Firms have not done enough to protect their core assets, which go far beyond the bricks and mortar of factories and offices, UK risk managers have been warned
Aon Risk Services’ Michelle Mason pointed to intangible assets as a significant area where corporate governance is lagging.
“When you look at our business today, it’s driven by innovation,” she said, adding: “If businesses don’t innovate, they die.”
Yet our governance structures, particularly risk management, is still heavily focused on tangible assets,” she said.
“When you look at the S&P 500, more than 85% of its value is in intangible assets,” she said but the managing director noted that insurance spend on the minority of tangible assets was four times higher than on the intangibles.
The comments come amid mounting complaints that insurers are not doing enough to provide products that cover things like reputational risk and intellectual property theft.
But Mark Roberts, Chubb’s chief underwriting officer for property and casualty business, said “it shouldn’t be” impossible to insure against intangible risks such as threats to reputation.
But he said that would require firms to understand the exposures and put risk management in place around things like cyber risks, which can lead to serious reputational harm.
He classed reputational damage, business interruption from a cyber attack and intellectual property theft as “emerging risks” – because they push the bounds of a traditional insurance policy.
But the insurance market is facing heavy criticism from risk managers for failing to adequately cover those risks.
And Roberts painted a picture of a fractured insurance industry that is ill equipped to cover those emerging risks.
He did that by contrasting a traditional low-tech manufacturing business – shaping raw materials into an end product that is then sold to an end customer – with a company that did the same thing but with state-of-the-art technology.
He said using software to manage customer orders, production, maintenance and robots leaves a company more susceptible to malware attacks, which can cause everything from business interruption losses to product recall claims for faulty goods that make it to customers.
But at present, Roberts explained, that kind of loss would be covered under half-a-dozen policies forcing risk managers to submit six separate claims.
He said the damage and business interruption would likely be covered under the firm’s property policy, while a cyber cover may pay for the loss from the malware itself and casualty insurers would pick up the tab for recall.
The risk manager would probably also look to their professional indemnity carrier, directors’ and officers’ policy and any media insurance they may have to cover losses from reputational damage and the cost of undoing it, Roberts said.
“Those six policies are probably with six different carriers,” the executive said. “And with those six different policies are going to be six different levels of limit, terms and conditions, exclusions and definitions,” he explained.
“So, we’ve already got something that has the high probability to fall between the cracks of the ultimate solution that we want to offer to the insured here.”
But Airmic chief executive, John Ludlow, said the solution must go beyond just insurance, explaining that planning and looking out for early warnings was the key to mitigating risks to reputation.
Willis Towers Watson’s Nicolas Aubert agreed, saying: “There is a huge possibility to reduce the possible occurrence of a reputational risk.”
“Sometimes we too often focus on the reduction of the consequences of an event and don’t work enough early on the advisory side regarding preventing the occurrence of the event.”