BCI Survey Finds Mixed Progress and Challenges in Supply Chain Risk Management

BCIsurveypaints
amixedpicture
forsupplychain
riskmanagement
u THE LATEST ANNUAL
supply chain survey by
the Business Continuity
Institute paints a mixed
picture for organisations
worldwide, with some
areas of progress and
others of concern.
p3
Time for risk managers
to step up to plate
as market turns
u RISK AND INSURANCE
managers worldwide need
to face up to the fact that
it’s not a question of if the
market will continue to firm
in coming renewals, but
rather how aggressively.
p8
Best of the web
u HIGHLIGHTS FROM CRE’S
website and newsletters.
p25
IPN
u THE LATEST FROM CRE’S
International Programme
News newsletter
p26
Legal perspectives
u THE CHANGING SHAPE OF
environmental regulation
p27
INSIDE–
www.commercialriskonline.com
Vol. 10 | #7
NOVEMBER/DECEMBER 2019
RISK FRONTIERS EUROPE
SPAIN:
Risk managers have their say............20-24
CRE CYBER CONFERENCE
Fascinating debate on what is undoubtedly
one of the hottest topics...................14-15
Buyers face
coverage uncertainty
CYBER LIABILITY
Stuart Collins
scollins@commercialriskonline.com
@COMRISKONLINE
INSURANCE BUYERS WILL ENCOUNTER
growing cyber exclusions in liability
policies at renewal, with attempts
to address silent cyber liabiltity proving
a complex task that is creating coverage
uncertainty for policyholders.
Insurers are now beginning to develop
and apply cyber exclusions to non-physical
cyber liability, according to Jean Bayon
de la Tour, head of cyber at Marsh in
continental Europe. Broadly, the goal of
liability insurers is to provide affirmative
cover for bodily injury and third-party
property damage, while excluding non-
physical cyber liability, such as third-party
liability losses from a privacy or security
event, he explained.
“Ultimately, we believe physical cyber
exposures will need to remain in property
damage and general liability policies, but
non-physical exposures will be covered by
the cyber insurance market,” predicted Mr
Bayon de la Tour. This is a global trend, he
added.
Willis Towers Watson is also seeing
exclusions added to liability policies as
they come up for renewal, although there
is no dominant market pattern emerging,
according to Laure Zicry, head of FINEX
cyber at the broker. “Some insurers have
included new silent cyber exclusions in
their liability and property policies for
2020. Others plan to do so, but only for
2021 renewals, and are not making any
changes this year,” she said.
AIG hopes to eliminate silent cyber
from the bulk of its commercial insurance
policies by January 2020, and is one of the
insurers now applying privacy and bodily
injury cyber exclusions and write-backs
to general liability and product liability
policies. The insurer will also address silent
cyber in professional liability and other
financial lines, including directors and
officers, although this may take longer,
according to AIG’s head of professional
indemnity and cyber in the EMEA region,
Mark Camillo.
Liability market moves to exclude silent cyber
CYBER: p30
RENEWALS
Ben Norris
bnorris@commercialriskonline.com
@COMRISKONLINE
INSURANCE BUYERS IN
Europe face a hardening
market in early 2020
renewals for many risks,
but they are not looking at
blanket increases across the
board as was the case back
in 2001/2002, according to
brokers and risk management
associations.
The buyer representatives
urged insurers to exercise
caution and distinguish
between good and bad risks,
or they may sour long-term
relationships to the detriment
of all concerned.
The global and European
commercial insurance market
has hardened during 2019,
with prices, terms and
conditions worsening
throughout the year.
BIGGEST JUMP
Marsh’s Global Insurance
Market Index recorded its
largest ever commercial
insurance price rise of nearly
8% in the third quarter.
The index began tracking
data in 2012.
The average global price
rise across P&C lines compares
to a jump of 6% in Q2 and
3% in Q1. The index finds
that global pricing has now
increased every quarter for
nearly two years.
Marsh reports that average
global pricing for property
risks increased by 10% in the
third quarter, with a rise of
nearly 14% for financial and
professional lines. Casualty
pricing was, however, up by
just 1%.
Rates rose by more than
4% in continental Europe in
Q3, following a rise of 2%
in each of the previous two
quarters.
According to Marsh,
property pricing in continental
Europe rose by 7% in the last
quarter, the fourth consecutive
quarterly increase and the
longest trend of price increases
in five years. Financial and
professional liability pricing
increased 2%, with liability
up 1%.
INFLATIONARY
The broker finds that overall
UK pricing increased by
nearly 12% year over year in
Q3, driven by property and
financial and professional
Insurance market hardening
into January 1 renewals
RENEWALS: p28
p10
Wegenerpromises
continuityatFerma
WE DON’T ONLY LOOK
AFTER THE BIG GUYS.
MAXIS GBN, authorised by l’Organisme pour le Registre des Intermediares en Asssurance (O.R.I.A.S). Registered address and principal place of business: 1st Floor,
The Monument Building, 11 Monument Street, London, EC3R 8AF. Establishment number n°BR018216, with its intra-community UK VAT number: 243 6842 96.
maxis-gbn.com
Jean Bayon de la Tour
01-CRE-Y10-07-Front.indd 1 11/11/2019 18:03

When the world is your oyster,
you need a partner to help handle
the complexities of global risks.
With over 30 years of network
management experience, 5000 global
programs in our care, and serving
clients in more than 200 countries,
our scope and scale can help your
business reach further.
Know You Can
axaxl.com
AXA XL is a division of AXA Group providing products and services through four business groups: AXA XL Insurance, AXA XL Reinsurance, AXA XL Art & Lifestyle and AXA XL Risk Consulting.
AXA, the AXA and XL logos are trademarks of AXA SA or its affiliates. © 2019 AXA SA or its affiliates.
Think
globally
02-CRE-Y10-07-FPA-AXA-XL.indd 2 11/11/2019 12:21

www.commercialriskonline.com33Commercial Risk Europe
NEWS
BCI survey paints a mixed picture
for supply chain risk management
BCI REPORT
Ben Norris
@COMRISKONLINE
T
HE LATEST ANNUAL SUPPLY CHAIN
survey by the Business Continuity
Institute (BCI) paints a mixed picture
for organisations worldwide, with the
number of disruptions down and non-reporting
of such incidents at an all-time low. But it also
finds a steady decline in top-level management
commitment to supply chain risk and problems
when it comes to tackling lower tier suppliers.
The findings suggest that organisations are
slowly getting better at covering supply chain
losses with insurance, however many cannot
quantify financial damage or find insurance
solutions that meet their needs.
The 11th BCI Supply Chain Resilience
Report is based on a survey of more than
350 respondents from 65 countries and 15
sectors. Just under half were from Europe.
Respondents held a variety of roles, with
most working in business continuity (47.4%),
followed by risk management (16.8%). They
worked at companies of all sizes.
GLASS HALF FULL
The good news from the survey is that fewer
organisations experienced supply chain disruption
this year than 2018 – down from 56.5% to
51.9%. In addition, the number of organisations
experiencing five or more disruptions fell to 10%
from 15% in 2018. The BCI said this trend is
encouraging, particularly given the political and
geopolitical issues weighing heavily on supply
chains in 2019.
The majority of supply chain incidents incurred
losses of more than €50,000 for organisations
in 2019, with more than one in 20 suffering
losses greater than €100m for their single largest
disruption.
The average cumulative cost of supply chain
disruptions in the past 12 months is €10.5m. More
than one in ten (12.9%) organisations suffered
losses of more than €1m. However, this has fallen
from 34.0% in the last three years.
Interestingly, respondents said loss of
productivity and customer complaints due to
supply chain disruption are a bigger problem than
the pure financial cost.
The survey also shows that non-reporting of
supply chain disruptions is at an all-time low since
the BCI started its yearly poll. Less than a quarter
(23.3%) of respondents now say their organisation
does not record, measure and report on supply
chain disruptions. Despite this, coordinated
reporting has dropped from 30% to 25%. The BCI
described this as “disappointing”, given its research
has shown increased focus on holistic organisational
resilience during the past year.
The top five supply chain disruptions remain
unchanged in the past 12 months, with IT
and telecommunications outages the primary
cause, accounting for 44.1% of incidents. Next
comes adverse weather on 35.1%, followed by
cyberattacks and data breach (26.1%), loss of
talent and skills (21.2%), and transport network
disruption on 15.8%. Cyberattack and data
breach is the top worry for the next 12 months,
with 61.7% of respondents rating it their primary
concern.
Organisations are seemingly getting better
at managing direct suppliers, but are finding it
increasingly difficult to tackle tier two and tier
three risks. While incidents with immediate
suppliers fell below 50% for the first time since
2016, those in tier two rose to 24.9% from 23.2%
last year, and those occurring in tier three and
beyond rose to 12.2% from 11% in 2018.
The BCI said this could be due to the fact that
organisations are carrying out relatively limited due
diligence deep into their supply chain. More than
two thirds do not seek to understand the business
continuity arrangements of suppliers in tier three
and beyond, the survey shows.
In addition, many organisations (19.4%) are
still failing to ask key suppliers if they have their
own business continuity arrangements in place.
Meanwhile, the survey indicates a steady
decline in top-level management commitment to
supply chain risk. After a positive leap in 2017,
such commitment has dropped for the second year
running, to 25.6% – its lowest level in five years.
Medium commitment remains at a high
level. However, zero commitment is also at its
highest since 2014. Overall, this suggests top-
level management is prioritising other parts of the
business or delegating responsibility to other areas,
said the BCI.
The survey also finds that organisations are
slowly getting better at covering their losses with
insurance and understanding options open to them.
For example, organisations with insurance that
only covers traditional physical damage events, or
that are unaware of new non-damage supply
chain solutions, dropped by just over a third
compared with 2018, to 14.3%.
But the majority of respondents remain
unable to quantify financial damage and many
still cannot find insurance solutions that meet
their needs.
Where the financial impact was quantified,
nearly half (43.1%) of organisations covered
none of their supply chain disruption losses
through insurance, with small to mid-sized
businesses the least likely to be insured. The
remaining 56.9% of respondents reported
partially insured losses, an increase of 8% on
2018.
The BCI said this suggests businesses are
getting better at identifying potential disruptions
and purchasing adequate insurance. However,
still just 12.8% said their losses were fully
covered.
AVAILABLE SOLUTIONS
A new question this year asked respondents if the
insurance market provides sufficient solutions for
their supply chain needs. Some 25.4% said the
insurance market provides sufficient solutions but
15.9% said it did not. The majority of respondents
(58.7%) said they were unsure. IT companies felt
happiest with the cover available to them (40.9%),
while the professional services sector was the least
satisfied (11.8%).
Respondents were also asked what area
of coverage they felt was missing. The BCI
said a popular response was protection against
cyberattacks and data breaches.
The report lists 20 top lessons for those helping
to manage supply chain risk. The top five are:
1 Ensure staff have a baseline understanding
of business continuity and supply chains to
put into their plans. This can be achieved by
training sessions and focusing on specific areas
of supply chain disruption.
2 Ensure staff understand the diversity of key
suppliers’ organisations, and where the risks are
if there is an issue with the supply chain.
3 Research the historical and political climate of
key suppliers’ geographical locations.
4 Build good working relationships with internal
departments such as IT, and ensure their plans
are incorporated.
5 Build strong stakeholder relationships with key
suppliers beyond tier two.
The survey’s findings paint a mixed picture
for companies looking to mitigate supply chain
risk – there are areas of progress and others of
concern. But it seems clear that business continuity
professionals and risk managers must pull together
to ensure supply chain issues remain top of the
agenda, are tackled throughout the value chain and
suitable risk transfer solutions are developed.
You can download the BCI report via our
website at: www.commercialriskonline.com/white-
papers/commercial-risk-europe
COMMERCIAL RISK is holding a one-day Supply
Chain Risk Management conference in London on 25
November 2019. Find out more about the programme
and book your space here: www.commercialriskonline.
com/event/supply-chain-risk-management-2019
their needs.
nearly half (43.1%) of organisations covered
none of their supply chain disruption losses
through insurance, with small to mid-sized
businesses the least likely to be insured. The
remaining 56.9% of respondents reported
partially insured losses, an increase of 8% on
2018.
getting better at identifying potential disruptions
and purchasing adequate insurance. However,
still just 12.8% said their losses were fully
covered.
AVAILABLE SOLUTIONS
A new question this year asked respondents if the
insurance market provides sufficient solutions for
their supply chain needs. Some 25.4% said the
insurance market provides sufficient solutions but
15.9% said it did not. The majority of respondents
(58.7%) said they were unsure. IT companies felt
01-CRE-Y10-07-Front.indd 3 11/11/2019 18:03

NEWS
Large awards drive US casualty hardening
US CASUALTY
Stuart Collins
@COMRISKONLINE
T
HE US CASUALTY INSURANCE MARKET
looks set for a sustained period of
hardening as loss costs rise and concerns
over social inflation grow.
After years of price reductions, the US casualty
market appears to be turning. Rate reductions fell
in each quarter since Q3 2018, before increasing by
1% in Q2 2019, according to Marsh. Overall they
fell back slightly in the third quarter of this year by
0.7%, but increased in excess liability by 6% and
financial lines by 11%, the broker’s figures show.
“The US commercial insurance market is for the
most part an underwriters’ market, and in casualty
this is particularly being felt in liability lines in the
form of rate increases, coverage restrictions, capacity
and programme structure,” said Daniel Aronson,
US casualty practice leader at Marsh. “This is an
issue for the foreseeable future – social inflation is
not about to go away without reform or changes in
mindset,” he said.
Following years of continuous rate erosion and
softening terms, the US casualty market is currently
hardening, according to Dieter Hautzer, head of
liability at AGCS North America.
STRONG INCREASES
“At AGCS we are seeing strong rate increases
for liability risks in the US and are looking to
capitalise on the momentum. The current market
environment in US liability is driven by a number
of factors, including but not limited to increased
frequency and severity of losses, particularly in the
auto segment, and overall reduction of capacity in
the market,” he said.
“We are also seeing US medical cost inflation
and advancements to improve the quality of life
for those injured, which are beneficial for the
victims but make lifetime care plans very expensive.
Another factor is large-loss events yielding
very large jury verdicts, pushing
up the value of negotiated
settlements,” he added.
The US casualty market
is facing growing fears that
rising loss costs and claims
inflation, which have
negatively impacted results
in the commercial auto
line for quite some time,
will expand into other
casualty lines.
According to Michael
Lagormarsino, senior director at
AM Best, and Gregory Dickerson,
senior financial analyst at the ratings
agency, insurers have been raising premium rates
and tightening terms and conditions to address
underpricing and claims inflation. However,
further increases will be required if fears about
social inflation and higher settlements and awards
continue to be borne out, they said.
“We are cautiously optimistic that positive
rate trends will continue to expand. The pace of
change has increased in 2019, with quarter-over-
quarter rate increases in commercial auto, general
liability, umbrella and D&O, as well as material rate
increases in the excess and surplus lines market,”
said Mr Lagomarsino.
A number of global insurers have retrenched
and reduced their appetite, or are pushing for
rate, according to Mr Dickerson. “There is clearly
concern in the industry for societal inflation. We see
there is positive momentum on rate and terms and
conditions in anticipation of expanding loss costs,”
he said.
Workers compensation insurance remains stable,
but commercial auto has been hardening for some
time, while general liability is beginning to see price
increases in response to frequency of severe claims,
explained Mr Aronson. Umbrella and excess liability
layers, in particular, are increasingly challenging for
insurance buyers.
“The most acute issues are with umbrella
liability insurance, which are being felt by insureds
through pricing, attachment points and limits, as
well as coverage restrictions,” said Mr Aronson.
“The renewal issues for umbrella programmes
will continue, with ongoing concern for social
inflation and the trend for large settlements
through fear of costly litigation. Unless there is
tort reform or changes in the views of a more
socially responsible and corporately mistrustful
millennial generation, these issues will
continue,” he said.
While a number of insurers have
reduced their appetite for US
casualty risk, overall capacity
levels remain adequate.
However, there are shortages
for certain industries and risks.
“Some carriers have
pulled back capacity [for
umbrella liability] and some
have pulled out but in general
there is no shortage of capacity.
It is a question of how much you
are willing to pay for limit, although
there are some risk classes where capacity
is in short supply, such as opioid, wildfire, sexual
abuse and traumatic brain injury exposures,” said
Mr Aronson.
As exposures increase – primarily in the form
of large court verdicts – the price of US casualty
insurance is rising, particularly for umbrella and
auto risk, agreed Carol Laufer, head of excess
casualty for Zurich North America.
“Large verdicts and social inflation are two big
drivers for the current market conditions. As long
as the verdicts continue to go up, prices will follow.
Many insurers are also reducing capacity, offering
smaller limits or moving out of the lead position on
umbrella to a higher level,” she said.
The past year has seen a number of large awards
and settlements, including those involving baby
powder, weedkiller, hip replacements and opioid
painkillers. Johnson & Johnson, which was recently
ordered to pay $4.8bn to 22 women for baby-
powder litigation and $8bn for a Risperdal lawsuit,
is said to face 100,000 lawsuits for a number of its
products, with an estimated cost of $20bn.
“Jurors today are more inclined to hold
corporations accountable if they believe those
corporations haven’t lived up to what the jurors see
as a social responsibility to protect the public. The
end result is a growing number of large payouts,”
said Ms Laufer.
Meanwhile, many plaintiffs feel socially
responsible and see large corporates as having deep
pockets, according to Mr Aronson. “Jury awards
continue to increase and are now desensitised to
the dollar amount. What would have been $10m
award a few years ago is now more like $70m.
Litigation has become a lucrative business at the
expense of insurers and insureds. A well-organised
plaintiff’s bar, backed by litigation funders, is
focused on extracting higher settlements out of fear
of litigation,” he said.
The insurance industry is seeing more large
verdicts and is therefore paying larger claims,
according to Ms Laufer. Auto liability continues to
be a claims driver, but premises liability exposures
are adding to the strain with a number of large
losses. In the past, premises losses were propelled by
high frequency, she said.
WORKERS COMP
Primary workers compensation insurance, however,
remains favourable for most insureds, with single-
digit rate decreases on average, according to Mr
Aronson. But the situation could change in the
future as reserve redundancies – which have helped
offset underwriting challenges – look to be running
dry, he said.
Workers compensation has performed
“admirably” during the past five years, noted Mr
Lagomarsino. “Frequency has declined and severity
is manageable, while prior years have developed
positively. However, in response to year-on-year
modest rate declines driven in part by growing
competitive pressures, we are watching closely for
the point when these cumulative rate reductions
begin to materially hit the combined ratio,” he
explained.
04-CRE-Y10-07-News.indd 4 11/11/2019 17:52

Shaping Tomorrow − Together
Allianz supports innovative companies
in local markets and across the globe.
Allianz Global Corporate & Specialty is a leading global
corporate insurance carrier providing risk consultancy,
Property-Casualty insurance solutions and alternative risk
transfer for a wide spectrum of commercial, corporate and
specialty risks.
www.agcs.allianz.com
EXPLORE
WITH US
Copyright © 2019 Allianz Global Corporate & Specialty SE. The material contained in this publication is designed to provide general information only. Whilst every effort has been made to ensure that the information provided is accurate,
this information is provided without anyrepresentation or warranty of any kind about its accuracy. Allianz Global Corporate & Specialty SE, Commercial Register: Munich, HRB 208312 Image source: AdobeStock
Ad_ShapingT_engl_08_2019.indd 1 27.08.2019 12:27:5405-CRE-Y10-07-FPA-Allianz.indd 5 11/11/2019 12:21

Act in haste,
repent at leisure
THE PORTENTS OF A HARSHENING
market are here. Risk and insurance
managers need to be fully aware of
what is occurring and rapidly digest
what it means for them. They must act swiftly and
decisively, but most importantly of all, on a rational
and well-thought-out basis, or face potentially
disastrous consequences.
William Congreve coined the phrase that sits
so well with the current state of the market in his
comedy of manners, The Old Batchelour, published in
1693: “Grief still treads upon the heels of pleasure:
Married in haste, we may repent at leisure.”
In modern-day business language, and
specifically the rapidly changing commercial and
corporate insurance market, what this means is
quite simple. Faced with an increasingly challenging
environment as year-end renewals loom ominously
closer on the cloudy horizon, risk managers need
to play a cool hand. Now is not the time to assume
that it will be all right on the night, but equally
now is certainly not the time to make hasty and ill-
thought-out decisions.
The fact is that insurers are in something of a
pickle currently. They have been struggling through
the last few years of stubbornly low prices and lax
terms, rising natural and man-made catastrophes
and, perhaps more significantly, attritional and
inflationary losses in a period of stubbornly poor
investment returns.
No one would suggest for a minute that the
only way leading insurers have managed to deliver
anywhere near the returns that voracious investors
demand has been by taking increasingly optimistic
assumptions on loss development and boosting
results with ambitious reserve releases – perish the
thought.
But the UK’s Prudential Regulatory Authority
(PRA) does not send letters to the heads of
insurance companies without good reason. The one
that it sent on 5 November was pretty strongly
worded and suggested in no uncertain terms that
any insurance company CEO, particularly in the
specialty sector, who was planning to see if they
could boost their results by massaging reserves for
another year had better think again.
The PRA states in the letter: “There have been
signs in recent months that the risk of reserving
deficiencies may be increasing in some lines of
business, particularly in specialty classes. Some
firms have reported material reserve strengthening
and we see increasing areas of emerging risk,
particularly in some US casualty lines such as
financial and professional lines, medical malpractice
and general liability classes. Our ‘Dear Chief
Actuary’ letter also highlights some specific areas
of concern relating to individual case reserve
adequacy, future claims inflation and attritional loss
deterioration on older years of business.”
So it appears the writing is on the wall. The
harshening market is here and probably here
to stay for a while. Therefore, Europe’s risk and
insurance managers had better prepare, if they
have not already. You have to sympathise with
statements made by Alexander Mahnke, president
of the German association GVNW, at its annual
Symposium in Munich in September. He pointed
out that one of the main reasons why the insurance
market finds itself in this pickle and needs to adopt
a harsh attitude at this point, is because its cost base
is too high and it is basically inefficient.
However, the fact is that while right-minded
insurers may be working hard to turn themselves
into lean, mean, digital-based underwriting
machines, it will take time and they do not have
much of that. The next results reporting round is
only three months away.
So, risk managers need to accept that coming
renewals are not going to be much fun and do the
following:
u Take a very close look at what you are buying
and what you really need to buy – have you got
all that cover just because it was cheap?
u Use your captive to retain more risk and seek
alternative options – that is what it is for.
u Get your pitch out in the market as early as
possible so that you can identify the most
troublesome areas sooner rather than later, and
work out your options.
u Challenge your broker to get on the case and
secure the best deal for you, not them, and
possibly use alternative brokers.
u Above all, prepare your internal colleagues and
bosses for what is about to come and make
sure they realise that you are doing a great job
to soften the blow. Do not turn up at the last
minute and say: ‘I’m sorry, here is a big fat bill
you didn’t expect.’
This is actually a great chance for risk managers
to really show their worth and the real value of risk
transfer. Get your head above the parapet and bang
that drum!
COMMENT
EDITORIAL
EDITOR
Adrian Ladbury
aladbury@commercialriskonline.com
DEPUTY EDITOR
Ben Norris
LEGAL EDITOR
Liz Booth
lbooth@commercialriskonline.com
REPORTERS
Rodrigo Amaral
ramaral@commercialriskonline.com
Garry Booth
gbooth@commercialriskonline.com
Stuart Collins
Tony Dowding
tdowding@commercialriskonline.com
Sarah Jolly
sjolly@commercialriskonline.com
Nicholas Pratt
npratt@commercialriskonline.com
DESIGN & PRODUCTION
ART DIRECTOR
Alan Booth
abooth@commercialriskonline.com
PRODUCTION EDITOR
Chris Morrish
cmorrish@commercialriskonline.com
COMMERCIAL
DIRECTOR
Stewart Brown
sbrown@commercialriskonline.com
Tel: +44 203 858 0190
DIRECTOR
Hugo Foster
hfoster@commercialriskonline.com
Tel: +44 203 858 0191
GROUP OPERATIONS MANAGER
Annabel White
awhite@commercialriskonline.com
Tel: +44 203 858 0193
EMAIL ADDRESSES
Editorial
news@commercialriskonline.com
Sales
sales@commercialriskonline.com
Events
events@commercialriskonline.com
Subscriptions
subs@commercialriskonline.com
General Enquiries
enquiries@commercialriskonline.com
SWITCHBOARD
Tel: +44 203 858 0192
ADDRESS
Rubicon Media Ltd, Unit 5,
Parsonage Farm Business Centre,
Ticehurst, East Sussex, TN5 7DL, UK
PRINTING
Warners Midlands plc, UK
MAILING AGENT
Action Mailing Services Ltd.
EXECUTIVE DIRECTORS
Hugo Foster, Adrian Ladbury, Stewart Brown
RUBICON MEDIA LTD © 2019
Commercial Risk Europe is an online information service supported by a print newspaper published
by Rubicon Media Ltd. Although Rubicon Media Ltd has made every effort to ensure the accuracy
of this publication, neither it nor any contributor can accept any legal responsibility whatsoever for
consequences that may arise from errors or omissions or any opinions or advice given. This publication
is not a substitute for professional advice on a specific transaction. All rights reserved. Reproduction or
transmission of content is prohibited without prior written agreement from the publisher.
THETEAM
06-CRE-Y10-07-Leader.indd 6 11/11/2019 16:55

KINGJAMES46811
For generations to come
Sanlam is a Licensed Financial Services Provider.
This spot in Africa could hold a cure for the common cold, an answer to global warming or
a new mode of transport. Then there’s 30 million square kilometres more. For over a century
Sanlam has seen the potential in Africa, knowing all the greatness it holds. It’s why we have
and always will be deeply rooted in this continent and why we’ve invested in 33 countries
and counting, more than any other insurer. As the biggest non-banking ﬁnancial services
group in Africa, we’ll proudly continue building a better continent for others to inherit.
Investing in Africa’s future
for over 100 years.
33 countries and counting.
46811_100Y_SA "Investing" Print Ad_364x257.indd 1 2019/05/24 11:59 AM07-CRE-Y10-07-FPA-Sanlam.indd 7 11/11/2019 12:21

Harsh
market
Time for risk managers to step up
to plate as market turns
HARSH MARKET
Adrian Ladbury
aladbury@commercialriskonline.com
@COMRISKONLINE
R
ATHER LIKE A CYBER
incident, risk and insurance
managers across Europe and
worldwide need to face up to
the fact that it’s not a question
of if the market will continue to firm in
coming renewals, but rather how quickly
and how aggressively.
Comments made during the latest
round of insurer, reinsurer and broker results
– not least on Marsh’s quarterly index –
all point in one direction in terms of
insurance rates: upwards.
But as was discussed during the recent
Airmic Harsh Market webinar, which I
hosted towards the end of October, this
is not a repetition of 2001/2002.
That was a very dramatic and genuinely
market-wide hardening as the international
insurance and reinsurance market faced up
to $50bn or so of catastrophic losses from
the 9/11 terror attacks, rapidly followed by
plummeting bond yields and equity prices –
a real double whammy.
What followed was a period of serious
reserve strengthening that battered carrier
results, and saw off a handful of key players
and high-profile industry leaders. Most
importantly, it forced the market to seriously
reassess its risk management practices.
SILVER LINING
The silver lining was that by the time the
credit crisis hit in 2007/2008, all but a
couple of the leading insurers and reinsurers
had really got their houses in order and
weathered the storm pretty well, particularly
in comparison to the banking sector.
As capital desperately sought a new
home post credit-crisis, suddenly the
insurance and reinsurance sector looked
pretty attractive, hence the floods of capital
we have seen in the past few years and the
prolonged soft market.
But now it seems the good times
are over. The excess capital meant that
underwriters forgot how to underwrite
properly and customers, it seems, have had it
too good for too long.
Julia Graham, technical director and
deputy CEO at Airmic, chose the phrase
‘harsh market’ rather than hard market for
good reason during the webinar. As the
panellists agreed, this is not a hardening
market of the sort experienced in 2001/2002;
it is patchy by line of business, region and
across Europe itself.
There are some very tough areas, notably
financial lines and D&O in particular,
especially if you have a US or Australian
listing. Marine, mining and construction
are all tough too. But the insurers are not
overwhelmed with joy. The words used
during the recent third-quarter earnings calls
were decidedly conservative.
Brian Duperreault, CEO of AIG, gave
a typically measured analysis during his Q3
call with analysts, though tellingly he is
optimistic that the firming will continue.
“Well, I guess there are plenty of people
out there saying it’s accelerating into the
third quarter,” he said. “So, why, what’s
going on and… is it going to end tomorrow?
This one is more rational. It seems to be
much more based on fact. The pricing
models are indicating that [if] this is not
a good risk, the risk isn’t taken… there is
discipline around the decision-making on an
industry-wide basis. I would say that’s very
good news because it says that the decisions
about risk will be based on the kinds of
return characteristics.”
“We know in many lines of business
the price declines have been excessive for a
very long time. Terms and conditions have
been broadened… in a phase of changing
tort climate and other inflationary factors.
There is more rehabilitation required for the
industry’s portfolio. There is a reason why
it’s sustaining itself and that is because it’s
needed, and it’s being looked at on a rational
basis. We will see if that holds, but I am
encouraged by it,” he added.
CHALLENGES
Not exactly dancing on the tables, but happy
that terms and conditions are finally moving
in the right direction from the underwriters’
perspective.
Clearly, in a patchy market such as this,
each individual risk manager will face a
different set of challenges depending upon
the sector and territories in which they
operate. But overall, experts during the
Airmic seminar agreed that risk managers,
many of whom will not have experienced
a market like this before, must brace
themselves for the following challenges:
u Unjustified increases in pricing
u Reductions in the scope of cover
u Restrictions in limits of
indemnity required
u Increased deductibles
u Delayed decision-making by underwriters
and significant last-minute changes.
This potentially leaves risk managers in
a very uncertain and uncomfortable position
when the CFO asks what is going on. They
need to be prepared and shift onto the front
foot to make sure that they do not wind up
with serious quantities of egg on their face,
and even seeking new employment.
The big question asked during the
webinar was therefore: what does the risk
manager need to do right now to make sure
that egg is avoided?
The following sums up the actions
required.
Make more active use of your captive to
increase retentions and ameliorate the impact
of unwelcome changes. Make sure your CFO
is warned of the potential changes required in
good time.
Seek out alternatives. For some covers,
there may be different ways of financing
the risk if capacity becomes unavailable at a
reasonable price. Perhaps now is the time to
try something different.
FACE-TO-FACE
Sit down with your broker as early as possible
to work out exactly what you really need.
During the soft market, you may have added
cover that you do not really need because it
was so cheap. Reassess your risk appetite.
Get your risk out into the market as soon
as possible so that you can assess with your
broker what kind of appetite there is out
there and where challenges will arise. Finding
out that the market really does not like your
profile at the end of December is not a good
idea.
Get on the front foot and market your
risk actively. Do your homework so that
you can prepare a fact-based ‘sales pitch’
to the market. Assume that you are actually
in competition with other customers for
limited capacity. Don’t be shy. Tell the
market about your risk management and
loss prevention successes.
Invite the market in to see your risk and
meet your people – not least the c-suite.
Third-party affirmation of what you are
saying will help ensure that you are taken
seriously when you ask for more budget for
the first time in 15 years.
Prepare your colleagues, and most
importantly bosses, for the new environment.
Market yourself internally and try and meet
with the CFO and c-suite to explain what
is going on and how it may affect your
programme. This could save your bacon
come year-end.
Airmic’s Ms Graham quite rightly
pointed out that all of this actually represents
a great opportunity for risk managers to
shine and prove their real value. But do not
try and blag your way through this one. That
would be a very dangerous tactic indeed.
Roll your sleeves up, do the hard yards and
hopefully enjoy a winter break in January.
“Be prepared, be informed and
knowledgeable. It is the foundation
of everything and then start to build
your knowledge and negotiating
skills, because once you’ve got the
foundation of knowledge you can
build upon that to help you develop
the rest. Never go into a meeting
without being properly prepared.
Don’t ever wing it...”
JULIA GRAHAM
TECHNICAL DIRECTOR &
DEPUTY CEO AT AIRMIC
08-CRE-Y10-07-Airmic.indd 8 11/11/2019 16:55

