Casualty Quarterly, Fall 2023

Cyber Risk Webinar Highlights Growing Risks to Commercial, Consumer Networks



Cyber criminals are increasingly jeopardizing the security of private companies as well as the public, raising the need to combat risks that threaten operations as well as financial stability as currency holdings continue to migrate into the digital realm and more people work from home.

In the Oct. 10 webinar “Navigating the Cyber Risk Landscape: New and Emerging Work,” members of the Committee on Cyber Risk detailed the current cyber threat landscape as well as the committee’s efforts to identify and explore features of sample cyber models available to address risk quantification in the cybersecurity market. Committee members Bobby Jaegers, Katie Koch, and Sam Tashima presented, and Chairperson Norman Niami moderated.

Recently released Cyber Risk Toolkit chapters address key cyber issues—the toolkit’s digital asset crime chapter came out in July, and pending upcoming chapters include personal cyber and a cyber vendor model comparison.

Key Highlights:

U.S. ransomware incidents hit an all-time high in 2023.
Cryptocurrency accounts held on decentralized platforms and protocols are increasingly vulnerable to hacking.
More people working from home means more complications when it comes to who is responsible for keeping commercial systems safe.
Increased use of artificial intelligence (AI) will cause additional cyber risks in the years to come.
There is a growing number of services available to safeguard networks.


Financial losses due to cybercrime are increasingly a problem. Digital assets like cryptocurrency held on decentralized platforms and protocols, known as DeFi, are often the target of theft because they are unregulated and don’t have the same verification, anti-money laundering, and know-your-customer requirements as those in centralized digital asset exchanges.

“Over time, there has been an increased number of hacks into DeFi protocols. The threat actors get a foothold into these exchanges and extract from them,” Tashima said. “As a consumer, it is something to be aware of.”

There has been an uptick in the number of losses of $100 million or more this year, including by Mixin Network, Euler Finance, Multichain, BonqDAO, and Atomic Wallet, he said.

Additionally, ransomware incidents have hit an all-time high in 2023 even before the year is over. Through the first three quarters of the year, the frequency has already exceeded the number of incidents in 2021, which previously held the record. Ransomware revenue reached $450 million through June, closing in on the nearly $500 million collected last year.

“The revenue continues to increase. It has a significant impact when it comes to cyber insurance,” Tashima said, adding that actuaries need to be cognizant about underwriting/pricing with regard to crime and money policies.

Consumers are facing additional risks as well, as they go online increasingly with multiple devices, potentially falling victim to phishing schemes, social engineering, network hacking, malware, spyware, and ransomware. Such incidents can result in data breaches, online fraud, theft, and cyber extortion.

“The losses to an individual will be much smaller, but a couple of thousand dollars would have a much bigger impact to an individual,” Jaegers said.

Additionally, at a time when people are increasingly working from home, there is also a hazier line between what is personal and what is commercial cyber risk. If a worker’s home wireless network is hacked, for example, and an attacker is able to access one’s work computer as well as personally identifiable information, who is liable?

To reduce risks at home to both personal and professional systems, it is essential to keep software and hardware up to date, avoid opening suspicious emails, and use antivirus and antimalware software. Also, using a virtual private network (VPN) to privatize connections, changing passwords often, and enabling two-factor authentication is strongly recommended.

Mitigation efforts can also help stem problems before they get bigger. Passive methods like monitoring one’s credit score or more active methods like monitoring services that scan the dark web to see whether information has been leaked (but don’t reimburse you for the costs associated with the leak) are a possible solution.

The availability of cyber insurance for consumers is growing to cover damages such as financial loss, unrecoverable funds, breach of personal information, and identity restoration.

Jaegers said that the need for such services is only going to increase in the years ahead. “There will be more cyberattacks as [the use of] AI increases and makes emails or communications more believable,” he stated.

Koch detailed the committee’s work on creating a cyber vendor model comparison that was motivated by the influx of models and services in the market designed to address various aspects of cyber risk quantification. The committee conducted direct discussions with the vendors, some with interviews and others with publicly available information.

