Changing the conversation on risk in the aviation industry

The aviation industry in Asia has changed dramatically in the past 20 years, and so has the nature of the risks it has to navigate.

Adapted from the keynote speech at Willis Towers Watson’s 2017 aviation conference in Singapore on March 8

In 2000, carriers in the Asia-Pacific region moved 23% of the world’s passengers; today, they move 35%. According to IATA, China will displace the U.S. as the world’s largest aviation market in 2024—in seven short years.

In 2006, low-cost carriers controlled about 5% of available seat miles in Asia; that proportion is now 20%.

The question the insurance industry should be asking itself is: “Have we kept up with this rapid pace of change?”

Risk Index

‘Digital vulnerability’ and ‘geopolitical insecurity’ were the top 2 areas of risk in last year’s Transportation Risk Index

Late last year, we published the Transportation Risk Index, a window in to the risk perceptions of 350 of the industry’s more senior transport executives from land, sea and air.

We commissioned the Index to identify the global threats to businesses in the next decade and to help those companies measure their approach to risk relative to their peers. For the insurance industry, we hoped to identify the gap between the existing coverage and market demand.

Participants were surveyed about their attitudes to 50 specific risks across five megatrends:

  • Geopolitical instability and regulatory uncertainty
  • Talent management and the complexities of a global workforce
  • Complex operating models in an interconnected world
  • Digital vulnerability and rapid technological advancement
  • Changing market dynamics and business model insecurity

In-depth interviews were then conducted with executives from each mode of transport to gain deeper insights into the challenges.

The Transportation Risk Index was fourth in a series; similar studies were undertaken for technology, media & telecoms, natural resources and financial institutions. While each industry has a unique risk profile, we found common themes: All these industry groups rated ‘digital vulnerability’ and ‘geopolitical insecurity’ as their top 2 areas of risk.

Transportation executives in Asia and Australasia, however, rated the potential severity of the business impact from those risks significantly higher than their peers in the other industries, suggesting they believed their region and line of work to be uniquely exposed.

The digital threat

Increased digitalisation also raises the risk of organisations being left behind

The relentless march of technology has created cybersecurity risks across industries; data theft, network downtime and the associated penalties are very real threats to business in the digitalised world, with broad technical, financial, operational and reputational consequences.

Increased digitalisation also raises the risk of organisations being left behind: They now need to integrate their people and technologies intelligently to stay ahead of the advancing technology curve.

Geopolitical risk

Our world is currently undergoing a process of fragmentation. News headlines are dominated by American unilateralism, Asian nationalism and a Europe that is slowly closing its doors. Navigating a shifting social and political landscape is a constant challenge. Terrorism, war, sanctions, protectionism, fluctuating political allegiances and commercial alliances all pose additional risks to businesses across industries.

Feedback from the Index tells us that the regulatory responses to these threats can prove equally disruptive to business.

In Europe, the aviation industry is still grappling with the outcomes of Brexit:

  • Will the U.K. remain a member of the European Aviation Safety Agency?
  • Will European skies stay open?
Regulators will have the ability to enforce fines of up to €20 million, or 4% of global turnover

Elsewhere, President Trump’s withdrawal from the Trans-Pacific Partnership means that airlines must prepare for trade friction to impact upon global supply chains; any consequent slowdown in global growth will have an impact on travel volumes that will not be confined by borders.

The impact of some new regulations will have similar disregard for national sovereignty. For example, the legislation inherent in European General Data Protection will come into effect in May next year and will apply to every company processing the personal data of E.U. citizens, not just those inside the E.U.

Regulators will have the ability to enforce fines of up to €20 million, or 4% of global turnover, whichever is greater. Penalties of this magnitude certainly will elevate decisions on regulatory risk to the boardroom.

Because today’s regulations are increasingly punitive with global reach, organisa­tions will need to ensure that their insurance programs are fit for purpose.

Connected risk

The products available are predominantly designed to transfer static, compartmentalised risks

A cursory examination of the nature of transportation risk in Asia explains why executives there have such an elevated risk profile.

The consequences of vulnerability are not compartmentalised in an environment where risks are all connected: Digital vulnerability can lead to regulatory scrutiny, which can hamper their ability to attract talent, which in turn undermines their business models.

