Mexico AMIS Insurance ConferenceFri 19 May 2017
Speech by Inga Beale at Mexico AMIS Insurance Conference
Speech by Inga Beale at Mexico AMIS Insurance Conference
Good afternoon, buenas tardes.
It really is a great pleasure to be here in Mexico City – Mexico is the largest market for Lloyd’s in Latin America.
As the global hub for specialist insurance and reinsurance, Lloyd’s is proud to have a strong and lasting relationship with Mexico. We have been a foreign reinsurer in Mexico since 1985 and opened our Representative Office almost two years ago and have been very grateful for the support we have received from Mexico’s Ministry of Finance.
Lloyd’s is committed to supporting Mexico’s economic growth and also this country’s pioneering application of catastrophe and agricultural risk management, through initiatives such as the federal catastrophe fund – Fonden.
Alongside those initiatives, the reinsurance regulation in Mexico reflects the government’s interest to diversify the significant natural catastrophe risks that Mexico is vulnerable to. All of these efforts are critical to protecting Mexico’s economic growth.
Of course, with everything going on around the world – Brexit, the new Trump administration in the US, and the rhetoric surrounding the French presidential election – we are seeing a rising tide of protectionism.
But Mexico understands the value of open markets, and global trade which signals a welcome push back on the economic nationalism we have seen in many other parts of the world. In fact – Mexico’s trade policy is among the most open in the world, with the most Free Trade Agreements globally with 46 open trade partners.
And while Mexico has a free-trade agreement with the EU, I know that the UK government is working with the Mexican government on arrangements following the UK’s exit from the European Union. Trade between our two countries is worth around 32 billion USD, and it is crucial that this is protected.
And for Lloyd’s, we look forward to strengthening those ties as we grow our business here in Mexico, and across Latin America in the years and decades ahead.
Latin America is a hugely important region for Lloyd’s. With 600 million customers, representing 10% of the global population, we know that over the coming years the insurance market will continue to grow, as underinsurance is tackled.
In fact, emerging economies, including some of those in Latin America, have been growing at a faster rate than their Western counterparts. It is predicted that by 2050, the E7 economies – which include those of Mexico and Brazil – will be larger than those of the G7. In fact, Mexico’s economy could be larger than the UK’s in just 15 years.
Mexico’s economic growth is not without its challenges of course – growth in any country is rarely trouble-free – but Lloyd’s recognises the potential here and are keen to work as partners to ensure that this great potential is realised.
And with the world changing so rapidly, there are so many threats out there that put economic growth at risk. One particular mega-risk that I’m here to talk to you about today, is cyber. And with the recent global ransomware attack that has paralysed hospitals, disrupted transport networks and immobilised businesses all over the world, this is an extremely important area to be discussing.
But before I go into that, I realise that many of those here may not be so familiar with Lloyd’s, so I have a little explaining to do.
We are the world’s specialist insurance and reinsurance market. We have a truly global reach, operating in more than 200 countries and territories worldwide. For almost 330 years we have been underwriting human progress; Lloyd’s syndicates insured the first cars; the first planes; and the first satellites. We pioneered business interruption, D&O, and earthquake insurance. Today we are leading the world on new risks like cyber or supply chain disruption.
The world’s largest insurance companies set up syndicates at Lloyd’s in order to write specialist insurance for the world’s largest companies. Today we are home to 59 insurance businesses – or managing agents as we call them. And between them they manage more than 80 syndicates.
Sometimes syndicates compete; sometimes they collaborate. And much of Lloyd's business works by subscription, where more than one syndicate takes a share of the same risk. This allows Lloyd’s to lead the world in covering large and complex risks.
And we are still a fully brokered market. Lloyd’s has no sales force as such and has outsourced distribution to brokers, who have been critical to Lloyd’s development over the centuries, bringing risks from all over the world to our market.
We also have another source of distribution where syndicates delegate underwriting authority to coverholders, who are also a very important part of our distribution arm. Their understanding of our customers’ risk maps is the foundation for the services we provide.
The clustering of broking and underwriting expertise is what gives Lloyd’s our unique edge. If you ever find yourself in London, please get in touch to arrange a visit to the Room in the Lloyd’s building – four floors of bustling activity where brokers and underwriters conduct thousands of face-to-face transactions every day. It is this interaction that over hundreds of years has helped forge our reputation for innovation.
In the corporate centre of Lloyd’s, we are guardians of a special feature of the Lloyd’s market – a central mutual fund.
In order to protect this fund we approve all syndicate business plans and also set the level of capital that is required to back those business plans. Each member at Lloyd’s has to deposit a certain amount of capital as Funds at Lloyd’s – which means it can only be used to pay claims to Lloyd’s policyholders.
Syndicates also have to make a contribution each year to the central fund which is there to pay out if one of the syndicates doesn’t have enough capital to fulfil their policyholder liabilities.
This mutual aspect of the market makes Lloyd’s totally unique. It also provides the financial strength so desired by our customers. Our capital position remains strong, with our net resources totalling over 33 billion USD. And all syndicates at Lloyd’s are backed by our excellent ratings – A+ from S&P, A from A.M. Best, and AA- from Fitch.
So that is a very brief overview of who we are, and how we work.
Lloyd's and Mexico
Turning back to Mexico.
Last year, Lloyd’s wrote in excess of 340 million USD in premiums, primarily in the property, energy, marine and aviation classes. And over the past five years we have experienced a compound annual growth rate of 5 per cent, measured against the Mexican peso.
But our relationship goes beyond premium and growth numbers. Lloyd’s is a key partner in the risk transfer operations carried out by Mexico’s public and private entities.
As I mentioned earlier, we support the domestic direct insurance industry primarily with reinsurance, increasing capacity, as well as developing new specialist products in partnership with domestic insurers.
This means that for large and complex risks in areas such as energy, aviation, large government property accounts, and more specialised covers for emerging risks such as cyber, which I will speak about in detail shortly, there will be more capacity available and more products available.
Alongside the business opportunity we see here, we also take our role in helping raise Mexico’s insurance penetration very seriously.
The Lloyd’s Global Underinsurance Report showed that Mexico remains significantly underinsured against the costs of natural catastrophes, coming 31st out of the 42 countries analysed – and as you will all know very well, Mexico is one of the most catastrophe prone countries in the world.
Non-life insurance penetration in Mexico as a percentage of GDP stands at 1.1%, while the underinsurance gap in terms of gross annual premium is around 8 billion USD.
This has implications for Mexico’s economic development and economic sustainability. International reinsurers such as Lloyd’s can help reduce the financial impact in the event of major disaster – and share knowledge, obtained from operating across global markets – to help build greater resilience to these threats.
Our own research at Lloyd’s shows that a 1% rise in insurance penetration translates into a 13% reduction in uninsured losses and a 22% reduction in taxpayers’ contribution following a disaster.
Insurance also improves the sustainability of an economy and leads to greater rates of growth – a 1% rise in insurance penetration also leads to increased investment, equivalent to 2% of national GDP. These are pretty stark figures.
Insurance, particularly when diversified outside country – in other words, placed outside Mexico – de-risks governments, de-risks business and communities. It takes the financial burden of recovery off the taxpayer and boosts economic growth.
As an example, over the past five years Lloyd’s has paid out more than 840 million USD in claims here in Mexico. If that risk had not been transferred offshore, that financial burden would have fallen on the government and taxpayers.
As I mentioned earlier, the diversification of risk is already something that the Mexican government has prioritised, with its open, strategic approach to risk transfer.
But alongside the well-known natural catastrophe risks, there is also the significant and steady rise of man-made risks arising from the rapid change going on around the world – including here in Mexico.
Changing nature of risk
Increasing urbanisation means risks are becoming ever-more concentrated in cities as they become the engines of economic growth.
And globalisation has made the world more interconnected than ever before. This means that when disaster happens, it doesn’t just impact on the community, city, or country where it was located – its impact stretches out across the world. For Mexico – that could involve up to 46 trading partners who rely on the country’s exports.
Digitalisation has been the most recent force that is profoundly changing the way we connect, and the way we do business.
Looking specifically at the way business has changed over the last 40 years – as an example, in 1975 the split of assets of the S&P500 market value was 83% tangible and 17% intangible. Today this has completely reversed to 16% tangible and 84% intangible.
Many of today’s best-known businesses own no physical infrastructure.
For example, Skype, the world’s largest phone company, owns no physical telco network; Netflix, the world’s largest movie house owns no cinemas.
The assets of these sorts of companies are digital and data-rich. Their value is based on their IT systems, their intellectual property and their reputation.
On the plus side this means they are less vulnerable to natural catastrophes, which predominantly damage physical infrastructure. But digital assets are more exposed to new threats such as cyber-attacks.
These new threats are evolving fast.
Global cyber risk
In the 1980s, computer hacking was the hobby of a few enthusiasts in their bedrooms. Today it is a global criminal enterprise and state-sanctioned weapon that can wipe millions of a company’s share price or shut down a nuclear facility.
If we look at the growing internet of things – where millions of devices such as lightbulbs, fridges and security cameras are being connect to the internet – we can see that there is increasing network vulnerability.
What has been named one of the biggest cyber-attacks in 2016 – the Dyn ‘denial of service’ attack – used these sorts of connected devices to attack the websites of companies including Twitter, SoundCloud and Spotify.
As more business and government functions move online, and as more companies and consumers around the world connect to the Internet, this ever-increasing store of digital data and connected things create enormous vulnerability to cyber-attacks – which is fast becoming a global mega risk.
The weaponisation of code has grown more lucrative and more destructive. And the potential for real systemic damage is truly scary.
And it’s happening all around us. I couldn’t be talking about anything more topical right now with the “WannaCry” global cyber-attack happening right now. It began on Friday last week, where attackers repurposed a cyber spying tool known as EternalBlue, stolen from the US National Security Agency (NSA) and leaked online. In just 24 hours, thousands of computers were compromised by an aggressive ransomware campaign – where malicious actors deploy malware that infiltrates computer systems, encrypting files and demanding a ransom to get their data back and resume operations. In this particular case it threatens to delete files within seven days if no payment is made.
They are targeting organisations with global networks by exploiting a security loophole that allows the malicious code to spread through structures set up to share files – such as dropboxes and shared drives for documents or databases – without permission from users.
So far, WannaCry has infiltrated more than 200,000 computers across 150 countries, including the UK, where 61 of our hospitals and health clinics were disrupted. In the US a major delivery company – FedEx – was impacted. And In Spain telecommunications and gas companies were compromised. And those are just a few examples.
And while a “kill-switch” has been found in the ransomware’s code, it is estimated that there are more than 1.3million computer systems still vulnerable to infection. We are even hearing reports of a “kill-switch” free version being released by the people behind this attack.
These aggressive and crippling hacking attacks on businesses and governments will only get worse, as cyber criminals find new ways of exploiting vulnerable systems, and the people that use them.
In fact today’s news reports are saying that criminal hacking groups have repurposed a second stolen classified cyber weapon. This hacking tool, also developed by the US National Security Agency and codenamed EsteemAudit, has been adapted and according to security analysts is now available for criminal use.
With all of this going on, I don’t think there is a more pressing topic the global insurance industry needs to get its head around than the cyber threat.
It really is one of the most high-profile risks businesses are facing at the moment and yet CEOs seem to be in denial about its impacts and their ability to deal with it.
Impacts of cyber threat on business
Let’s look at what cyber threat really means for businesses.
In pure financial terms the numbers are pretty frightening.
According to one report, the cost of cybercrime incidents in the world has gone from 3 trillion USD in early 2015 to a projected 6 trillion USD by 2021. And Mexico ranks as the second most attacked country in Latin America, behind Brazil – the latest figure I could find was that cyberattacks in Mexico impacted approximately 10 million people in 2014.
Lloyd’s Business Blackout report, published in 2015, looked at the business and insurance impacts of a cyber-attack on the power grid in north-eastern America and estimated the total cost to the US economy at up to 1 trillion USD.
Looking at the costs in more detail, we can split them into two broad categories: visible costs and hidden costs.
Visible costs include things like forensic investigation, legal and customer notification costs.
Hidden costs are often harder to quantify but include things like loss of customers, reputational damage and share-price impact.
It’s hard to find definitive numbers for visible and hidden costs – understandably, businesses are pretty reluctant to share information about cyber-attack costs.
But we can see from the data for the 2013 cyber-attack on the retailer Target what these numbers can look like at an individual company level.
The visible costs incurred by the theft and sale of more than 40 million credit card details from Target totalled about 60 million USD; the hidden costs were more than three times as much with almost 100 million USD spent on litigation and a similar amount on upgrading the company’s retail systems.
So it’s a complicated picture and one that businesses are struggling with right now. They understand tangible risks well enough but evaluating threats like business interruption and reputational loss is more difficult.
At the same time, the pressure on companies to deal with the cyber threat is intensifying.
For example, there’s growing evidence that rating agencies are prepared to adjust credit ratings downward based on knowledge of damaging cyber incidents, including loss or theft of data.
While it is unclear what elements would contribute to a downgrade, one rating agency has said it would take into account a cyber incident’s impact on cash flow, especially in relation to the cost of recovery, the upgrading of security measures, increased insurance premiums and fines.
More stringent regulations are being put in place, such as the EU’s General Data Protection Regulation – or GDPR – that will force companies to manage cyber threats better.
This legislation, due to come into force in 2018, could fine companies up to Euros 20m or 4% of global turnover, whichever is higher, if they fail to comply with the new rules.
Here in Mexico, the new General Law for the Protection of Personal Data could impact businesses and public bodies in the event of a data breach. Where an organisation processes personal data in Mexico, the General Law states that it must be aware of the risk of a data breach, and consider it when placing liability or D&O policies. What we’ve seen develop in other markets is either exclusions being applied, sub-limits being imposed or endorsements being introduced. We have also seen a dramatic increase in demand for cyber specific insurance.
This is where Lloyd’s can play a vital role in supporting the domestic insurance market as a growing business opportunity.
Alongside the regulatory risk, is the threat to reputation. This is harder to quantify. But although its precise consequences for the bottom line are unclear, what is certain is that there would be impacts.
Lloyd's and cyber
So the challenge for us as an industry, and for Lloyd’s specifically, is to help businesses understand the value of cyber insurance – both in terms of risk transfer and risk mitigation.
For all of us, cyber risk should be a big business opportunity. And I say “should be” because I don’t think that, as a sector, we are doing enough to promote the benefits of cyber insurance and make it accessible to businesses. Unless we get our act together, the opportunity could pass us by.
For Mexico, this is where Lloyd’s can really help. We are leading the world in cyber insurance products and have a 25 per cent of global market share of gross written premium.
As global leaders in this area, our market has a number of products that could benefit Mexican businesses. This is where we can partner with Mexico’s domestic insurers by providing specialist knowledge and products to meet the unique needs of this market.
To give you some idea of what we offer – Lloyd’s aggregate limit available per risk is approximately 650 million USD.
Our specialist cyber products are constantly evolving.
Let me give you some examples of the kinds of products we offer:
Firstly, we have policies that address data breaches. A Data Breach Response Policy goes beyond a traditional liability insurance policy. It also provides a service which helps organisations manage the aftermath of a breach as well as providing coverage for the costs of notifying clients, forensic investigations, credit monitoring for customers, legal costs and public relations services to help manage any reputational harm.
Another example is our business interruption policies which provide coverage for the income loss resulting out of interruption to, or downtime of, an organisation’s IT system. It also provides assistance in restoring the data, network and IT system.
We also offer policies across liability, regulatory, extortion, and reputational harm – and that is by no means an exhaustive list!
Lloyd’s is ready to partner with Mexico to help protect the country and its economic growth from this ever-evolving, expanding threat. And, as I mentioned, it represents a real opportunity for domestic insurers here who can step in to support businesses and government in this critical area.
So to wrap up: cyber is a present and real threat for our customers. The WannaCry attack provides a warning for what lies ahead.
This is a threat that is going to grow and change, more rapidly, perhaps, than any other business line.
However, businesses are either not looking for solutions, or if they are, they don’t know where to find them or understand the value of them.
As insurers we have the expertise, products and global reach companies need to mitigate their cyber threat.
But this business won’t come to us – we have to go and find it, and we have to get better at explaining our value proposition.
What’s in it for the insurance industry?
One figure I have seen suggests the cyber insurance market will triple in size to 7.5 billion USD in annual premiums by 2020. I am sure we all would like a part of that.
Thank you. I would be happy to take questions now.