Cyber incidents in mining a complex topic for risk managers, mining product development has not kept pace with needs: Munich Re

SAN DIEGO – It is important for risk managers in the mining sector to understand the most critical scenarios for their companies and to analyze the true impacts of cyber incidents, suggests Günter Becker, head of mining for Munich Re.

“The problem for risk managers is the ability to get their arms around such a complex topic that concerns many stakeholders and touches numerous corners of their organization,” Becker told Canadian Underwriter in advance of the 2016 RIMS Conference & Exhibition in San Diego.

“The overarching measure in this challenging time is cost cutting,” he points out. To maintain the integrity of operations, one possible scenario is for companies to have a “sustaining capex” budget (in pressure times, this budget is usually the first one reduced), but Becker regards this as “a very shortsighted measure.”

A second option, he says, is to strive for “Mining 4.0,” meaning introducing the state-of-the-art technology to help reduce losses and associated costs. But he cautions that with those positives emerges “new exposures” such as cyber risks.

“Cyber crime is a very real risk in the mining sector where processes and machines are increasingly being networked,” Becker told Canadian Underwriter.

Citing Australia as an example, he says the country already has fully automated mines in which heavy-duty trucks, conveyor systems and trains are managed by remote control from thousands of miles away, drilling equipment is automated, heavy-duty trucks and trains running from the mine to the port operate without a driver, and grinding mills are increasingly controlled and serviced by manufacturers in other countries via the Internet.

“Each additional interface gives rise to a potential new risk from the web,” Becker cautions. Add to that that loss of revenue as a result of business interruption is only covered if triggered by an insured property damage loss, he says.

“If a remote-controlled train derails or a heavy-duty truck falls down an embankment due to data interference, the resultant loss of revenue would be covered,” Becker says. “But if the very same train, heavy-duty truck or grinding mill just stalls, due to data manipulation, and not creating property damage, the resulting loss of revenue would be called ‘Non Damage Business Interruption’ and is not recoverable under traditional property policies.”

Asked if current pressures are having any influence on insurance uptake, Becker says that based on the potential risks, “one would think that cyber risks and the like should be of growing concern, but that’s not the reality.”

He cautions that “financial constraints of mining companies are fierce and may be so small that even traditional property damage and business interruption covers may not be to an appropriate level.”

There is a need for mining-specific policies, Becker contends, although insurers traditionally have not dedicated a specific line of business to mining, whose risks come with their own set of special challenges.

Instead, insurance policies for mining risks have been derived from policy forms for “ordinary” property risks in other industries, with mining-specific addenda endorsed to provide for more, or less, clarity. “Product development has clearly failed to hold pace with the needs and risks of this booming industry,” he says.

Critical cyber scenarios and their impacts differ from company to company, Becker points out, “and can have major implications on balance sheets and financing capabilities, through to dealing with regulators and rating agencies.”

That being the case, it is important for mining companies to work with insurers to “understand their most critical cyber risk scenarios and to develop a bespoke policy with coverages and limits tailored towards their specific needs,” he says.

The Mining Insurance Group (MIG) – an unincorporated association formed in early 2014 and whose membership includes insurers, reinsurers, insurance buyers, brokers, risk managers and service providers – is working toward improving co-operation among mining companies, insurance carriers and other stakeholders, Becker notes.

The MIG has already achieved its goal to standardize claims handling and is scheduled to release standard wording for policies Apr. 12, he told Canadian Underwriter. MIG’s Annual General Meeting is set to take place Tuesday morning in San Diego, notes a posting on the group’s website.

Beyond cyber, other major mining risks are linked to the basic mining principle of “dealing with mother nature,” Becker says, including explosions due to firedamp and climatic conditions, something Canadian miners are facing, at site locations (from arctic to deserts, seas and high altitude), which are very often remote.

And while the machinery employed to dig can pose rather conventional risks, such as fire, hydraulic fires and collisions, says Becker, he adds that “they can easily have a major impact.”

More coverage of RIMS 2016 Annual Conference & Exhibition in San Diego

San Diego schools, students beneficiaries of 2016 RIMS Community Service Day

New mobile app from Zurich to help companies assess, manage risk

Forecasting emerging risks expected to get tougher: Marsh/RIMS report

First open source cyber scenario released by AIR Worldwide during RIMS 2016

Risk professionals must look forward to what can be done with 3D printing to get fix on related risks, RIMS attendees hear

William McGannon, David Mikulina named to the Risk Management Hall of Fame