And their ability to transfer any or all of that risk is uncertain.

In an era of increasingly connected risk and cascading consequences, the products available to them are predominantly designed to transfer static, compartmentalised risks. The opportuni­ty for insurers and brokers to align their portfolios with the increasingly intercon­nected nature of risk and forge more valuable partnerships with clients are significant.

Clearly, turning risk opportunities into a competitive advantage will require a different script. Frank discussions about the evolving nature of risk and how that impacts our clients’ businesses need to be the foundation of this new dialogue.

At a minimum, this will help us to better understand their challenges and opportunities and respond with solutions that reflect the increasingly dynamic risk landscape.

The pace of technological change

Modern commerce is compelling companies to depend on partners, systems, and supply and information chains that they may not have chosen, or even know exist

For organisations in the air-transport industry, the Index revealed that the top five individual risks were associated with digitalisation and the pace of technological change.

Innovation is accelerating at an unprecedented pace, facilitated by worldwide access to the Internet and smartphones, which have a significant impact on the distribution models deployed by airlines.

According to IATA, mobile-ticket bookings will increase threefold between by 2021. Robots are already guiding passengers through airports, and the Internet of Things promises to monitor everything from engine performance to passenger health.

Cyberattacks, data theft, IT failure and 3rd-party digital vulnerability are all risks that need to be mitigated by modern companies hoping to succeed in the digital age. In a connected world, the industry requires collective response.

Why? Because when an airline’s reservation system fails, the impact spreads beyond the customers to alliance partners, airport operators, retailers and, of course, everyone’s share­holders.

Like it or not, modern commerce is compelling companies to depend on partners, systems, and supply and information chains that they may not have chosen, or even know exist.

Every common platform we use exposes us to the strengths and weaknesses of every member of community that uses it. We share their appetite for risk, just as we share their ignorance of it.

The opportunity of risk

The challenge may seem daunting, but it’s important to remember that with each tech­nological advance two doors open: behind one is risk and the other opportunity.

For the aviation industry, technology has revolutionised how customers are attracted and retained:

  • Tickets are booked on apps
  • Boarding passes stored in online wallets
  • On-board Wi-Fi creates ancillary revenue
The industry now knows more about its customer base than ever before

These developments have also resulted in a data explosion: The industry now knows more about its customer base than ever before. The data creates a competitive advantage, allowing loyalty programmes to be tailored and ancillary sales to expand.

Invariably, as the good guys employ technology to improve business models and customer experience, the bad guys are waiting to exploit the vulnerabilities. Loyalty programmes are the latest targets of hackers; the risk-opportunity journey has come full circle.

Because the risk terrain is complex, any response has to be co-ordinated and come from the industry’s boardrooms to ensure it aligns with strategic corporate objectives.

Talent management, the skills that bind

90% of all cyber claims are the result of human error or behaviour

Technology may give us the information we need, but it is our people who turn that information into a competitive advantage. Today’s business leaders must be able to anticipate how technology can disrupt their business models, and the skill to mobilise their businesses for change. That means attracting and retaining the right talent.

Without the right people, cyber resilience may prove elusive. Most cyber losses stem from human failings, after all. Our data indicates that 90% of all cyber claims are the result of human error or behaviour. Hackers may have the knowledge to exploit vulnerable or weak systems once they’ve gained access to the network, but it is often the unwitting employee who allows them to do so.

It is estimated that global aviation systems face an average of 1,000 cyber-attacks each month, so connecting talent and workplace culture to cyber-risk vulnerability is imperative.

We believe that a strong employee culture and cyber-aware workforce are the first lines of defence against cyber risk. Our research indicates that companies who have suffered high-profile cyber incidents also have distinct cultural gaps.

Global aviation systems face an average of 1,000 cyber-attacks each month

Resilient companies measure the risk inherent in their employees’ behaviour and determine ways to mitigate this, ultimately building a cyber-smart workforce. By understanding culture and behavior, they focus on the areas of their business that are most vulnerable to employee-driven cyber incidents.

