The business of insuring intangible risks is still in its infancy
THE development, hundreds of years ago, of ship and cargo insurance was revolutionary. It marked the start of commercial insurance; protection against loss from looting, fire and the perils of the high seas fostered global trade. But in the 21st century the value of companies consists less of solid objects, such as boats and buildings, than of weightless, intangible elements, such as intellectual property (IP), data and reputation. “Today the most valuable assets are more likely to be stored in the cloud than in a warehouse,” says Inga Beale, chief executive of Lloyd’s of London.
As Western economies have shifted from making things to providing information and services, the composition of companies’ assets has shifted too. Intangible assets can be hard to define, let alone translate into dollars (under international accounting standards they are defined as “identifiable non-monetary asset[s] without physical substance”). Yet their growth has been undeniable. In 2015, estimates Ocean Tomo, a merchant bank, they accounted for 84% of the value of S&P 500 firms, up from just 17% in 1975 (see chart). This does not merely reflect the rise of technology giants built on algorithms; manufacturers have evolved too, selling services alongside jet engines and power drills, and crunching data collected by smart sensors.
As the importance of intangibles has grown, so has companies’ need to protect themselves against “intangible risks” of two types: damage to intangible assets (eg, reputational harm caused by a tweet or computer hack); or posed by them (say, physical damage or theft resulting from a cyberattack). However, insurance against such risks has lagged behind their rise. “The shift is tremendous and the exposure huge,” says Christian Reber of the Boston Consulting Group, “but the insurance industry is only at the early stage of finding solutions to close the gap.”
Examples of potential damage are not hard to find. In February a tweet by Kylie Jenner, a celebrity with over 25m followers, rhetorically asking whether anyone still used Snapchat, coincided with a drop of 6% in the share price of Snap, the messaging app’s owner. NotPetya, a widespread ransomware attack last year, is likely to have cost companies more than $ 3bn. One of the first events to awaken corporate America to intangible risks, a hack in 2013 of Target, a retailer, resulted in the theft of data on 70m customers, falling sales and profits, and litigation costing millions.
Companies are not oblivious. Respondents to a survey last year by Aon, an insurance broker, ranked reputation as their top risk (up from fourth in 2013) and cyber-risk as their fifth (from 18th). But there is a big difference between how risk managers perceive such risks and how boards do. And if firms do seek insurance against some of these risks, insurers have not exactly been inundating them with novel products. “Even when policies are labelled ‘innovative’ it’s usually to insure physical assets in the sharing economy rather than intangibles,” says Magda Ramada of Willis Towers Watson, another broker. But in a world where Airbnb, in effect the world’s largest hotel chain, owns no hotels and Uber, its largest taxi firm, owns no cabs, such policies are of limited use. Those that do protect assets such as data, IP and reputation are often expensive and bespoke, and include strict exclusions and limits.
Insurers’ caution is understandable. Intangible risks are not only new and complex. “They’re a bit like not-yet-set jelly,” says Julia Graham of Airmic, a trade body. “Their shape constantly changes.” Underwriters like to look at past data on events’ frequency as well as clients’ current exposure—which may be next to impossible when assessing the risk and impact of a cyberattack, a sexual-harassment scandal, which would have been very differently priced even a couple of years ago, or a celebrity’s throwaway tweet. (Snap’s share price has fallen by more than one-third in six months, suggesting deeper troubles than Ms Jenner’s disapproval.) “The problem with intangible assets is that they have fuzzy boundaries, and for insurance to work you want crispness,” says David Teece, of the University of California.
But some underwriters are starting to come up with more suitable policies. One is parametric cover, which pays a fixed amount automatically after a defined event, such as a hack. The advantage of such policies is that they can provide cash quickly, meeting an immediate need after misfortune strikes. The downside is that these products tend to cover only a share of damages.
Some once-uninsurable risks can now be at least partly insured thanks to advances in modelling, indemnity structures and other areas, says Thomas Holzheu of Swiss Re, a reinsurer. Examples include business interruption, cyber-risks, product recalls, damage to reputation and energy prices. A study by Swiss Re points to cover for hoteliers against a drop in occupation after widespread travel disruption or a pandemic, and a flight-cancellation policy for airlines triggered by severe events which do no harm to airports or aircraft but stop air traffic.
Most of the action has been in cyber-insurance. Early policies dealt merely with the immediate costs of an attack—paying to restore a data centre or for crisis management—but insurers now also offer “holistic” cover, which includes knock-ons such as physical damage, loss of revenue and litigation costs. But at the same time, insurers have become more aware of their “silent” exposure to cyber-risks under existing policies. Increasingly they are excluding them from conventional policies, such as property cover, or selling cyber bolt-ons. A huge gap in coverage remains. Cybercrime caused around $ 550bn in losses last year, according to Aon. Companies are covered for only 15% of potential cyber-risk losses, against 59% for property, plant and equipment losses.
Companies also have to do more to protect themselves. Just as insurance was only part of the answer to fire and maritime risk, it is only part of the answer to modern perils. “Instead of buying insurance against a damaged reputation, firms should be looking at preventing it in the first place,” says Richard Wergan of Edelman, a communications-marketing firm. Plenty of cyber-breaches could doubtless have been avoided if software had simply been kept up to date. Insurers need to catch up with the intangible age; but so do their clients.
This article appeared in the Finance and economics section of the print edition under the headline “In search of a jelly mould”
