Ten years ago, on August 29, 2005 Hurricane Katrina made landfall on the U.S. Gulf Coast and changed everything. The aftermath of the storm was shocking. I remember attending a RIMS conference in New Orleans many, many years before Katrina when I was still a risk management “newbie” and hearing seasoned risk professionals talk about the city’s vulnerability. Local residents described, with what seemed at the time to be a form of daring pride, how the city is actually built within a “bowl” that is below sea level and surrounded by bodies of water. I marveled at the levees and the cemeteries’ elevated tombs around the city. Risk managers spoke in hushed tones of the inevitability of a major hurricane scoring a direct hit on the vulnerable city. It’s not a matter of if, but when, they said.
The “when” turned out to be August 29, 2005.
There are many articles and videos available to describe both the horror of the storm and the power of the human spirit to overcome. History.com provides one such overview here. From a risk and insurance standpoint, Katrina brought several hard lessons. Presumably, many large businesses with full-time risk managers and dedicated insurance brokers had a decent handle on their disaster preparedness and risk financing programs. After all, they’ve been talking about the inevitability of a “Katrina” for decades. Although I’m sure that even the larger firms had a few unexpected developments, nothing compared to the chaos and turmoil that the storm left for small businesses and individuals.
Despite admonitions to “read your insurance policy” and “plan for disaster” many people caught up in the struggles of daily life and keeping a small business running simply did not do either. Frankly, the insurance industry itself must accept some of the blame as well. Insurance agents and brokers catering to small business and individuals in a market such as New Orleans had a professional duty to anticipate the aftermath of a “Katrina” and advise their clients accordingly on their coverages. Many Gulf Coast policyholders were shocked to discover that storm surge was not covered by their insurance policies, or that their business interruption coverage included fiscally untenable waiting periods or didn’t extend on a contingency basis to key suppliers. Yes, the policyholders should have read their policies and asked questions. Yes, the policyholders should have thought through the scenarios more proactively and discussed their greatest fears with their insurance professionals before the storm. That’s the hard lesson taught by Katrina.
Another hard lesson from Katrina – we need to be better as an industry before the next Katrina strikes. As risk professionals, we know what can happen. Katrina has shown us many of the worst possible outcomes and the insurance coverage gaps left in the aftermath. Let’s make sure that we share this professional knowledge with our policyholders, large and small, and take the time to counsel and teach them. Risk professionals live and breathe insurance policy language – our policyholders do not. This is the professional expertise we are paid to deliver. Let’s make sure we do it – before the next Katrina.
Meh, not so much. I’m speaking of the “100% Secure” in the accompanying AshleyMadison.com image. I apologize in advance if my chosen image this week may be a little risqué for some readers. I just couldn’t resist. Apparently, neither can many married folks who were clients of the AshleyMadison.com website whose marketing tagline is, “Life is short. Have an affair.”
News broke a few weeks ago that AshleyMadison.com had been hacked and that the hacker(s) threatened to release the site’s user data if the company didn’t fold up its online tent and shut itself down. Engaging in illegal hacking activity in order to take a morality stand isn’t what I would consider the moral high ground, but the irony is apparently lost on the hacker(s). Anyway, AshleyMadison.com called the hacker(s) bluff and the cards were laid on the table this week. Thousands of cheating (or wanna-be cheating) spouses have been publicly outed. I’m betting that this is a good time to be florist, jeweler, or divorce attorney.
As much fun as it is to revel in the misfortunes of unfaithful spouses, this event provides another perspective on the ever-evolving cyber risk front. Risk managers and insurance professionals have been largely focused on things like stolen credit card data and corporate espionage. Consumers of Target, Home Depot, Anthem Healthcare, et. al. have been largely mollified with free credit monitoring service in the wake of data breaches at those firms. But how does a firm address cyber liability for a destroyed marriage or soiled reputation? There are plausible defenses: AshleyMadison.com customers were knowingly engaged in risky personal behavior and never should have expected that their actions would not be discovered. On the other hand, if AshleyMadison.com boasted that it was “100% Secure” it would be reasonable for customers to assume that their extramarital activities were at least safe from moralistic hackers, even if they still had to find a way to lie and deceive their way around the actual, ahem, activity of the affair.
Oh my. This blog post could go on and on, but let me just close by stating that cyber risk and cyber liability is the wild, wild west of the risk and insurance industry right now. Begging forgiveness from Mrs. Crandall, my high school English teacher, we ain’t seen nothin’ yet.
It’s been a bad week for the EPA. And an even worse week if you’re a fish or other wildlife living in or near the Animas River of southwestern Colorado. A mine cleanup project being conducted at the direction and under the control of the EPA resulted in a massive breach that caused millions of gallons of toxic crud to spill into the Animas River. Some perspective on the staggering impact of this “oops” can be found here. But don’t worry folks, EPA chief Gina McCarthy says she’s sorry. Now let me think… how did an expression of remorse from BP’s ex-CEO Tony Hayward work out after the 2010 Deepwater Horizon oil spill?
The double standard that exists when it comes to mistakes made by private enterprise compared to those made by government is staggering. I actually caught some video of the Democratic governor of Colorado, his own state being damaged by the EPA’s incompetence, expressing unbelievable forbearance explaining that this was a “human event” and that humans are not perfect. The Governor also made some reference to differences between environmental damage caused by profit-seeking ventures and those from well-intentioned clean-up efforts. Huh? Tell that to the fish, wildlife, residents, and business owners along the Animas River. I don’t think they care who pulled the plug on the mine sludge nor what their intentions were. To be fair, the Governor has declared the disaster to be “in every sense, unacceptable” and then in a bit of political theater he drank water from the Animas. The Wall Street Journal opinion page took this disaster up a few days with a clever Ghostbusters spin.
What is most troubling to me is that the EPA has been empowered like never before under the current administration, even to the point of crossing the line and being rebuked by the Supreme Court a few times. At the intersection of growing bureaucratic power, incompetence, and lack of accountability lies disaster – witness the Animas River destruction at the hands of the very agency charged with protecting it. The crux of the issue is our irrational faith and trust in the competency and altruism of government agencies juxtaposed with an equally irrational distrust of profit-seeking private enterprise. Why?
The incentives of government bureaucracies are so screwed up that accountability does not exist. Who has been held accountable for the debacle at VA Hospitals? For the politicization of the IRS? On the other hand, BP paid dearly for its sins, primarily from its own coffers as a largely self-insured corporation, and BP’s CEO resigned. Who will pay for the Animas River disaster? I’m guessing you and me… the taxpayers.
So let me get this straight. EPA Director McCarthy has a high paying government job with what I’m sure is a generous pension. Her agency is actually responsible for destroying what it is charged to protect, and who will bear the burden of the damage done by Ms. McCarthy’s incompetent agency? The same people paying for her salary, benefits, and pension. The worst possible outcome for Ms. McCarthy is that she may eventually have to escalate her apology to a resignation (though I’m not betting on it) and move on to collecting her pension without having to deal with those messy politics anymore. Maybe she and Lois Lerner can share a beach somewhere. What a great gig. Now, tell me again why do we have so much faith in government?