Risk Management

The Profession

Q&A with Kurt Leisure, vice president of risk services with The Cheesecake Factory Inc.
By: | February 18, 2014 • 4 min read
R2-14p102_Profession.indd

R2-14p102_Profession.inddIn 2014, Risk & Insurance® will be featuring Q&As with risk management professionals. Our first installment is with Kurt Leisure, who serves as the vice president of risk services with The Cheesecake Factory Inc.

R&I: What was your first job?

I sold life and disability insurance as my first job. It was financially lucrative but the cold call sales were a challenge for me and I wanted to be on a different side of the business.

R&I: How did you come to work in risk management?

I was working in the benefits department of a large restaurant company (not The Cheesecake Factory) and was asked if I wanted to make sense out of the company’s workers’ compensation and liability claims. At the time, the company viewed these claims as an unmanageable cost of the business. I jumped into the claims to better understand what was driving them, then initiated safety programs to prevent the claims. There was an immediate impact and the company added risk management to my title. As the business grew, I eventually dropped my benefits responsibilities and focused on the risk side of the business.

R&I: What about the profession of risk management do you find the most fulfilling or rewarding? 

This industry brings new daily challenges and I am exposed to almost every part of our business because there is a certain level of risk in everything. With the push to technology, and the speed at which technology is advancing, it is a constant challenge to keep up with the new risks that are emerging in this area. I love the challenge and am very motivated by my desire to identify and mitigate risk.

R&I: What is the risk management community doing right? 

I have been in the risk management profession for 26 years and am excited to see this profession emerge as a recognized profession that companies value.

R&I: What could the risk management community be doing a better job of? 

There are not enough universities that offer risk management programs. This makes it difficult for the industry to recruit from colleges and universities because students have not been exposed to the profession as part of their curriculum.

R&I: What emerging commercial risk most concerns you? 

Cyber risk and the ability of businesses to protect the public’s confidential information.

R&I: Who is your mentor and why?

Matt Clark, senior vice president of Strategic Planning for The Cheesecake Factory Inc. He understands enterprise risk management and allows me the flexibility to apply innovation to my risk programs. This support and Matt’s strategic vision has allowed us to drive our results in a positive way.

R&I: What have you accomplished that you are proudest of? 

I love to drive innovation and constantly push my staff to develop new programs and “pioneer” a solution that no one has thought of. I am also very passionate about risk management and am very visible in the Los Angeles RIMS chapter as well as other industry risk management forums.

R&I: What do your friends and family think you do?

I have a 5- and 3-year-old that consistently ask me what flavor of cheesecake I baked. The rest of my family and friends love having me over so they can hear about the latest crazy claim I have been working on. Most people who know me have a general understanding of what I do, but have no idea how many different pieces of the job there are.

R&I: What is your favorite book or movie? 

My current favorite book is called “Start With Why” by Simon Sinek. I love reading about great companies and leaders and what allows these companies to survive over time. The Cheesecake Factory falls into this category and our leadership team consistently understands why we exist and what place we have in the restaurant industry.

R&I: What is the most unusual/interesting place you have ever visited? 

The Crater Lake area in Southern Oregon is fascinating to me. It is the deepest lake in Oregon and not a spot that a lot of people have visited.

R&I: What is the riskiest activity you ever engaged in?

On my 40th birthday I rode a mountain bike down Mammoth Mountain (in the summer) with absolutely no safety gear at all — it was a spontaneous adventure. I ended up hitting a non-visible tree stump and cracked some ribs. I don’t always practice what I preach.

R&I: If the world has a modern hero, who is it and why? 

Jeff Bezos, the founder of Amazon. He launched e-commerce and has truly changed the way consumers shop.

The R&I Editorial Team may be reached at [email protected]
Share this article:

Aviation Woes

Coping with Cancellations

Could a weather-related insurance solution be designed to help airlines cope with cancellation losses?
By: | April 23, 2014 • 4 min read
02282014Airlines

Airlines typically can offset revenue losses for cancellations due to bad weather either by saving on fuel and salary costs or rerouting passengers on other flights, but this year’s revenue losses from the worst winter storm season in years might be too much for traditional measures.

At least one broker said the time may be right for airlines to consider crafting custom insurance programs to account for such devastating seasons.

For a good part of the country, including many parts of the Southeast, snow and ice storms have wreaked havoc on flight cancellations, with a mid-February storm being the worst of all. On Feb. 13, a snowstorm from Virginia to Maine caused airlines to scrub 7,561 U.S. flights, more than the 7,400 cancelled flights due to Hurricane Sandy, according to MasFlight, industry data tracker based in Bethesda, Md.

Advertisement




Roughly 100,000 flights have been canceled since Dec. 1, MasFlight said.

Just United, alone, the world’s second-largest airline, reported that it had cancelled 22,500 flights in January and February, 2014, according to Bloomberg. The airline’s completed regional flights was 87.1 percent, which was “an extraordinarily low level,” and almost 9 percentage points below its mainline operations, it reported.

And another potentially heavy snowfall was forecast for last weekend, from California to New England.