www.generaliglobalcorporate.com
Today’s commercial world is increasingly global, complex and unpredictable.
Recognised operating risks are compounded by new and even unknown threats,
any of which could impact long-term growth and success. But businesses
increasingly face new challenges of growth, innovation and productivity – they
need the confi dence to take bold strategic decisions; to invest in new technology,
to enter new markets and sectors as well as ensuring that existing operations
continue to thrive.
At Generali, your challenges are our business.
We speak your language, partner with your company and use our global
experience, local knowledge and sector insights to promote your company’s
interests. We’re as interested in helping to drive the upside as protecting the
downside. Our contingent capital and insurance solutions are as original,
seamless and fl exible as your business demands and we aspire to add value
far beyond resolving your immediate risk management needs.
WE SPEAK YOUR LANGUAGE
09-CRE-Y10-07-FPA-Generali.indd 9 11/11/2019 12:20

Keen to explore digital
future of profession
FERMA
Adrian Ladbury
aladbury @commercialriskonline.com
@COMRISKONLINE
D
IRK WEGENER WILL NOT LEAD ANY
dramatic shift in Ferma’s strategic
direction after he takes over its presidency
from Jo Willaert at the federation’s
forum in Berlin. The emphasis will be on continuity
and representing the European risk and insurance
management profession in Brussels at the highest
possible level, to make sure its voice is heard when
and where needed.
Under the German risk manager’s leadership,
the federation will continue to seek consensus among
its 21 member associations on important regulatory
developments – not least in the fast-evolving areas of
digitalisation, sustainability, risk reporting and risk
governance.
But, do not expect Mr Wegener to be taking an
outspoken stance on the behaviour of the insurance
market as conditions harshen. In Mr Wegener’s view,
this is not the role of a federation because it is not
directly involved in the market. This follows the tone
set by Mr Willaert.
Apart from regulation, one area of focus for
Ferma under Mr Wegener’s tutelage will be education
and continued expansion of its Rimap certification
scheme. It has been well received, but the potential to
really establish it as the recognised industry standard
remains high.
Mr Wegener wants to take Rimap to the next
level. Extending the certification to insurers and
brokers could well drive that process, he suggested.
Another big goal is to help raise the profile of the
profession and show its value to the wider business
community. The rise of the digital economy offers an
unprecedented chance to support this effort and the
profession must embrace this opportunity with open
arms, believes the incoming Ferma president.
EXPERIENCED HAND
Mr Wegener is certainly not new to association work.
He is a long-term and active member of the German
risk and insurance management GVNW, and has been
a board member at Ferma since 2015.
“I was invited to join the board in 2015 and
asked the advice of my colleagues at GVNW,
and they encouraged me to go for it. I have really
enjoyed working at Ferma for the past four years and
contributing to the development of our long-term
strategy. It has also enabled me to bring some of my
diverse experience, particularly to the international
arena. For me, this is a valuable life and professional
experience,” he explained.
The job at Ferma is important because most of
the significant decisions that affect the risk profession
are now made in Brussels. National associations will
simply not be heard unless it comes from a registered
European representative body such as Ferma.
“The fact is that EU institutions are driving the
agenda. It is important for the risk management
community to be represented at this level. This is why
we issued the Ferma manifesto last year at the time
of the European parliamentary elections. We have
the opportunity to have a say and hopefully have a
positive impact and help,” explained Mr Wegener.
DELIVERING RESULTS
One of the dangers with a federation of national
associations is that by the time all the differing
members have given their input, the final decision and
advice given to Brussels is so watered down that it
does not pack any punch.
The temptation could be for the federation’s
leadership to listen to all views expressed by the
member associations and then do what they thought
needed to be done in the first place by taking a strong
stand.
Mr Wegener is clear that he will not follow this
more authoritarian route. He believes his role, and
that of Ferma, is to identify the critical issues for the
profession, and then coordinate and represent the
views of its member associations.
He sees his role ultimately as moderator not
leader, a subtle but important point that should ensure
powerful national associations such as AMRAE in
France, GVNW in Germany, Airmic in the UK and
Anra in Italy remain on board.
“It is up to the member associations to create the
vision and set the process, and then we achieve the
objective as a team effort. We have a diverse group
of members on the board of Ferma who represent 21
associations from 20 countries (Spain has two – Igrea
and Agers) and we are the umbrella body, so there is a
lot of moderation in this role,” explained Mr Wegener.
“This is not new. Jo Willaert and his executive
team were very clear on this. When lobbying at
the European level, you are both representing the
members and speaking on behalf the profession.
Ferma is here to support the national associations, but
you also have to recognise that this is a very diverse
group by size and make-up. GVNW, for example,
is very much an association of insurance managers,
whereas AMRAE and Airmic are more focused
on technical risk management and enterprise risk
management. It is a bit like the European Union itself,
very diverse,” continued Mr Wegener. “But whatever
the size of the association, increased lobbying activity
at European level is the number one request for Ferma
from our members.”
CONTINUITY IS IMPORTANT
Mr Wegener believes continuity is key and that Mr
Willaert and Ferma’a executive team are representing
members well. He will continue the good work carried
out during the past four years. Europe’s risk managers
should not expect a radical change in direction under
his presidency.
“We will continue what was started and lobbying
at the EU level is certainly a core function. We already
issued a manifesto for the period 2019-2024, in July
this year, which is based upon digital transformation
and sustainability. As we state in the manifesto, the
European Union, its companies and citizens, have to
navigate a future full of unprecedented challenges
and opportunities. As risk managers, our role is to
coordinate awareness and action across functions,
so the business is resilient whatever the nature of
FERMA
Adrian Ladbury interviews incoming Ferma president Dirk Wegener about his plans for the federation
Wegener promises
continuity at Ferma
Dirk Wegener
10-CRE-Y10-07-Wegener.indd 10 11/11/2019 16:55

FERMA
We know
our way
around...
Risk
tmhcc.com
We study it, research it, speak on it, share insights
on it and pioneer new ways to measure it.
Covering 180 countries, we bring a proactive,
flexible and fresh approach to over 100 classes of
specialty insurance.
Tokio Marine HCC is a trading name of HCC International Insurance Company plc (HCCII) and Tokio Marine Europe S.A. (TME), both members of the Tokio Marine HCC Group of Companies. HCCI is authorised by the UK Prudential
Regulation Authority and regulated by the UK Financial Conduct Authority and Prudential Regulation Authority (No. 202655). Registered with Companies House of England and Wales No. 01575839. Registered office at 1 Aldgate,
London EC3N 1 RE, UK. TME is authorised by the Luxembourg Minister of Finance and regulated by the Commissariat aux Assurances (CAA). Registered with the Registre de commerce et des sociétés, Luxembourg No. B221975.
Registered office: 33, Rue Sainte Zithe, L-2763, Luxembourg.
the threat. We wish to bring our unique expertise in
enterprise risk management to support EU policy
makers over the next institutional mandate, to
respond to the future with confidence and support the
transformation and resilience of Europe’s economy,”
explained Mr Wegener.
EDUCATION MATTERS
Risk management education is another important
part of the Ferma agenda that Mr Wegener hopes to
progress. The Rimap certification programme was
launched back in October 2015 at the Ferma Forum
in Venice, under the leadership of then president Julia
Graham, now technical director and deputy CEO of
Airmic. Mr Wegener said he intends to help support
the growth of the programme and extend it to the
insurance and broking markets, which he believes
should be keen.
“Insurers and brokers would benefit from learning
how their customers think, so there is good potential
there. We currently have 178 Rimap-certified
members, since the launch of the exam at the end of
2017. Obviously, there is always potential for more
but I think it’s a pretty good start. The challenge is to
really make this the industry-standard qualification.
This is the next step,” he said.
NEUTRAL ON INSURANCE
As the insurance market finally emerges from its long
soft market and enters a harsher stage, one may have
thought that Ferma’s new president would have had
some words of warning for insurers and advice for
Europe’s risk managers on how to cope with the new
conditions. But Mr Wegener was not keen to give an
opinion.
“Remember that Ferma is not a market
participant. For this reason, we do not lobby with the
insurance market beyond the regulatory environment.
We are of course generally interested in having an
efficient and strong insurance market to ensure
that risk transfer options are available. We are very
happy to support efforts to improve the regulatory
environment for global programmes, but again this is
on the regulatory side. Which insurer is doing what
in certain lines of business is not our concern,” he
explained.
PROFESSIONAL PROFILE
A big focus for Ferma in recent times has been
raising the profile of the profession and helping to
explain the value it can add to the wider corporate
community. Mr Wegener certainly sees that at as an
important area, particularly given that risk managers
have the opportunity for personal and professional
growth in the fast-evolving world of corporate social
responsibility.
“It is important that risk management as a task
is seen as creating added value. There are more and
more requirements for corporates to operate on a
more ethical basis and show that they are doing so in
a transparent way. France has a new duty to define,
implement and publish a vigilance plan with five core
components – and one of these is a risk map. The risk
manager is best placed to gather the data together and
carry out this process,” he explained.
“The same is also true of disclosure of
sustainability information. You have to ask how
the risk manager can more effectively serve their
organisation with their unique skills and ability to
identify, measure and manage risks. In that sense, the
influence of risk managers is increasing. It is our job to
make sure that these skills are recognised by the wider
business community, that the value is appreciated,”
continued Mr Wegener.
RISE OF THE DIGITAL RISK MANAGER
And, of course, risk managers can prove their value
and help their companies prosper by throwing
themselves into the heart of digital transformation,
making sure their company profits from the many
opportunities.
Mr Wegener points out that the basic tool of
risk and insurance management is data, and, as
the insurance market becomes more and more
reliant upon that to support its risk assessment and
underwriting decisions, risk managers will have to up
their game.
“Data is the basic toolbox of the risk manager
– it’s all about data. The risk manager is the risk
conductor and this job will be more and more about
collaboration and communication based on data,
both internally and externally. Risk managers are
best equipped to help their organisations deal with
the digital transformation process, with cyber being
a great example of how they can really add value,” he
said.
“It is really important for risk managers to
understand data and see it as an opportunity.
The digital economy presents an unprecedented
opportunity to reduce exposures, improve loss
prevention, provide transparency and significantly
improve models. Blockchain could transform the risk
transfer process. Our forum in Berlin will focus on
these important matters and seek these opportunities,”
concluded Mr Wegener.
10-CRE-Y10-07-Wegener.indd 11 11/11/2019 16:55

