Humans have an automatic, natural mechanism that causes us to tune out the ordinary and to focus on the unusual. While that may help us see the uniqueness in the world, it might also work against us when it comes to risk management.
The newest emerging risk might be the next thing to cause an impairment-level loss, but it is much more likely that the next big loss will come from a more longstanding “presenting” risk that has been on our risk registers for years.
So here is one way to shake us out of that complacency. We took a list of over 50 risks commonly found on insurer risk registers, and asked over 100 insurance industry professionals involved in the risk management programs of their companies “Which risks present the most danger to your firm in 2017?” The definition of “danger” was left to the individual responding.
This ranking can serve as a method to challenge your risk management priorities for the coming year. Here are the responses:
Top 10 most dangerous risks
1. Cybersecurity/cybercrime (operational risk)
The top risk encompasses insufficient cybersecurity measures that lead to data/privacy breach, loss of records, or other event due to a hack/virus, stolen/lost device, phishing attack, etc. These problems may be caused by malicious outsiders combined with poor design or execution of security. They may lead to a significant cost to remedy, repair and/or recover as well as reputational damage that could lead to loss of customers.
This risk has been a high concern over the past several years and most recently has been prominent in the news. Since insurance is such a data driven business, cybersecurity is seen as a particularly sensitive area for insurers. Many boards are very concerned about cybercrime, which helped elevate this to be the most dangerous risk.
2. Pricing and product-line profit (insurance risk)
The risk arising from the exposure to financial loss from transacting insurance and/or annuity business where costs and liabilities experienced in respect of a product line exceeds the expectation in pricing the product line. Newer product lines experience losses due to the high expenses of operating an under-scale business.
Insurers are always worried about their pricing and profitability; and the market price is not always correct. There is a persisting temptation to label a jump in claims as a temporary aberration or to cut rates to increase sales. Pricing and product-line profit issues are predominantly a higher-frequency and lower-severity risk. Current conditions related to excess capacity as well as fairly benign experience have in the past foreshadowed periods of problems here. And history tells us that the three years of aggregate industry profit (2013 – 2015) were very unusual, so that favorable trend is likely to end sooner or later.
3. IT / systems / technology gap (operational risk)
When technology initiatives are not successful and/or the technology required to meet business objectives is not available, the firm risks missing client expectations. System downtime and responsiveness are also major risks. Some insurers’ technology infrastructure relies on one primary vendor which could fail. Operational needs could, in the future, exceed the existing IT infrastructure.
Many insurers are struggling with this risk. They are committing major financial resources to systems upgrades, but fear that they will still be behind the times when the upgrade project is completed. Insurers are very highly dependent on their tech platform to make the business work and see this as a do-or-die issue.
4. Competition (strategic risk)
The risk of the insurer’s relative market position being impacted by strategic advances of other companies in the same markets. Those strategies might include recruiting of company brokers and agents, an offering of a new product or benefit design or simply cut-rate pricing.
This risk exists for all businesses, but insurers are particularly at risk because of low barriers to entry in many parts of the business. This risk is correlated with the pricing and product-line profit risk (number 2 above) and is driven by the same factors.
5. Underwriting (insurance risk)
The risk of losses from selection and approval of risks to be insured, or the inappropriate application of underwriting rules to risks being insured. These losses may also arise if the underwriting rules are inappropriate for some situations or if they are less specific than may be needed to result in good underwriting discipline.
Underwriting is the fundamental first skill that is needed for an insurer to succeed. The fact that it turns up here, as the fifth of the top 10 most dangerous risks speaks to how incredibly difficult it is to get underwriting right year after year.
6. Legislative & regulatory (operational risk)
The risk of loss associated with non-compliance with laws, rules, regulations, prescribed practices or ethical standards within jurisdiction of operation.
Ripple effects from the 2016 national elections are expected to potentially impact the way that insurers are regulated and taxed at both the state and federal level. The Federal impact on insurance regulation may diminish; the ACA will doubtless change, but how by much and just how quickly is not yet known. Those changes will have a profound impact on health and workers’ compensation insurers.
7. Investment market risk (investment risk)
The risk of loss from fluctuations in the value of invested assets. Most prevalent with equity investments, there is also a market-value risk for any security that needs to be sold when its market value is temporarily or permanently depressed.
The massive investment losses from the 2008 financial crisis are still clear memories for insurance executives. Today’s stock market is breaking records on the way up and the Federal Reserve talked about possibly raising rates three times next year. Brexit fuels uncertainty in international markets as well.
8. Strategic direction / opportunities missed (strategic risk)
The risk of not having an effective and efficient strategic planning process and culture to achieve important business objectives, which can result in too many major decisions reached on an ad-hoc basis without sufficient consideration of costs, benefits and alternatives. The opportunity cost of missing major initiatives due to the lack of effective foresight and planning is real.
Strategy is another top 10 risk that applies to all businesses. Strategy is easy to ignore in the heat of day-to-day businesses. That is why, for example, companies that are serious about planning take their executives away from the work environment and ban smart phones for much of their planning session.
9. Natural catastrophe (insurance risk)
Major storms including hurricanes, tornadoes and hail storms can cause intense insured losses in a concentrated or even sometimes a wide area. Earthquakes are also a threat.
After the storms in 2005 and 2006 had many talking about a new, more intense regime for gulf windstorms, almost 10 years passed without another major storm. As a result, many in the industry feel that we are “due.” The same can be said for earthquakes, but their “due” may translate into sometime in the next lifetime and not necessarily within a decade.
10. Emerging risks (unknown type of risk)
The term “emerging risks” encompasses the risk of loss from types of events that are not currently on the risk register because they have never happened before, or because they are considered extremely unlikely. These may be “unknown unknowns” or black-swan type risks.
Emerging risks are the 10th most dangerous risk according to the insurance risk managers we polled. We do not yet know what this will be but something not fully anticipated will cause us major harm in 2017. Willis Towers Watson asked associates from throughout the company to name the emerging risks they foresee in 2017 (Coming soon).
Bottom 10 risks
This survey also revealed that there are some risks that are not thought to be particularly dangerous at the current time. That may be because these risks are felt to be very well mitigated such as liquidity, or because of favorable situations such as the availability of reinsurance and reinsurer credit, which are both highly influenced by higher levels of reinsurer capital or because losses from these risks are just not thought to be significant enough to be a danger such as bad-faith claims.
Here are the ten least dangerous risks for 2017:
- Activist shareholders
- Availability of reinsurance
- Bad faith claims
- Billing and collection
- Consolidation of clients
- Employee safety
- General liability
- Reinsurer credit
- Self insurance — Changing demand
These 10 risks are, like all of the 50 plus risks that were included in this poll, actually on individual insurer’s risk registers as one of their top risks. Perhaps those insurers’ situations are different from the experience of the over 100 insurance risk management professionals who took this poll. Or perhaps they should consider reducing the priority of their risk management efforts regarding these risks.
What can you do with this information?
First, you can check to see if any of the top-ten risks are missing from your risk register. Or if any of the bottom ten are being given high priority.
But then, you should do your own thinking about what is dangerous. Take a fresh look at your top risks and decide if priorities should be shifted within your risk management and reporting system.
The real risk environment is constantly changing. Every company should regularly reassess its risk management priorities in the light of those changes. Don’t let your risk management get so stale that you start to tune it out!
Click here to learn more about comprehensive cybersecurity from Willis Towers Watson.