Is the insurance industry facing a Cyber-Cat? Thousands of websites at risk to heartbleed bug…

No no – I’m not referring to an animated cat on an App but rather the announcement yesterday regarding the Heartbleed bug affecting the security of over 50% of the Internet according to some estimates. The bug affects the OpenSSL package and is believed to have been in the package since 2011. It affects the way the package deals with heart beat messages, hence the moniker given to the bug. There are already tools in use that exploit the bug and provide access to recent user data on compromised servers. There have been security alerts before with many large brands facing fines and media inquiries about their losses but this bug potentially affects hundreds of thousands of websites and many businesses globally, but why characterise this as a catastrophe and why would insurers be interested? In the last 2 to 3 years with the cost of data breaches growing significantly businesses have been offsetting the risk of a breach or loss through Cyber Liability Insurance Covers. Whilst the practice and cover is arguably in it’s infancy it’s popularity suggests that this sort of event could constitute a significant liability to insurers globally offering this cover. Further the event has some characteristics in common with other events requiring catastrophe response:
  • Many insured are at risk.
  • The event will likely draw the attention of governments and regulators.
  • Swift response will mitigate further loss.
There are some significant differences here though. Most notably in the event of hail, storm or flooding the insured are likely aware if their assets are affected or not – they may not know the extent of the loss but are likely aware if they need to claim. Increasingly risk aggregation and modelling tools are helping carriers and brokers understand the likely impact of catastrophe events. In this case however the insured may not be aware if they are compromised or not since the bug allowed for intrusions that would not be logged by the affected systems. In this case the advice is to determine if OpenSSL is used and if so then the server has been vulnerable, may have been compromised and should be patched immediately. The full statement regarding the bug is available at http://heartbleed.com/ although it is also covered at http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ which contains some useful advice. Further coverage is available from Reuters and The Guardian. As noted on heartbleed.com – Apache and NGinx webservers are known to typically use the OpenSSL library and account for 66% of the Internet according to Netcraft’s April 2014 Web Server Survey. Google says that it is not affected however Yahoo has already reported that they are working to fix the affected services on their side. As always communication and collaboration is crucial to managing these events. Insurer clients of Celent may like to read Celent’s case study combining internal and external data to respond to a catastrophe.

Ouroboros or the snake that is eating its own tail!

For those of you who don’t know it, China has its own rating agency. It is called Dagong Global Credit Rating Group. This week the Dagong Global Credit Rating Group reduced its credit rating for the U.S. to A+ from AA, citing a deteriorating intent and ability to repay debt obligations after the Federal Reserve announced more monetary easing. Of course the major US rating agencies still give the highest rating to the US. So, which view from the Chinese and the American view is the closest to reality? Maybe this is not the most important question right now. Actually what is more important to know is whether China still buys US government bonds? Actually it seems that China has been less inclined to buy US government bonds recently and so have been other Asian countries. So who is buying US government bonds right now then? The response is: The Fed! This is like a snake that is eating its own tail! and the animal is very hungry… Drawing by Theodoros Pelecanos, in alchemical tract titled Synosius (1478).

The Years Ahead

It’s been a while since my May 2009 post, whose title was: The consequences of printing money. What has changed since end of May 2009? Let’s try to review the two main ingredients that are influencing our economy: Government debts are increasing. Based in Switzerland – in the heart of Europe (geographically I mean since Switzerland is neither part of the European Union nor the Euro zone) – I was in the first raw to follow the Greek crisis. The lack of fiscal discipline and the absence of economic growth in Greece have contributed to put pressure on the Euro zone but eventually a new bail-out plan (at least a guarantee to launch one if needed) has been decided with the agreement of the German government. This test has demonstrated that the Euro currency system works well in good times but represents a weakness for Euro zone countries when some of their members are in a difficult financial situation as it is the case now not only for Greece but also for Spain, Portugal and some others. Stimulus packages have still to prove they work. The US counts on stimulus packages to boost its economy. Many policymakers thought the stimulus package decided following the 2008 financial crisis would help the US economy to get back rapidly to growth, which it temporarily did but it appears now that the overall economic situation in the US is deteriorating again. If we look at the industrialized world right now we can make the following statement: 1) European countries (at least the majority of them) and the US have serious concerns with relation to their debt level. Some European countries have decided to cut public spending like the UK, Greece and Spain. So far, there is not a clear trend to implement massive tax increase. 2) The US still continues its Quantitative Easing (QE) strategy. The Fed purchases the US government debt contributing to printing more money. Right now it seems that the debt level is not a priority for the US government. This situation leads me to ask myself important questions for the future: If there is no or very slow growth for a while how will governments improve their financial situation without increasing taxes? If they increase taxes will it contribute to kill any potential economic growth that is already predicted to be anemic? Is it possible to see a major government failure in the next 5 years? Government’s bail-outs of financial institutions have not solved the problem but just allowed them to gain some more time. But we should not forget that governments can print money but they cannot print jobs. There might be a no-exit path here unless governments address the chronic deficit and debt problems and together agree to restructure the international monetary system.

