Insurance in 2030: Use Scenario Planning To Plot a Course

In this, our follow-up article to "Insurance in 2030: Questions for Captives To Ponder," we take a closer look at some of the longer-term technology trends likely to impact insurance. We use the recent global cyber attack with "WannaCry" ransomware as an example in a discussion of how scenario planning can be used to explore future events and facilitate discussions about the potential consequences to your captive of identified scenarios. Additionally, we will specifically mention the rapid advances occurring both in the Internet of Things and nanotechnology.

As this article was being written, the global cyber attack that began on May 13, 2017, was still occurring. The outbreak involved a ransomware virus, WannaCry, which exploited known vulnerabilities in Microsoft's operating system and a tool developed by the National Security Agency (NSA) to highjack and encrypt data on infected computers. A Wall Street Journal graphic citing MalwareTech.com as its source reports: "A British researcher tracked 'WannaCry' infections in at least 153 countries and territories." A list of the infected companies and government entities, which was included in the same Wall Street Journal article ("Cyberattack Is Likely To Keep Spreading—Global Manhunt Under Way," May 15, 2017, by Nick Kostov, Jenny Gross, and Stu Woo), reads like a "who's who" of major corporations and public entities, as follows.

• Brazil's social security agency
• Britain's National Health Service (includes up to 48 healthcare groups)
• China National Petroleum Corp.
• Deutsche Bahn
• FedEx Corp.
• Nissan Motor Co.
• North Caspian Operating Co. (Kazakhstan)
• Renault SA
• Rumah Sakit Harapan Kita and Rumah Sakit Dharmai (Indonesian hospitals)
• Russian Interior Ministry
• Sberbank (along with other Russian banks)
• Telefónica SA
• Yancheng (China) police department

Previously, Captive.com discussed some of the issues to consider in deciding whether to cover cyber risk in a captive. The WannaCry attack, coupled with the evolving trends discussed below, should serve as a wake-up call for captives and their boards when thinking about the captive's ability to offer cyber insurance. As these types of attacks proliferate, the cyber insurance coverage market is likely to continue to tighten in terms of overall capacity and exclusions and deductibles. This will increase the pressure captive boards feel to provide their members with cyber liability insurance. However, as the scenario planning we will walk through shows, captive management and boards need to have a very clear understanding of what the future may hold and how their captive would be affected if the worst-case events materialize. Before we go there, let's first look at several longer-term trends and how the future of insurance may develop.

The Internet of Things

Wikipedia defines the Internet of Things as follows: "The Internet of things (IoT) is the inter-networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices"), buildings, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to collect and exchange data."

In 2016, EY published a white paper, "The Internet of Things in Insurance: Shaping the Right Strategy, Managing the Biggest Risks," which argued rather persuasively that insurers need to begin to understand and utilize this new technology. The paper begins as follows.

Until recently, the Internet of Things (IoT) was on the strategic agenda of only the largest and most progressive insurers. The IoT was largely viewed as a futuristic concept, and many insurers adopted a "wait and see" attitude.... The IoT offers truly disruptive and transformative potential to the insurance industry. Substantial upside—even first-mover advantage—exists for insurers that can shape the right strategy.

Captives may not want to or have the resources to participate as "first movers" in this technology. However, they do need to recognize that the technology exists and offers some very large upside. The converse is also true, as the WannaCry ransomware virus has ably demonstrated. If you think the vulnerabilities in Microsoft's code are a problem, magnify those a thousand times for all of the devices that are coming online and connected to the Internet.

Nanotechnology

Similar to IoT, the concept of nanotechnology is rapidly expanding. Nanotechnology, as defined by the National Nanotechnology Initiative, is the science, engineering, and technology conducted at the nanoscale, which is about 1 to 100 nanometers. To help grasp the size of a nanometer, consider that there are 25.4 million nanometers in one inch, according to the website. This is technology conducted on the atomic level.

Nanotechnology is incorporated in a wide array of industry and household products such as cosmetics, sunblock, toothpaste, food and food packaging, animal feeds, medicines, medical devices, vehicles, and electronics. According to the Project on Emerging Nanotechnologies Consumer Products Inventory, there are more than 1,600 products worldwide recognized to contain nanotechnology as of the date of this article.

If you wish to understand the implications of nanotechnology on insurance coverage, you will find the article "Evolving Insurance Coverage for Nanotechnology Risks" of particular interest. (Law 360 subscription is required to view the entire article.)

Similarly, to get an understanding of how insurance is likely to be affected by IoT, "7 Predictions for How IoT Will Impact the Global Insurance Industry," an article from Symantec, will be helpful.

Captive boards wishing to become more visionary and future-focused should look to incorporate scenario planning into their agendas. In this way, they can begin to glean a glimpse of what the future of insurance may look like. One way of accomplishing this objective is through the use of scenario planning.

Scenarios are stories about how the future might unfold for an organization and our communities and world. Scenarios are not predictions. Rather, they are provocative and plausible accounts of how relevant external forces might interact and evolve, providing organizations with different challenges and opportunities.

Designing a scenario framework involves the following steps.

• Rate critical uncertainties according to two factors: (1) importance and (2) degree of uncertainty.
• Select two critical uncertainties: (1) degree, scope, and disruption of cyber attacks worldwide and (2) future market cycle for reinsurance.
• Combine the selected uncertainties to create a scenario template.

The template would contain four quadrants, as follows.

• Lower left quadrant—lower degree, scope, and disruption of cyber attacks coupled with strong, well-capitalized reinsurers operating in a softer market
• Upper left quadrant—higher degree, scope, and disruption of cyber attacks coupled with strong, well-capitalized reinsurers operating in a softer market
• Lower right quadrant—lower degree, scope, and disruption of cyber attacks coupled with thinly capitalized reinsurers operating in a harder market
• Upper right quadrant—higher degree, scope, and disruption of cyber attacks coupled with thinly capitalized reinsurers operating in a harder market

One quadrant from the template would then be assigned to each of four teams composed of the board and management. Each team would create a scenario story about how the captive's ability to write cyber liability coverage would unfold given the facts of the assigned quadrant.

1. Develop an initial description of this scenario—how you might expect this scenario to play out for your captive—and what would be happening in such a future.
2. What is the impact of this future scenario on your captive and/or the industry?
3. What are the implications for your captive? What actions would we/your captive take if we knew this were the future?
4. Write a short story or narrative that describes your assigned scenario.

The final step is to identify strategies for operating in each future with a focus on strategies that could seem to work in multiple futures. In doing so, you have begun the process of looking at the future of insurance in 2030 via scenario planning.