Top Risks Facing Insurance Organizations | Aon (2024)

The top risks for the insurance industry reflect the sector’s rapidly changing nature while at the same time reinforcing its critical role in protecting global businesses, communities and governments.

In the wake of the pandemic and amid rapid technological change and economic volatility, many insurers are having to adapt to a complex and volatile set of circ*mstances. Even organizations able to navigate such issues are forced to confront the looming threat of climate change and natural catastrophes, which, coupled with regulatory difficulties, present a host of challenges. Growing cyber threats have created uncertainty for insurers who want to grow in this space but must also manage exposure to systemic catastrophic losses.

Meanwhile, insurance companies are dealing with the cost and availability of reinsurance, which could threaten their ability to profitably provide cover. This means insurers are looking to optimize their capital by differentiating their portfolios with strong data, by building reinsurer relationships and by diversifying sources of capital.

The top five risks to the industry in the 2023 survey are cyber attack or data breach, failure to attract or retain top talent, weather and natural disasters, regulatory or legislative changes and economic slowdown or slow recovery. These risks, taken together, illustrate the multifaceted yet overlapping nature of the risk landscape for insurance. Of note, reported levels of risk readiness increased by 3 percent compared to our 2021 survey, while loss of income related to the top 10 risks increased 2 percent. While on the surface it may seem that readiness has improved, the increase in loss of income suggests that greater awareness of risks is giving a false sense of readiness that has yet to materialize in practice. This is highlighted by reported quantified risk dropping from 29 percent in 2021 to 23 percent in 2023.

Current Risks

Cyber attack or data breach is the number one risk for insurance organizations. It also occupied the industry’s number one spot in our 2021 survey and ranked number one overall in the 2023 survey. Not only do insurance companies have large stores of sensitive data that make cyber attacks exceptionally damaging, but many organizations are also working with old and outdated systems that may no longer have adequate security measures in place. This also serves to explain why tech or system failure, ranked number seven, appears on the industry’s top 10 list. Given how expensive and disruptive system transformations can be, companies that have opted not to update their cyber infrastructure are now contending with the consequences.

Top 10 Current Risks

1. Cyber Attack or Data Breach
2. Failure to Attract or Retain Top Talent
3. Weather and Natural Disasters
4. Regulatory or Legislative Changes
5. Economic Slowdown or Slow Recovery
6. Damage to Brand or Reputation
7. Tech or System Failure
8. Increasing Competition
9. Climate Change
10. Failure to Innovate or Meet Customer Needs

Insurers are working to define what is and is not insurable catastrophic cyber loss. There is consensus that cyber attacks on critical infrastructure such as power, water and internet service are out of scope of coverage. These types of losses are outside the capacity of insurers to quantify and price appropriately. Cyber attacks emanating from or between nation-states are also generally considered out of scope, although there continues to be debate over how best to define these types of attacks. The U.S. government, through the Department of the Treasury and Department of Homeland Security, is working to quantify the impact from cyber attacks on infrastructure critical to national security, including global financial markets. These agencies are assessing the extent to which risks to critical infrastructure from catastrophic cyber attacks and potential financial exposures warrant a federal insurance response. Emerging technologies on the horizon such as artificial intelligence (AI), quantum computing and augmented/virtual reality present additional new challenges for insurers.

Weather and natural disasters, ranked number three, as well as climate change, ranked number nine, are currently posing massive challenges to organizations. Global insured losses from natural disaster events have reached $88 billion as of the time of writing in 2023, 17 percent higher than average. These losses were driven in the third quarter by severe convective storms in the U.S. and Italy as well as the Maui wildfire, according to Aon’s Catastrophe Insight. This can have long-term ripple effects on the economy, which could in turn prompt legislators to put new regulations in place — a fear reflected by the number four ranking of regulatory or legislative changes. Another dimension of this is damage to brand or reputation, ranked number six. As insurance companies move out of vulnerable areas and become subject to more legal and regulatory scrutiny, premiums could rise for consumers. This could, in turn, negatively impact consumers’ perceptions of insurers and cause reputational and brand damage.

Failure to attract or retain top talent ranks second, highlighting the increasing demand for more diverse and specialized experts. As organizations work to stay on top of information and environmental concerns, the need for data and climate scientists becomes more pronounced. However, due to an aging workforce, insurance companies’ need for core talent is on the rise as well.
Transformative trends require insurers to attract and develop new skills, knowledge and expertise to drive innovation. More than ever, insurers and reinsurers need subject matter experts across a wide range of risks and industries as well as people with the skills to transform their businesses in areas such as data, artificial intelligence and business readiness.

But the current rate of recruitment is not sufficient. The industry needs to urgently attract people with the right mindset and skillsfor a fast-changing business environment. While AI is progressing and will contribute efficiency in many areas, including enabling humans to make better choices, the industry needs talented, forward-thinking people in abundance entering the sector.

This applies even where machine learning technologies can be leveraged, such as in workflow processes. The most visible is perhaps the underwriting role, because of the adaptation qualities underwriting teams now need for dealing with changing risk profiles of the insured. Underwriters need a better understanding of the business risks their clients want to transfer. Looking ahead is just as important as looking back. Cyber and weather risk are good examples of how quickly the insurance sector’s risk models can become outdated. In specific lines, such as energy, renewable technology is evolving so fast that the demand for engineering input is urgent.