Cyber
conference
Caption
Commercial Risk Europe held its thought-provoking ‘Cyber Risk Management 2019 – A force to be reckoned
with’ conference in Brussels last month, with the support of local risk management association Belrim,
Dutch association Narim and the IRM. Sponsored by AIG, Allianz, Charles Taylor, Chubb, CMS, Marsh and
Tokio Marine HCC, the event sparked some fascinating debate on what is undoubtedly one of the
hottest topics in risk and insurance management. Ben Norris brings you some of the highlights…
Buyers want more standardised cyber cover
as they struggle with disparate wordings
CYBER
Ben Norris
@COMRISKONLINE
INSURANCE BUYERS ARE STRUGGLING TO
get to grips with varied terms and conditions
offered by different cyber insurers and want
to see more standardised policies to solve the
problem, according to speakers at a recent
Commercial Risk Europe conference.
WIDE TO DISPARATE
Speaking at the ‘Cyber Risk Management 2019 –
A force to be reckoned with’ event in Brussels, Adri
van der Waart, president of Dutch risk management
association Narim, said there are many differences
in cyber policies offered by insurers. This is
complicating things for insureds as they look to
cover the risk.
Mr Van der Waart, who is also corporate
insurance manager at Arcadis, said brokers are
trying to help matters by developing more
standardised wordings to provide clients with
clarity. And he asked insurers: “Why don’t you
follow the brokers and move to equal or standard
terms and conditions, so it is easier for risk
managers to know what they are buying?”
A Marsh representative said that although
cyber insurers are “more or less” offering the
same cyber cover, policy wordings, definitions
and vocabulary are different. This is making
things complicated for buyers and is “part of
the problem” with cyber insurance, he added.
“An average buyer does not really understand
what exactly the policies are all about. So, it is a
big job for the brokers to explain things to the
clients,” said the speaker.
“At Marsh we try to use our wordings. Some
carriers can live with that and some can’t,” he added.
AIG’s head of cyber in Europe, Mark Camillo,
told delegates that his firm and other insurers
have tried to make cyber policies more
consistent, particularly across regions. But
he said the market is “still a few years away”
from seeing consistency and standard wordings.
“I am starting to see some of that consistency
built in across the market, but it is not like D&O,
for example, where you have a standard wording.
Maybe over time we will get there, but it is still a
new coverage,” said Mr Camillo.
The Marsh representative went on to say that
overall, he is happy with what is now on offer
from the cyber insurance market. However, it is
still developing and there remains work to do on
particular issues, he added.
THIN PICKINGS
One such area is the development of cyber
contingent business interruption cover, which the
broker said is hard to come by. But he explained
there has been some progress of late, with insurers
beginning to provide solutions.
The broker also warned risk and insurance
managers to be careful about the use of war
exclusions in traditional lines, particularly property,
that cover cyber risk. These exclusions have been
used to deny coverage, with several high-profile
cases now going to court.
Cyber claim notifications and
response costs up 50% under GDPR
A
IG’s cyber claim notifications have risen by about 50% in Europe since the introduction
of the General Data Protection Regulation (GDPR) last year, with response costs up by
a similar percentage, according to the firm’s head of cyber for Europe, Mark Camillo.
He told risk managers gathered in Belgium for our ‘Cyber Risk Management 2019 – A
force to be reckoned with’ conference that the insurer has seen the number of cyber claim
notifications rise from 300 across Europe the year before the GDPR came into force, to more
than 500 in the 12 months since.
“A lot of that is to do with customers being conservative in terms of notifying the
regulators. When they do that, they notify us as the insurer,” explained Mr Camillo.
The GDPR has also increased the cost of claims. “When clients have made GDPR
notifications the incident response costs are about 50% higher than if they don’t have to make
that notification. That is being driven by enhanced forensic investigations, additional legal
assistance and some of the public relations costs,” said the insurer.
He went on to tell delegates that there is a big cultural difference between the level of
regulatory notifications under the GDPR across EU member states.
“For example, Ireland and Spain have had the same amount of incidents, but in Ireland
the notification rate was about 50%, whereas in Spain it was less than 5%. So, there are a lot
of cultural differences in terms of how the regulation is being interpreted,” said Mr Camillo.
But he stressed that the big questions around the GDPR – issues such as whether fines
and penalties can be insured, and what legal damages and liability are going to look like – are
yet to be answered. “When it comes to legal liability, we won’t really know the answers until
they are defined in court,” he concluded.
Mr Camillo went on to note that there was a spike in compromised email claims at AIG
last year, as many companies moved to the cloud via Microsoft Office 365. “Last year, 25%
of our claims were for compromised emails because people weren’t turning on multifactor
verifications,” he said.
The insurer also explained that there has been an increase in targeted ransomware
attacks this year. “The 2019 data will see a significant rise in the number of these types of
attacks, which is driving severity of loss and impacting excess layers,” he said.
—Ben Norris
12-CRE-Y10-07-Cyber.indd 12 11/11/2019 16:55

Hosted by Headline Partner
European Risk Management
Awards 2020
The search for excellence continues
The European Risk Management Awards have, over the last three
years, recognised and rewarded best practice and innovation among
risk managers and the wider community of industry experts – brokers,
insurers, technical specialists and other partners – who support them.
Hosted jointly by Ferma and Commercial Risk Europe, these awards
represent the culmination of expertise, excellence and recognition in the
field of risk management, insurance, broking and associated industries,
and are judged by leading risk managers, industry association heads
and academics.
The culmination of the 2020 Awards
will be at a Gala Dinner in London on
23 April 2020.
To book a table and help celebrate and
support the industry’s achievements,
contact Stewart Brown
sbrown@commercialriskonline.com
Look online for more information www.europeanriskmanagementawards.com
Make a nomination for a category
Excellence in Risk Management
Private Sector Risk Manager of the Year
Public Sector Risk Manager of the Year
Rising Star of the Year
Innovative Insurance Programme of the Year
Emerging Risk Initiative of the Year
Collaboration of the Year
Industry Excellence
Insurer Innovation of the Year
Broker Innovation of the Year
Emerging Risk Solution of the Year
Global Programme Innovation of the Year
Technology Innovation of the Year
Claims Innovation of the Year
Training & Education Excellence
Risk Training & Education Initiative of the Year
Partners
Nominations close on 20 December 2019
13-CRE-Y10-07-FPA-HA.indd 13 11/11/2019 12:20

Cyber
conference
Business impact
more severe
and ransoms up
RANSOMWARE
Ben Norris
@COMRISKONLINE
RANSOMWARE ATTACKS
are becoming more
sophisticated and
increasingly targeting large
companies, with ransom
demands on the rise, experts
warned risk managers
attending our recent cyber
conference. They added that
companies must consider
a number of factors before
deciding how to respond to
these attacks, and ultimately
choosing whether to pay up
or not.
Speaking on the
ransomware panel debate
in Brussels, Anthony Hess,
senior director at Kivu, which
specialises in cyber insurance
incident response, said
until very recently he could
confidently tell you what a
ransomware attack would look
like. Attacks were predictable
in terms of mode and
remediation, with the type of
malware typically indicating
how the attacker got in.
Attackers maintained open
lines of communication and
consistently provided means
to restore data upon payment,
with some even offering
complimentary technical
assistance if decryption issues
existed.
TARGETTING
While these types of attacks
still occur, many have shifted
to sophisticated, stealthy
and targeted attacks, said
Mr Hess.
“For these types of attacks,
overall business impact is
increasing significantly.
Repeat targeting occurs more
frequently and managed IT
services provider attacks are
affecting more companies
simultaneously,” he explained.
Random ransom attacks
are more easily dealt with
and result in smaller ransom
demands, have a limited
surface area, rely on easy
predictable attack vectors and
do not carry secondary threats.
Targeted ransomware attacks
on specific, usually large,
companies can see ransom
payments hit seven figures,
cover a large surface area, use
dynamic, sophisticated and
stealthy attack vectors, and
come with secondary threats,
said Mr Hess.
Such attacks now account
for more than half of those
perpetrated, continued the
expert. Companies under
these attacks can expect
systems to be down for one to
three weeks, which can cause
huge business interruption, he
added.
The ransoms are getting
bigger simply because of
economic factors, continued
Mr Hess.
“It is much harder to
carry out ransomware attacks
in general. Companies have
better security in place and
it is harder to scan the whole
internet to target 300,000
companies for £1,000 each.
So, with attackers now
more often going after one
highly protected targeted
client, it requires more work
and they therefore demand
higher ransoms. Things are
economically driven,” he
added.
Mr Hess said there are
key response factors that help
companies to mitigate these
attacks. They need a good
and well-tested response plan
built into their organisational
culture, and the same goes for
a backup strategy. Companies
also need to be ready to
negotiate a ransom and have
a payment strategy. Having
advisers with experience of
responding to these attacks is
also key, added Mr Hess.
PAYING UP?
And of course, the big
question is: should you pay
the ransom? Mr Hess said
there are some important
factors to consider.
These include whether it is
legal to pay the ransom, other
legal and regulatory concerns,
and the business impact of not
paying. Other things worth
thinking about are technical
factors, such as the speed of
restoration after paying the
ransom and the likelihood of
decryption succeeding.
Mr Hess said one
consideration for companies
thinking of paying up is
that it can still take as long
to get everything back up
and running once you have
the encryption key, as if you
try and solve the problem
yourself.
He told delegates that
the type of attacker should
determine how a company
handles any ransomware
negotiation. Some attackers
will negotiate in good faith,
whereas with others you
think you have completed
the negotiation, pay for a key
and they then demand further
money, he explained.
“Knowing how an
attacker is going to act one
way or another really defines
the negotiation,” said Mr
Hess.
He added that as
companies move up in size
and targeted attacks come
into play, firms such as his are
used in different ways.
“Whether you pay or
Sophisticated ransomware attacks on the rise
12-CRE-Y10-07-Cyber.indd 14 11/11/2019 16:55

