Search Blogs

March 27, 2024

Marine Insurance Industry Bracing for Huge Claims from the Baltimore Bridge Disaster

The marine insurance industry is bracing for huge claims from Tuesday's Baltimore bridge disaster. Insurance claims from the collision of the Dali containership with the Francis Scott Key Bridge could be on par with a 2012 maritime disaster that led to $1.5 billion in payouts, John Miklus, the president of the American Institute of Marine Underwriters, told trade magazine Insurance Business on Tuesday. Luxury cruise ship Costa Concordia capsized off the coast of Italy in January 2012, killing 32 people in one of Europe's worst modern maritime tragedies. That disaster led to the marine insurance industry's highest payout, according to the trade publication. "I wouldn't be surprised if this were similar," Miklus told Insurance Business. It was not immediately clear how long it took to settle all of Costa Concordia's claims, but it appears to have taken at least a few years. "You've got various components to the loss," Miklus added. "A big one is going to be rebuilding the bridge and all the loss of revenue and loss of tolls while that's taking place." The Baltimore bridge brought in about $53 million in toll revenue for the Maryland Transportation Authority in 2023, Moody's analyst Cintia Nazima told The Wall Street Journal on Tuesday. Other insurance claims from Dali's Baltimore collision could include damage to the ship and its cargo, as well as business interruption, property, trade credit, and worker compensation, per Business Insurance. The marine insurance and reinsurance markets are likely to foot most of the bills, S&P Global reported on Tuesday. The Baltimore bridge itself is insured by insurance giant Chubb, per Insurance Insider. Dali, the ship, is covered by Britannia P&I Club, a specialist insurer that provides protection and indemnity cover for the maritime industry. Britannia is a member of the London-based International Group of P&I Clubs. The International Group of P&I Clubs will only cover the first $10 million in claims from any one incident, per the company's website. The remaining bill will be shared by the members, groups from specialist marketplace Lloyd's of London, and reinsurers. The claims process could take years, mirroring the situation surrounding the Ever Given containership, which ran aground and blocked the Suez Canal for six days in March 2021. SCOR, a French reinsurer estimated in June 2022 that Ever Given's claims could top $2 billion. "It will take many years to settle the claims from the Ever Given and the process will include much debate about who is liable," SCOR wrote in the report. "The issue of responsibilities and applicable laws in today's global maritime world is complex."
Read More

March 27, 2024

Marine Mutual Britannia Confirms Insurance Role in Baltimore Bridge Ship Collision

A marine protection and indemnity insurer confirmed it is part of coverage for a container ship that hit a bridge in Baltimore, collapsing the bridge and causing unknown damage at this time. "We can confirm that the ship Dali is entered with Britannia P&I Club," the marine mutual said in a statement to BestWire. "We are working closely with the ship manager and relevant authorities to establish the facts and to help ensure that this situation is dealt with quickly and professionally." The container ship hit the Francis Scott Key Bridge in Baltimore at about 1:30 a.m. EST on March 26, crisis management firm MTI said in a statement sent to BestWire. Grace Ocean Pte Ltd. owns the Singapore-flagged container ship “Dali," and Synergy Marine manages the vessel. “Reinsurers will bear the bulk of the insured cost of the collapse of the Francis Scott Key Bridge in Baltimore," said Matilde Jakobsen, senior director, analytics, AM Best. "Liability cover for most shipping vessels is provided through protection and indemnity insurers known as
P&I Clubs."

Jakobsen said the P&I segment is dominated by the members of the International Group of P&I Clubs, which collectively insure approximately 90% of the world’s ocean-going tonnage. As part of the International Group’s pooling arrangements, member clubs mutually reinsure each other by sharing claims above $10
million.

Additionally, the group buys general excess-of-loss reinsurance cover up to $3.1 billion in the open market, Jakobsen said.

"While the total cost of the bridge collapse and associated claims will not be clear for some time, it is likely to run into the billions of dollars — well above the $100 million attachment point for the GXL contract," she said. "The insurance issues due to the collapse of the bridge will take a long time to determine and may involve several lines such as property, cargo, liability, trade credit and contingent business interruption. The claim will likely involve several insurers, reinsurers, subrogation, and legal issues and will serve to add to the
increasing challenges in reinsurance availability.”

