When it comes to reputational risk, there’s an argument that the bark is worse than the bite, but that doesn’t mean risk managers shouldn’t secure insurance or reinsurance to protect against major potential reputational events, according to Tom Johansmeyer, Co-Head, PCS Strategy and Development, Verisk Risk Solutions.
Reinsurance News recently spoke with Johansmeyer, who explained that with reputational risks, analysis shows that potentially, the losses aren’t as severe as initially expected, but that this doesn’t mean risk managers shouldn’t utilise re/insurance protection to address the potential financial impacts of a reputational event.
“One of the reasons reinsurance exists is to address the unexpected – the big events are so remote as to seem impossible to the lay mind. Even with this orientation, surprises occur with surprising (and perhaps alarmingly) frequency.
“The trio of North California wildfires in 2017 produced far greater losses than the market had ever seen from this peril. And just the year before, the Fort McMurray wildfire become the largest in insurance industry history for North America. Add to the list the U.S. hailstorms reaching several billions dollars each and a pair of 2017 hailstorms in Istanbul, where the surprise factor worsened what would have been almost mundane in Texas,” said Johansmeyer.
He continued to explain that while some large events can slip through the cracks of even the most disciplined risk and capital management efforts, the industry is still able to focus on the truly unknown future events that inspire a healthy fear in risk officers around the world.
“In conversations about what keeps clients up at night – or where they see an opportunity for outsized growth – some flavour of reputational risk always comes up. It may take the form of ‘the massive business interruption loss from a cyber-attack’ or ‘the sort of product recall that causes clash all over the place and reveals flaws in my approach to diversification’’, said Johansmeyer.
Discussions around major reputational events typically end up involving extreme scenarios, but Johansmeyer questions whether this is necessary.
“From what PCS® has seen in evaluating a small set of reputational events from the past five years, the potential devastation from reputational events may not be so scary. And that should inform the risk-transfer process along the entire risk and capital supply chain,” he explained.
According to Johansmeyer, seemingly devastating reputational events over the last five years haven’t actually been so bad. He explained that shareholder value destruction is possibly the most effective metric for the severity of a reputational event, and even the ugliest situations of the past 50 years haven’t actually been all that ugly.
Some of the major reputational events over the last five years include: the 2017 Uber cyber event; the Equifax cyber breach in 2017; the Yahoo cyber breach in 2016; the Verizom cyber breach in 2016; the 2016 Southwest cyber breach; 2017 Ford product recall of 1.4 million units; the 2016 Volkswagen product recall; 2016 Samsung product recall; 2016 Nissan product recall; 2016 McDonald’s product recall; 2018 Wynn Resorts CEO sexual harassment case; 2018 Facebook – Cambridge Analytics event; 2017/2018 General Electric event; 2017 Uber event; the 2016 Wells Fargo issue surrounding fraudulently opening of accounts; among others.
“According to an analysis of reputational loss events (mostly cyber) for the past nine years, we’ve found that only nine caused a sustained decline in share price of at least 5 percent in the 30 days that followed the disclosure: Wynn Casinos, Wells Fargo, Equifax, Nuance, Yahoo, Southwest, Sony, Xoom, and Heartland Payment Systems.
“Several high-profile reputational events really had no meaningful effect on shareholder value, among them Merck, Target, eBay, Home Depot, Anthem, and Adobe. And even when there was a significant loss in shareholder value, we found that the stock was able to recover fairly quickly because of opportunistic trading activity and assumptions that a company would be too important to fail (such as Equifax).
“Clearly, shareholder value is not the best indicator for managing the impacts of somewhat pedestrian reputational catastrophe events—you know, the hailstorm equivalents. After all, a reputational event still consumes human and financial resources, and someone needs to pay for them. Take, for example, the Volkswagen ‘Dieselgate’ scandal, when the company had to pay more than US$15 billion. That’s where insurance can make a difference. The process of risk and capital management just requires a bit of a shift in thinking.”
But just because shareholder wealth is unlikely to be decimate following a reputational event, the very real and possible financial implications shouldn’t be ignored.
“The process just requires a shift in thinking from ‘handling a catastrophic destruction of shareholder value’ to ‘a nasty situation we need to get through’.
“Currently, the best course of action is to reframe the problem. Rather than contemplate apocalyptic reputational events, the better move is to think about the protection gap. What problems do original insureds have right now that insurance companies can better address? And as part of that, what can reinsurers do to support the availability of the sort of capacity primary insurers need?” said Johansmeyer.
“Operational risk, supply chain impairment, and unbudgeted expenses can have long-term effects that aren’t easily seen on a company’s financial statements in the short term. Yet, they can fundamentally impede an organisation’s progress against its strategy, provide a foothold for competitors, and lead to subtle changes in customer behaviour.
“The ability to recover from manageable reputational events may not meet the hype we see in the headlines, but it can improve how a company operates. And in the end, that’s always good for shareholders,” he concluded.