An Allianz survey of its own corporate insurance executives predicts the top 10 risks to a company’s bottom line in 2014. This made us think: How many of those risks should be covered by insurance?

On November 2, 2013, we published a post here about the 2013 Lloyd’s Risk Index and questioned whether those survey results might reflect a certain amount of corporate happy thinking. Unlike the Lloyd’s Index, which was an independently designed and conducted survey of hundreds of so-called “C-Suite” executives (CEOs, CFOs, and COOs) from around the world, the Allianz Barometer is a survey from “among risk consultants, underwriters, senior managers and claims experts in the corporate insurance segment of both Allianz Global Corporate & Specialty (AGCS) and local Allianz entities.” Where the independence of theLloyd’s survey — and the expertise of the company that devised it — lends it a certain credibility about corporate thinking and projections, the Allianz survey is incestuous, drawing its results from within its own family of companies. It leads us to the concern that we raised — and dismissed – regarding the Lloyd’s Index: “one wonders, if one is sufficiently skeptical (or cynical?), if the [survey] is just a vehicle for driving the fear of certain risks toward the purchase of policies that [the carrier] happens to have on the market.”

In their responses to the Lloyd’s survey, many corporate execs apparently expressed the belief that their company’s are well-positioned to deal with a cyber attack, which was in the top five fears for the future within the C-Suite; hence the suggestion that the Index might reflect happy thinking. Say what you will, however, about the relative merits of the two surveys, the risk of a cyber attack features prominently in each of them.

This should, of course, surprise no one. There are weekly reports, it seems, of massive and high-profile cyber-thefts of customer information. Three weeks ago, Target and its customers were the victims. Two weeks ago, it was Neiman Marcus. The hackers are ubiquitous and indefatigable. According to the Pentagon, hackers attempt to breach its security protections a mind-numbing 10 million times each and every day.

The theme (and sub-title) of the 2014 Allianz Risk Barometer is “The Rise of Interconnected Risks.” (Download a copy here.) By this, the authors mean that several of the top ten risks can be either the cause or the effect of one another. For example, “Business interruption, supply chain risk” ranks first on this list. Losses from such a risk can be caused by “Natural catastrophes” (number 2), “Fire, explosion” (number 3), and “Cyber crimes, IT failures” (number 8). Similarly, cyber crime can be, and often is, the cause of “Loss of reputation, brand value (for example, from social media),” which ranks number 6 on the Barometer.

So, which of the top ten risks identified by Allianz executives are covered by existing insurance products on the market? The top ten are:

  1. Business interruption, supply chain risk;
  2. Natural catastrophes (storm, flood, earthquake);
  3. Fire, explosion;
  4. Changes in legislation and regulation;
  5. Market stagnation or decline;
  6. Loss of reputation or brand value (for example, from social media);
  7. Intensified competition;
  8. IT failures, cyber crime, espionage;
  9. Theft, fraud or corruption;
  10. Quality deficiencies and serial defects.

Standard first-party commercial property policies typically provide broad coverage for business interruption (or BI). Such policies come in two flavors: All Risk and Specified Cause of Loss policies. Under All Risk coverage, everything is covered unless specifically and clearly excluded. Under a Specified Cause of Loss policy, nothing is covered except those risks specifically identified in the policy. Under either kind of policy, an insured will typically have coverage for BI and supply chain interruption caused by most natural disasters (loss caused by earthquake is commonly excluded in first-party property policies but can usually be purchased for additional premium); by fire and explosion; and by theft or vandalism. This covers four of the top ten risks identified on the Allianz Barometer. 

There is a handful of cases in jurisdictions around the country that have found coverage for IT failures and cyber crimes in the “Personal and Advertising Injury” provisions of the standard Commercial General Liability policy. Likewise, there are numerous specialty policies (generally referred to as “Cyber Policies”) on the market that cover most, if not all, of the costs associated with liability for computer security failures and cyber crimes, including public relations costs. The availability of that coverage is discussed in a blog post on this blog that was published on July 4, 2013.

Depending on the facts and circumstances, product deficiencies and defects may be covered by the products-completed operations hazard coverage of the typical CGL policy. In all, the Allianz Barometer top ten list contains only three risks that are not covered by the kinds of commercial insurance policy that a company will typically find on the market today, and all of those risks arise from the very nature of doing business in a regulated market economy: Changes in legislation and regulation; Market stagnation and decline; and Increased competition.

In a world that is full of risks, having a financial hedge against seven out of ten big ones should be of some comfort.