According to MTI, the vessel collided with one of the pillars of the Francis Scott Key Bridge with two pilots onboard. All crew members, including the two pilots, have been accounted for and there are no reports of any injuries amongst the crew. There has also been no pollution reported. At least six construction crew members on the bridge at the time of the collapse are missing, according to reports. The Dali has an Indian crew of 22 and was outbound from Baltimore to Colombo, Sri Lanka. The exact cause of the incident is yet to be determined, MTI said. "The Dali has now mobilized its qualified individual incident response service," MTI said. "The U.S. Coast Guard and local officials have been notified, and the owners and managers are fully cooperating with federal and state government agencies under an approved plan." Shipping firm A. P. Moller-Maersk confirmed the Dali is time chartered by the company. “We are horrified by what has happened in Baltimore, and our thoughts are with all of those affected," the company said in a statement to BestWire. "We can confirm that the container vessel 'Dali,' operated by charter vessel company Synergy Group, is time chartered by Maersk and is carrying Maersk customers’ cargo. No Maersk crew and personnel were onboard the vessel. "We are closely following the investigations conducted by authorities and Synergy, and we will do our utmost to keep our customers informed," Maersk said. The shilling company said it does not own nor does it operate the vessel that has been involved in the Baltimore incident. Despite a relatively benign year for pool claims in 2023, P&I clubs sought further price improvements at the February 2024 renewal, to keep up with claims inflation, according to a new report from AM Best. The Best’s Market Segment Report, “P&I Clubs: Improving Underwriting Results but Further General Increases Needed to Keep Up With Inflation,” notes the general increases announced by P&I clubs for 2024 are slightly below those of the previous year (when some of the clubs applied increases up to 10%). AM Best considers the level of general increases necessary for clubs to maintain breakeven underwriting results in the face of inflationary economic conditions and the potential for a worse pool year to emerge in the future. AM Best’s report also notes the International Group of P&I Clubs renewed its reinsurance program at a lower price and without wholesale cyber and pandemic exclusions being imposed by its reinsurers.
Read More

March 27, 2024

SEC Ramps Up Massive-Hack Probe With Focus on Tech, Telecom Companies

The U.S. Securities and Exchange Commission is asking tech and telecom companies how they handled the sprawling 2020 SolarWinds cyberattack, and drawing fire from the cybersecurity industry and big business for what they call overreach. The SEC, which sought the information from a broader swath of victim companies in the wake of the massive hack, has been refining its inquiries, according to people familiar with it, who didn’t identify the companies. The regulator has asked for internal communications about the cyber-assault’s impact, probing for gaps in corporate security and for other cyber incidents, according to the people, who asked not to be named discussing a private matter. The probe — aimed partly at determining what the companies may have known but didn’t disclose — follows a landmark lawsuit the SEC filed in October against SolarWinds Corp., claiming it failed to maintain adequate controls and defrauded investors by downplaying security risks. SolarWinds is the Texas software firm whose flagship product was used as a Trojan horse in the attack. The sharpened inquiry into the victim companies themselves comes amid broader pushback against the agency’s regulatory ambitions. Powerful trade and lobbying groups have criticized Gary Gensler’s SEC over its regulation of climate policy, cryptocurrencies, market structure, trade processing and more. The US Chamber of Commerce, which isn’t a party to the SolarWinds suit, nonetheless filed a brief last month asking the court to consider its view — and its view is that the SEC is going too far. ‘Power Grab’ The agency’s “constant power grab” has left companies in a state of uncertainty, and legal peril, over how to design their internal controls, the Chamber and the Business Roundtable argued in their “friend of the court” brief in federal court in Manhattan. The Business Roundtable counts among its members such heavy hitters as Apple Inc.’s Tim Cook, Citigroup Inc.’s Jane Fraser and JPMorgan Chase & Co.’s Jamie Dimon. The SolarWinds case is “a watershed moment in the SEC enforcement program in terms of cybersecurity,” said Jennifer Lee, former assistant director in the SEC’s enforcement division, which is conducting the inquiry, and now a partner at Jenner & Block LLP. The commission has become “very aggressive” in scrutinizing public companies’ disclosures after a data breach “and now, with SolarWinds, is turning its focus to a company’s public statements made before a cybersecurity incident,” said Lee, who predicts the lawsuit could be a sign of future cases. Legal Test In the historic cyberattack, malicious code was installed in software updates. SolarWinds’ Orion software was one of the products the hackers weaponized to spread digital havoc among nine federal agencies and about 100 companies, including such names as networking gear maker Cisco Systems Inc. and cybersecurity firm FireEye Inc., now known as Mandiant Inc. It isn’t clear whether the two are among the companies that have received information requests from the SEC. Lawyers say the suit may be the first legal test of one of the SEC’s tools: what Congress intended when it required that public companies maintain certain “internal accounting controls” half a century ago to ward off bribery of foreign officials. The business trade groups say the agency has distorted the law by applying it to a corporate victim of cybercrime and effectively dropping “accounting” from the equation. “The outcome of this litigation will affect every public company,” Nicole Friedlander, a lawyer for the groups, said in a statement. “For the first time, the SEC asserts the power to penalize companies for alleged failures of controls over access to anything a company owns, not limited to balance sheet assets.” Serrin Turner, a lawyer for SolarWinds, said the case was as “unfounded as it was unprecedented.” “The business community has called for this case to be dismissed because the SEC is trying to expand cybersecurity disclosure obligations well beyond what the law requires,” he said in a statement. From the commission’s standpoint, cybersecurity controls are internal accounting controls, because they are meant to protect corporate assets, which the agency says SolarWinds failed to do. SEC’s Enforcement Director Gurbir Grewal said at a conference this month that there is a disconnect between what SolarWinds said publicly and what executives said internally. ‘Swiss Army Statute’ In the wake of the assault, the SEC wrote to a wide range of companies it believed were affected, to determine whether they had made appropriate disclosures to investors, if there was suspicious trading related to the cyberassault and whether private data had been compromised. The letter came from the enforcement division, which is responsible for investigating and punishing companies, but to encourage cooperation the agency signaled it wouldn’t penalize those that shared data voluntarily. The lawsuit, filed two years later, sparked a furor in the cybersecurity industry, as some argued it could deter future cooperation with the government. Grewal countered that view at the Securities Industry and Financial Markets Association conference. “No one is asking you to give the blueprint of how hackers got in, where hackers got in,” he said. The business leaders point to skepticism of the enforcement strategy within the SEC’s own ranks. In 2020 energy company Andeavor agreed to pay $20 million to resolve claims over stock buybacks. Three years later Charter Communications Inc. paid $25 million in a similar case. Each case drew dissents from two SEC commissioners, who expressed concern aboutthe use of the legal tool. They called it the “Swiss Army statute,” after the famous multi-purpose knife.
Read More

