Emerging technologies challenge Asia-Pacific firmsReprints
SINGAPORE — Technological developments are leading to a sharp increase in the potential liabilities that companies face ranging from the so-called Internet of Things to business interruption related to cyber risks.
While company executives and research and development personnel are often eager to implement new technology, risk managers should insert themselves into discussions about the possible unexpected effects of the new products and services, experts say.
And in countries in the Asia-Pacific region, where there are few laws that specifically address cyber breaches, risk managers should be working with their senior executives to highlight the cyber-related risks they face, they said.
Risk managers need to be proactive to protect their organizations from liabilities arising out of the Internet of Things, an insurance executive said.
With between 10 billion and 20 billion products and devices connected to the Internet, risk managers need to exert influence within their companies to ensure that liability considerations are addressed before digitally connected products are introduced, said Rudi H. Spaan, president and CEO of AIG Insurance Hong Kong Ltd., a unit of American International Group Inc.
In addition, insurers need to partner with their policyholders to ensure that insurance policies address the rapidly changing risks that arise as a result of the changing technology, he said during a presentation at the Pan-Asia Risk and Insurance Management Association conference in Singapore last week.
The liability landscape is growing more complex as a result of the Internet of Things, Mr. Spaan said.
In one scenario, for example, an industrial machine manufacturer might send out an update to a customer operating the machine over the Internet. If the update is not received, the machine may malfunction and cause property damage. The operator may say that it did not receive the update, and the manufacturer may say that its own Internet was connection was faulty and failed to deliver the update. “Everybody is going to point fingers at each other and at this moment, because it is such a new exposure, it is not always clear who is liable,” he said.
To address these issues, risk managers should engage with their research and development departments before the products are manufactured, he said.
“You as risk managers need to know very quickly what's cooking in the kitchen so that you can interact and play with it right then and there as opposed to being on the reaction side. And the more lead time you give to your brokers and insurers, the better our products can be to help you out,” he said.
Insurance products that specifically address cyber risks are rarely purchased in Asia-Pacific as there are few, if any, laws in Asian countries that specifically address cyber breaches and impose breach response requirements on companies.
Although there is about $2 billion in cyber risk premium written by insurers worldwide, most of it is written in North America, followed by Europe, said Mark T. Lingafelter, managing director at QBE Asia Pacific in Singapore, a unit of QBE Insurance Group Ltd. Only about $5 million of QBE's premium comes from cyber risk policies written in Asia, he said.
AIG, which writes about $200 million in cyber risk premium globally, only writes about $20 million in Asia, said Mr. Spaan.
Cyber insurance is in its infancy in Australia too, said Jason Disborough, CEO for multinational clients at Aon Risk Solutions in Brisbane, Australia.
Aon places about $2.3 billion in property/ casualty insurance premiums in Australia, but only about $15 million of that premium is related to cyber insurance, he said.
However, it is a fast-growing line of business, and company boards in Australia are more frequently directing companies to look into buying cyber insurance coverage.
And risk managers have much more to be concerned about than specific breach-related costs.
Nonphysical damage business interruption risks are major threats to companies, said Peter Hacker, a global advisory executive at Distinction Global, a unit of Cybercrime Research Institute GmbH in Cologne, Germany.
Traditional business interruption policies respond only to disruption caused by physical damages to property. However, hacking incidents can lead to significant disruptions in business, he said.
In relation to cyber risks, “we used to think about privacy, but now we have to think about loss of revenue. The CEO and CFO's major concern is reputation and loss or revenue,” Mr. Hacker said.
“Boards are more and more asking about what risk management and insurance can do. They want to know how it's relevant to their needs,” he said.