About Density and Penetration of Life Insurance in Europe

We are currently looking at the life insurance market in Europe and more specifically saving and retirement solutions involving wealth management by insurance companies. In the frame of our initial work, we have tried to identify the differences between the main European markets comparing each of them in terms of density and penetration: Life insurers have suffered since the financial crisis and the economic downturn and it is difficult to predict what is going to happen to this market in 2010 and maybe in a longer period. But based on this analysis there is at least two observations that can be drawn in today’s context: The unbalanced UK economy: Since the 80s and under Margaret Thatcher, the UK has operated a drastic shift in terms of economic focus neglecting the industry to concentrate on financial services. This explains why life insurance premium represents more than 10% of the UK GDP right now. We believe that the lack of balance of the UK economy has been a major weakness recently as it obliged the UK government to take drastic actions to help financial institutions in difficulty during the financial crisis at an unprecedented level in comparison to other European countries. The level of debt and deficits have worsened and the strong emphasis in financial services remains a threat for the UK economy. The bancassurance model does not bring the same success across geographies: Banks are the most important intermediaries in terms of life insurance distribution in Spain, France and Italy. However, it is important to point out that life insurance density is much higher in France than in Spain and Italy. This difference cannot be only explained by the difference in GDP ranking between these countries. Following our discussions with French insurers, we have noticed that the French bancassurance model remains an example worldwide and it seems that Italian and Spanish insurers have not managed to take full advantage of the banking network to leverage potential synergies. Our objective is to understand the differences between the main European insurance markets and then anticipate how they might fare in the coming years taking into consideration the current macro-economic environment. There are plenty of uncertainties right now but asking the relevant questions is already a good step towards the right direction.

Too Big or not Too Big? That is the Question!

A bit more than one year ago in the middle of the financial crisis, some banks and one big insurer have been saved by governments since their bankruptcy would have put the whole international financial system in great danger. “Too big to fail” is the expression that has been widely used to caracterize this policy. Since then, two G20 summits took place. What came out of these meetings in the general opinion’s mind? Let’s be frank: a lot of good intentions but nothing really concrete! While the first one held in April this year in London was more to demonstrate to the populations that policy makers were aware of the seriousness of the situation, the second one that took place in Philadelphia a few weeks ago gave birth to a consensus regarding traders bonuses, which of course does not solve the big issue. However, some good intentions can sometimes lead to interesting ideas. I personally consider that the creation of the Financial Stability Board (FSB) following the London G20 Summit represents a good step towards a better regulation and consequently an improved protection of the international financial system. Yesterday The Financial Times published a list of 30 financial companies, whose failure could represent a systemic risk worldwide according to the FSB. Insurers are considered to be risky for the system expecially when they start diversifying from insurance into complex financial engineering. This has notably been the case with AIG and SwissRe. Too big or not too big? That is the question and now let’s see what the next steps will be. Normally this list is due “to address the issue of systemically important cross-border financial institutions through the setting up of supervisory colleges” as mentioned in the Financial Times article. Concrete measures will certainly take time but at least there are concrete intentions.