March 27, 2024

Progressive Insurance Begins Dropping Homeowners Policies in Florida

It was a sinking feeling the moment Bradenton resident Ira Kasdan got the letter last month that he was being dropped by Progressive Insurance.

DROPPED BY PROGRESSIVE

"Dear Policyholder, your policy will expire at 12:01 on July 1st , 2024, for the following reasons. After careful consideration we are unable to offer you a renewal policy due to a reduction in our hurricane exposure. Please contact your agent to find replacement coverage," the letter read. Last fall Progressive confirmed to ABC Action News that they will not renew policies in Florida beginning in May of 2024 to "rebalance our exposure" they told us in a statement. "I was shocked, I was stunned," Kasdan said. "There may be a time where as much as we love Florida we may not be able to stay here."

DIFFICULT FINDING A NEW INSURANCE COMPANY

As a retiree on social security, his fears don't stop there. He said finding information on potential new companies is not easy. He emailed ABC Action News for help. "These are no-name carriers, companies you have never heard of. Or they have been around 2 to 7 years and in some cases, they seem to be off-shoots of bankrupt carrier or carriers who left the state," Kasdan said. "I'm afraid we spend a lot of money to buy coverage and all we have is a promise of coverage that might not be any good if we need it." He sent a list of things he'd like to see on a centralized website, urging the state to put together a one-stop shop online tool to help consumers shopping for new coverage. "I really wish the state would be proactive," he said. "Put up a website with metrics of all the carrier's doing business in the state: How long have you done business? How many homeowners do they insure? What is the percentage of claims being paid? How long did it take you to pay them?"

SOME INFORMATION IS NOT MADE PUBLIC

ABC Action News spoke with the Chief Financial Officer Jimmy Patronis' office who offered a long list of resources available to consumers, but data this detailed and broken down by company is not available for the public a spokesperson said, citing much of the information is trade secrets, propriety to the insurance companies to keep the property insurance market competitive. "The idea that customer satisfaction ratings are a trade secret sounds like baloney," Kasdan said. "The information on how these new carriers handle claims and how happy or unhappy the customers are shouldn't be a secret. That is what people need to be able to decide which company they want to do business with." Mark Friedlander with the Insurance Information Institute said there is no one-stop shop for consumers looking for a new insurance company. "It's not to hide information from consumers, it's to hide information from competitors. It's very common," Friedlander said. "The consumers insurance agent needs to be the advocate in this process." Friedlander recommended consumers use third-party sites that independently rate insurance companies. He provided a list for consumers to start.      
Read More

