In this month's newsletter, we outline how Connected Risk will transform Regulation
The Tale of the Anti-whaling Activist and an Airport’s Lost Weekend
25 February 2016 | Press Article
Exclusive article written for Insurance Insider's Data Room
No longer limited to academic or philosophical thinking, the idea of six degrees of separation has become influential in popular culture. Further advances in technology – particularly the Internet – have drawn increasing attention to social networks and human interconnectedness.
More and more things are connected whether we like it – or know it – or not. That’s why it was interesting to read a recent report which basically outlined how the hunting of whales far out at sea could directly lead to the shut-down and disruption of a major inland airport.
Hacktivist group Anonymous claimed responsibility for a cyberattack on the website of Tokyo's Narita airport which went offline between 22 and 23 January, after a Distributed Denial of Service (DDoS) attack caused it to collapse under the strain of too much traffic.
But why would it do that, you ask?
According to The Independent newspaper, Twitter accounts associated with Anonymous claimed the cyberattack was in retaliation for the detention of Ric O'Barry, an American dolphin trainer turned animal rights activist, who has been a vocal critic of Japanese whale and dolphin hunting.
In a recently released white paper Managing Ground Accumulation Risks Post Tripoli, Russell Group Limited focused on Airport Ground Accumulation hazards and risks, which we believe are rising significantly due to a range of emerging social, environmental, economic and political factors.
The Anonymous cyberattack in retaliation for a whale hunt covers all four of these factors. Underwriters can be forgiven for thinking “Well I could hardly have factored in whale hunting into my airport safety risk management system!”
Of course not but the episode highlights a central point of global connected risks and hazards today, which is that airport risk management, for example, is not simply about the measurement of “micro” or “on the ground” risks such as hanger collapse, wing tip collisions or other aircraft accidents.
No, a modern, holistic underwriting approach needs to factor in political risks (Tripoli), environmental (floods, and maybe whales!), social (the IoT, cyber) and economic (inequality or corruption, for example).
Two recent episodes highlight the social factor – the IoT and cyber hazards.
The news that hackers allegedly stole $55 million from a Boeing supplier has potential ramifications for aviation underwriters that are concerned for their cyber and supply chain exposures.
It was reported by Aerospace parts manufacturer FACC that its financial accounting department has been attacked by hackers. In a mea culpa published on its website the Austrian firm confirmed that:
“On January 19, 2016 FACC AG announced that it became a victim of fraudulent activities involving communication- an information technologies. To the current state of the forensic and criminal investigations, the financial accounting department of FACC Operations GmbH was the target of cyber fraud. FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. The damage is an outflow of approx. EUR 50 mio of liquid funds.”
The markets responded badly in the wake of the news. As a result, FACC’s stock price closed 17% lower by the end of trading. The news is a reminder that in today’s connected cyber environment it is incumbent on companies to keep a closer eye on their suppliers’ digital vulnerabilities as well as their own.
Increasingly, however, the airlines themselves are the victim of an attack as Ryanair discovered to its cost in 2015. The airline reportedly fell victim to hackers who managed to steal €4.6 million (almost US $5 million) via a fraudulent electronic transfer to a Chinese bank. Subsequently it seems that the money was recovered when Ryanair released this statement
“Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week. The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen. The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.”
So it seems that there was a relatively successful conclusion to this particular cyber episode though it is still hard to put an estimate on the cost of the man hours lost, the fees paid to recover the sum, not to mention the damage to reputation incurred.
Six degrees of separation. You don’t need to be Kevin Bacon or a connoisseur of the movie Footloose to marvel at the perverse outcomes causes by interconnected risks today.
The Hungarian author Frigyes Karinthy, believed that the modern world was 'shrinking' due to the ever-increasing connectedness of human beings. He posited that despite great physical distances between the globe's individuals, the growing density of human networks made the actual social distance far smaller.
Underwriters could draw similar conclusions to the nature of risk in 2016. So as our “virtual” world merges with the “real” world today it becomes increasingly important that the insurance community absorbs these abstract concepts and turns them into measurable analysis that can mitigate the risks between things.