Economics Does Not Lie

The financial crisis and the economic downturn having pushed governments to massively inject money into the economy – firstly to partly or fully nationalize financial institutions and secondly to stimulate the economy – have contributed to question the validity of the principles of the free market theory among populations and the general opinions in Europe and the United States. Guy Sorman published recently a very interesting book, which I recommend you to read and whose title is: Economics Does Not Lie: A Defense of the Free Market in a Time of Crisis. To know more about the author and what his book is all about, I also invite you to read an interview Guy Sorman has given in July 2009: Defending the Free Market: an Inteview with Guy Sorman. I have already given my opinion about the financial crisis and the economic downturn to our blog’s readers. In his interview, Guy Sorman mentions two things that are very interesting according to me. When asked about the efficiency of stimulus plans and Keynesian economics, he says: (…) Keynes suggested that government accumulates surpluses during periods of growth in order to invest them during downturns. This has never been done, though. What we have is public spending financed by public debt, which leads to an increase in interest rates, which in turn freezes the recovery. Thus, in real life, no stimulus plan has ever worked. Those mavericks who still advocate stimulus plans argue that they haven’t worked in the past because not enough money was spent. But to spend more could lead only to bankruptcy or socialism, not to recovery.(…) Later in this interview, Guy Sorman mentions the Japanese economic policy during the 90s: (…) Unfortunately, the nation’s economic policy between 1990 and 2000 was disastrous. The government, with lots of corruption behind the scenes, invested huge sums in useless infrastructure. Private investment was crowded out by this public stimulus, which brought the country to a standstill. This so-called lost decade is the most illustrative demonstration of the adverse effect of public spending.(…) Economics is a human science. Reality helps validate economic models that are built upon experiences and data collected in the past. What economists can do nowadays is certainly not to predict what is going to happen in the future. On the other hand, they can surely tell us what economic policies will certainly fail.

Focus is on costs reduction

Some observers think that we are at the beginning of the end of this financial crisis and its consequences while others believe this is just the end of the beginning. Celent has given its thoughts on the impact of the financial crisis on insurers in a report published in September last year: Bad News on the Street: Insurance IT Strategy and the Financial Crisis. Since then the crisis has become a global recession and its impacts are affecting the financial industry as a whole. Of course the insurance sector is also hit and strategists have to respond with appropriate actions. Definitely one of them and certainly one of the most important one has to deal with costs reduction. In a recent article published by Bloomberg, whose title is Insurers May Be Forced to Reduce Costs, Outsource it appears that European insurers of all sizes are starting to implement drastic measures in order to reduce costs. Personnel and information technology are certainly the most important expense factors in the insurance industry but it seems that insurers have understood that technology can be an enabler to reduce costs and not only an important cost position in their profit and loss account. In a series of quarterly reports focusing on the current recession and how insurers tend to react to the crisis (the first report has been published in May 2009: Handling the Crisis: Update on Q1 Insurance Industry Expectations and Strategies), Celent tries to track how insurers handle the crisis and what particular initiatives they take in order to go through this difficult time and weather the storm the best way they can. In the first report looking at the first quarter of 2009, it seems that insurers understand that IT can help them reduce costs and therefore they don’t necessarily perceive IT only as a cost driver any longer. What will be interesting in Celent’s approach is how initiatives will evolve in the near future. Therefore I invite all our members to check our next reports. The next one will be reviewing insurers initiatives to handle the crisis in the second quarter of 2009.

Update to "Bad News on the Street, Insurance IT Strategy and the Financial Crisis"

Since we published Bad News on the Street, Insurance IT Strategy and the Financial Crisis in early October, the economic roller coaster continues to twist and gyrate. One assumption in that report, that there will be a “mild to moderate” recession, is being severely challenged. The mortgage meltdown morphed into a credit confidence crisis which precipitated a consumer confidence downturn, increasing job losses, accelerated by an auto industry meltdown. Suddenly, a question that seemed ridiculous a short time ago seems prudent: “Is $750 billion enough?”

Strange actions have been seen on the street. “Traditional” insurance companies are courting and marrying tiny banks so that they can meet at the TARP alter. Other insurers are vehemently rejecting any government assistance and the resultant “strings” attached. Foreign-owned insurers are directly petitioning the US government for assistance.

Since the report, third quarter numbers have been released and the results are not kind. The third quarter 2008 net income of the largest 25 Property/Casualty and Life/Annuity/Health insurers is 97% below that of last year. (These numbers exclude AIG.)

Discussing the situation with insurers in North America, Celent finds that most are taking a “wait and see” approach to IT budgeting. Strategic projects that are already underway are not being cancelled, but those that were planned to be launched in late 2008 are being delayed. In late October, Celent surveyed CIOs at North American insurance companies about projections for their 2009 budgets. No one reported a decline and 34% said their budgets would remain flat at 2008 levels. When asked to rate this amount against the strategic business and technology objectives they expected, most (75%) characterized this as “adequate”.

Barring economic catastrophe, the next game-changing event will be modifications in regulation. Two central questions loom. First, to what extent will the insurance industry be included in general financial reforms targeted toward banking institutions? Second, which way will the ongoing tug of war between Federal and State oversight go?

A slim ray of optimism exists in rumors that a hard market is coming for commercial Property/Casualty products. We will keep our ears to the ground and our radar on scan for additional developments.