March 27, 2024

Tennessee Grows Captive Count in 2023

Tennessee licensed 25 new captives in 2023, as well as 66 new cell captives, bringing its captive count to 164 active captives and 555 active cell captives, marking a 37 percent overall rise in its number of risk-bearing entities. Moreover, the state witnessed growth in its number of pure or single-parent captives, which grew by nearly 12 percent to 163. Premiums rose in 2023 to $2.41 billion compared to $2.12 billion that was collected in 2022. "The growth we saw in Tennessee in 2023 is a direct result of fantastic team of analysts, our focus on customer service, and connecting with prospective customers," said Mark Wiedeman, captive insurance section director at the Tennessee Department of Commerce and Insurance (TDCI) in Nashville. "Taken together with our central location and our network of first-class service providers, Tennessee continues to prove to the world why we are a first choice when establishing a captive insurance domicile," added TDCI Commissioner Carter Lawrence. Tennessee is one of the older US captive domiciles. Its captive law was enacted in 1978. Since then, the law has been updated many times.    
Read More

March 27, 2024

AI Makes Voice Cloning Scams More Convincing

With the rise of artificial intelligence (AI)-fueled scams, how do you know if the person on the other end of a phone call is a friend or foe? Voice cloning scams have been around for years. However, the cons continue to evolve as AI improves and becomes more accessible and easier to use. A recent high-profile voice cloning scam happened when New Hampshire residents received AI-generated robocalls mimicking U.S. President Joe Biden’s voice asking voters to “save your vote for the November election.” A more extreme example involves a business in Asia where cybercriminals used real-time voice cloning and deep fake video technology to stage a Zoom call where executives instructed a team member to wire $25 million. Not only can AI be used to clone celebrities and public figures, but it can also be used in everyday voice cloning scams that claim to be from friends, family members or co-workers. These AI-fueled scams have many variations, ranging from election misinformation to kidnapping for ransom scams.

Who Are the Targets?

Identity criminals are not interested in attacking individuals unless they have a high net worth or they are an employee with access to business information or systems. Cybercriminals prefer to launch attacks they can automate and can be used against large groups of individuals – like automated phishing attacks. Voice cloning scams are the exact opposite of an automated attack on a large scale. That’s why businesses are more likely to be targeted, along with people with a high profile and obvious financial resources. Identity criminals increasingly find their targets using AI programs to search the internet for information about people and businesses, including audio or video posts on social media or the web, as well as for details that can be used to make compelling calls to victims.

What is the Scam?

Scammers use AI tools to clone the voices of individuals they target on social media or the web to make calls to family, friends or co-workers. AI tools require as little as three seconds of a voice to create a realistic (enough) clone. Criminals can also spoof a phone number so it looks like a known caller. Using AI tools, criminals add sounds like laughter, fear and other emotions into the cloned voice, as well as sound effects like a subway station, an airport or a car crash. The technology is so advanced that scammers can also add accents and age ranges.

What they Want

Just like in traditional “Grandparent” or “Business Email Compromise (BEC)” scams, cybercriminals use a variety of tactics to create a sense of panic or urgency – like claiming a loved one is in danger, or an important vendor must be paid NOW! The criminals hope to scare people into sending money or sharing business or personal information that can be used in another identity crime.

How to Avoid Voice Cloning Scams

  • Hang up and don’t panic. Bad actors count on your fear or sense of duty to get you to take an action you otherwise would not. If you have any doubt about who is calling you and what they are asking you to do, hang up, collect your thoughts, and contact the person who supposedly called you and verify the situation. If you cannot reach them, connect with them through other family, friends or co-workers (if the call is business-related).
  • Be vigilant on all phone calls, even if you recognize the voice. Listen for odd statements, questions, or requests, especially for money or personal or business information. If you think something might not be right, ask questions that only the real person would know.
  • Avoid personalized voicemail messages. They can give bad actors easy access to your voice. Instead, use automated tools offered on mobile devices and office phone systems.
Read More

March 26, 2024

Underwriting Losses Persist in U.S. P/C Industry, Total $21.2B in 2023

The U.S. property/casualty (P/C) industry recorded a $21.2 billion net underwriting loss in 2023, slightly improving upon the $24.9 billion loss recorded in the prior year, according to a new AM Best report. These preliminary results are detailed in a new Best’s Special Report, titled, “First Look: 2023 US Property/Casualty Financial Results,” and the data is derived from companies’ annual statutory statements received as of March 8, 2024, representing an estimated 97% of the total P/C industry’s net premiums written. According to the report, the P/C industry’s combined ratio improved slightly by 0.9 percentage points to 101.6 in 2023. Catastrophe losses accounted for an estimated 8.7 points on the combined ratio, up from 7.3 points in 2022, driven by record severe convective storm losses. The underwriting loss came despite a 9.9% growth in net earned premiums, as this was countered by a 10% increase in incurred losses and loss adjustment expenses, a 6.4% rise in other underwriting expenses and a 4.5% increase in policyholder dividends. With net investment income virtually unchanged from the prior year, the lower 2023 underwriting loss boosted pre-tax operating income by 4.8% to $50.0 billion. A $51.1 billion change in net realized capital gains at National Indemnity Company resulted in net income for the industry more than doubling to $90.1 billion. To access the full copy of this special report, please visit http://www3.ambest.com/bestweek/purchase.asp?record_code=341559.
Read More

March 26, 2024

Baltimore Bridge Collision Sends Vehicles Tumbling into Water

A container ship smashed into a four-lane bridge in Baltimore in darkness Tuesday, causing it to collapse and sending cars and people plunging into the river below. Rescuers pulled out two survivors, one in a “very serious condition,” and were searching for more in the Patapsco River after huge spans of the 1.6-mile Francis Scott Key Bridge crumpled into the water. The ship “lost propulsion” as it was leaving port, and crew on board notified Maryland officials they had lost control of the vessel, ABC News reported, citing an unclassified U.S. intelligence report. Baltimore officials said at least seven vehicles plunged into the water but could not give an exact figure. A Baltimore City Fire Department spokesman earlier told Reuters that as many as 20 people could be in the river along with “numerous vehicles, and possibly a tractor-trailer or a vehicle as large as a tractor-trailer, (that) went into the river.” “This is a mass-casualty, multi-agency event,” he said. “This operation is going to extend for many days.” A live video posted on YouTube showed the ship plowing into the bridge in darkness. The headlights of vehicles could be seen on the bridge as it crashed into the water and the ship caught fire. President Joe Biden was being briefed on the collision and there was no indication of nefarious intent, the White House said. Tuesday's disaster may be the worst U.S. bridge collapse since 2007 when the I-35W bridge in Minneapolis collapsed into the Mississippi River, killing 13. Maryland Governor Wes Moore declared a state of emergency to quickly deploy federal resources to deal with the emergency. The FBI in Baltimore said on X its personnel were “on scene.” At a news conference, Baltimore Police Commissioner Richard Worley said there was no indication of terrorism. Traffic was suspended at the Port of Baltimore until further notice, Maryland transportation authorities said. It is the busiest U.S. port for car shipments, handling more than 750,000 vehicles in 2022, according to port data. It was not immediately clear if any other vessels had been damaged or whether operations had halted to and from the port, shipping and insurance sources said. Baltimore police said they had been notified of the incident at 1:35 a.m. local time. The ship was identified by LSEG ship-tracking data as a Singapore-flagged container ship, the Dali. The registered owner of the ship is Grace Ocean Pte Ltd. and the manager is Synergy Marine Group, LSEG data show. Synergy Marine said the Dali collided with one of the pillars of the bridge and that all its crew members, including the two pilots, had been accounted for and there were no reports of any injuries. The Dali was chartered by shipping company Maersk at the time of the incident, the Danish company said in a statement. “We are horrified by what has happened in Baltimore, and our thoughts are with all of those affected,” Maersk said. Baltimore port's private and public terminals handled 847,158 autos and light trucks in 2023. The port also handles farm and construction machinery, sugar, gypsum and coal, according to a Maryland government website. The port handles imports and exports for major automakers including Nissan, Toyota, General Motors, Volvo, Jaguar Land Rover and the Volkswagen group — including luxury models for Audi, Lamborghini and Bentley. More than 40 ships remained inside the port including small cargo ships, tugboats and pleasure craft, data from ship-tracking and maritime analytics provider MarineTraffic showed. At least 30 other ships had signaled their destination was Baltimore, the data showed. The port did not immediately respond to Reuters' request for comment. The bridge, named after Francis Scott Key, author of the Star Spangled Banner, opened in 1977.  
Read More

March 26, 2024

New Record of 142 Natural Catastrophes Accumulates to $108B in Insured Losses in 2023