The sheer amount of cancellations this winter are likely straining airlines’ bottom lines, said Katie Connell, a spokeswoman for Airlines for America, a trade group for major U.S. airline companies.

“The airline industry’s fixed costs are high, therefore the majority of operating costs will still be incurred by airlines, even for canceled flights,” Connell wrote in an email. “If a flight is canceled due to weather, the only significant cost that the airline avoids is fuel; otherwise, it must still pay ownership costs for aircraft and ground equipment, maintenance costs and overhead and most crew costs. Extended storms and other sources of irregular operations are clear reminders of the industry’s operational and financial vulnerability to factors outside its control.”

Bob Mann, an independent airline analyst and consultant who is principal of R.W. Mann & Co. Inc. in Port Washington, N.Y., said that two-thirds of costs — fuel and labor — are short-term variable costs, but that fixed charges are “unfortunately incurred.” Airlines just typically absorb those costs.

“I am not aware of any airline that has considered taking out business interruption insurance for weather-related disruptions; it is simply a part of the business,” Mann said.

Chuck Cederroth, managing director at Aon Risk Solutions’ aviation practice, said carriers would probably not want to insure airlines against cancellations because airlines have control over whether a flight will be canceled, particularly if they don’t want to risk being fined up to $27,500 for each passenger by the Federal Aviation Administration when passengers are stuck on a tarmac for hours.

“How could an insurance product work when the insured is the one who controls the trigger?” Cederroth asked. “I think it would be a product that insurance companies would probably have a hard time providing.”

But Brad Meinhardt, U.S. aviation practice leader, for Arthur J. Gallagher & Co., said now may be the best time for airlines — and insurance carriers — to think about crafting a specialized insurance program to cover fluke years like this one.

Advertisement




“I would be stunned if this subject hasn’t made its way up into the C-suites of major and mid-sized airlines,” Meinhardt said. “When these events happen, people tend to look over their shoulder and ask if there is a solution for such events.”

Airlines often hedge losses from unknown variables such as varying fuel costs or interest rate fluctuations using derivatives, but those tools may not be enough for severe winters such as this year’s, he said. While products like business interruption insurance may not be used for airlines, they could look at weather-related insurance products that have very specific triggers.

For example, airlines could designate a period of time for such a “tough winter policy,” say from the period of November to March, in which they can manage cancellations due to 10 days of heavy snowfall, Meinhardt said. That amount could be designated their retention in such a policy, and anything in excess of the designated snowfall days could be a defined benefit that a carrier could pay if the policy is triggered. Possibly, the trigger would be inches of snowfall. “Custom solutions are the idea,” he said.

“Airlines are not likely buying any of these types of products now, but I think there’s probably some thinking along those lines right now as many might have to take losses as write-downs on their quarterly earnings and hope this doesn’t happen again,” he said. “There probably needs to be one airline making a trailblazing action on an insurance or derivative product — something that gets people talking about how to hedge against those losses in the future.”

Katie Kuehner-Hebert is a freelance writer based in California. She has more than two decades of journalism experience and expertise in financial writing. She can be reached at [email protected]
Share this article:

Sponsored: Liberty International Underwriters

Cyber: The Overlooked Environmental Threat

Environmental businesses often don't see themselves as a target, but their operations are just as vulnerable to the threat of an industrial cyber attack.
By: | August 3, 2016 • 6 min read
LIU_SponsoredContent

“Cyber breach” conjures fears of lost or ransomed data, denial of service, leaked corporate secrets and phishing scams.

But in a world where so many physical operations are automated and controlled by digital technologies, the consequences of cyber attacks extend far beyond the digital realm to include property damage, bodily injury, and even environmental pollution.

Industrial companies that deal with hazardous materials — like power plants, refineries, factories, water treatment facilities or pipelines — are heavily dependent on automated technology to maximize their efficiency. Other sectors use technology to control HVAC systems, power and utilities, placing their properties at risk as well.

Cyber risks like theft of personally identifiable data have been highly publicized in recent years, but physical risks like pollution sparked by a cyber breach may not be as obvious.

“It’s significant to lose 100,000 customers’ Social Security numbers,” said William Bell, Senior Vice President, Environmental, Liberty International Underwriters, “but can you imagine if a waste treatment facility’s operations get hacked, gates open, and thousands of tons of raw sewage go flowing down a local river?”

In many industrial complexes, a network of sensors gathers and monitors data around machinery efficiency and the flow of the materials being processed. They send that information to computer terminals that interpret the data into commands for the hardware elements like motors, pumps and valves.

This automation technology can control, for example, the flow of pipelines, the level of water or waste held in a reservoir, or the gates that hold in and control the release of vast quantities of sewage and other process materials. Hackers who want to cause catastrophe could hijack that system and unleash damaging pollutants.

And it’s already happened.

In 2000, a hacker caused 800,000 liters of untreated sewage to flood the waterways of Maroochy Shire, Australia. In 2009, an IT contractor, disgruntled because he was not hired full-time, disabled leak detection alarm systems on three off-shore oil rigs near Long Beach, Calif.

Just last year, cyber attackers infiltrated the network of a German steel mill through a phishing scam, eventually hacking into the production control system and manipulating a blast furnace so it could not be shut down. The incident led to significant property damage.

According to a leading industrial security expert and executive director of the International Society of Automation, “Today’s operational technologies—such as sensors, SCADA systems, software and other controls that drive modern industrial processes—are vulnerable to cyber attack. The risk of serious damage or compromise to power and chemical plants, oil and gas facilities, chemical and water installations and other vital critical infrastructure assets is real.”

“The hacks could come from anywhere: a teenager looking for entertainment, a disgruntled worker, or more sophisticated criminals or terrorists,” Bell said. “There are certainly groups out there with political and ideological motivations to wreak that kind of havoc.”

LIU_SponsoredContent“We are working to bring the cyber component of environmental risk to the forefront. Cyber security is not just an IT issue. Industry executives need to be aware of the real-world risks and danger associated with an industrial cyber attack as well as the critical differences between cyber security and operational technology security.”

— William Bell, Senior Vice President, Environmental, Liberty International Underwriters

The cleanup cost of an environmental disaster can climb into the hundreds of millions, and even if a cyber breach triggered the event, a cyber policy alone will not cover the physical and environmental damage it caused.

The risk is even more pointed now, as resource conservation becomes increasingly important. Weather related catastrophe modeling is changing as both flooding and drought become more severe and frequent in different regions of the U.S. Pollution of major waterways and watersheds could have severe consequences if it affects drinking water sources, agriculture and other industrial applications that depend on this resource.

Managing the Risk

LIU_SponsoredContentUnfortunately, major industrial corporations sometimes address their environmental exposure with some hubris. They trust in their engineers to remove the risk by designing airtight systems, to make a disaster next to impossible. The prospect of buying environmental insurance, then, would be superfluous, an expression of doubt in their science-backed systems.

Despite the strongest risk management efforts, though, no disaster is 100 percent avoidable.

“We are working to bring the cyber component of environmental risk to the forefront,” Bell said. “Cyber security is not just an IT issue. Industry executives need to be aware of the real-world risks and danger associated with an industrial cyber attack as well as the critical differences between cyber security and operational technology security.”

The focus on network security and data protection has distracted industry leaders from strengthening operational technology security. Energy, manufacturing and other industrial sectors lack best practice standards when it comes to securing their automated processes.

After the Homeland Security Act of 2002, the Department of Homeland Security began comprehensive assessments of critical infrastructure’s cyber vulnerability, working with owners and operators to develop solutions. It also offers informational guides for private companies to do the same. The National Institute of Standards and Technology also continues work on its cyber security framework for critical infrastructure. Although this helps to establish some best practices, it does not completely mitigate the risk.

Many businesses don’t see themselves as a target, but they need to look beyond their own operations and property lines. They could be an attractive target due to their proximity to densely populated areas or resources such as waterways and highways, or nationally or historically significant areas. The goal of a cyber terrorist is not always to harm the target itself, but the collateral damage.

The Role of Insurance

LIU_SponsoredContent“Environmental liability is still by and large viewed as a discretionary purchase,” Bell said, “but the threat of a cyber attack that can manipulate those systems and ultimately lead to a pollution incident is added incentive to buy environmental coverage.”

Liberty International Underwriters’ environmental coverage could respond to many pollution conditions set off by a cyber breach event.

“Property damage, bodily injury and cleanup of any pollution at or emanating from a covered property would likely be taken care of,” Bell said. “The risk is not so much the cyber exposure but the consequence of the attack. The resulting claims and degradation to the environment could be severe, especially if the insured was a target chosen because of their unique position to have a large effect on the local population and environment.”

LIU also offers dedicated Cyber Liability insurance solutions designed to manage and mitigate the cost of responding to a cyber attack and any resultant loss of data and associated liability. Coverage includes proactive data breach response services designed to help organizations comply with regulatory requirements and prevent data breaches.

LIU’s loss control managers are also on hand to conduct assessments of insureds’ properties and facilities to examine potential environmental impacts. They can educate brokers on the importance of enhancing cyber security to prevent an environmental accident in the first place.

“People are relying more and more on their systems, automaton is increasing, and the risk is growing,” Bell said. “We’re all focused on protecting data, but the consequences of a cyber breach can be much farther reaching than data alone.”

To learn more about Liberty International Underwriters’ environmental coverages and services, visit www.LIU-USA.com.

Liberty International Underwriters is the marketing name for the broker-distributed specialty lines business operations of Liberty Mutual Insurance. Certain coverage may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds. This literature is a summary only and does not include all terms, conditions, or exclusions of the coverage described. Please refer to the actual policy issued for complete details of coverage and exclusions.

SponsoredContent
BrandStudioLogo
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty International Underwriters. The editorial staff of Risk & Insurance had no role in its preparation.

Advertisement




LIU is part of the Global Specialty Division of Liberty Mutual Insurance.
Share this article: