Cyber Risk and the 'Biggest Class Exposure We Could Ever Imagine'
Ten Minutes with XL Group’s Michael McGavick on cyber liability, talking machines and the changing liability landscape
Michael S. McGavick, the chief executive of insurer XL Group Ltd., delivered the keynote speech at the International Risk Management Institute construction conference earlier this month in Indianapolis. A former chief executive of Safeco Corp. and a former candidate for the U.S. Senate in Washington state, McGavick predicted in his speech and in a later interview that construction insurance would evolve as the construction industry adapts to a changing world of risk and liability. "The reputation of our industry as being slow to change is just going to end," he predicted. Here are a few of his key points, as recorded and edited by ENR Deputy Editor Richard Korman.
On the changing nature of construction work
The processes going on on those worksites [are such that] the machines on one worksite could be talking to a machine on another worksite overnight about the lessons they have learned. By the way, the idea of machines talking to one another makes me a little edgy. I believe they will be talking about us. But that's what's going on already.
On how artificial intelligence (AI) could change insurance
There are forklifts for huge tunneling systems that are completely AI-driven, [with] learning processes not directed by humans. It touches on how we should pool risk. Should we just blindly insure the worksite? Or should we be taking each of those discrete work processes and [insuring] them as a pool of similar work processes across the globe? We already see this in some industrial sites.
When taken together, we can create remarkably different [insurance] products. We can start creating policies that only come into action when something is being used. [We] can do this for a number of subprocesses in a site and, as a result, lower the cost and the cost of those discrete activities. We can price that process according to its risk at the moment. We can modulate prices according to [changes in the maintenance level or weather].
On parametric insurance payments and trust
This is [a] fairly remarkable set of changes that will change the … nature of insurance in a way that will improve trust. Many things will be parametric, rather than the making of a claim. Much of the capital spent on [the recent] hurricanes was on parametric triggers.
On flood risk
We just haven't figured out how to do it right. The reality is, the globe is dying to find a great water solution. Superstorm Sandy came ashore on the most insured square mile on the planet [lower Manhattan]. Do you know what percent of the economic loss was insured? Half. We have a lot of work to do, and technology and insight can unlock the secret of doing that work.
On liability theory
Liability theory will have to change. Those lathes that talk [among themselves and to] us, whose risk is it? We have to do a lot of work to bring this new liability theory into place. It will be messy and expensive until people are sure who will be on the risk.
The Oxford physics lab—where they are building autonomous vehicles, particularly for the construction industry—began to realize what was slowing down [the autonomous-vehicle industry] was people wouldn't buy [the vehicles] because they didn't know who would be blamed if things went wrong. They partnered with us [XL Group] because they wanted a partner with the sophistication to know where liability theory would go and create the contracts for it. This is work that is already going on.
On cyber liability
This is a serious piece of work. We want to be connected—there's a deep human impulse, never mind productivity issues. We like being connected to one another, and that creates spots where privacy can be [invaded] and maliciousness can take place.
The biggest class exposure we could ever imagine is all these systems going down at once.
Well, insurance is an extension of society's risk. This connectivity creates opportunity for this malicious behavior. As a result, we're seeing governments trying to affect the activity of other governments.
The reason we don't see policies that cover these risks [cyber warfare and other malicious cyber activities] is fairly simple: We can't. All the money in the world wouldn't be enough if all the systems in the world [were to] shut down in some coordinated way. Society hasn't figured out yet how to address this. But we get so much benefit from [computer networks] that we are running the risk.
Insurers [would] love to figure out what to do and get paid to do it, but we've only figured out slight bits.