A devastating earthquake in Turkey and Syria, severe convective storms (SCS) and large-scale urban floods were the main events driving insured natural catastrophe losses to $108 billion in 2023, reaffirming the 5–7% annual growth trend in global insured natural catastrophe losses since 1994. Swiss Re Institute estimates that insured losses could double within the next ten years as temperatures rise and extreme weather events become more frequent and intense. Therefore, mitigation and adaptation measures are key to reduce natural catastrophe risk. Global insured losses from natural catastrophes outpaced global economic growth over the past 30 years: From 1994 to 2023, inflation-adjusted insured losses from natural catastrophes averaged 5.9% per year, while global GDP grew by 2.7%. In other words, over the last 30 years, the relative loss burden compared to GDP has doubled. Jérôme Jean Haegeli, Swiss Re's Group Chief Economist, says: "Even without a historic storm on the scale of Hurricane Ian, which hit Florida the year before, global natural catastrophe losses in 2023 were severe. This reconfirms the 30-year loss trend that's been driven by the accumulation of assets in regions vulnerable to natural catastrophes. In the future, however, we must consider something more: climate-related hazard intensification. Fiercer storms and bigger floods fueled by a warming planet are due to contribute more to losses. This demonstrates how urgent the need for action is, especially when taking into account structurally higher inflation that has caused post-disaster costs to soar." Moses Ojeisekhoba, Swiss Re's CEO Global Clients & Solutions, says: "As weather hazards intensify due to climate change, risk assessment and insurance premiums need to keep up with the fast-evolving risk landscape. Looking ahead, we must focus on reducing the loss potential. 2023 was the hottest year on record, and the start to 2024 is following suit. Keeping property insurance sustainable and affordable requires a concerted effort by the private industry, the public sector and broader society – not just to mitigate climate risks, but to adapt to a world of more intense weather." Earthquake costliest disaster, SCS main loss driver in 2023 The most destructive natural catastrophe of the year was the earthquake in Turkey and Syria in February with estimated insured losses of $6.2 billion. 2023 was also marked by a high frequency of events as 142 insured natural catastrophes set a new record. Most were of medium severity, resulting in losses of $1–5 billion. There were at least 30 such events in 2023, many more than the previous ten-year average (17). Of those events, 21 were SCS, a new high. The number of these medium-severity events has grown by 7.5% since 1994, almost double the 3.9% increase in catastrophes generally. After tropical cyclones, severe thunderstorms have become established as the second-largest loss-making peril due to exposures caused by urbanisation and economic and population growth. Hailstorms are by far the main contributor to insured losses from SCS, responsible for 50–80% of all SCS-driven insured losses. SCS is the umbrella term for a range of hazards including tornadic and straight-line winds, and large hailstones. SCS are frequently observed weather events that develop when warm humid air rises from the surface of the earth into upper layers of the troposphere, leading to the formation of towering clouds, lightning, and thunder. Meanwhile parcels of cool air rush to the earth's surface, bringing powerful wind gusts, rain, or even hail. Global insured losses from SCS accumulated to a new record of $64 billion globally in 2023, 85% originating in the US. SCS-related insured losses were fastest-growing in Europe, exceeding $5 billion in each of the last three years. Hail risk in particular is increasing, mainly in Germany, Italy and France. Setting premiums as incentives for adaptation measures Increased exposures due to economic and population growth, urbanisation and wealth accumulation remain the main force behind rising SCS-related losses, and climate change-effects are likely to exacerbate the trend. Another factor is changes in exposure vulnerabilities, such as a rapid growth of solar power system installations on roof tops. The first step to cutting losses is to reduce the loss potential through adaptation measures like enforcing building codes, building flood protection barriers, and discouraging settlement in areas prone to natural perils. Additionally, a collaboration with primary insurers, insurance associations and the public sector enables a data exchange which is key for shared risk mitigation.          
Read More

March 26, 2024

Marsh Creates Group Captive for Clients Seeking More Control and Stability in their Cyber Insurance Programs

