to prevent file sharing. Still, Carlson said, counterfeiting is an old problem. “Bad guys have always exploited new technologies for their personal gain.”
The materials used by manufacturers present a greater potential loss exposure than the 3D printer itself, said Dion, noting that it is just another piece of equipment, like a pencil or a lathe.
For example, if a 3D printer is used to replicate a cupcake, the manufacturer should be as careful of contaminants in the mix as traditional bakers need to be. “When 3D printer manufacturers purchase materials from suppliers, they need to perform due diligence on their supplier’s products also.”
Can Brokers Keep Pace?
Technology and globalization offer opportunities for innovation, expansion, increased efficiency and improved customer service. But they also involve a rapid pace of change — and evolving risks — that keep every company on its toes.
“Changing global landscape, economy, regulatory environments, technology … this is changing the way companies manage both their financial and human resources,” said Tim DeSett, executive vice president of risk practices, Lockton.
“For brokers, this is really a transformational opportunity.”
The traditional role of the broker is transactional. A company hires a broker to buy insurance. But that model has been changing for years, with brokers becoming consultants and risk advisers in addition to procurers of policies.
“The traditional ways are shattered,” said Mary Ann Cook, senior vice president, risk and insurance knowledge group at The Institutes, a leading education provider for the industry.
“Those brokers that come to terms with that more quickly will be the ones out in front.”
But if brokers are to be effective risk consultants, they have to be a half-step ahead of the pace of change, anticipating the challenges their clients will face and understanding what mitigation strategies best fit their long-term goals and capabilities.
That takes a mix of forming key relationships and expertise within a client’s industry, and gaining a deep understanding of data.
Broker as Expert Consultant
“The best brokers are businesspeople,” said Brian Elowe, managing director, global risk management, Marsh.
“In a fast-paced world, I don’t see how you can be an effective adviser to a client without specializing in their industry. Client organizations have higher expectations that they won’t have to train their broker, but that the broker will bring insights to the table.”
To best understand a client’s risk, it is incumbent upon brokers to familiarize themselves with every aspect of the client’s business, from macro industry trends, to the regulatory environment, to the strength of its competitors in the market, and down to the nuts and bolts of their operations and financial standing.
Today, brokers also have to take into consideration a broad range of issues like the impact of increasingly unpredictable weather, migration patterns and political climate, impending local regulatory changes, and the now eternal question of data security. Conversations with experts are often the easiest and most reliable way to stay updated on broad trends.
The Institutes, in the course of assembling its seminars and educational materials, seeks input from policymakers and legislators, regulatory bodies, the NAIC, various conference attendees, social media platforms and multiple advisory groups.
Additionally, “belonging to industry associations is a great way to ensure you’re around the conversation of what those businesses are facing, and what strategies they’re developing in response,” Elowe said. “Our account executives are really experts in health care, technology, real estate or whatever sector they’re serving.”
Marsh works with several organizations to put together its annual global risk report, which is presented at the World Economic Forum each year.
Elowe described the process of consulting with leading economists, often working with the world’s top universities, as “an opportunity to challenge our thinking and get a better idea of the conversations we should be having with our clients.”
That in-depth understanding is critical if brokers want to get the attention of the C-suite.
“To have a conversation at that level, we need to translate our risk management initiatives into language that relates to the company’s goals and objectives, and what global resources are available,” DeSett said.
“To do that, we have to know what they’re saying to Wall Street and to their shareholders.”
The broker’s role as a consultant also involves adjusting to greater demand for alternative risk transfer strategies that don’t involve insurance. Emerging exposures like cyber, climate, political and reputational risks are often difficult to insure in the traditional market, pushing more risk managers to look for creative ways to retain it themselves.
“As a broker, it’s about ensuring capital efficiency and helping clients set up internal finance mechanisms to prepare for risks that may not be insurable,” Elowe said.
“Pooled risks and captives are situations where a broker wouldn’t be involved in a transaction, but would fill a role providing guidance to clients on how to utilize those models,” said Cook of The Institutes.
Big Data and predictive analytics also are useful tools in identifying emerging risks and vulnerabilities, but could also be a stumbling point for brokers as technology continues to evolve.
“Big Data is an incredible asset and opportunity to leverage, but takes a lot of energy to manage and can also be a distractor,” DeSett of Lockton said.
“Predictive analytics is a tool that should be a part of a broader strategy of measuring potential outcomes of potential risks.”
To paint a picture of just how rapidly data has grown as an asset for businesses, the McKinsey Global Institute (MGI) estimated that U.S. retailer Wal-Mart’s data warehouse in 1999 held about 100 terabytes of stored data; by 2009, nearly every sector in the U.S. economy was gathering and storing at least twice that amount.
Fifteen of 17 U.S. sectors have more data stored per company than the U.S. Library of Congress, it said.
McKinsey also projected 40 percent growth in global data per year, although with only 5 percent global growth in IT spending, according to its 2011 report, “Big Data: The Next Frontier for Innovation, Competition and Productivity.”
The insurance industry in particular not only has access to large amounts of data gathered from policyholders, but also the analytical talent to process it in its field of actuaries.
The study by MGI analyzed nine occupations that require the skills needed to execute big data analytics and in what industries they could be found, based on reporting by the U.S. Bureau of Labor Statistics.
Insurance carriers employed more of these individuals than any other segment included in the study, which also included telecommunications and internet service providers. In 2009, insurance carriers employed about 18,400 people considered to have “deep analytical talent;” the runner-up, scientific research and development, employed 13,000.
The report concluded that the financial services and insurance industry is “positioned to benefit very strongly from big data as long as barriers to its use can be overcome.”
Brokers have the opportunity — the obligation, even — to tap into carriers’ wealth of data and analytical talent.
“It will be critical to partner with a carrier willing to work with brokers on the analytics side,” Cook said.
“The data wars are coming. Brokers have to be able to capture it and work with it better; don’t defer an obligation to help clients build out an insurance program today that is comprehensive, flexible and integrated with data analytics.”
DeSett said, however, that barriers to effective use of data analytics are significant. The ability to store large amounts of data and run analytical software requires heavy investment in technology updates and training.
Aggregating large amounts of data is a useful tool for spotting trends, Elowe said, but it remains difficult to “get out in front” of emerging issues. Even those organizations with access to data and the talent to utilize it will struggle to keep up with new analytical tools and techniques.
For now, brokers’ predictive capabilities may be behind the pace. But this may be an even stronger reason for brokers to, as Elowe advocated, “Get a higher level of understanding of the business first, risks second.” &
Hot Hacks That Leave You Cold
Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.
“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”
Phishing Out Fraud
According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.
“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”
According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”
On the flip side, behavior also helps determine the best course of action to prevent phishing.
“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”
Lee stressed that phishing can affect employees at all levels.
“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”
Locking Down Ransomware
Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.
“These events are happening, and businesses aren’t reporting them,” Lee said.
In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.
After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.
Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.
“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”
And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”
The Future of Cyber Liability
According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”
“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”
About Nationwide’s Cyber Solutions
Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.
Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.