Terrorism/sabotage should be ranked higher, Aon’s underrated threat survey says

A new survey of captive directors – released Monday by Aon Risk Solutions at the RIMS 2014 Annual Conference & Exhibition in Denver – shows that as the Terrorism Risk Insurance Act (TRIA) expiration approaches, the majority of respondents agree terrorism should be ranked higher.

Aon Risk Solutions, the global risk management business of Aon plc, notes the findings, detailed in the 2014 Underrated Threats report, highlight concerns over the top 50 key risk ranking in Aon’s 2013 Global Risk Management Survey (GRMS).

More than half of respondents to underrated threat survey said a ranking of 46 was too low for terrorism risk, given the pending expiration of TRIA.

The web-based research with executive and non-executive directors of captive insurance companies that Aon manages provides respondent feedback on the rankings (some surprising) of various risks in the 2013 GRMS.

That survey gathered input from 1,415 respondents – including risk managers, chief financial officers and CEOs – from 70 countries and from companies of all sizes.

GRMS ranks the top 10 risk as follows:

• economic slowdown/slow recovery;
• regulatory/legislative changes;
• increasing competition;
• damage to reputation/brand;
• failure to attract or retain top talent;
• failure to innovate/meet customer needs;
• business interruption;
• commodity price risk;
• cash flow/liquidity risk; and
• political risk/uncertainties.

Terrorism/sabotage was ranked 46. “It is barely conceivable that a little over a decade after one of the most impactful risk events in recent world history, the ranking for terrorism is so low,” the report states. “The sad truth is that terrorism attacks are not confined to politically or economically unstable regions. They can happen anywhere, anytime and without reason, but their horrible commonality is that the results are almost always devastating.”

Asked if respondents are surprised terrorism/sabotage is ranked at 46, 52% said yes, absolutely; 40% said no, not really; and 7% were unsure.

Asked about revenue response, of the respondents citing the less than US$1 billion category, 63% said yes, absolutely, 8% said they were unsure, and 29% said no, not really. Of the respondents citing the more than US$1 billion category, 49% said yes, absolutely, 5% said they were unsure, and 46% said no, not really.

“In response to TRIA’s uncertain future, Aon has seen a 30% increase in purchasing within the standalone terrorism market,” Aaron Davis, managing director with Aon Risk Solutions’ property practice, says in a company statement.

“If it is not extended, the loss of direct access to TRIA will substantially reduce terrorism limits for U.S. assets. Additionally, the private market most likely will not have enough capacity to take on this added risk should TRIA not be renewed. Companies should be in a planning position right now to prepare for this possible outcome,” Davis cautions.

Aon research indicates that if TRIA is not renewed, many industries are at a high risk, namely health care, transportation, real estate and financial institutions.

As such, “preparing ahead of the expiration deadline becomes crucial for companies that may be facing several challenges at this renewal, such as the impact on embedded TRIA coverage, standalone terrorism pricing and TRIA captive placements,” Aon notes in the statement.

Of course, terrorism/sabotage was not the only issue on respondents’ threat radar. In all, 83% of respondents said they feel the GRMS’s 18 ranking for computer crimes/hacking/viruses/malicious codes was either severely or perhaps underrated (25% said yes, severely, and 58% said yes, perhaps). This finding remained consistent along regional and revenue breakouts.

“Successful businesses increasingly use technology to increase sales, maximize efficiency and reduce expenses. Evolving technologies such as cloud computing, social media, mobile devices and big data analytics have helped entities achieve profits and reach operational goals,” the report states.

“However, these same businesses face an increasingly diverse and sophisticated array of threats to the security of their information management systems. Cyber theft, fraud, sabotage, espionage and hacking (including from governments) are more frequent in the social media age and the associated costs with information security breaches are increasing for entities in every industry sector,” it adds.

Asked about revenue response, of those respondents citing the less than US$1 billion category, 33% said yes, severely, 58% said yes, perhaps, 4% said they were unsure and 4% said no. Of those falling respondents citing the more than US$1 billion category, 25% said yes, severely, 57% said yes, perhaps, 9% said they were unsure, and 9% said no.

Computer crime came after weather/natural disasters at 16 and property damage at 17, and slightly before a lack of technology/infrastructure to support business needs at 21, inadequate succession planning at 22, and failure of disaster recovery plan/business continuity plan at 23.

“In conducting this and other research, it has become clear that risks are growing in complexity, becoming increasingly interdependent and requiring more innovative and creative solutions,” Stephen Cross, chairman of Aon Global Risk Consulting, suggests in the company statement. “This constellation effect of, or interconnectivity between, risks might not always have been recognized by organizations, but could have a significant impact on their approach to risk management and overall business performance,” Cross cautions.

Overall, 76% of respondents cited a desire for the industry to become more creative, especially around increasingly complex risks exposures.

“Risk managers need to become more multi-dimensional about their understanding of risk, risk advisors must do a better job of educating and consulting with our clients on all aspects of risk and beyond the insurable risk, and insurance carriers need to be more flexible and creative in providing solutions around these complex exposures,” notes the report.

Six of the top 10 risks in the GRMS are uninsurable, three (damage to reputation/brand, cash flow/liquidity risk, and political risk/uncertainties) are partially insurable and just one (business interruption) is insurable.

On the positive side, 70% of all industry groups indicated a marginal or significant increase in additional spend/resources on programs in the last 12 months. This majority increase in spend/resources is consistent along defined regions and revenue lines.

The report suggests the increase with regard to both focus and spend may be the result of a combination of increasing pressure on companies’ Boards of Directors to maintain effective oversight of risk management discipline and results within their organizations, and a rising interest in risk management as a competitive advantage both in decision-making and event response.

Respondents overwhelmingly agree risks are becoming more interdependent. “In today’s globally interdependent environment, risks to businesses, no longer isolated by industry or geography, are becoming complex in nature and global in consequence,” the report states. “This interdependency between risks shows that organizations can no longer evaluate risk in isolation, but must consider their interconnectedness. Failu
re to do so could result in underestimating the impact of risks and misdirect a company’s risk management priorities.”

The RIMS 2014 Annual Conference & Exhibition runs from Apr. 27-30.