Cyber
conference
SUPPORTED BY PARTNERS
The supply chain risk environment is dynamic and continually
evolving. Risks are increasingly being highlighted in companies’
publicly-filed financial statements and as supply chains become more
strategic, disruptions are turning into c-suite issues.
Each year brings new challenges for companies, with different threats,
unexpected events and unpredictable consequences because of the
increased interconnectivity of the world we live in.
This year, we’re seeing heightened political tensions drive further
issues within supply chains, in addition to climate change, product
recall risk and the impact of the blow of the double-edged sword that
is technology.
There is a growing awareness of the importance of supply chain risk
and the need for it to be properly identified, managed and – when
and where possible – transferred in a structured and professional
manner. But as our world becomes ever more interconnected this is a
work in progress that needs to be stepped up.
Join a group of leading supply chain experts and an audience of
procurement, business continuity and risk professionals to discuss
the threats and opportunities presented by an interconnected
landscape in a series of presentations, case-studies and workshops
at this one-day conference in London.
An interconnected response to an interconnected supply chain
Date: 25 November 2019
Venue: etc venues Fenchurch Place, London
Supply Chain Risk Management Conference
Topics to include:
BCI Supply Chain Resilience Report and Survey 2019
This annual Business Continuity Institute study is an influential industry
resource which tracks the origins, causes and consequences of supply
chain disruption across industry sectors and regions worldwide. It also
benchmarks business continuity (BC) arrangements in place – including
the uptake of insurance – in different organisations which build supply
chain resilience.
How technology is changing the way we can predict and monitor
supply chain risks
Technology is arguably the biggest enabler of them all. How do Google,
Amazon and other similar companies use technology and data to know
what we want before we do and how could the harnessing of predictive
data help to identify future unknown emerging risks in the supply chain?
The factors driving modern-day supply chain complexities
The world in which businesses operate in is constantly evolving and
brings with it new risks, amplifying old ones and changing the impact of
those businesses believed they were familiar with. This session will be an
assessment of the key factors which are most likely to disrupt the supply
chain in the coming months.
Case study interview: Automotive sector - product recall
The conversation will cover real life experiences around product recall
and associated supply chain risks from arguably one of the most extreme
industries reliant on an efficient supply chain network, with practical
takeaways.
Workshops: Cyber risk audit in the supply chain, Bribery and corruption,
The impact of political risk
Case study interview: Pharma sector - Reputational risk
Q&A on the topic of reputational risk and how to preserve and enhance a
company’s reputation with an ERM programme.
Panel discussion: The evolution of insurance cover for an ever-
changing risk
According to the BCI’s Supply Chain Resilience Report & Survey 2018 only
53% of financial losses experienced as a result of supply chain disruption
were insured, leaving a significant uninsured gap. In this session we explore
some core questions with a panel of leading insurers and brokers.
Workshops: Environmental liability in the supply chain, Business continuity
planning, Risk modelling
Case study interview: Product Recall
A Q&A discussion looking at some of the major product recall incidents
and the role of insurers in working with corporates to manage these
incidents.
https://www.commercialriskonline.com/event/supply-chain-risk-management-2019
Registration is FREE for risk managers
All other delegates £400 + VAT (early booking rate)
LAST CHANCE TO BOOK
YOUR SPACE !
don’t pay, we are being called
in to help the restoration
process. Larger, more
sophisticated companies
tend to have a pretty good
approach but might need
extra advice. For example,
sometimes it is cheaper
and quicker to bring in
more people to assist or to
purchase additional hardware
than suffer the business
interruption or ransom.
That is advice that we can
give people through our
experience in dealing with
these attacks,” continued
Mr Hess.
Fellow panellist Laetitia
Fouquet, global head of
Charles Taylor Adjusting’s
cyber practice, agreed with
Mr Hess that ransomware
attacks are getting more
sophisticated, are increasingly
perpetrated by well organised
actors and often hide
other problems caused by
cybercriminals.
“We see a lot more
targeted attacks that are
very sophisticated and much
more difficult to eradicate.
We also see ransomware as
the last action after criminals
have spent months and
months of reconnaissance in a
company’s system to find the
critical piece of data that the
company needs and wants. So,
often there are other problems
beyond the ransomware,” she
said.
BIFURCATION
Marek Stanislawski,
deputy global head of cyber
and tech PI at Allianz Global
Corporate & Specialty, told
a similar story.
“We are seeing a clear
bifurcation of attacks
between bottom feeders
that are very opportunistic
and unsophisticated with
small ransoms, and then
super-sophisticated attackers
who target your company
specifically to either take out
critical business infrastructure,
or use ransomware as a
smoke screen for what they
are actually doing. We have
recently seen an event where
a hospitality reservation
system was being held by
ransomware, but it turned
out their entire data had been
stolen,” he said.
Mr Stanislawski added
that companies are offering
corporates improved pre-
and post-breach services,
so ransomware and wider
cyber risks are being better
mitigated.
“But things are difficult
because we are dealing
with super-sophisticated
people with a return-on-
investment mentality,” said
Mr Stanislawski, who advised
risk managers to put in place
separate response plans for
ransomware and general
cyberattacks.
Michael Park, head
of cyber claims at Chubb
Overseas General, told the
gathered risk managers that
is it critical to think about the
local regulatory environment
before responding to a
ransomware attack.
“Taking it back to basics,
the questions are: is there
a desire to pay the ransom
and is it legal to pay the
ransom in that country?
Things to think about are
anti-terrorism funding and
money-laundering rules that
might apply. These things do
vary from country to country,”
he advised.
Mr Park also said it is
important for companies to
properly document steps
taken to attempt to identify
attackers if they are going to
pay a ransom. They can then
show this to regulators and
demonstrate they are not in
breach of applicable rules and
regulations. “This is where
IT forensic support is very
important,” said Mr Park.
NOTIFICATIONS
Adding: “There can also be
secondary issues to consider
if your system has been
infiltrated. Are there data
breaches? Are there GDPR
issues? Are there requirements
to notify?”
He said it is extremely
important for risk managers to
notify their broker and insurer
immediately if they uncover
a ransomware attack. “They
need to know straightaway
and it is key to getting the
right legal and other advice
when it matters. Your carrier
will be able to connect you
with cyber experts and ransom
negotiators,” said Mr Park.
12-CRE-Y10-07-Cyber.indd 15 11/11/2019 16:55

Airmic
ERM
Forum
UK risk management association Airmic held its fourth ERM Forum in London last month.
Over the following pages, we cover some of the most interesting sessions and news from the hugely popular event
Do you, as a risk manager, know the
key thing you are trying to protect?
AIRMIC ERM
Ben Norris
bnorris@commercialriskeurope.com
@COMRISKONLINE
A
S THE WORLD BECOMES MORE
complex and change speeds up, risk
managers will increasingly need to
ensure their organisations are agile and they
play their part in strategic decisions. This will
mean big trade-offs and leaving some risks
relatively unprotected, James Arroyo, director
of the Ditchley Foundation, told delegates
at the recent Airmic ERM Forum. Most
importantly of all, it will require risk managers
to understand what they are really trying to
protect – and it’s not money.
NEW RISK DRIVERS
Sometimes something does exactly what it
says on the tin, and in the case of Mr Arroyo’s
presentation, entitled An agile response to risk:
How geopolitics and technology are colliding to drive
change and shape risk, this is certainly true.
After laying out key issues to watch as
geopolitical tensions mount and technology
marches forever on, Mr Arroyo had a relatively
simple but important message for risk
managers.
“The changes demand an agile response
to risk,” he began. “An agile response to risk
has to mean really big trade-offs. What are
you going to leave relatively unprotected and
what are you going to double down on? How
are you going to advise your companies about
where they should spend money? Where
should you accept inefficiency in order to
mitigate against life-threatening risks?” added
Mr Arroyo, director at the foundation, which
aims to renew democratic societies, states,
markets and alliances.
But you cannot deliver this agility, or make
a strategic contribution to risk management,
unless you know the “real thing” that your
organisation needs to protect, he continued.
“There are two ways a company can die,
either by running out of money or losing a
sense of purpose and knowing what makes the
company different from competitors, what you
are really trying to achieve and what you really
believe. If you think about these questions.
it will help you in risk management and is a
good path to being a strategic player in the
senior team. What are you really trying to
protect? What is our actual risk here? You will
be surprised at how many people will struggle
to answer this in many companies,” he told risk
managers gathered in London, adding that the
answer is never, primarily, money.
The former chief digital and data officer
for British foreign policy and national security
made these comments after delivering a speech
on some of the big changes facing society and
business.
Mr Arroyo said we are in an exponential
moment, with technology breakthroughs
piling up and combining in interesting ways
to accelerate change. This has big upsides,
but when timescales are shortened, risks can
accumulate and speed up, he warned.
Mr Arroyo explained that although
we remain a long way from full artificial
intelligence (AI), the technology will take hold
across entire sectors, bringing uncertainty for
individuals as jobs are automated. This will
throw up the big questions of what and why
that are such a key part of the human psyche,
he warned.
UNKNOWN UNKNOWNS
“This area is opening up huge possibility, but
also significant risk in terms of people and
in terms of adoption of new processes. There
will be unintended consequences, unforeseen
complications as these innovations are rolled
out and pushed by economics. So, don’t believe
the hype about AI – it is still very narrow and
limited. But its impact on all of our worlds
is going to be real and I think unstoppable
because economics are going to drive it at such
a pace,” said the expert.
He also warned that quantum computers
could change everything, noting, for example,
that algorithms are already written to decrypt
all data currently encrypted. They are just
waiting until a computer with enough power is
developed.
Mr Arroyo went on to warn that we are
“There are two ways a company can
die, either by running out of money
or losing a sense of purpose...”
Wh
and
the
MAXIS GB
The Monu
m
16-CRE-Y10-07-Airmic-ERM.indd 16 11/11/2019 16:53

Airmic
ERM
Forum
shifting into a period of “real geopolitical
tension”. He said the consequences of a
“flare-up” involving North Korea would have
repercussions for the global supply chain and
are the “wildcard” geopolitical risks that no one
has an easy answer to.
He added that Russia is willing to sacrifice
economic power for influence on the world
stage through spoiling capabilities, and is
causing big risks.
“Russia has strategic weaponry and
a tactical policy to keep Russia in the news
and at the great table as a force in world affairs,
and it is not going to stop. As we all know,
Russia is the greatest exponent so far of hybrid
warfare – undeclared warfare combined with
information operations to try and influence
elections, combined with cyberattacks.
They are trying to develop a mastery of these
new tools and are willing to use them.
They are doing that in close coordination
with the criminal sector so there is an element
of deniability,” explained Mr Arroyo.
He added that, again, no one has an
answer to this problem, and there are clear
repercussions for corporates and risk managers.
But Mr Arroyo described the US-China
trade war as the “big” geopolitical risk, and
said we are entering a “tactical moment in
the great battle” between the established and
emerging superpower.
He noted that the latter’s ‘Made in China
2025’ strategy is extremely impressive and a
determined attempt to seize control of future
technologies.
“Massive government investment and
direction of the military industrial complex
of the 1960s and 1970s into the silicon valley
and the internet have laid the foundations
for modern American power. China is
determined to do that on technologies of the
future. So, it is making massive investment
in digital technology, massive investment
in bioengineering and huge infrastructure
investment, with a big focus on education…
and why shouldn’t they do that? It is the
obvious thing to do and they are making huge
strides,” said the speaker.
Mr Arroyo believes there will be a solution
to the trade war, with Trump declaring victory
before the 2020 US election, but said the
bigger battle for supremacy is new and will see
a lot of changes for western companies.
“The world is no longer going to tilt
towards us quite so clearly. The concept of a
multinational is going to come under a bit
of strain as these powers pull apart. It won’t
necessarily be comfortable,” he said.
Adding: “For people looking at risk,
particularly people risk, that will be a factor.
How do you manage your relationship with
a multinational workforce in a world being
increasingly pulled in different directions, with
rival models of how you run a country and
economy that are also entwined? This is going
to make risk managers lives interesting.”
Whatever your risk concerns, we can help. From local to global,
and from small to large – we can work with you to help you find
the right risk solution. We don’t only look after the big guys.
MAXIS GBN, authorised by l’Organisme pour le Registre des Intermediares en Asssurance (O.R.I.A.S). Registered address and principal place of business: 1st Floor,
The Monument Building, 11 Monument Street, London, EC3R 8AF. Establishment number n°BR018216, with its intra-community UK VAT number: 243 6842 96.
maxis-gbn.com

Airmic
ERM
Forum
Businesses struggling to meet growing
supply chain exposures: Airmic report
SUPPLY CHAIN
Ben Norris
A
NEW REPORT BY
Airmic warns that
supply chains are under
growing strain, with business-
es struggling to manage the
new exposures. Published at
Airmic’s fourth ERM Forum in
London, it provides risk man-
agers with practical guidance
on how to inject resilience into
entire supply networks.
The Complex Supply Chains
in a Complex World report says
that “a potent” combination of
geopolitical tensions, climate
volatility and technological
dependencies is putting global
supply chains under more
strain than ever before.
BLIND EYE
It warns that a desire for low-
cost networks has led some
businesses to turn a blind eye
to, or miss, the concentration
of risk that may be building in
their supply chain. This could
result in a catastrophic event
that brings operations grinding
to a halt and inflict significant
reputational damage, the
report adds.
It says that with supply
chains becoming increasingly
complex and opaque, many
companies are struggling to
fully map their exposure, with
more than half of businesses
failing to have visibility beyond
their tier one, direct suppliers.
The report – produced
with AIR Worldwide,
Gallagher, HDI, Lloyd’s and
Sedgwick – flags recent trends
putting greater pressure on
supply chains, including
the rise of nationalism.
Increasingly protectionist
policies and Britain’s departure
from the European Union are
threatening to roll back free
trade, global supply networks
and cross-border relationships,
the report states.
Another trend is the
volatile and more extreme
climate, which is exposing
the high volume of stock
and supply routes that reside
in areas at risk of natural
disasters, it adds.
A third problem for
supply chains is an increasing
reliance on technology.
Connected devices and
automated production lines
have transformed supply chain
risk profiles in recent year, the
report notes. This is leaving
businesses vulnerable to an
IT outage, cloud disruption
or cyberattack, either on their
own business or on one of their
suppliers, it adds.
KEY TAKEAWAYS
The report lists key takeaways
for risk managers to help
them better manage their
supply chains:
u Collaborate across functions
to gain full transparency of
the organisation’s supply
chain
u Build a robust governance
structure providing
oversight of the full supply
chain
u Identify suppliers and
understand their risk profile
u Create agility by avoiding
single-source suppliers and
have pre-approved backups
ready to step in where
necessary
u Educate brokers and
insurance partners on the
total supply chain risk
exposure
u Review insurance contracts
to identify coverage and
overlaps
u Continuously scan the
horizon to ensure emerging
supply chain risks are
identified and embraced as
part of the organisation’s
overall system for managing
risk
u Integrate supply chain
management as part of the
organisation’s framework
for business continuity and
crisis management.
The report was released
alongside a new quantitative
modelling framework from
AIR Worldwide and Lloyd’s,
designed to help risk managers
and insurers better get to grips
with supply chain risk (see story
on page 25).
Airmic to launch online mentoring scheme amid several education initiatives
MENTORING
Ben Norris
@COMRISKONLINE
AIRMIC WILL LAUNCH AN ONLINE
mentoring programme for members
next year, as part of a series of initiatives
to help prepare them for the modern
world of risk and boost career prospects.
The UK risk management
association announced the scheme
at its ERM Forum, alongside a
planned competency guide to support
members along their career path
and news of a revamped Association
in Risk Management (ARM) from
The Institutes, for which Airmic is
considering offering classroom teaching
to help members obtain the qualification.
Julia Graham, Airmic’s technical
director and deputy CEO, told delegates
that the online mentoring programme
will launch in the new year and be
available as a member benefit.
“The software we have chosen is well
known and used by organisations that
we know and respect. It is a very well-
established solution. So, we are thrilled
to be launching that,” she said.
In addition, Ms Graham explained
that Airmic has produced a draft
competency guide and framework for
members to help complement their
studies and career progression. The
association plans to publish the final
version next year after consultation with
its risk management steering group.
The document brings together
the Airmic professional journey and
competencies needed to fulfil that
journey, said Ms Graham.
“We have tried to produce
something that is simple, which you
can use when talking to teams or other
people in your organisation to explain
what this framework looks like. The
document then goes on to talk about
the issues in greater detail and links it to
the professional journey. It has capability
levels so you can assess what stage you
are at, benchmarking yourself against
where you are in your career against
other people and, very importantly,
where you would like to go next,”
she added.
Ms Graham explained that the
proposed framework is based around
three areas: core capabilities – what you
must know; technical competencies –
what you do; and behaviours – who you
are and what you believe in.
Airmic also announced that it may
offer classroom-based learning to support
The Institutes’ ARM, which was updated
at the beginning of last month.
“We are considering offering
classroom-based learning to support the
new programme, to accelerate people
through the programme over a period
of a number of months, supplemented
by revision and then exam preparation.
We think that with about nine classroom
sessions, we can accelerate people
through the programme and get them
qualified in about nine months. There
are ongoing discussions on that,”
said Ms Graham.
Stephen Anderson, head of business
development at The Institutes, was at
the forum and explained to delegates
that the new ARM was launched after
a year in the making. The new online
programme better reflects how people
want to learn and receive information,
he said. It updates the well-established
programme from the US-based global
education provider.
Mr Anderson explained that the new
ARM is less US-centric and more focused
on risk management rather than just
insurance. “I am excited to see the new
way we are delivering the programme,”
he said.
More than 35,000 people hold the
ARM designation around the world and
Airmic members get a 20% discount on
the course.

Your business may face cyber threats. It takes a partner at the forefront of
the cyber curve to help you prepare, respond and recover from the attacks.
AIG can guide you through this ever-evolving, 24/7 world. A world that never
sleeps. So, we’re always on.
Learn more at AIG.com/cyberedge
American International Group UK Limited is registered in England: company number 10737370. Registered address: The AIG Building, 58 Fenchurch Street, London EC3M 4AB. American International Group UK Limited
is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (FRN number 781109). This information can be checked by visiting the FS Register
(www.fca.org.uk/register).
AIG Europe S.A. is an insurance undertaking with R.C.S. Luxembourg number B 218806. AIG Europe S.A. has its head office at 35D Avenue John F. Kennedy, L-1855, Luxembourg. AIG Europe S.A. is authorised by the
Luxembourg Ministère des Finances and supervised by the Commissariat aux Assurances 7, boulevard Joseph II, L-1840 Luxembourg, GD de Luxembourg, Tel.: (+352) 22 69 11 - 1, caa@caa.lu, www.caa.lu/.
19-CRE-Y10-07-FPA-AIG.indd 19 11/11/2019 12:20