Her suggestion from working on the project? “If you are using a vendor, asking a lot of questions might be a good thing,” she said.

Slides and an on-demand recording are available as a complimentary member benefit to logged-in Academy members.


 

‘Envision Tomorrow’ P/C Session Highlights

Property/casualty breakout sessions at the Academy’s Envision Tomorrow: 2023 Annual Meeting coming next month will explore:


Medical marijuana and workers’ compensation, which will feature two actuaries who co-wrote an issue brief on the topic released earlier this year, along with an attorney and a claims specialist.
Attribution and climate data, in which presenters will discuss the background of attribution science and the increasing relevance it has in the world of climate change, and the future collaboration with actuarial work as both fields continue to evolve.
The National Flood Insurance Program (NFIP), which continues to be a significant public policy issue at the federal level. Panelists will explore the current state of the NFIP and ideas for improvements in fighting flood risk and its impact on property owners and the economy.


Award Recipients



KentAlso at Envision Tomorrow, Susan Kent will receive an Outstanding Volunteerism Award. Kent has led efforts to address bias issues in P/C insurance. She has been especially engaged, offering valuable actuarial perspective as the Academy has engaged with state regulators and other policymakers in Colorado related to the recent insurance anti-discrimination law.

P/C practice-area recipients of the Academy’s Rising Actuary Award, now in its second year, will be Peter Ott (Swiss Re), Monica Shokrai (Google Inc.), and Sam Tashima (Aon).



MulderPhilip Mulder will receive the Academy’s inaugural Award for Research for his paper, Mismeasuring Risk: The Welfare Effects of Climate Risk Information, and will present his research at an Envision Tomorrow casualty breakout session. Andrew Ireland, a Ph.D. candidate at Monash University in Australia, received honorable mention for his research on “Heat and Worker Health.” Read the Academy news release.

Envision Tomorrow, being held Nov. 13–14 at the historic Omni Shoreham Hotel in Washington, D.C., will feature keynote speakers including Pulitzer Prize winners George Will and Mona Chalabi; sessions on AI and technology, ethics, and hidden biases; and will offer multiple opportunities for CE credit.

Registration options include an All-Access Pass for those at the in-person two-day event, a Daily Pass for those attending for just one day, and a Digital Pass, which will allow access to all general sessions and a curated selection of breakout sessions. For details, visit the registration page.


 

Academy Presents at CLRS



Casualty volunteers at the medical marijuana session

Academy volunteers presented at the Casualty Loss Reserve Seminar, sponsored jointly by the Academy and the Casualty Actuarial Society, which was held in mid-September in Orlando, Fla.

Senior Casualty Fellow Rich Gibson moderated several panels, and volunteers presented on the Cyber Risk Toolkit, the medical marijuana and workers’ compensation issue brief released earlier this year, reserving “war stories,” a sampler of sessions at last December’s P/C Opinion Seminar, and an introduction to P/C risk-based capital.

The annual CLRS had about 350 in-person attendees and 300 virtual attendees—a big increase from last year.



Academy Participates in White House Climate Panel

Casualty Policy Analyst Rob Fischer and Risk Management and Financial Reporting Policy Analyst Will Behnke participated in a September White House Climate Risk Modeling roundtable, which brought together stakeholders from the Biden administration, academia, high-level government agency officials, and industry and climate scientists, who discussed actions being taken on climate risk and the changing climate.

To learn more about the Academy’s efforts on climate change, visit the Academy’s climate risk webpage.


Academy Engages on Cyber on International Stage



Jackson presents at the Paris conferenceAcademy Director of Research Steve Jackson presented Sept. 14 on the Academy’s activities in the cyber risk space at the International Workshop on Cyber Risk and Security in Paris, France, sponsored by the Center of Research in Econo-finance and Actuarial Sciences on Risk (CREAR).

He highlighted multiyear research the Academy is conducting with international experts, underscoring the global impact that cyber risk is having on the profession and in the broader risk community.

Public Policy Outreach—Jackson also delivered a virtual presentation on the Actuaries Climate Index (ACI) to the Liberty Mutual Actuarial Forum on Sept. 25. He discussed the current construction of the ACI, which the Academy jointly sponsors with other actuarial organizations, and the ways in which new data sources could help improve the index going forward.


Webinar Highlights Key P/C Issues

The Casualty Practice Council’s (CPC) Aug. 31 webinar “P/C Public Policy Update—Summer 2023” offered CPC updates and recaps from the NAIC Summer National Meeting, a P/C Risk-Based Capital Committee report to the NAIC, an update on the P/C Committee on Equity and Fairness’ engagement with Colorado and District of Columbia regulators on bias and discrimination in automobile insurance. Casualty Vice President Amy Angell moderated. Slides and an on-demand recording are available as a complimentary member benefit.


COPLFR Meets With NAIC

Committee on Property and Liability Financial Reporting (COPLFR) Vice Chairperson Michelle Iarkowski led discussions on two topics during a Sept. 5 virtual meeting of the NAIC’s Casualty Actuarial and Statistical (C) Task Force on COPLFR’s proposal regarding increasing the number of years of data in Schedule P triangles.


Webinar Explores Climate Risk Impacts

An Aug. 9 webinar, “How Climate Risk Applies to All Actuaries,” featured Climate Change Joint Committee members who discussed the recently released Climate Risks Pose Broad Impacts on Financial Security Systems issue paper, and more. View an on-demand recording and read an in-depth recap, free as a member benefit.

ASOP No. 36 Comments Due Nov. 1

A reminder that comments on Actuarial Standard of Practice No. 36, Statements of Actuarial Opinion Regarding Property/Casualty Loss, Loss Adjustment Expense, or Other Reserves, are due Nov. 1. Visit the Actuarial Standards Board website to comment.




ASOP No. 20 Webinar

Coming in December

The Casualty Practice Council is also planning a December webinar on ASOP No. 20, Discounting of Property/Casualty Unpaid Claim Estimates. Presenters will discuss and illuminate the guidance set forth in the ASOP—which goes into effect on Dec. 1—and describe ways in which practitioners might satisfy its requirements. Look for details and registration to open soon.



CPC, LPC Comment to Colorado on Discrimination Initiative

The Casualty Practice Council and Life Practice Council submitted comments in late October to the Colorado Division of Insurance (CDOI) on its draft regulation, Concerning Quantitative Testing of External Consumer Data and Information Sources, Algorithms, and Predictive Models Used for Life Insurance Underwriting for Unfairly Discriminatory Outcomes. The comments reiterated support for Colorado’s initiative to prevent unfairly discriminatory practices in insurance and shared actuarial perspectives related to the design of the data testing requirement.

Stakeholder Meeting Presentation—The comments followed P/C Committee on Equity and Fairness Chairperson Lauren Cavanaugh and Vice Chairperson Susan Kent’s presentation at an August CDOI stakeholder meeting on “Unfair Discrimination in Insurance Practices,” focusing on private passenger auto insurance.



In the News

Property Casualty 360 reported on the announcement of Philip Mulder receiving the Academy’s inaugural Award for Research for his research paper, “Mismeasuring Risk: The Welfare Effects of Climate Risk Information.”

An opinion column on hurricane risk and other factors impacting property/casualty insurance published in The Washington Post cited the Actuaries Climate Index (ACI), sponsored jointly by the Academy and other North American actuarial organizations. CNBC also cited the ACI.

A news summary of the NAIC Innovation, Cybersecurity, and Technology (H) Committee’s meeting at the NAIC Summer National Meeting noted the Academy’s comments on a draft model bulletin on insurers’ use of algorithms, predictive models, and artificial intelligence systems. It was reprinted by Mondaq.



Legislative/Regulatory Activity

Federal

President Biden signed a continuing resolution on Sept. 30 that funds the National Flood Insurance Program (NFIP) through Nov. 17, allowing consumers to buy or renew flood insurance through the NFIP. The language was included in HR 5860, the short-term funding bill approved by the House and the Senate.

The Biden administration hosted the first White House Summit on Building Climate Resilient Communities and unveiled a framework to address climate resilience investments and activities by the federal government on Sept. 28. Among the announced funding initiatives were awards by the National Oceanic and Atmospheric Administration (NOAA)’s Climate Adaptation Partnerships program, to reduce risks related to flooding and wildfires, as well as NOAA’s Climate Smart Communities Initiative, to help communities protect people and property from climate-related hazards.

The Senate Banking Committee approved the bipartisan SAFER Banking Act (S 2860) on Sept. 27, allowing insurers and financial institutions to work with state and tribal nation-sanctioned marijuana businesses without fear of liability for breaking federal law. The measure also addresses banking challenges that cannabis industry businesses currently face.

Sen. Rick Scott introduced S 2852 on Sept. 19, establishing a grace period for nonpayment of premiums for flood insurance coverage under the NFIP until the administrator of FEMA implements the option for monthly payment of such premiums. Rep. Anna Paulina Luna introduced a companion House measure, HR 4686, in July.

A federal district court dismissed a challenge to a San Jose, Calif., ordinance requiring local gun owners maintain gun liability insurance and pay a mandatory annual fee to a designated gun harm reduction nonprofit on July 13. While the U.S. District for Northern California allowed the plaintiffs, the National Association for Gun Rights Inc. and Howard Jarvis Taxpayer Association, to file an amended, consolidated complaint repleading some of their claims, it did not allow them to challenge the insurance provision.

The Senate Homeland Security and Governmental Affairs Committee approved three cybersecurity-related bills in June: S 1560 requires the Cybersecurity and Infrastructure Security Agency (CISA) to draw up a plan for helping rural hospitals recruit more cybersecurity professionals; S 1835 mandates CISA launch a nationwide awareness campaign on cybersecurity measures that companies and individuals ought to take; and S 1862 requires CISA to work with the secretary of state to identify and assign cyber officials to be stationed in U.S. embassies abroad.

State

On Sept. 22, California’s Insurance Commissioner announced a new regulatory strategy, supported by insurers, which allows insurers to factor future climate risks into their pricing and requires that they offer more coverage in fire-prone areas. The new agreement is expected to increase premiums for homeowners across the state. The announcement came after Gov. Gavin Newsom signed an executive order meant to strengthen the property insurance market.

On Sept. 22, New York Gov. Kathy Hochul signed A 1967/S 5400 into law, requiring property owners to disclose to buyers whether a property is in a flood hazard area; whether buyers are required to obtain flood insurance; and whether any claims have previously been filed with a federal agency or an insurance provider because of a flood damage.

Hochul also gave her approval to A 52/S 6410 , authorizing certain groups to adopt a plan for self-insurance, otherwise known as a public group self-insurer. Signed on Sept. 15, the measure also establishes procedures for determining the insolvency of a public group self-insurer and for offering deductibles.

In June, Hochul gave her approval to A 7732/S 7189, extending provisions of insurance law to promote the stability of the property/casualty insurance market. The legislation also extends the expiration dates for these provisions, assuring the insurance industry that the file-and-use and flexible rating provisions set forth under the law will stay in effect for the next three years.

Wisconsin Gov. Tony Evers vetoed AB 150 on Aug. 4. The proposed legislation sought to increase requirements related to direct contact with potential employers for those who are out-of-work.

Legislation in Maine (HP 886 / LD 1372) amends current law that prohibits employees of a self-insured group who live and work out of state from being covered by the group. Under the new law, which became effective without Gov. Janet Mills’ signature on July 6, fronting companies may be created, allowing self-insured groups to insure employees in other states.

On July 6, Hawaii Gov. Josh Green signed HB 1091, which requires that in real estate transactions, all existing permitted and unpermitted erosion control structures on a property must be disclosed when a residential property lies adjacent to the shoreline.