Risk Favors the Prepared
A recent study published in the “New York Times” highlighted an interesting discovery. Scientists researched how special operations soldiers and race car drivers achieved resilience during the physical and emotional stresses of their jobs.
These individuals were placed in brain-scanning machines and were fitted with face masks through which the researchers were able to control the flow of oxygen at the press of a button.
In another control group, 48 healthy adults were placed in the same machines and were given the same face masks to wear. These adults were divided into three groups: high resilience, average resilience, and low resilience. These categories were determined by questionnaires given to them about their self-perceived emotional and physical resilience.
As the researchers began restricting the flow of oxygen, something interesting happened. The control group of “low resilience” healthy adults had brain signals that were quite inactive right before they realized the button was going to be pushed, resisting the flow of oxygen.
However, after they started having trouble breathing they experienced extremely high levels of activation in the section of their brains leading to bodily awareness; overreacting to the threat once breathing became difficult.
The more we are prepared for impending disasters, the more favorable the outcome will be when the inevitable actually occurs.
The control group of “average and high resilience” adults, as well as the elite soldiers and racers, showed increased levels of brain activity right before they thought their oxygen was about to be restricted. However, the level of activity in their brains sending signals to bodily awareness were muted. This group experienced a stressful condition but did not overreact physically or mentally.
The aforementioned example accurately illustrates the power of resilience; the ability to maintain a level of functionality despite changing conditions in one’s environment.
For a family, attaining a level of high resilience could mean knowing what to do in case of a fire at home. For a nation, ensuring that local, state, and national agencies are operating under the same procedures and nomenclature leads to a higher level of resilience. The establishment of the Department of Homeland Security after 911 is a great example.
For businesses, attaining a high level of resilience includes:
- Ensuring employees have proper cyber hygiene; having dual levels of authorization for money transfers above a certain threshold, limiting privileged access to sensitive data, continuous training of employees on current cyber threats, and conducting mock cyber-attack drills.
- Implementing wellness programs to encourage employees to stay healthy, saving the firm money on health insurance claims and potential lost man-hours due to sick employees.
- Having a detailed active shooter plan in place. Active shootings are becoming more prevalent, and it is important for companies to train for these much like they would for fire drills.
- Ensuring employees traveling abroad are educated on potential risks in that country. Having the phone number of the U.S. embassy, procuring the services of emergency evacuation firms, and providing adequate health care coverage abroad are all noble efforts.
The more we are prepared for impending disasters, the more favorable the outcome will be when the inevitable actually occurs.
After the Fire
The raging wildfire that roared through Fort McMurray in Alberta, Canada, in May and June was so fierce it burned the entire country’s economy.
As a result of the fire, Canada’s GDP experienced its worst dip since the depths of the Great Recession. Losses from the blaze resulted in a 1.1 percent economic contraction in the second quarter. The Bank of Canada cut the country’s economic outlook for the year due to the catastrophe that stopped production at oil sands facilities, forced the evacuation of about 94,000 people and destroyed 2,400 buildings.
The most recent estimate by Property Claim Services puts the insured losses at about $3.6 billion — but while more than 5,000 commercial insurance claims (about $1 billion) are included in that estimate, the hard-hit oil sands producers report few insured losses.
VIDEO: The wildfire had a devastating impact on businesses in the area.
At the peak of the fire, 10 oil and gas producers were temporarily shut down, while work at another one was reduced, said Paul Cutbush, senior vice president, catastrophe management, Aon Benfield Canada.
Even though 1.2 million barrels a day, or about $65 million daily, was lost during that month-long shutdown while the fire was nearby, “no one is talking about any oil and gas claims,” Cutbush said.
That position was made official by Suncor, one of the largest operators that was shut down due to the evacuation, and saw its production reduced by about 20 million barrels because of it.
“The company incurred $50 million of after-tax incremental costs related to evacuation and restart activities,” according to the company’s Q2 earnings report, “which was more than offset by operating cost reductions of $180 million after-tax while operations were shut in.”
It’s not just the lack of damage, said Cutbush. BI policies typically have a waiting period before policies are triggered. That period typically is 60 to 90 days, but since the marketplace is very competitive, he said, it’s possible that some of the oil and gas producers had a 30-day waiting period.
Even so, the evacuation orders issued May 3 that shut production around Fort McMurray — the hub of Canada’s oil sands extraction and processing facilities — only lasted three to four weeks, depending on their location, he said.
“A lot of companies went back online 30 days after the fire,” Cutbush said. “I think if you see any claims, it will be those [insurance] writers who have more competitively agreed to do 30-day waiting periods. But it’s still too early to tell.
“It’s risk management but it’s net retained non-insured risk management.”
The energy companies’ facilities were protected by the effectiveness of the “fire breaks” built to divert the wildfires, he said.
Emphasis on Safety
“The core of Fort McMurray exists because of the oil sands,” said Bill Adams, vice president, Western and Pacific for the Insurance Bureau of Canada (IBC). “There is a strong focus on safety in those operations, and most of the people in and around Fort McMurray have that in their blood.
“I am not sure any other community in North America could have accomplished the same as that town did.”
From a risk mitigation perspective, Adams said, “this incident really set a new benchmark for what can go wrong when you build a municipality in a boreal forest. We have never seen an event like this that affected so much infrastructure.
“Assessing this fire will definitely give us a new understanding, and many municipalities will have opportunities to avail themselves of the learnings.”
Andrew Bent, manager of enterprise risk management for the Alberta Energy Regulator, also praised the energy companies.
“The operators were fantastic. They knew they were part of the community and they were fast to take in some of the more than 88,000 people who had to be evacuated,” he said.
“As regulator for the industry, we require all operators to have emergency response plans in place.
“Those plans vary with the nature of the operator from site-specific to more general contingency planning. Even so, we were dealing with an event of unprecedented scale. The fire moved very quickly and behaved very unusually from a risk-management perspective.”
The Alberta Energy Regulator had its own risk to manage as well: Bent said the staff’s families had to be evacuated.
“Once we had that secure, we swung into our role of industry support. We were in day-to-day contact with the operators and coordinating with the provincial command center. We had to understand the local situation for the operators and ask for their specific information.”
From previous smaller forest fires, regulators and operators knew that there was actually little external fire danger to mine lands, if any. Given the wide, if ugly, swathes of cleared land around the processing plants, there was little external fire danger to those either.
Still, regulators gave a general, but not blanket, emergency authorization for operators to build berms around their properties without having to file permits in advance. Actions would be reviewed afterward for environmental and safety compliance.
“The oil sands companies had better fire breaks than the towns themselves,” said Cutbush of Aon Benfield.
In addition to homes and two hotels, the wildfire destroyed three camps used by subcontractors to house oil and gas workers, which should be covered under property policies. Other direct damage from fire and smoke should also be among the covered commercial claims, he said.
Remarkably, no deaths were directly attributable to the fires.
Ethan Bayne, chief of staff for the Provincial Wildfire Recovery Task Force, said the area was “lucky the fire spared major elements of the region’s infrastructure. That includes the major hospital, the water treatment facilities and the airport.”
He credited local officials and industries, notably the oil sands producers, with being responsive and responsible. “The province ran an operations command center for the fire response. In the event, private fire apparatus from industry were deployed.”
In all, about 40,000 claims have been filed from wildfire that began May 1 and was finally declared under control on July 5.
It was the costliest insured wildfire on record in North America, and the costliest insured natural catastrophe in all of Canada, according to PCS, resulting in about double the claims filed after the 2013 floods in Southern Alberta.
Standard & Poors reported that primary insurers “generally have sufficient available reinsurance coverage, adequate capital adequacy, and enough group-level support (for certain subsidiaries) to absorb the losses. However, insurers with a smaller premium base and more concentrated or outsize exposure to Alberta could face some strain and their ratings may come under pressure.”
A number of insurance-linked securities funds were also hit by losses from the wildfire, but it’s unclear as to the extent.
While fires continue to burn — there are forest fires all summer, every summer, in Canada and the U.S. — the focus in and around Fort McMurray has shifted firmly to recovery.
In the near term, the commercial focus is on rebuilding and restoration of the temporary housing needs to get business and industry back to capacity.
The IBC coordinated an effort by 40 or so underwriters handling claims to arrange a single contractor to demolish and clear damaged structures in the area.
The Alberta Energy Regulator recovery team is working with operators on start-up operational plans while monitoring regional air quality to ensure there is no risk to public safety or the environment, according to the agency.
Fewer than 1,000 of the nearly 90,000 people evacuated have returned following the lifting of the provincial state of emergency.
“From previous wildfires we have learned, unfortunately, that recovery is not quick and it is not linear,” said Bayne. “There are unforeseen and unforeseeable complications and delays.”
Fort McMurray is accustomed to boom and bust cycles, Bayne said, “but what we are facing now is a scale never before seen.”
“At the peak boom time of the oil sands development, the region saw 600 homes completed in a year. But even if we can repeat that, it would take more than three years to rebuild 1,900 homes. The short-term housing need is already being addressed.”
He added that the first milestone in provincial recovery will be a formal recovery plan due to be released in the middle of September. It will include preliminary assessments of the incident, and also a first look at major needs for recovery.
“I cannot emphasize enough our thanks and appreciation of the oil sands industry, the indigenous communities, and the Red Cross,” said Bayne. “Our role has just been to coordinate the work they have done with the regional municipalities.” &
Hot Hacks That Leave You Cold
Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.
“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”
Phishing Out Fraud
According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.
“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”
According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”
On the flip side, behavior also helps determine the best course of action to prevent phishing.
“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”
Lee stressed that phishing can affect employees at all levels.
“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”
Locking Down Ransomware
Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.
“These events are happening, and businesses aren’t reporting them,” Lee said.
In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.
After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.
Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.
“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”
And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”
The Future of Cyber Liability
According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”
“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”
About Nationwide’s Cyber Solutions
Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.
Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.