Insurance Without Limits
When we think of energy, we tend to think in terms of limits.
As in, there is a limited volume of greenhouse gasses that the earth’s atmosphere can absorb; there is only so much coal; how deep must we drill the deepest hole until we find out that there is no more oil?
But what if energy resources and the future human endeavors they power were truly limitless?
That seems to be the spirit of the collaboration between Swiss Re Corporate Solutions, the corporate insurance division of the Zurich-based insurer and reinsurer Swiss Re, and Solar Impulse, an ambitious project to build and fly a solar-powered plane around the world.
Launched on its global trip in 2012 by Swiss explorer Bertrand Piccard and his partner, businessman Andre Borschberg, Solar Impulse, insured by Swiss Re Corporate Solutions, is within weeks of achieving its goal.
As of early July, the plane was in Seville, Spain and was preparing to embark on the last two legs of a 17-leg around-the-world trip, with the goal of landing at its starting point in Abu Dhabi.
Light as a small family car, but with the wingspan of a Boeing 747, the plane is powered only by solar panels on the surface of its enormous wings and has an insured value of $12.5 million.
For Juerg Trueb, a Zurich-based head of environmental and commodity markets for Swiss Re Corporate Solutions, the partnership with Solar Impulse is an example of the speed at which technology is advancing, and the imperative on the part of insurance companies that they keep pace with that change.
If you go beyond the symbol, these are the tangible things that we do and that resonate in the context of Solar Impulse.– Juerg Trueb, head of environmental and commodity markets for Swiss Re
After all, in providing aircraft liability, hull and personal accident insurance for the plane’s two-man crew, the insurer is in essence underwriting a prototype, a craft for which there is no loss history because its kind has never been seen before.
“Solar Impulse stands for the dream to power a plane by renewable energy,” Trueb said.
“It’s a symbol for technology innovation and clean energy production and a sustainable business that allows us to both prosper and conserve nature,” Trueb said.
That notion of sustainability, is something Swiss Re Corporate Solutions and its parent company puts into action, not only in the types of projects it insures, solar and offshore wind farms, for example, but in the degree of sustainability engrained in its investment portfolio.
“If you go beyond the symbol, these are the tangible things that we do and that resonate in the context of Solar Impulse,” Trueb said.
In addition to the awards it’s won for sustainable business practice and ethics, Swiss Re, through its Swiss Re Foundation, has for more than decade funded the International ReSource Award for Sustainable Watershed Management, which carries with it a $150,00 prize awarded by an international jury.
Solar Impulse already owns an aviation record for the longest continuous flight by a solar plane. In 2015, it flew from Nagoya, Japan to Hawaii. That flight lasted 117 hours and 52 minutes and covered about 4,473 miles.
Of course Solar Impulse isn’t the only solar-powered craft making news this summer. Juno, NASA’s solar-powered space probe, entered Jupiter’s orbit in early July, after a voyage of some 1.8 billion miles over five years.
Protecting ‘Flying Computers’
Last summer, more than 1,400 LOT Polish Airlines passengers were stranded at Warsaw Chopin Airport, the country’s largest airport. Ten flights were cancelled and a dozen more grounded after a probable cyber attack crashed flight-planning computers.
Airline travel is considered one of the safest ways to get around, but attacks on the networks that keep travelers flying can have reverberating effects across the industry.
To prevent this, risk and insurance experts are planning ways to build in protections in case hackers access data networks, onboard computers or navigation systems to cause business disruptions or damage to life and property.
“Aircraft really are flying computers,” said Brad Meinhardt, managing director, aviation practice at Arthur J. Gallagher & Co. “The importance and integrity of cyber is absolutely tantamount because airplanes will be flying closer and closer to each other with the same degree of safety.”
Automation helped airlines fly 3.5 billion customers on 34 million flights last year, according to the International Civil Aviation Organization (ICAO). And yet, all these linked networks and technology advances also create new opportunities for criminals.
“We make mistakes in underestimating how clever our opponents are,” said Jon Haass, associate professor, cyber security and intelligence at Embry-Riddle Aeronautical University College of Security and Intelligence.
Is a Cyber Attack Possible?
While aviation experts believe today’s systems are secure from simple hacking, Eric Donofrio, XL Catlin’s chief underwriting officer, aerospace, in the Americas region, foresees more sophisticated attempts down the road.