Solving this challenge will require transformation throughout the enterprise. Achieving cohesion and collaboration between colleagues with different skills and backgrounds is a big cultural challenge that calls for a renewed focus on engagement and belonging. People who can manage this sort of transformation will also be more in demand. Insurers want people with transformational skill sets, but they need to improve their ability to identify, recruit and onboard such individuals. Then, assuming successful talent attraction, insurance leaders must evolve their company culture to improve development and workforce retention.

Underrated Risks

While the risks that make the top 10 are all major considerations for insurance companies, other risks may be flying under the radar.

Geopolitical volatility did not make the top 10 current risk list and is ranked only ninth in future risks, despite the macroeconomic impacts of inflation hitting insurers in increased claims costs, for example.

AI, which also did not make the top 10 current list, could soon become a more serious consideration for companies, given the recent developments in generative AI. As we see more companies race to the market with their generative AI service offerings, it is inevitable that the inherent risks posed by the technology will affect the risk environment in which companies operate.

We have seen the emergence of both legal and ethical issues when it comes to generative AI. Some are currently being litigated in courts, and others are the subject of emerging regulatory activity. These include IP infringement, bias in decision making, accuracy, privacy and security. Some of the issues may not sound unique to generative AI. However, what we have seen is that generative AI is able to have a more significant impact on these risks, given the large amount of data that is required for these large language models to function. The complex nature of this technology, which is sometimes a challenge (or impossible) to explain, also poses a significant hurdle for risk mitigation. As governments and legislators come to terms with how to regulate AI, the question remains whether regulation can provide important answers about practically managing its risks while enabling companies to benefit.

Governance over the use and development of AI is key for companies to be able to manage these risks in today’s environment. Whether the governance is centralized or decentralized, what is important is upholding common principles, such as accountability and transparency, as part of the entire life cycle of AI. Companies should also rely on similar existing governance frameworks for data and technology as well as using trusted advisers from various backgrounds to carefully navigate the risks of AI.

Future Risks

The top five future risks for the insurance industry are cyber attack or data breach, climate change, weather and natural disasters, failure to attract or retain top talent and economic slowdown or slow recovery. These are all in keeping with current trends and suggest that the threats and risks most insurance companies are contending with now are showing no signs of abating.

Top 10 Future Risks

1. Cyber Attack or Data Breach
2. Climate Change
3. Weather and Natural Disasters
4. Failure to Attract or Retain Top Talent
5. Economic Slowdown or Slow Recovery
6. Failure to Innovate or Meet Customer Needs
7. Artificial Intelligence (AI)
8. Regulatory or Legislative Changes
9. Geopolitical Volatility
10. Disruptive Technologies

Failure to innovate or meet customer needs rises from number 10 in the current risks to sixth among future risks, suggesting that the need to adapt and evolve will become more pressing as market demands change more rapidly.

Transformative trends spanning carbon capture, intellectual property and social mobility are shaping the future risk landscape, according to Aon’s new research, which identifies more than $200 billion of market potential by 2030. The top 10 opportunities will enable insurers to respond to customer demand while increasing the industry’s relevance, growth and diversification.

AI and disruptive technologies, ranked as the industry’s number seven and 10 future risks, respectively, can pose a challenge to an organization’s growth and open the door to new forms of cyber risk and regulatory challenges. As insurance companies seek to harness the possibilities of new technology, they should practice strong governance policies to mitigate potential risk exposures.

How Can Insurance Organizations Mitigate These Risks Effectively?

The first step in addressing and mitigating risk is to be armed with the right information to assess risk in the first place. Having the right data and analytics helps inform companies, especially in data-dependent fields such as insurance, of potential outcomes that in turn lead to more effective decision making. Taking a more data-and-analytics-driven approach can help an organization avoid unforeseen pitfalls and lead to more sustainable, long-term strategy.

Focus on the fundamentals of risk mitigation should not be undervalued. Establishing a clear risk register, ensuring that it is being followed and updating it regularly all go a long way toward mitigating damage from risks.

A tendency among many insurance companies is to focus solely on the near term at the expense of a larger and more systemic perspective. This opens the door for emerging weaknesses that may not initially be noticed but nonetheless can become significant setbacks in the future.

Ensuring that risk mitigation strategies are holistic, relevant and executable is key to building both short- and long-term resilience. This means identifying what risks are or will become most relevant to business operations and then taking an expansive approach to addressing them through the use of clearly defined and executable action items. Without such assessments in place, risk considerations can become detached and theoretical, which can weigh down risk strategies and lead to inaction. Taking a reactive or episodic approach to risk often precludes companies from building out robust risk mitigation strategies.

For cyber risk, the previous, current and future chief concern among insurance companies is revitalizing aging systems and ensuring up-to-date cyber security measures. This is critical for mitigating the threat cyber attacks can pose. Examining and quantifying the depth and breadth of cyber risks could provide a workable framework for assessing what investments should be made in cyber architecture.