What Have We Learned About Risk Management Since 9/11?
Insurers and other financial services professionals certainly understood before September 11, 2001, that risk was complex and dynamic. But the terrible events of that day demonstrated in an unforgettable fashion just how difficult it can be to anticipate and predict the scope and nature of risk. We can imagine, model, and prepare for possible future risks, but history has shown that the ability to consistently prevent the losses from risks is a very difficult task.
Even with what would have been, 13 years ago, almost unimaginable capabilities around analytics, visualization, and information sharing, risk management continues to be as much art as science, whether it’s addressing terrorism risk, catastrophe risk, or the increasingly alarming prospect of cyber risk (which can include aspects of terrorism risk, of course).
[Cybersecurity Lessons from Former FBI Director]
Terrorism risk and how to prevent or mitigate it, while always a hot topic in the political arena, is in the spotlight as we observe the 13th anniversary of the 9/11 attacks on the World Trade Center and Pentagon. The repugnant actions of the so-called Islamic State (ISIS or ISIL) have created a renewed sense of vulnerability, along with worldwide outrage, and, at the same, time the insurance industry is pushing hard for reauthorization of the Terrorism Risk Insurance Act (TRIA) via the federal Terrorism Risk Insurance Program Reauthorization Act (TRIPRA).
Insurance Information Institute (III) economist and president Dr. Robert Hartwig, CPCU, characterized TRIPRA as a “vital Act, which has proven itself to be a critical component of the country’s national economic security infrastructure.” In a statement from III, Hartwig noted, “Recent and explicit threats to American interests around the world from new terrorist organizations... demonstrate that the need for the program is greater than at any time in the past several years.”
Perhaps partly due to the benefits of TRIA, the 9/11 terrorist attacks, which killed 2,976 people and produced insured losses of about $32.5 billion ($42.9 billion in 2013 dollars, according to III) remain the most costly terrorist event. In fact, a review of an III-compiled list of the 20 most-costly terrorist acts by insured property losses includes only three events that occurred after Sept. 11, 2001. These are the July 2005 attacks in London, the December 2006 attacks in Madrid, and the November 2008 attacks in Mumbai.
Meanwhile, cyber risk continues to grow as a threat -- and as a potential business opportunity for the insurance industry. According to the recent Kaspersky Lab survey of worldwide IT professionals, 93% of financial services organizations experienced cyberthreats in the past year. A number of property/casualty carriers have expanded their services related to helping businesses of all kinds protect their digital assets from increasingly sophisticated assaults.
Often cybercrime is out-and-out theft and fraud; but there are growing concerns about state-sponsored cyberattacks along with potential attacks from terrorist organizations. Recent revelations that a number of large US bank’s had experienced cyberattacks, evidently perpetrated by Russian hackers, spurred speculation that the Russian government had sponsored the attacks as a response to the sanctions the US has imposed because of Russia’s involvement in the Ukraine crisis.
So, insurance companies, banks, and other businesses can continue to invest more in security, anti-fraud measures, predictive analytics, and other risk management-related technologies, but the risks and threats continue to grow in complexity, sophistication, and scope. Is the industry condemned to this kind of cat-and-mouse cycle forever, or are is it possible to reinvent risk management in some way that would really change the terms of the battle?
[Do you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the InformationWeek IT Leadership Summit.]
Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio