Risk Insider: Joe Tocco

Expanded Canal Creates Greater Opportunities … and Risks

By: | July 6, 2016 • 2 min read
Currently Chief Executive of the Americas for XL Catlin’s insurance operation, Joe Tocco has enjoyed three decades in the insurance industry at various organizations. He is also a veteran of the U.S. Navy, where he served as a nuclear field service engineer. He can be reached at [email protected]

An international consortium of companies built a new third lane and set of locks at the Panama Canal that doubles its capacity.

Like other massive infrastructure projects, the expansion effort faced an assortment of challenges. Nonetheless, on June 26, the Chinese container ship Costco Shipping Panama became the first vessel to pass through the new third lane; its name was changed to respect the honor of being the first “New Panamax”-sized ship to transit the canal.

Building Bridges

Doubling the capacity of the Panama Canal should increase trade flows between Asia and the Americas, as well as between Latin America and North America.

For example, about 10 percent of the Asia-to-U.S. container traffic could shift from the West Coast to the East Coast by 2020. A larger Panama Canal also offers an attractive alternative for shipping bulk commodities from the U.S. heartland to Asia via the Mississippi River.

For starters, bigger ships mean more accumulation risk. It’s estimated that the additional cargo moving through the canal each day will be worth about $1.25 billion. And that figure doesn’t include the vessels queuing at both ends of the canal.

And as natural gas production has surged in the U.S., producers are looking to develop new markets in Asia; an expanded Panama Canal could help facilitate that.


For Latin America, the canal’s greater capacity could lead to increased deliveries of agricultural and other products to Asia. Similarly, we could soon see more shipments of perishable products like meat and fish, fresh produce and cut flowers from Latin America to North America.

A More Complex Risk Landscape

Doubling the canal’s capacity will also alter the risk landscape in Panama and elsewhere.

For starters, bigger ships mean more accumulation risk. It’s estimated that the additional cargo moving through the canal each day will be worth about $1.25 billion. And that figure doesn’t include the vessels queuing at both ends of the canal.

Operational risks at the canal are also potentially greater. In the original locks, electric locomotives on the lock walls pull the vessel along. In the new third lane, tugs positioned fore and aft will escort ships through the locks.

While canal pilots and tugboat captains have undergone extensive training, concerns have been expressed about the possibility of a tug losing control of the tow, resulting in damage to the lock as well as the ship. The maneuverability of the tugs selected for this task has also been questioned.

Given the Panama Canal’s prominent role in today’s supply chains, the impacts of an incident that takes the third lane offline would ripple quickly through the global economy, especially if the shutdown is protracted. Latin American companies shipping perishable products to North America, for example, could be especially affected by such an event.

Ports that have expanded, or are being expanded, to handle New Panamax (and larger) vessels also face greater accumulation and operational risks. And for ports on the East Coast of the U.S., the risks are amplified by the ongoing threat posed by hurricanes.

While it is too soon to determine how this expansion effort will reverberate throughout the Americas and across the globe, the canal should nonetheless continue to play a significant part in the ongoing march to a smaller world and a larger global economy.

Share this article:

Supply Chain Risks

Driving Blindfolded

Many small and mid-size businesses underestimate their exposure to supply chain disruption.
By: | April 4, 2016 • 5 min read

Last November, a global study of 3,000 small and mid-size enterprises (SMEs) found that only one in seven SMEs think their business would be significantly affected if they lost their main supplier.


Overall, 39 percent of SMEs consider themselves at risk from the loss of their main supplier, yet 55 percent believe it would not influence their day-to-day business.

Meanwhile, the “2015 Supply Chain Resilience Study” by Zurich and the Business Continuity Institute (BCI) found that while 74 percent of companies experienced at least one supply chain disruption in the last year, only half of those disruptions were known to originate from Tier 1 (immediate) suppliers, and 72 percent of respondents admitted they did not have full visibility into their supply chain.

“Supply chain risk is a blind spot for a lot of organizations.” — Karl Bryant, senior vice president at Marsh Risk Consulting

“This makes us believe that SMEs probably underestimate their supply chains risk exposure, and we urge them to reassess this,” said Nick Wildgoose, Zurich’s global supply chain product leader. He added that visibility and resilience along supply chains are major sources of competitive advantage.

BCI warned that organizations could be “driving blindfolded into a disaster.”

Companies at most risk are those reliant on “sole source” suppliers — one-of-a-kind manufacturers whose components are either of unique quality or are unavailable elsewhere in the market.

In today’s lean manufacturing era, fewer companies keep spare inventory, so if a critical component ceases to be available it can quickly prevent a company from producing its core product or service, leading to lost revenue, diminished service, dissatisfied customers and, in extreme cases, business closure.