The inability to keep up with the pace of technological change – the 2nd highest-rated individual risk facing Asian aviation companies and 4th highest globally, according to the Index – is more than just a cybersecurity issue. People are the agent that binds corporate strategy to goal delivery.

As technology changes, the importance of retaining and retraining the associated skillsets to manage the systems, tools and assets will not diminish. Even robots will need programmers.

The battle for talent

Amidst the transition to automation, the digitalisation of business processes, the endless cascade of emerging technologies, shifting markets and consumer trends, the aviation industry’s biggest opportunity may lie in the competition for talent. According to Boeing, 2 million new aviation personnel will be required by 2035.

The aviation industry’s biggest opportunity may lie in the competition for talent

But if we believe the forecasts for the pace of technological change, many of these ‘jobs’ will be consumed by automation.

So the opportunity will lie not in how many people a company employs, but in the specific skills for which it competes. Those companies that have the market intelligence to align the skills of their workforces with emerging technology will have grasped a significant opportunity.

As new technologies change skill requirements — placing premiums and discounts on individual skillsets – smart companies will plan for these changes, identify gaps and solutions.

The hierarchical rise of the risk manager

Companies recognise they have to be more resilient to minimise operational disrup­tion and improve the ways in which they identify, evaluate and take risks to not only survive, but thrive.

The pace of change, the connectivity of risks, the impact of emerging technologies and the rise in global regulations have all played a role in promoting the risk manager to the boardroom. Today’s risk manager has risen up the corporate hierarchy simply because the task is more demanding than ever and the cost of failure has risen in line with the rewards for success.

As the outgoing Chief Executive of Airmic, John Hurrell, recently said,

Risk management is not just a question of compliance, but about achieving resilience and competitive advantage in a fast-changing world.

Some of today’s brightest business minds have succeeded by turning risk into opportunity. Mark Zuckerberg, founder and CEO of Facebook, believes that the biggest risk anyone can take is, in fact, choosing to not take risks!

Modern risk managers increasing have to address risks atypical to their normal operations

Facebook has come a long way from the Harvard dorm room in which it was conceived; it now has 17,000 employees and 1.2 billion daily active users. In July last year, they announced the first full-scale test flight of their drone, Aquila. The aircraft has the wingspan of an airliner, but at cruising speed it will consume only 5,000 watts of energy — roughly the same amount as three hair dryers. Willis Towers Watson was Facebook’s risk-management partner for the project.

As companies blur the lines between industries – in this case media and aviation – the diversification of business models poses a challenge. Modern risk managers increasing have to address risks atypical to their normal operations.

Refining the risk-transfer product

Our challenge as insurers and brokers is to work in partnership with industry to refine our product portfolios to reflect demand.

In an era where advanced data analytics are being used to predict everything from component failure to consumer spending, we are still reacting to events. When a loss occurs, a product is created for corpor­ates that will transfer the risk if and when that specific event happens again.

In an ever-changing world of increasingly connected risk, static transfer products for isolated events simply do not offer corporates adequate cover options for the risks they face. We need to transition a proportion of our business to the predictive side of risk.

We need to transition a proportion of our business to the predictive side of risk

Sir Jeremy Greenstock, chairman of Gatehouse Advisory and former U.K. ambassador to the U.N., highlighted the importance of this transition when we interviewed him for the Index:

“People within your industry are used to projecting the recent past into the near future,” he told us, “and the future is changing in ways in which the past isn’t informative about.”

For cyber risks, the purchase of standalone coverage has grown since 2014. But, according to Airmic, two-thirds of companies still do not buy protection.

Why? They may be looking for more than risk transfer. I say may because we need to gain a better understanding of what our partners want. Is everything about price? Or is there more at stake?

The CEO of Axa, Thomas Buberl, certainly believes more is required. He wants to transform Axa’s business model “from payer to partner.”

As an industry, we need to work on building holistic solutions that measure, assess and manage risks, as well as provide financial compensation after an event.

Since the launch of our Index, we have been working hard to change our pitch to clients. We found that when you stop pushing product and start having broader conversations about risk with clients, the results are remarkable.

