corporate risk
Exposures: Spring 2015 | Canadian Insurance

Exposures: Spring 2015

Canada’s Lack of TRIA

As February wound to a close, Al-Shabaab seemed to decide it had lost market share in global fear to Al-Qaeda, Boko Haram and ISIS, and so it called on adherents to attack shopping malls around the world. The West Edmonton Mall was named. Reporters asked shoppers if they were worried, but in a country where in some places your skin can freeze on contact with the air in winter, there’s no lack of stoicism. But there is a lack of something Americans have: TRIA.

The U.S. Congress has recently renewed the Terrorism Risk Insurance Act. If RIMS had its way, TRIA’s life span would be “indefinite.” Former RIMS president Carolyn Snow, who once testified before the Senate on the issue, says, “The problem with having short periods of time just means you’re constantly working on it. And there are other issues as an organization that we want Congress to act on.” Yes, that would be convenient, especially when the latest extension will phase in an increase from $100 million to $200 million as the threshold for Washington loans to kick in on acts of terrorism. Granted, the federal share of losses is being trimmed from 85 to 80 percent by 2020, but Britain’s Guardian newspaper has still been withering over TRIA: “The program has cost the government $1 million a year—almost nothing—but has made an estimated $40 billion in revenue for insurance companies, who have never paid a claim, or given a dime to the government for their reinsurance protection.” But a case can be made for a reinsurance framework; insurance companies in Australia can reinsure their eligible terrorism losses through a tiered system of premiums to the Australian Reinsurance Pool Corporation.

Meanwhile, little attention here is paid to the fact we have no government framework in place. At all. “Canada does not have a similar Act [to TRIA],” explains Finance Department spokesperson Stephanie Rubec. “The Department does not comment or speculate on possible policy actions, or discuss what might be under consideration.” Maybe the urgency simply isn’t felt. Janice Ochenkowski, RIMS chair of external affairs in Chicago, says after 9/11, Canadian insurers “have not constricted the coverage limits, and they haven’t increased the pricing outside market standards. If market coverage is available, you don’t need a legislative mandate regarding the coverage.” And the Insurance Bureau of Canada told us, “The insurance industry continues to monitor developments and adapts to changes in risk as necessary.” Of course, after Michael Zehaf-Bibeau shot his way into Parliament, security protocols there went through a serious overhaul. Deemed more than necessary, they were downright urgent.

Steady As She Goes

The conference board of canada made a few calls and talked to a few folks (1,102 of them), most of them in small businesses worth under $25 million, and it discovered we might just be as safe and dull as the rest of the world thinks we are. Our business people don’t seem to want to step out onto that thin, narrow branch to grab the golden pear.

It’s not necessarily a bad thing. In its latest Innovation and Canadian Business Survey, the board says, “Over 70 percent of Canadian businesses are realists in terms of aligning their risk-taking with their financial capacity:” what the board considers a sign of “managerial maturity.” But there’s a smattering of businesses out there, about four percent of its sample, the board considers wishful thinkers (their word) “because their risk tolerance exceeds their capacity to absorb losses.” Not necessarily a bad thing either, unless they lack the capability to deliver what they promise. As the board’s director of research, Michael Grant, puts it: “That’s why venture capital spends a heck of a lot of time assessing management teams, right?” Many businesses, he points out, are “just getting by”—service and small goods-producing operations that are hanging in there or have a bit of money, but they’re not growing or innovating because they lack the capital, resources and managerial capabilities.

Contrast those with the real go-getters; the board interviewed the leaders of 17 young, rapidly growing firms and (there’s no real suspense here) found that “innovative start-ups are driven by visionary, ambitious leaders. The main management challenge facing these leaders is to adapt their management system as their company develops.” But for the majority, it’s steady as she goes. Operations as usual, safe and dull.

“There’s a difference between being an entrepreneur in the sense of ‘I’ve started a business’ and being the sort of entrepreneur who really knows how to grow a business,” says Grant. “And we have very few of those sort of entrepreneurs.”

He says he’s “amazed” that business schools have been expanding so much over the last 20 years, “and we have all these people going to business school, and why is it that none of them are the people that grow these businesses?” Add to those schools the number of university entrepreneur programs and incubators. “And yet you kind of look at the statistics, and you go, ‘Okay, what happened with all that?’” laughs Grant. “Why didn’t we end up with more rapidly growing companies? And it’s perplexing.”

The Matrix Reinsured

Besides the concern for bricks and mortar, there’s genuine interest in a TRIA-type model to cover what could happen on a catastrophic scale in the cyber world. Governments should insure businesses against cyber attacks as they do real-world terrorism, argues Catlin Group CEO Stephen Catlin.

He suggests that because cyber attacks are difficult to model and can simultaneously affect companies around the world, the insurance industry may not be able to recover from paying several multibillion-dollar claims at once. “It’s possible that you can have the same loss happening around the globe,” Catlin told the Insurance Insider London conference in February.

No government formally offers cyber insurance—although some experts say TRIA would provide coverage after a disastrous cyber attack—but the UK’s Technology and Strategy Board offers smalland medium-sized businesses £5000 grants to upgrade their cyber security systems.

The grants are available through the UK’s Innovation Vouchers system, whereby companies bid for funds to obtain help from external suppliers. Cyber security suppliers must be certified by CSEG, the information security arm of Britain’s intelligence organization.

In 2014, cyber breaches cost up to £115,000 for small businesses and £1,115,000 for big organizations, the UK’s Information Security Breaches Survey revealed.

Top 10 Barriers To Innovation

The Conference Board of Canada found small businesses play it safe for three main reasons: resourcing, business capacity to innovate and attitudes towards risk. Here’s a breakdown:
1 Regulation and taxes reduce incentives
2 Finding the time
3 Financing
4 Employees lack skills/ attitudes/behaviours
5 Lack of leadership
6 Management competencies
7 Business culture against innovation
8 Lack of collaboration
9 Leadership risk aversion
10 Business culture is risk averse

Source | The Conference Board Of Canada

13 Terrorist plots, foiled or failed between 1995 and 2013, that used modified, remotely operated model airplanes
Source | Toronto Star

48.2 million Cyber attacks detected around the world in 2014, a 48 percent jump from the year before. But in Canada, detected incidents fell by 15 percent, suggesting Canadian hackers are setting their sights internationally or we’re getting worse at detecting security breaches
Source | Pricewaterhouse Coopers

Copyright 2014 Rogers Publishing Ltd. This article first appeared in the March 2015 edition of Corporate Risk Canada magazine