Lurking Risks

Supply chain risk lurks in many forms. According to the BCI, IT and telecoms outages, adverse weather, and for the first time, cyber attacks/data breaches are

Karl Bryant, senior vice president, Marsh Risk Consulting

Karl Bryant, senior vice president, Marsh Risk Consulting

the top three causes of supply chain disruption. Another emerging risk is “business ethics,” which placed in the top 10 for first time.

“Supply chain risk is a blind spot for a lot of organizations,” said Karl Bryant, senior vice president at Marsh Risk Consulting.

Complacency that suppliers have everything under control can be a problem, said

Ken Katz, property risk control director at Travelers.

“When a risk exists outside your own four walls and you are focusing on your core business there is reduced visibility to the potential destruction it can cause,” Katz said.

To make matters worse for SMEs, smaller companies are likely to feel the effects of a supply shortage first as suppliers will invariably prioritize their biggest accounts if outflow is reduced.

R4-16p64-65_7SME.inddAn obvious risk mitigation strategy is to have a stockpile of spare inventory, but such an approach is not popular in these austere times.

“I’d love to see companies with six months’ supply, or matching supply against their expected downtime and their assets, but that’s a losing battle — no one wants inventory these days,” said Bryant.

Former RIMS President Rick Roberts, director of risk management and employee benefits at Ensign-Bickford Industries (EBI), said supply chain disruption is a “huge issue. People who’ve never had a problem often sit back and don’t pay much attention, but up-front work is critical because when a problem hits it can be major.”

Roberts, whose company is both a customer and supplier, said some of EBI’s customers require his company to keep a number of months’ worth of supply as inventory as part of their agreement. However, few SMEs have the leverage to wield this kind of influence.

Risk Assessment

To fully understand their supply chain exposures, Bryant suggested SMEs conduct a “value segmentation” exercise, identifying mission-critical areas of their

Ken Katz, property risk control director, Travelers

Ken Katz, property risk control director, Travelers

business, such as those that generate the highest margins or growth.

Then, Katz said, they should conduct a “business impact analysis,” simulating the repercussions of vital components being undeliverable.

It is also essential for SMEs to get to know their suppliers’ finances and quality of work as best they can, he said.

Bryant said that companies should compile a matrix of their supply chain in as much detail as possible, including suppliers of suppliers, and if possible, the exposure of suppliers’ plants and operations (as opposed to regional offices) to natural catastrophe such as flood or earthquake.

SMEs should ask all their suppliers what business continuity plans and insurance they have in place, and get clarity on exactly how they will be treated should the supplier run into problems.


However, warned Bryant: “It can take a lot of man hours to send out questionnaires, follow up on them and pull the information together in a meaningful way, and many smaller companies don’t have the resources to invest in that kind of process.”

Nevertheless, this is information that empowers risk managers to make informed continuity plans. This could include, for example, finding alternative single source suppliers or new methods of production in case a sole source supplier fails to deliver, or even potentially acquire that supplier to ensure it stays in business.

There must also be a communications strategy for dealing with clients and negotiating delays. “You need a good explanation that is more sophisticated than ‘we can’t help you, I’m sorry’,” said Bryant.

Rick Roberts, director of risk management and employee benefits, Ensign-Bickford Industries

Rick Roberts, director of risk management and employee benefits, Ensign-Bickford Industries

Continuity planning, he said, requires a coordinated approach between risk and operational departments to ensure that gathered data is optimally leveraged. According to the BCI, only 54 percent of SMEs currently have a business continuity plan, compared to 74 percent of large organizations.

It also found that nearly six in 10 SMEs don’t insure losses from supply chain disruption, even though contingent business interruption (CBI) insurance would compensate for lost revenues during a supply problem.

This usually applies only to an insured’s first tier of suppliers, and can only be acquired if the SME has business interruption coverage.

Roberts would like to see more insurers extend coverage to second tier suppliers. “It can be expensive, and you can’t always see the benefits of being proactive — but when you get hit with a loss you’ll wish you had been prepared.” &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]
Share this article:

Sponsored Content by Nationwide

Hot Hacks That Leave You Cold

Cyber risk managers look at the latest in breaches and the future of cyber liability.
By: | October 3, 2016 • 5 min read

Nationwide_SponsoredContent_1016Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.

“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”

Phishing Out Fraud

According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.

“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”

According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”

On the flip side, behavior also helps determine the best course of action to prevent phishing.

“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”

Lee stressed that phishing can affect employees at all levels.

“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”

Locking Down Ransomware

Nationwide_SponsoredContent_1016Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.

“These events are happening, and businesses aren’t reporting them,” Lee said.

In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.

After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.

Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.

“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”

And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”

The Future of Cyber Liability

According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”

“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”

About Nationwide’s Cyber Solutions

Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.

Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.

Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.



This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.

Nationwide, a Fortune 100 company, is one of the largest and strongest diversified insurance and financial services organizations in the U.S. and is rated A+ by both A.M. Best and Standard & Poor’s.
Share this article: