Traditional businesses and start-ups are increasingly made up of intangible assets but how do you protect and risk-manage something you can’t touch?
From British Airways’ recent data breach affecting 380,000 customer transactions, to Volkswagen’s reputational hit following its emission scandal in 2015, intellectual property and brand damage – or intangible risks – are hot discussion points in today’s complex risk landscape.
For 21st century businesses, intangible risks present a real challenge, if not a complete enigma. They are hard to identify, the triggers are unclear, losses are difficult to measure and underwriting data is lacking. For these reasons, risks to intangible assets are often struck off as ‘unquantifiable’. But, for risk managers, finding the best solutions is at the core of discussions about how to manage such nebulous threats – and insurance companies are being challenged to respond with appropriate solutions.
“As companies started outsourcing, the world has become more interconnected and if you look now at the new start-ups springing up, these companies are not traditional companies that are based on tangible assets, but rather business based on ideas,” explains Christian Wertli, head of Innovative Risk Solutions, Swiss Re Corporate Solutions. “Often they are just a platform or an aggregator, and they use the assets of other companies.”
A common example is Uber. The world’s largest taxi company does not own any taxis. Meanwhile the world’s largest restaurant franchise, McDonald’s, owns less than 20% of its restaurants. The past two decades has seen intangible assets as a proportion of an average company’s value grow from 25% to as much as 80% (even higher in industries such as pharmaceuticals and technology), and insurance is needed to protect them.
Where fire, industrial accidents and natural perils were once at the top of the risk register, these have been overtaken by the need to manage and mitigate potential losses arising from cyber business interruption, data breach and reputational harm. When a company suffers an interruption to its operations, getting back to business and protecting its revenue against brand damage is ever more complex, not least because the impact can be felt globally.
News of a data breach, product recall or theft of IP, for instance, can be communicated globally in a matter of seconds in a world of superfast communications and social media platforms. There is no longer such a thing as a localised risk: all risks now have the potential to be global in nature.
“Traditional insurance is still needed to protect the remaining assets, but we also need to protect the intangible assets - the cash flows and revenue streams - and therefore we need to come up with new solutions,” thinks Jan Bachmann, senior structurer, Innovative Risk Solutions at Swiss Re Corporate Solutions.
Reputation, cyber and IT-related threats have emerged as the top concerns for members of Airmic, the UK risk management association, according to its latest survey. It found a growing desire among risk managers to engage with insurers on cyber risk, with cyber business interruption the third most desirable risk to transfer, after natural catastrophes and terrorism.
Close collaboration between major corporates and insurers is one way in which new solutions can be devised, while another is to consider parametric solutions as a source of indemnification for non-damage business interruption (NDBI). As businesses move away from traditional asset-based value creation, the insurance focus will continue to evolve from protecting property and other physical assets towards protecting an organisation’s revenue.
“We will still provide traditional insurance, there’s no doubt about that, but there is a massive opportunity to look at other ways of providing insurance,” says Wertli. “From an insurance point of view it’s not just about protecting physical assets, but asking who actually owns the assets and what are the intangible interests, and how we can capture those things.”