Bigger Than the Big One
When it starts at 2:12 p.m. on an October Thursday, residents of California old enough to remember previous big quakes assure themselves that they’ve been through this before.
But in another 10 seconds or so, they see that they are profoundly wrong.
The shaking, stronger than anything ever measured in the United States, goes on and on, not for seconds, but for minutes. Panic builds to horror as people are thrown to the ground, stoned by debris from crumbling office buildings or crushed in their cars under collapsed freeway overpasses.
This is a quake even bigger than “The Big One,” which modelers tend to peg as something in the 7.6 to 8.0 range on the Richter scale. This is an 8.5 magnitude quake on the San Andreas Fault with an epicenter at Cape Mendocino in Humboldt County, about 250 miles north of San Francisco.
According to modeling firm EQECAT, a subsidiary of CoreLogic, the rupture in Humboldt County triggers a cascade of four contiguous San Andreas Fault segment ruptures that end in Southern California at Indio in the Salton Sea.
It was fire that destroyed much of San Francisco in the legendary 1906 earthquake, but it is salt water this time that plays a substantial role in the undoing of that great city and its bigger cousin, Los Angeles.
In Southern California, the quake provokes a submarine landslide, 100 miles or so in length and miles wide, that runs from the coastal waters of Santa Barbara down to San Luis Rey in San Diego County.
That immense shifting of underwater soil in turn pushes water toward land in a tsunami that runs a mile or so inland in places, damaging large oil refineries in El Segundo and Torrance, and creating an environmental disaster.
Hundreds of billions of dollars of Southern California’s high-priced residential and commercial real estate is erased in 10 minutes. Thousands die within that same time span.
The Port of Los Angeles and the Port of Long Beach, the two biggest U.S. container ports, are shut down, severely damaged by the shaking and the tsunami.
To the north, the “Achilles heel” of San Francisco, its bay-side seawall, ruptures in multiple places, spilling bay water into the city.
The four-mile seawall, which runs from Hyde Street and Fisherman’s Wharf in the north to Pier 54 and Channel Street in the south, was cobbled together in 21 sections from 1878 to 1924. The land mass filled in behind the seawall is composed of sand, clay and gravel in places and liquefies under a quake of this magnitude, undermining the city’s Embarcadero roadway and severing crucial utility and public transportation connections.
San Francisco is far better prepared for seismic activity than any U.S. city. But when the seawall fails, the surging bay water undermines downtown office buildings already weakened by the shaking, and several of them collapse.
The destruction of the seawall shuts down the Transbay Tube, the underwater Bay Area Rapid Transit rail connection between San Francisco and Oakland, stranding hundreds of thousands of commuters in the broken cities.
Damage to the Bay Bridge shuts down first-responder access from the east. Damage to the Golden Gate Bridge cuts off aid from the north.
With emergency responders in the rest of the state frantically working to save their own populations, the city is sealed off from help, stricken and flood ravaged. Its residents tend to the injured and dying as best they can as spiraling smoke obscures the sun and sirens wail unceasingly.
According to EQECAT, the insured losses from a cascading San Andreas rupture measuring 8.5 on the Richter scale would amount to $140 billion.
Before the Tohoku quake of March 2011, scientists thought that an 8.5 on the San Andreas was inconceivable, according to Mahmoud Khater, chief science and technology officer with EQECAT. But before Tohoku, no one thought that the fault in Japan could produce a 9.0. The most it was thought capable of was an 8.4.
Tragically, the world now knows better, after more than 16,000 Japanese deaths and more than $30 billion in insured losses.
“It is really Tohoku that has altered the scientific and actuarial thinking,” Khater said.
The importance of the Ports of Long Beach and Los Angeles to trade with technology suppliers in Asia is just one piece of the extended business interruption and contingent business interruption aftermath of an 8.5 on the San Andreas that would lead to global economic losses of $1 trillion.
“We clearly agree that it would be a multi-year event,” said Jamie Miller, head of North American property for Swiss Re.
EQECAT estimates that there is $2.2 trillion in residential and commercial property exposure in California. The company said fatalities from the event we envision would run into the tens of thousands.
As gruesome as tens of thousands of deaths would be, and as daunting to the insurance industry as $140 billion in insured losses may appear, Miller and his colleagues at Swiss Re fear that even greater economic calamity awaits, should this event occur.
Alex Kaplan, vice president, global partnerships, public sector business with Swiss Re, points to the low take-up rate of personal lines earthquake insurance in California, the weak financial condition of the federal and local governments, and how that combination could balloon into a national economic calamity.
“You talk about firefighting and other ongoing expenses that aren’t passed on through insurance, coupled with less homeowners to pay for it. That to me is the black swan.” — Jamie Miller, head of North American property, Swiss Re
Consider, under Kaplan’s direction, that only 12 percent of homeowners in California carry earthquake insurance.
Modelers say 1 million homes would be severely damaged in the 8.5 quake.
“That’s 880,000 homes that are uninsured and 660,000 of those homes have mortgages,” Kaplan said.
Not only will there be hundreds of billions of dollars in damage but as a result of the earthquake, the rate of mortgage defaults and credit losses in California will spike, he said.
“Keep in mind that California has one-sixth of all underwater mortgages,” he added.
In addition, the federal government will be unable to sufficiently bail out local governments in California, which will suffer greatly reduced property tax collections just as public services such as police and fire protection are stretched to the limit.
“FEMA’s current funding scheme is inadequate to handle something like this,” Kaplan said.
From 2005 through 2011, the agency’s average disaster appropriation was $1.75 billion per year, Kaplan said. But spending on supplemental appropriations amounted to an average of $4.6 billion per year.
“There is no probabilistic modeling that goes into how the federal government allocates funds,” Kaplan said.
“You talk about firefighting and other ongoing expenses that aren’t passed on through insurance, coupled with less homeowners to pay for it,” Miller said.
“That to me is the black swan.”
Mitigation and Recovery
For years — since the Loma Prieta quake that struck the Bay Area in 1989, and the Northridge quake that hit Los Angeles in 1994 — governments in California have taken aggressive measures to limit the damage that would occur in a major quake and to make California cities more resilient.
In April, with a grant from the Rockefeller Foundation, San Francisco appointed the world’s first Chief Resiliency Officer, Patrick Otellini. The Rockefeller program will eventually fund 100 such positions worldwide.
“We have a mentality that we need to get over and that is we are the biggest country in the world with the deepest capital markets and The Big One wouldn’t be that big of a deal. I don’t think that’s true.” — Alex Kaplan, vice president, Swiss Re
In the new position, Otellini is putting to work his 10 years of experience in the private sector helping businesses negotiate the City of San Francisco’s permitting and code requirements process and his more recent job, which he still holds, as the director of the city’s Earthquake Implementation Program.
The host of initiatives he is working on include measuring the vulnerability of the city’s seawall and creating a plan to improve it, coordinating the various utilities whose services the city depends on to increase their post-disaster resiliency, and implementation of a program designed to speed up occupancy of hotels and other businesses post-quake provided they have been inspected by city-approved engineers.
Under Otellini’s direction, the city’s Board of Supervisors passed an ordinance last year that required owners to retrofit and make more earthquake-proof rental properties with wood frame construction, built before 1978, and having five or more residential units with two or more stories over a “soft story” — a story with large open spaces like a garage or retail space with large windows.
The city’s experience in 1989 told it that housing stock would be totally destroyed should The Big One hit.
Otellini said there are 60,000 residents living in rent-controlled housing who would lose that protection in a big quake had the city not taken action.
“Not to mention the impact on our city services and the fact that these buildings tend to be very defining of the architecture of San Francisco,” he said.
Although it’s not regulating a big piece of the city’s overall commercial and residential building stock, the measure is an example of how governments can begin to pick off lower hanging fruit and make their cities incrementally more resilient.
The Los Angeles City Council took note of the San Francisco measure and passed its own ordinance. The two city governments are now working together on a number of resiliency initiatives and to make state politicians more aware of what else needs to be done.
“I am very excited about that dialogue,” Otellini said.
The efforts of Otellini and others will lessen the cost of The Big One and bring businesses and communities back quicker, said Swiss Re’s Kaplan.
“I am very impressed with how public entities from the city level, to the state level, to the federal level are thinking about the physical resilience of a particular region,” Kaplan said.
“How do you retrofit the buildings, how do you communicate the risk, and they have done a tremendous job of enhancing that over the years,” he said.
“What I am still concerned about is the financial resilience, how are you going to fund these losses?” he asked.
Kaplan said he now sees U.S. cities taking a much more engaged approach to which insurance or insurance-linked securities solutions could help to remove the volatility from public sector balance sheets in the case of a disaster.
“The Mexican government is highly sophisticated in that regard and we see it is starting to happen in the U.S.,” Kaplan said.
“We have a mentality that we need to get over and that is we are the biggest country in the world with the deepest capital markets and The Big One wouldn’t be that big of a deal,” Kaplan said.
“I don’t think that’s true.”
Additional 2014 black swan stories:
When a nuclear reactor melts down due to a powerful tornado, deadly contamination rains down on a metropolitan area.
A double dose of ice storms batter the Eastern seaboard, plunging 50 million people and three million businesses into a polar vortex of darkness and desperation.
7 Emerging Technology Risks
The Risk List is presented by:
To Keep Cool in a Crisis, Companies Need a Comprehensive Solution
Threats against corporate security come in many forms, from intentional acts of violence to civil unrest to cyber-attacks. The perpetrators don’t discriminate by company size or sector, and the consequences can range from several thousand dollars lost to several lives lost.
The recent shooting in an Orlando nightclub that killed 49, for example, or last year’s San Bernardino shooting that killed 14, are somber reminders that terrorism and violence can erupt anywhere and in any type of business. In addition to loss of life, violence can translate into business interruption and property damage. In Ferguson, Mo., riots lead to over $4 million in property damage.
Cyber-attacks have also become commonplace, with hackers infiltrating private networks to steal data or hold it ransom.
Is your organization prepared for these risks?
“A lot of companies have a crisis response plan on paper, but they don’t have outside resources to come to their aid if there is an incident,” said Reggie Gibbs, Underwriter and Product Manager, Starr Companies.
Mid-size companies especially tend to lack comprehensive insurance coverage and crisis management services for a variety of security events due either to limited resources or an underestimation of their exposure.
Starr Companies’ Cyber and Terror Response (CTR) solution provides three coverages as well as crisis response services tailored to meet the needs of these companies. Each of its components addresses a common security threat.
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them.”
— Reggie Gibbs, Underwriter & Product Manager, Starr Companies
Terror and Political Violence
“Political violence can be defined as a strike, riot, protest, or any type of unrest that gets out of hand and turns violent,” said Gibbs, who specializes in terrorism and political violence, workplace violence, and crisis management.
In the case of the Ferguson protests, any first party property damage or third party liability incurred by the disruption would be covered under the terrorism and political violence segment of the CTR solution.
In the case of a terror attack, organizations cannot necessarily rely on TRIA to pick up property losses. In the case of the Orlando shooting, for example, the likelihood of TRIA being invoked is low because property damage will not meet the threshold for coverage to kick in.
TRIA, reauthorized in 2015, provides a federal insurance backstop in the event of a terror attack. The U.S. Secretary of the Treasury, U.S. Attorney General, and U.S. Secretary of Homeland Security must declare an attack to be an act of terrorism, and property damage must exceed $5 million to trigger TRIA.
“We would still view the Orlando shooting as an act of terror, however, because of who the shooter claimed he was working for regardless if the ties to terror groups are clear or not. Therefore, our coverage would apply,” Gibbs said. Even if TRIA was enacted, however, companies would still have a lot of pieces to pick up following an attack. They may have injured or deceased employees, or face legal action from third parties.
For these situations, and any other incident of violence not driven by terrorism, the workplace violence component of Starr’s CTR solution would act as an umbrella to cover other liabilities such as legal liability, loss of life benefits, psychiatric care, and other crisis response services.
One such incident struck a Boston-area Bertucci’s in early May. An attacker wielding a knife drove his car into a Boston shopping mall before making his way into the nearby restaurant. He killed five, including restaurant workers and patrons.
“There was no ideological or political motivation behind it. He was just deranged.” Gibbs said. “Our workplace violence coverage can handle the loss of life benefits for both the employees and patrons killed in situations like this one.”
In the best cases, though, violence can be prevented altogether.
“If an employee reports a stalking threat, the policy would cover the expense of security guards,” Gibbs said. “In this case, it’s more of a pre-workplace violence coverage. It would de-escalate the situation.”
Attacks can also be non-physical.
Cyber extortion in particular is on the rise. Phishing scams lead employees to click on malicious links, unknowingly downloading ransomware onto their internal networks. The cyber criminals then hold companies’ networks ransom, asking for a sum of money in return for the release of data or to prevent a business interruption. The ransoms can be low — amounts that organizations can afford to pay.
“The hackers don’t want to attract the attention of law enforcement or regulatory agencies,” said Annamaria Landaverde, National Cyber Practice Leader & Professional Liability Underwriting Manager, Starr Companies. Landaverde specializes in the cyber component of the CTR coverage. “The FBI may not get involved if someone asks for $5,000. They are more likely to get involved if someone asks for $5 million.”
Since companies are not required by law to report cyber extortion —like they are for data breaches — many choose simply to pay the ransom and move on without generating any negative news headlines.
“The hackers don’t want to attract the attention of any law enforcement or regulatory agencies. The F.B.I. won’t get involved if someone asks for $5,000. They will get involved if someone asks for $5 million.”
— Annamaria Landaverde, National Cyber Practice Leader & Underwriting Manager, Professional Liability Division, Starr Companies
“A California medical center recently had an incident like this where the hackers asked for $17,000 in ransom,” Landaverde said,” but the amounts can vary.”
While the ransom itself may seem manageable, many companies fail to recognize other costs associated with the identification and removal of the malware from their system. There may also be costs associated with forensics investigations, legal experts, public relations firms, third party lawsuits, and notification and credit monitoring.
“The cyber arm of the CTR coverage extends to liability that an organization would suffer as a result of a breach, or failure of security of the insured’s network,” Landaverde said. That includes not just cyber extortion, but outright data theft or denial-of-service attacks.
Crisis Management Services
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them,” Gibbs said.
The fourth component of Starr’s CTR solution – crisis response — provides two outside consultants to insureds, with one specializing in “hard” security services like guards or instances of cyber extortion, and another focusing on crisis communications.
Without these outside services, there is only so much insurance can do in the aftermath of a crisis. Experienced consultants provide a range of security preparedness and response services to complement coverage and help insureds recover from an episode of violence or cyber event.
“From a communications perspective, our consultants can manage the public relations front to create clear and consistent messaging, but they can also stay in touch with families after a terror or other violent attack to make sure everyone stays informed,” Gibbs said.
They also serve as a first point of contact for insureds immediately after an event. If they need guidance quickly, consultants await at the ready.
“When a client purchases the product, they get a 24-hour hotline set up with one of our consultancies,” he said. “They can report an incident at any time, and our consultant will help either resolve a situation or deal with the aftermath in whatever way they can.”
While the Cyber and Terror Response package provides a comprehensive solution tailored for mid-size companies, Starr also offers standalone cyber liability and crisis management coverage on a primary and excess basis.
“For companies with greater exposure to a particular type of risk, or who simply want higher limits or greater customization, we have those standalone polices.” Landaverde said.
For more information on Starr Companies’ Cyber and Terror Response solution, visit https://www.starrcompanies.com/Insurance/CyberAndTerrorResponse.
Starr Companies is the worldwide marketing name for the operating insurance and travel assistance companies and subsidiaries of Starr International Company, Inc. and for the investment business of C. V. Starr & Co., Inc. and its subsidiaries.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Starr Companies. The editorial staff of Risk & Insurance had no role in its preparation.