Industry Issues | ERM & Emerging Risks

Emerging Risks – 2018 Survey Results

The Final Results are in ... "Cyber Security and Data Breach Requirements for Insurers" tops the list in the PCI ERM Committee's 2018 Emerging Risks Survey.

"Cyber security and data breach" was the top enterprise risk cited in the 2018 survey of the PCI ERM Committee. In this second annual survey, committee members were asked to identify the emerging risks that are most top-of-mind relevant to their enterprise risk management duties. Whereas last year's respondents put natural catastrophe and climate change risk at the top of the list (now # 5), the 2017 hurricanes, wildfires, hailstorms and flooding could not compete against the complexity of risks and opportunities related to new technologies, innovations, and an emerging digitization of insurance and its consumers. In fact the three other risks that leapfrogged to the 2nd to 4th spots all fall within that general category: 2) Use and Regulation of "big data" in predictive modeling and machine learning/AI analytics; 3) Insurtech innovations and tech-based insurer entrants; and 4) Offering of 1st and 3rd party cyber insurance, "silent" cyber exposures, and emerging legal theories for cause of action.

Does Size Matter? 

This year's respondents were asked an additional question to determine whether there may be a difference in the risk ranking based on the size of the company. Only "Cyber Security and Data Breach Requirements for Insurers" was common among the top vote-getters from the two groups of insurers that write more than, and less than, $500 million in annual direct written premium. Clearly the promulgation of comprehensive and enhanced cyber security requirements for financial services companies by the New York Department of Financial Services has put this matter near the center of the radar for the vast majority of insurers, regardless of size.

The 2018 overall survey results will be posted later this month on the Committee's web page, and will be discussed as part of our Committee's May 10, meeting agenda in Chicago.

ERM & Emerging Risks:2018 Emerging Risks Survey

Answer Choices

Responses

Cyber Security and Data Breach Requirements for Insurers (cyber-attack/data theft prevention, protection & response)

60.0%

Big Data: Use, Regulation of Big Data (3rd Party, data mining) in Predictive Modeling, Machine Learning/AI analytics

43.3%

Insurtech Firms: Tech-based Insurer Entrants; Technology Innovation Specific to a Function Within the Insurance Industry Model

40.0%

Cyber Risk - 1st and 3rd Party Insurance; Silent Cyber; Emerging Legal Theories for Cause of Action

36.7%

Natural Catastrophes: Extreme Weather Events and Climate Change

36.7%

Internet of Things (connected home and vehicle), Lifestyle/health Telematics, 3D Technology, Virtual Reality

33.3%

Drones and Self-Driving (Autonomous) Vehicles: Personal and Commercial Use

30.0%

Aging Workforce/Talent Gap

26.7%

State Regulatory Overreach, Compliance Requirements: Data Calls; UW and Rate-making Restrictions/Limitations; Non-insurance Matters

23.3%

Digitized Consumer Behavior

23.3%

Cloud Data Storage/Migration; Cloud-based Services, including Vendors/Business Partners

20.0%

Artificial Intelligence (Cognitive Computing) and Robotics

20.0%

Man-made Catastrophes, Disruptions (supply chain): Domestic & Foreign terrorism, Large Scale Cyber-attacks, Fracking, Mass Tort

20.0%

Sharing economy: Transportation Network Companies, Home Sharing, Other On-demand Businesses

16.7%

Stock Market Volatility; Global Market (In)Stability

16.7%

Population Demographics impacting Health Care, Prescription Drug Usage, and Insurance

13.3%

Industry Merger & Acquisition Activity

10.0%

Federal and Global Economic Policies: Tax Reform, Trade Agreements, Interest Rates, Infrastructure Investment

10.0%

Federal and International Regulations Expansion or Intrusion into Insurance

6.7%

Changes in Lifestyle Behavior and Social Risk Tolerances

6.7%

Other (Blockchain, Social Fairness)

6.7%

 

Insurance group/company writes more than $500M in annual DWP

Answer Choices

Responses

Big Data: Use, Regulation of Big Data (3rd Party, data mining) in Predictive Modeling, Machine Learning/AI analytics

60.00%

Cyber Risk - 1st and 3rd Party Insurance; Silent Cyber; Emerging Legal Theories for Cause of Action

50.00%

Cyber Security and Data Breach Requirements for Insurers (cyber-attack/data theft prevention, protection & response)

50.00%

Insurtech Firms: Tech-based Insurer Entrants; Technology Innovation Specific to a Function Within the Insurance Industry Model

50.00%

Natural Catastrophes: Extreme Weather Events and Climate Change

45.00%

 

Insurance group/company write less than $500M in annual DWP

Answer Choices

Responses

Cyber Security and Data Breach Requirements for Insurers (cyber-attack/data theft prevention, protection & response)

80.00%

State Regulatory Overreach, Compliance Requirements: Data Calls; UW and Rate-making Restrictions/Limitations; Non-insurance Matters

50.00%

Aging Workforce/Talent Gap

50.00%

Artificial Intelligence (Cognitive Computing) and Robotics

30.00%

Drones and Self-Driving (Autonomous) Vehicles: Personal and Commercial Use

30.00%

Sharing economy: Transportation Network Companies, Home Sharing, Other On-demand Businesses

30.00%