“I would imagine people are going to try,” Donofrio said.
ICAO formed a cyber security task force four years ago to develop a set of international standards and industry best practices that account for all of the technology changes in the aviation industry. The United Nations agency will present its findings this September in Montreal.
When considering some of the most vital technology advances in aviation, experts see a few vulnerabilities. First, air navigation is facing the most significant changes because of the increased reliance on GPS for data.
The radio navigation system pilots mostly use today is run from very high frequency omnidirectional radio range receivers (VORs), a ground-based electronic system that reaches up to 200 miles. The stations send out radio signals and essentially create highways in the sky. These operate individually, so trying to take out all VORs today would be very difficult, Donofrio said.
A new GPS-based system with wider reach is replacing VORs. The Federal Aviation Administration plans to decommission about half of the 967 VORs in the United States by 2020, and keep the other half as a backup navigation system in the event of a GPS outage.
As aviation operators phase out VORs and move over to new GPS-based technology, that GPS system may become a significant cyber vulnerability, Donofrio said.
When Malaysia Airlines Flight 370 disappeared over the Indian Ocean in 2014, some in the public were surprised to learn that air traffic controllers often don’t know where a plane is because radar can’t reach it along several stretches of the route.
That will soon change when the aviation industry begins using a much more precise surveillance technology called Automatic Dependent Surveillance – Broadcast (ADS-B), which will allow air traffic controllers to know exactly where every plane is, even over vast oceans.
“There are many places on the globe where terrestrial coverage is spotty and that’s why we are trying to have the system run off satellite,” Haass said. “But the ‘attack surface’ increases with a more complex system.”
ADS-B uses GPS technology to determine an aircraft’s location, airspeed and other data, and broadcasts that information to a network of ground stations, which relay the data to air traffic control displays and nearby aircraft.
“ADS-B is a technological improvement over the limitation of radar, but if a hacker could hack in, conceivably the GPS system, in the extreme, could be shut down – there’s almost a single point of data,” Donofrio said. “In the future, we might have a bigger problem, but right now that scenario is a bit dramatic.”
“We would like to see cyber security included right there at the design stage when they develop new systems.” — Jon Haass, associate professor, cyber security and intelligence, Embry-Riddle Aeronautical University College of Security and Intelligence
Oftentimes, the areas that are most vulnerable to hackers are not so dramatic – such as employees with weak computer passwords or malware in an email. Third parties that have access to aviation systems or cloud providers may also present vulnerabilities.
And, while ADS-B is meant to make aviation systems more efficient and safer, it lacks a good authentication system to verify that the person working on either end is who they claim to be, said Haass.
Another emerging risk is the abundant use of electronic flight bags. These devices — which contain software and store sensitive flight information — are carried around the world and can be hacked at any point along the way, such as a pilot’s hotel room.
Portable devices are also used extensively around airports to remotely prepare baggage handling, weigh baggage and board contents onto the planes, among other things. Even if those devices work off a private network and require a security password, they may still become a target for hackers, Haass said.
“We would like to see cyber security included right there at the design stage when they develop new systems,” Haass said. “It’s easier to fix it at the beginning, although it adds expense and time.”
Cyber Market Continues to Evolve
The aviation industry includes about 1,400 commercial airlines, 4,130 airports and 173 air navigation services providers. And they all carry risk.
“Aviation insurance is one of the most comprehensive insurance coverages in the world,” said Meinhardt.
Yet, cyber coverage remains a complication.
Cyber risks may be excluded or limited in aviation insurance policies. For example, certain network business interruption exposure may not be covered under existing policies.
“Cyber liability is something our clients should consider,” Meinhardt said.
Another reason to consider cyber liability insurance is because vendors that do business with aviation businesses often demand it, he said
Some aviation industry insurers have shied away from cyber products because the data and modeling tools that are commonplace for understanding catastrophic property exposures often do not exist for cyber risk in a specific industry, such as aerospace and aviation.
The burgeoning market offers only a handful of stand-alone products. That market will continue to evolve but development will bring challenges, with many concepts and wordings yet to be tested.
Electronic Waste Risks Piling Up
The latest electronic devices today may be obsolete by tomorrow. Outdated electronics pose a rapidly growing problem for risk managers. Telecommunications equipment, computers, printers, copiers, mobile devices and other electronics often contain toxic metals such as mercury and lead. Improper disposal of this electronic waste not only harms the environment, it can lead to heavy fines and reputation-damaging publicity.
Federal and state regulators are increasingly concerned about e-waste. Settlements in improper disposal cases have reached into the millions of dollars. Fines aren’t the only risk. Sensitive data inadvertently left on discarded equipment can lead to data breaches.
To avoid potentially serious claims and legal action, risk managers need to understand the risks of e-waste and to develop a strategy for recycling and disposal that complies with local, state and federal regulations.
The Risks Are Rising
E-waste has been piling up at a rate that’s two to three times faster than any other waste stream, according to U.S Environmental Protection Agency estimates. Any product that contains electronic circuitry can eventually become e-waste, and the range of products with embedded electronics grows every day. Because of the toxic materials involved, special care must be taken in disposing of unwanted equipment. Broken devices can leach hazardous materials into the ground and water, creating health risks on the site and neighboring properties.
Despite the environmental dangers, much of our outdated electronics still end up in landfills. Only about 40 percent of consumer electronics were recycled in 2013, according to the EPA. Yet for every million cellphones that are recycled, the EPA estimates that about 35,000 pounds of copper, 772 pounds of silver, 75 pounds of gold and 33 pounds of palladium can be recovered.
While consumers may bring unwanted electronics to local collection sites, corporations must comply with stringent guidelines. The waste must be disposed of properly using vendors with the requisite expertise, certifications and permits. The risk doesn’t end when e-waste is turned over to a disposal vendor. Liabilities for contamination can extend back from the disposal site to the company that discarded the equipment.
Reuse and Recycle
To cut down on e-waste, more companies are seeking to adapt older equipment for reuse. New products feature designs that make it easier to recycle materials and to remove heavy metals for reuse. These strategies conserve valuable resources, reduce the amount of waste and lessen the amount of new equipment that must be purchased.
Effective risk management should focus on minimizing waste, reusing and recycling electronics, managing disposal and complying with regulations at all levels.
For equipment that cannot be reused, companies should work with a disposal vendor that can make sure that their data is protected and that all the applicable environmental regulations are met. Vendors should present evidence of the required permits and certifications. Companies seeking disposal vendors may want to look for two voluntary certifications: the Responsible Recycling (R2) Standard, and the e-Stewards certification.
The U.S. EPA also provides guidance and technical support for firms seeking to implement best practices for e-waste. Under EPA rules for the disposal of items such as batteries, mercury-containing equipment and lamps, e-waste waste typically falls under the category of “universal waste.”
About half the states have enacted their own e-waste laws, and companies that do business in multiple states may have to comply with varying regulations that cover a wider list of materials. Some materials may require handling as hazardous waste according to federal, state and local requirements. U.S. businesses may also be subject to international treaties.
Developing E-Waste Strategies
Companies of all sizes and in all industries should implement e-waste strategies. Effective risk management should focus on minimizing waste, reusing and recycling electronics, managing disposal and complying with regulations at all levels. That’s a complex task that requires understanding which laws and treaties apply to a particular type of waste, keeping proper records and meeting permitting requirements. As part of their insurance program, companies may want to work with an insurer that offers auditing, training and other risk management services tailored for e-waste.
Insurance is an essential part of e-waste risk management. Premises pollution liability policies can provide coverage for environmental risks on a particular site, including remediation when necessary, as well as for exposures arising from transportation of e-waste and disposal at third-party sites. Companies may want to consider policies that provide coverage for their entire business operations, whether on their own premises or at third-party locations. Firms involved in e-waste management may want to consider contractor’s pollution liability coverage for environmental risks at project sites owned by other entities.
The growing challenges of managing e-waste are not only financial but also reputational. Companies that operate in a sustainable manner lower the risks of pollution and associated liabilities, avoid negative publicity stemming from missteps, while building reputations as responsible environmental stewards. Effective electronic waste management strategies help to protect the environment and the company.
This article is an annotated version of the new Chubb advisory, “Electronic Waste: Managing the Environmental and Regulatory Challenges.” To learn more about how to manage and prioritize e-waste risks, download the full advisory on the Chubb website.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Chubb. The editorial staff of Risk & Insurance had no role in its preparation.