The rise of intangible risk

Some chief executives believe as much as 90% of the risks they face go uninsured simply because the right products do not exist

This shifting discourse is particularly relevant as business models across the transportation industry transition to a greater reliance on intangible assets, which do not receive adequate protection from traditional insurance covers.

According to Inga Beale, CEO of Lloyd’s of London, some chief executives believe as much as 90% of the risks they face go uninsured simply because the right products do not exist.

Reputational risk

Creating those products will not be easy. Intangible risks are hard to mitigate. Take reputational risk, something faced by almost every corporate in the age of social media. It is difficult to anticipate, measure and manage, but a failure to do so could cause more significant long-term damage than any other threat.

When one telecoms company suffered a serious data breach in 2015, around 200,000 tweets were sent on the subject in just one week; 101,000 customers were lost. In the fiercely competitive aviation industry, if customers lose trust in an organisation they can and will find other providers.

But if we can identify the component parts of reputation, we can identify solutions.

Any corporate’s reputation is built on the products and services they offer. Are those products of a high quality? If not, they may face product recalls.

Reputation also relies the ability to change. Has a company updated its technology platforms? If not, it may face a regulatory penalty, or a cyber-attack.

Reputation relies on duty of care. Are a company’s employees adequately protected from health and safety accidents? If not, it may be branded an unethical employer, and struggle to attract the talent it needs.

Predictive analytics

Predictive data analytics will be central to transforming traditional risk-transfer products into proactive risk-management solutions

As with the aviation industry, insurers and brokers are increasingly aware that innovation has the potential to build a competitive advantage and growth. Predictive data analytics will be central to transforming traditional risk-transfer products into proac­tive risk-management solutions.

In the aviation industry, IATA and the Singapore government have formed the Safety Predictive Analytics Research Centre (SPARC) to improve aviation safety through predictive analytics. Today, when accidents happen the industry learns the lessons and makes the necessary improvements. But as air travel becomes ever safer, there will be fewer accidents from which to learn.

As a result, the SPARC project aims to reach a state where safety improvements will come from analysing the data from the 38 million flights that operate safely every year, rather than just the handful that go wrong.

Airlines are using analytics to predict everything from maintenance patterns for aircraft to the customer redemption of air miles. Airports use analytics to predict passenger shopping behaviours and the footfall that informs retail strategies.

In an era where all this is possible, as an insurance community, our product-creation strategy can no longer solely rely on reacting to events.

Insurers, in partnership with clients, already have the potential to use today’s advanced analytics in ways that exceed the boundaries of traditional actuarial science. By gathering intelligence on customers, for example, we can create a ‘trust index’ that supports automatic payment of claims to specific clients, freeing up our resources to deal with more complex losses.

Similarly, talent analytics are now squarely in the sights of human resource and business leaders, who are using data to understand and solve workforce-related challenges.

Changing the conversation

The challenge for us is to dedicate more time to discussing risk, as opposed to negotiating cover

Since the launch of our Index, we have been working hard to change the nature of the conversations we have with our clients, with the core objective of putting an informed client-centric approach at the centre of everything we do.

The first digital camera was built by an engineer from Kodak; even so, the company eventually went bankrupt after failing to harness the potential of its own invention. They stayed loyal to film even though it no longer met the requirements of the modern photographer.

Like the insurance industry, Kodak was uniquely placed to disrupt its own business. It failed, but working in partnership with industry we can learn the lessons that will help us to avoid our own ‘Kodak moment.’

To do so, we need to constantly ask ourselves:

  • “Are we sure we have identified the areas of expertise that are relevant to clients in today’s ever-evolving risk environment?”
  • “Have we worked hard enough to consistently show clients where we can provide expertise?”
  • “How can we work together as an industry to showcase our expertise to mutual clients?”

The challenge for us is to dedicate more time to discussing risk, as opposed to negotiating cover. It is the quickest way to build the understanding that will expand our support to the industry and create new demand for products and our capabilities.


Click here to learn more about comprehensive cybersecurity from Willis Towers Watson.

About Mark Hue-Williams

Mark Hue-Williams joined Willis in 1991 and since that time he has held a variety of roles in the Aerospace divisio…
Categories: Aerospace, Asia, Cyber Risk, Leadership and Talent, Political Risk | Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *