Dear Reader: We've been here before, many times. In 1665 much of the population of London perished of the Black Death (above). What stopped it? The Great Fire of 1666 (below) when most of the city burned to the ground. Everyone reading this Journal is the descendant of many, many survivors of plague after plague and one catastrophe after another. In short, we're here because we're tough and damned hard to kill. Keep that in mind, my friends.
The "C" Word
No, the other Big C, the truly dreadful one - change! Could our ongoing adventures with COVID-19 actually bring serious changes to the hide-bound world of workers' comp? We are surrounded by thickets of speculation about the anticipated "new normal" which may emerge in another few weeks, months..., or more. My friend, Joe Paduda, is one of the savviest observers of the comp scene and he has weighed in on some serious ideas in several recent numbers of his blog, Managed Care Matters. To my mind, the most intriguing of the series is the March 24 issue.
Joe doesn't mince words. "Covid-19 will change workers' comp in ways that would have been incomprehensible just a week ago." For obvious reasons, adoption of various types of telemedicine is happening from sea to shining sea. State regulators are scrambling to enable better use of telehealth while carriers and TPAs are suddenly embracing it after several years of "well, we'll see." Can the ideas and techniques of telemedicine be adapted to, say, IMEs? Might just be a possibility.
Extraordinary times demand new thinking. Are you and your claims service provider talking about trying a few new approaches? Progress is made by people who understand that.
A New Twist on Ransomware - What If?
Hackers are smart people, smart like a pack of wolves. They stalk the herd, looking for the weakest members to attack. We've covered this process in these august pages for the last few years, but COVID-19 creates a new area of risk. A new report from Beazley Breach Response Services highlights the growing risk. A key observation from the report:
Beazley notes that BBR services managed a growing number of ransomware incidents for policyholders that actually resulted from attacks on IT managed service providers and other service companies providing organizations with infrastructure and support services. In some cases, these attacks halted the operations of hundreds of customers downstream from the attacked IT provider.
Now, contemplate this variation on the theme. The same hackers go after your employees now working from home instead of your vendors and take their systems hostage. Let's say one of your VPs in finance is working from home, practicing good social distancing, using a jury-rigged access arrangement and suddenly her laptop locks up and she gets a demand for, say 5,000 bitcoins to get the code to unlock it. This is a very typical ransomware ploy, but the demand is addressed to your executive, not to your company. What do you do?
If your IT people have been diligent about not allowing sensitive data to be stored locally on user laptops, maybe this is no more than a nuisance. But what if that is not the case? What if the VP has sensitive new work on her laptop that includes vital company - or client - information? What if you don't have a VPN in place yet (IT is working on it), and her laptop became the highway into your main architecture and the hacker seized all of the data adjacent to her access codes?
We raise these issues because companies are scrambling right now to get vital services performed under what feel like combat conditions. Hackers know that this is when mistakes get made, when ill-advised shortcuts look like a reasonable deal and, perhaps, we take a risk we usually would avoid.
Are you at the table when these decisions are made? Are you revising existing internal operations policies to cover these new risks and talking to your broker and loss engineering firm? If you're sleeping soundly right now, you may wake up to a nasty surprise.
Quick Take 1:
COVID-19 and Robots
Yes, dear reader, it's true - everything is connected. Today's example comes from San Francisco via the UK's Daily Telegraph (what a wonderfully anachronistic name). Reporter Olivia Rudgard describes the ways in which our new rituals of social distancing are hastening the development and implementation of autonomous delivery vehicles. At a time when "untouched by human hands" can be a life saver, robots suddenly take on a whole new aspect. What better way to get your hand sanitizer than from the stainless steel grip of a friendly and antiseptic robot?
"This [Covid-19 shelter in place restrictions] is almost the coming out party for a lot of these robotics entities that can prove they have a safe vehicle that can do really essential stuff," said Reilly Brennan, of Trucks, a San Francisco-based venture capital firm. The article points out that the current state of the art in self-directed delivery vehicles isn't quite ready to take over from human gig workers - yet. But the present crisis shows that the value of autonomous robots has multiple dimensions, many of which we are just now starting to think about.
There's an intriguing risk management issue here as well. What possible infection related risks might we mitigate by using sanitized robotic delivery systems? Spreading infection through a compromised product used to be a worry only for food companies plagued by outbreaks of bugs like listeria, or my favorite pair, Sam and Ella. Is that still true today or will the new normal, whatever it turns out to be, after COVID-19, give a whole new dimension to infectious risk?
Whoops, have to run. The robot's at my door with my toilet paper order.
Quick Take 2:
Aiming at the Wrong Target?
Surprise! This item has nothing to do with COVID-19. Oddly, the rest of the world jogs on and yesterday's nagging problems haven't gone away. Our case in point - the lag between the insurance covers on offer for cyber risks and what most cyber-savvy risk professions want to see in the marketplace. Of the 150 risk managers at the major companies who responded to Marsh's 2020 Technology Risk Study, fewer than half see existing insurance solutions as adequate.
Less than half? That's not close, even in hand grenades and horseshoes. In the words of the report, "More than half of those surveyed had either negative or neutral opinions on the adequacy of insurance solutions for data security and privacy, IT resilience, intellectual property, regulatory compliance and multinational exposures." Marsh suggests using in-depth analytics to understand cyber risks better and to review potential alternatives to limiting exposures.
For all that we hear about new insurtech ideas, the risk industry appears to remain largely asleep relative to the fastest growing areas of new tech-based risk worldwide. Simply buying more capacity is like loading larger bullets. If you're aiming at the wrong target, you're still going to miss.
Say It Isn't So...
Have we all gone barking mad?
Words to Remember
"The vast distances that separate the stars are providential. Beings and worlds are quarantined from one another. The quarantine is lifted only for those with sufficient self-knowledge and judgment to have safely traveled from star to star."
- Carl Sagan
(Hey, Millennials - if you don't remember Carl Sagan, look him up and learn something.)