Marsh, the world’s leading insurance broker and risk advisor and a business of Marsh McLennan, today announced the creation of Edgware Re Ltd., a group captive insurance company for organizations seeking more control and stability in their cyber insurance programs. Based in Bermuda, Edgware Re is a cyber-only group captive that will only transact business with its participating members. Participating members can purchase up to $10 million in insurance or reinsurance from Edgware Re based on their needs. Limits are expected to grow as participation increases. Marsh will provide captive management, incident response, vendor engagement, and claims advocacy support to Edgware Re. The creation of Edgware Re comes after a volatile period of cyber insurance pricing and coverage modification. To stabilize these effects, Edgware Re will use Marsh’s industry-leading cyber policy forms, pool participants cyber risks and premiums, absorb their losses, and foster the exchange of cybersecurity best practices. Additionally, participant members will be eligible for dividends in the event of requisite profitability. “As the scale, frequency, and economic impact of cyber events continue to grow, organizations must regularly reconsider and optimize their cyber risk strategies. Edgware Re is a great example of Marsh working with its clients to use their own capacity to create a sustainable insurance program that better meets their needs in today’s market,” said Tom Reagan, Global Cyber Practice Leader, Marsh Specialty. Ellen Charnley, President of Marsh Captive Solutions, added: “The captive insurance market is a proven risk financing alternative for organizations that want to take greater control of their risk and gain increased financial flexibility and protection. Edgware Re offers its participants the potential for more stable pricing and control, access to shared best practices, and potential profit sharing; and is the latest Marsh captive innovation following the recent launch of ReadyCell.”    
Read More

March 26, 2024

Change Healthcare Cyberattack Prompts U.S. Legislative Proposal for Provider Payments

In the wake of the Change Healthcare cyberattack, a U.S. senator has introduced legislation allowing for advance and accelerated payment to impacted health care providers who, along with their vendors, meet minimum cybersecurity standards. The attack on UnitedHealth Group subsidiary Change “paralyzed billing services for providers nationwide, leaving many in danger of becoming financially insolvent,” according to a statement from Sen. Mark Warner, a Democrat from Virginia, who sits on the Senate Finance Committee and co-chairs the Senate Cybersecurity Caucus. UnitedHealth keeps advancing money — now exceeding $2.5 billion — to providers as some Change Healthcare systems remain down long after the attack was identified on Feb. 21. The company said it is making advances to providers who receive payments from payers processed by Change Healthcare, UnitedHealthcare medical, dental and vision providers and providers who have “exhausted all available connection options — or are in the process of implementing workaround solutions — and work with other payers who have opted not to advance funds while the Change systems are down.” The Health Care Cybersecurity Improvement Act of 2024 introduced by Warner would modify the existing Medicare Hospital Accelerated Payment Program and the Medicare Part B Advance Payment Program. “It was only a matter of time before we saw a major attack that disrupted the ability to care for patients nationwide," Warner said. "The recent hack of Change Healthcare is a reminder that the entire health care industry is vulnerable and needs to step up its game. This legislation would provide some important financial incentives for providers and vendors to do so.” UnitedHealth still hasn’t said what provider or insured data may have been breached in the attack. The company said its “privacy office and security information teams are actively engaged and working to understand the impact to members, patients and customers.” Last week, Change said it started releasing medical claims preparation software, calling it an “an important step in the resumption of services.” Earlier, it restored processes such as electronic prescribing. It expects more products to become eligible in the coming weeks. For instance, the week of April 8 Change said payer products Health Qx and Risk Manager will become available and manual print implementation should resume for payer customers. The Office for Civil Rights at the U.S. Department of Health and Human Services is investigating Change and UnitedHealth to decide if protected health information was breached and the companies’ compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. The office administers and enforces HIPAA requirements. It said the cyber incident has posed a “direct threat to critically needed patient care and essential operations of the health care industry.” States, including Arkansas, are also taking action after the attack on Change, which processes 15 billion health care transactions annually and touches one in three U.S. patient records. Arkansas Attorney General Tim Griffin said his office will investigate Change Healthcare under the state’s Personal Information Protection and Deceptive Trade Practices Act. Griffin said he wants to know if confidential medical information was compromised and/or laws violated. “Additionally, my office will look into whether Change Healthcare used reasonable security procedures and practices to protect this information as required by Arkansas law,” Griffin said in a statement. The Maryland Department of Health said it determined that the Change cyberattack didn’t immediately or directly put the department at risk.” However, we continue to monitor the impact of this outage on providers and patients,” it said on its website. UnitedHealth said it doesn’t appear Optum, UnitedHealthcare or UnitedHealth Group systems were affected by the attack, which was carried out by a cybercrime threat actor self-identified as ALPHV/Blackcat. UnitedHealth Group plans to release first-quarter financial results and hold an earnings conference call on April 16. Most underwriting entities of UnitedHealth Group Inc. currently have a Best’s Financial Strength Rating of A+ (Superior).    
Read More

March 26, 2024

U.S. and UK Go After Chinese Hackers Accused of State-backed Operation Against Politicians, Dissidents