European
Risk Frontiers
SPAIN
The Spanish leg of our Risk Frontiers Europe survey delivered some intriguing insight into
the state of the commercial insurance market, areas of concern for insurance buyers and
the future direction of the risk management profession. Rodrigo Amaral reports
Spain
EUROPEAN RISK
FRONTIERS: SPAIN
| @COMRISKONLINE
Rodrigo Amaral
ramaral@commercialriskonline.com
Spanish insurance buyers face tougher
conditions and fear capacity shortfall
Insurers urged
not to overreact
S
PANISH COMPANIES FACE HIGHER
prices and tougher conditions when
renewing some of their insurance
programmes, with concerns over a
capacity shortage in certain areas, according risk
and insurance managers taking part in part our
Risk Frontiers Europe survey.
They pointed out that insurance prices have
gone up recently in lines such as property,
directors and officers (D&O) and professional
and indemnity (P&I). But they added that the
hard market has not been felt across all areas.
More worrying is the fact that the insurance
market seems to be withdrawing capacity for
some risks, warned Lourdes Freiria, director of
risk and insurance at construction firm Grupo
San José.
“More than a price issue, which also exists, the
biggest problem, which can be very negative and
dangerous, is the lack of answers to the transfer
of some risks that, until today, presented no
placement challenges,” she said.
Adding: “There is no doubt that there has
been a significant change in the insurance
market’s perception of companies’ needs. What
concerns me the most is a change of risk appetite
among many insurers for some specific sectors
or special projects… I believe we are seeing a
change in internal underwriting policies at some
insurers, depending on the risk and the risk
appetite that they have at a particular moment,”
she told CRE.
Ms Freiria warned that the scarcity of some
essential coverages could have wider effects than
depriving businesses of insurance protection,
and undo some of the good work to promote the
benefits of risk management.
“I sincerely fear that all the progress we
have made in terms of helping companies to
value insurance, and to see how relevant risk
management is, could be hampered if hardening
implies sending a message that the market
refuses to provide solutions, thus preventing
certain deals to be closed, or denying coverages
for risks that risk managers need to solve and
cannot be tackled otherwise,” she said.
Esperanza Pereira, head of risk management
and insurance at airport group AENA, said the
hard market is here and she expects it to stay.
“We believe that in the next few years we will
see a period of hard market… We have enjoyed
a soft market for almost ten years and we have
always expected it to change at any moment.
We have noticed it in the past year,” she said.
Ms Pereira said market concentration caused
by mergers and acquisitions is making matters
worse and adding to a loss of capacity (see story
on page 21), but it is not the only cause of such
problems for buyers.
PORTFOLIO CHANGE
“We have noticed that companies are ceasing to
underwrite certain risks. Those that stay in the
market are doing a comprehensive analysis of
their portfolio of clients, with the goal of getting
rid of accounts that are not profitable – and
that sometimes generate a loss of coverages –
complicating the renewal process,” she said.
Augusto Pérez Arbizu, director of risk and
insurance at telecoms group Telefónica, stressed
that hard conditions have not spread through all
the insurance market and warned underwriters
not to overreact to the new environment.
“There has been a change of tendency,
although the situation is not the same for all
insurance lines. I will not mind if hardening
lasts some more time, but I would expect it
to remain within reasonable limits,” he said.
“Market cycles exist and I will not blame
insurers for a hardening period. There are factors
that can justify it, such as natural catastrophes or
high litigation levels. But the market must not
overreact,” he added.
Mr Pérez urged insurers not to withdraw
capacity from particular lines without very
good reason.
Juan Carlos Porcel, president of Spanish risk
management association Agers and head of risk
and insurance at ArcelorMittal España, also sees
signs of a hard market.
“We understand that significant rate increases
are likely to take place in lines such as property,
business interruption and motor fleet, with a
more moderate trend affecting other coverages,
depending on the client’s risk profile and the
preventative measures they have implemented,”
he said.
“We also expect it to be a cyclical situation,
although it will depend on some variables that
are out of the market’s direct influence, such as
natural catastrophes,” he added.
“The hard market has arrived for D&O, P&I,
all-risks construction and some property lines,”
said Daniel San Millán, president of Spain’s other
risk management association Igrea and corporate
risk manager at Ferrovial.
Although he is not yet sure if the market cycle
has changed overall, he warned there could be
“significant and tough adjustments” in certain
lines and regions such as the US and Australia.
Mr San Millán said brokers and insurers
cannot simply send a message that rates will go
up. “They have to work together to make sure
that risks that are traditionally insurable do not
become, in practice, uninsurable from now on,”
he said.
David González, corporate director of
insurance at construction group Sacyr, does
not believe that a truly hard market has yet
arrived for Spanish firms. “But it is true that
underwriters are holding capacity in some lines,
such as property in markets where insurers are
directly exposed to catastrophic risks, which
Lourdes Freiria
CONTINUED ON NEXT PAGE
20-CRE-Y10-07-ERF-Spain.indd 20 11/11/2019 16:53

European
Risk Frontiers
SPAIN
Building the future of the modern world
Construction Risk Management CONFERENCE SAVE
THE DATE!
27-28 FEBRUARY 2020 – ETC VENUES ST PAULS, LONDON
DAY ONE:
Building the future of the modern world, identifying protection gaps
and seeking out opportunity
This session will identify where the protection gaps will lie and what the
challenges and opportunities will be for both the sector and insurance
industry.
Panel discussion: Identifying, managing and mitigating risk factors in
modern construction
This discussion will take a deep dive into some of the factors dominating
the risk agenda for the construction industry, including: What are
these risk factors? How is technology changing the risk landscape in
construction? How is increased interconnectivity of risk disrupting the
supply chain? Are the construction and engineering industries factoring
in non-tangible risks such as reputation and unforeseen business
interruption in their risk management strategies?
Panel discussion: Insurance market outlook: the changing face of risk
transfer solutions
After more than a decade of softening, the construction insurance market
has made a hard turn, with challenging market conditions dominating
much of the conversation. This discussion will move this conversation
forward to ensure carriers, brokers and the insureds are on the same page
when it comes to risk transfer solutions.
Breakout sessions - The risk management track
1) Tunnel/Underground risk 2) Highrise risk
Breakout sessions - The insurance track
1) The use of captives and other alternative risk transfer solutions
2) Underwriting submissions for CAR - how to present your risk
The inconvenient truth - construction and climate change
The construction industry has one of the largest carbon footprints and
pressure is mounting for this to change. How can insurers help promote
a better culture around risk management and the effect of climate
change?
Panel discussion: Supply chain risk and business continuity
planning in construction - Case study: Carillion and Interserve
In the immediate aftermath of Carillion going into liquidation
a number of suppliers that had significant revenues tied up in
contracts with Carillion, or which worked almost exclusively for the
construction giant, also filed for insolvency, directly citing Carillion’s
demise as the cause of their failure.
Case study presentation & panel discussion: Major infrastructure
projects and lessons learned
Case study: Hydro projects
DAY TWO:
Presentation & panel discussion: The new age of engineering and
construction technology
Breakout sessions - The risk management track
1) Petrochemical 2) Water damage
Breakout sessions - The insurance track
1) Inherent defects liability - the unknown unknown
2) US, UK and EU - summary of key nuances in construction
coverage
Presentation & panel discussion: Low frequency/high severity -
lessons from claims and losses
Claims management is a critical element of any insurance
programme, particularly in large and complex construction projects
that typically involve many parties and potential areas of dispute.
This session will help risk managers identify the major potential
dispute areas.
The construction industry plays an integral role in building the future of the modern world amidst many challenges.
Increasingly complex projects, skills shortages and profitability concerns, mixed with the rapid pace of technology
development, are collectively concocting an increasingly risky operating environment for all players.
While the pace of global construction looks set to grow, what has become evident following several large loss events
in 2018 and a bumpy start to 2019, is that the losses are bigger, the tail is longer, the fallout is messier and the recovery,
more complex.
Risk prevention, management and mitigation in the construction industry has never been more important. It is against
this backdrop we set this year’s Construction Risk Management conference, to encourage better and more
transparent communication between the sector and the insurance industry which plays a valuable role in all of this.
Register now to secure your space.
SUPPORTED BY HEADLINE PARTNER
https://www.commercialriskonline.com/event/construction-risk-2020/
PARTNERS
is not the case for Spain,
and also on P&I and D&O.
It affects prices, although
it is not something that is
happening across the board,”
he said.
One risk manager at a
multinational group, who
asked not to be named, said
price increases have been
signalled in property lines but
not in a way that could be
characterised as an ongoing
hard market. She also said
her company has seen slight
increases in lines like cyber
insurance and D&O.
So, while there is some
disagreement as to the extent
of market hardening,
nobody denied the soft
market is over. This raises
the question of how buyers
and their brokers can secure
favourable deals in conditions
many have not operated
in before.
“The environment that
we are beginning to face is
different from anything that
many risk managers and
brokers have lived through
before. Because of that, we
have work to do to avoid
situations that could be very
negative,” said Ms Freiria,
who suggested everyone starts
early on their next renewal.
“Companies need to
react to changing market
conditions with new strategies
and by selling their risk
management practices in a
more emphatic way, so that
the market does not put
everybody in the same bag.
And everybody should be
ready to retain more risks,”
said Mr San Millán.
“If the market gets harder,
each company will have to
compete with other sellers of
risks,” Mr González added.
“I need to do my homework,
so that underwriters choose
my company, and not others,
when allocating their capital.
Companies need to know
where they are, what they
have and how attractive their
risks are,” he said.
CONTINUED FROM PREVIOUS PAGE
The Uninsurables
Spanish risk managers have growing concerns
that too many mergers and acquisitions (M&A),
combined with hardening market conditions, might
limit choice and make some risks uninsurable.
Those taking part in our Risk Frontiers Europe
survey are worried that the insurance market is
withdrawing capacity from some lines of business
(see story on page 26) and fear that the growing
number of M&As could be fuelling this trend.
“The M&A trend is certainly worrying. It affects
capacity and the offer of insurance. It does not
look like an advantage for buyers,” said Daniel San
Millán, president of Spanish risk management
association Igrea and corporate risk manager
at Ferrovial. “Some coverages are turning into
something similar to an aching tooth, like D&O
with US exposure or P&I,” he added.
Mr San Millán said one problem area in
the construction market is cover for liquidated
damages. “There is no solution for it in the market
and it is a real pain,” he said.
“For a while now, liquidated damages
coverages have disappeared,” agreed David
González, corporate insurance manager at fellow
construction group Sacyr. “It was an interesting
coverage that maybe has not triggered much
interest in the market and, as a result, capacities
have been withdrawn. But I miss it,” he explained.
Other problematic areas exist and are affecting
a wide range of companies.
“It is hard to find coverages for economic
losses not linked to physical damages… CBI
coverages do exist but they have a limited range,”
said Mr González.
He pointed out that recent insurance M&A
activity is a double-edged sword for risk managers.
“On the one hand, M&A deals often build
companies that are more efficient, but they also
limit capacity in the market,” Mr González said.
20-CRE-Y10-07-ERF-Spain.indd 21 11/11/2019 16:53

BCI Survey Finds Mixed Progress and Challenges in Supply Chain Risk Management

BCI Survey Finds Mixed Progress and Challenges in Supply Chain Risk Management

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (18)

Ähnlich wie BCI Survey Finds Mixed Progress and Challenges in Supply Chain Risk Management

Ähnlich wie BCI Survey Finds Mixed Progress and Challenges in Supply Chain Risk Management (20)

Mehr von Morgan Jones

Mehr von Morgan Jones (7)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

BCI Survey Finds Mixed Progress and Challenges in Supply Chain Risk Management