Partnership needed as risks escalate
Cyber, natural catastrophes and pandemics are high up the Spanish risk management agenda but there are serious concerns about the ability of the commercial insurance sector to meet demand. A more coordinated approach is needed with government support.
There are no shortage of threats keeping risk managers awake at night these days. And there is little disagreement about which ones are the most concerning for Spanish risk managers.
“The main risks today are cyber, nat cat and risks linked to inflation. They are clearly identifiable and, to different degrees, they integrate the risk maps of all companies today,” said Lourdes Freiria, general director of risks and insurance at construction group San José.
Another widely expressed opinion is that the insurance market is not necessarily doing its job to properly help companies deal with such risks.
“The answers provided by traditional insurance are not adequate. Many companies do not even have the option to buy insurance protection and, when it is available, prices are too high,” Freiria said.
Cyber threat
David González, director of risk and insurance at construction group at Sacyr, agreed that cyber risks present some of the toughest challenges for risk managers today.
“I am very concerned with cyber and the insurance or financial solutions for it. It is a risk that must be managed not only with a financial solution to help the company to bear the cost of a loss and to repair damages. The most important thing is to manage technological risks,” he said.
“The management of cyber risks must be able to avoid all vulnerabilities that companies have because, make no mistake, there are many risks that concern us but a cyberattack can wreck the whole business,” added González.
He believes the sense of imminent risk is driving companies to pay more attention to cyber threats.
“Sensibility about cyber risks is on the rise,” González said. “Many companies, both large and small, are investing in systems that can enable them to work with much security. This is spreading to smaller companies, which will always be exposed to the bad guys, who are always some steps ahead.”
Ramón de La Vega, the risk financing director at Telefónica, pointed out that managing cyber risk requires collaboration with other parts of the company.
“The work of the chief information security officers and their teams is very important. They provide an important support for us to understand the exposures and the risks we face, and support us at the time of underwriting and placing the risk. Today, cyber underwriters at insurance and reinsurance companies are more specialised, and sometimes they use external consultants or hire cyber experts. It is a positive development as they can talk to our CISOs in the same language,” he said.
Another top concern for companies is natural catastrophes, not least because the risk has apparently been aggravated by climate change, González said.
“It seems that nat cat events are happening with higher frequency and maybe even higher intensity,” he noted.
Although cyber and nat cat are huge issues for corporations, risk managers need to spread their attention across a much wider range of issues.
“The world is enmeshed in a spiral of uncertainty. There are political conflicts around the world. China versus the US, Russia versus Ukraine, Russia versus the EU. Those conflicts generate issues across the board, and even in the cyber area as Russian hackers, for example, who have become so active, are allegedly sponsored by the government. Which takes us to the issue of war clauses in insurance policies,” said Daniel San Millán, president of Igrea and risk manager at construction group Ferrovial.
“I am also worried about the next Black Swans. We simply do not know what is going to happen. From where we were three years ago, it seems that we live now in a dystopic sci-fi world. Since then we have had a pandemic, wars, bank bankruptcies, rampant inflation. Central banks are pushing interest rates up very quickly and that is having an impact on business,” he added.
Hyper regulation
De la Vega added the sheer amount of new regulation as another big risk.
“Hyper regulation is an issue everywhere and in all aspects of business, which forces us to dedicate a large share of our time to complying with policies and processes,” he said.
“Hyper regulation is tremendous in Europe. It has already become harder to do business here. We as large companies have the capacity to absorb it, but companies of other sizes can be taken down by it,” San Millán agreed.
But while the pace of regulatory activity continues to accelerate, some much-needed legislative work, such as the creation of public private partnerships to help deal with systemic risks like pandemics and cyber, finds little support.
“I have been part of a committee here in Spain, after the pandemic, where we talked about all the systemic risks,” San Millán said. “It has resulted in nothing so far. It requires political will, and the politicians have other priorities right now.”
He believes that the insurance market by itself will not be able to provide efficient solutions for threats such as pandemics and cyber risks.
“Systemic risks require support from the public sector. Just like what happens with terrorism and TRIA in the US,” San Millán said. “Cyber can be a systemic risk. An attack can stop a country or a region. The market will not provide a solution for that, and the public sector will have to intervene.”
A lack of debate about the transfer of systemic risks is harder to understand as countries such as Spain have already implemented nat cat pools that could work as a model for other risk financing tools involving governments and the insurance industry.
“The Consorcio de Compensación de Seguros, here in Spain, is a fantastic tool created by a partnership between the public and private sectors,” Freiria said. “We should strive to repeat the formula to deal with risks that do not have enough protection today and where it is very hard to obtain it with the private sector alone.”