Hackers linked to the Chinese government launched a sweeping, state-backed operation that targeted U.S. officials, journalists, corporations, pro-democracy activists and the U.K.’s election watchdog, American and British authorities said Monday in announcing a set of criminal charges and sanctions. The intention of the campaign, which officials say began in 2010, was to harass critics of the Chinese government, steal trade secrets of American corporations and to spy on and track high-level political figures. Western officials disclosed the operation, carried out by a hacking group known as APT31, while sounding a fresh, election-year alarm about a country long seen as having advanced espionage capabilities. The U.S. Justice Department charged seven hackers, all believed to be living in China. The British government, in a related announcement, imposed sanctions on a front company and two of the defendants in connection with a breach that may have given the Chinese access to information on tens of millions of U.K. voters held by the Electoral Commission. “The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said in a statement, adding that the “case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics.” As part of the cyber-intrusion campaign, prosecutors said, the hackers sent more than 10,000 emails to targets all over the world that purported to be from prominent journalists but that actually contained malicious code. Once opened, the emails installed tracking software that allowed the hackers to know the victims’ location, IP addresses and even the devices they used to get email. The hackers further leveraged that tracking to target home routers and other devices, “including those of high-ranking U.S. government officials and politicians and election campaign staff from both major U.S. political parties,” the indictment says. Targets included officials at the White House and multiple government agencies, including the Treasury and Commerce departments, senators from both parties, the spouse of a senior Justice Department official, political strategists, and political figures from around the world who were critical of the Chinese government, including members of a pro-democracy advocacy group. The Justice Department said the hackers also began targeting email accounts belonging to senior staffers of a presidential campaign in May 2020, several months before the general election. Also, the cybersecurity firm Proofpoint later noted in a blog, the hackers heavily focused their phishing on Washington-based journalists, including White House correspondents, just prior to the Jan. 6, 2021, attack on the Capitol. Britain’s sanctions follow an announcement last August that “hostile actors” had gained access to its servers from around 2021 to 2022. At the time, the watchdog said the data included the names and addresses of registered voters. But it said much of the information was already in the public domain. The Foreign Office said Monday the hack of the election registers “has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration.” British cybersecurity officials also said that APT31 hackers “conducted reconnaissance activity” against British parliamentarians who were critical of Beijing in 2021. They said no parliamentary accounts were successfully compromised. Three lawmakers, including former Conservative Party leader Iain Duncan Smith, told reporters Monday they have been “subjected to harassment, impersonation and attempted hacking from China for some time.” Smith said in one example, hackers impersonating him used fake email addresses to write to his contacts. APT31 has previously been accused of targeting U.S. presidential campaigns and the information systems of Finland’s parliament, among others. Britain’s Deputy Prime Minister Oliver Dowden said his government will summon China’s ambassador to account for its actions. China’s Ministry of Foreign Affairs said before the announcement that countries should base their claims on evidence rather than “smear” others without factual basis. “Cybersecurity issues should not be politicized,” ministry spokesperson Lin Jian said. “We hope all parties will stop spreading false information, take a responsible attitude, and work together to maintain peace and security in cyberspace.” The Chinese embassy also accused the U.S. of “jumping to an unwarranted conclusion and making groundless accusation against China” without valid evidence. “It is extremely irresponsible and is a complete distortion of facts,” the embassy said in a statement. “China firmly opposes this.” British Prime Minister Rishi Sunak reiterated that China is “behaving in an increasingly assertive way abroad” and is “the greatest state-based threat to our economic security.” “It’s right that we take measures to protect ourselves, which is what we are doing,” he said, without providing details. U.S. officials over the years have brought a broad array of criminal cases against hackers affiliated with the Chinese government. They have also expressed concern about Chinese government influence operations and the potential that Beijing could meddle in presidential politics. A 2021 intelligence assessment found that China ultimately did not interfere on either side during the 2020 election and that the country had “considered but did not deploy” influence operations intended to affect the outcome. U.S. officials say they believe Beijing prioritized a stable relationship with the U.S. and did not consider either election outcome as advantageous enough for it to risk the “blowback” that would ensue if it got caught with interfering. The Justice Department said the indictment unsealed Monday does not alter that conclusion, noting that there’s no allegation that the hacking was designed to further a Chinese government influence operation against the U.S. Even so, Assistant Attorney General Matthew Olsen, the Justice Department’s top national security official, said in a statement that, “Today’s announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle.”
Read More

Stay Up To Date on New Markets

Get alerts to your inbox on new and trending markets each week.

=