Insurance Shortfall in the Energy Sector

From drilling to cyber and supply chain risks, insurers' outmoded methodologies and lack of data leave the energy market under-served

Friday, April 1, 2016

By Juliette Fairley

It is six years since the Gulf of Mexico disaster that was the largest-ever accidental marine oil spill, and insurance disputes continue to rage on.

“The carriers took positions that are boggling,” said Chris Loeber, attorney and partner with Lowenstein Sandler's Insurance Recovery Group. “One attempted to argue that coverage for the Deep Water Horizon disaster was barred by a watercraft exclusion. Many of the policies at issue did not define watercraft.”

The damage is reportedly in excess of $53.8 billion, according to BP, indicating that upstream oil and gas companies with general coverage of some $750 million under a standard property business policy may be under-insured.

Nick Dussuyer, global head of natural resources industry with Willis Towers Watson in the U.K., described the shortfall as “a huge swath of exposure for which the insurance market can offer no realistic protection.”

According to Dussuyer, who authored the white paper Taking Cover: How an Insurance Shortfall Leaves the Energy Sector Exposed, operator's extra expense (OEE), which covers contractors that work on oil wells, is restricted, and third-party pollution coverage cannot be obtained commercially.

“Up to $50 billion in additional coverage is needed depending on the exposures a company has based on an incident that occurs,” Dussuyer said in an interview

In the white paper, Dussuyer noted the paradox that risks faced by energy companies are greater than ever, insurers' capacity and hunger for new business is considerable, and yet opportunities for risk transfer are limited. One of the “areas for improvement” that the Willis Tower Watson executive goes into is drilling, where, he wrote, the standard risk-assessment methodology “has not changed in almost 30 years since it was first used for drilling in the Gulf of Mexico.”

Current rating models are “good in parts,” the paper said, “but the energy industry really needs an entirely fresh product if it is to accurately assess the drilling risks different energy companies face in different environments, and charge premiums accordingly.”

The other risk gaps Dussuyer described were supply chain, cyber and Gulf of Mexico windstorm.

Data Needs

Lack of underwriting information is one reason that sufficient levels of coverage are lacking.

“The underwriters may not be asking the right questions, or they don't understand the risks inherent in deep water drilling,” said Loeber of Lowenstein Sandler. “It could also be a lack of interest in providing coverage for this level of risk.”

When adequate insurance coverage cannot be obtained, self-insurance is an option. “A large multinational energy or oil corporation can create its own insurance company,” Loeber said.

Alternatives include catastrophe bonds and risk-transfer products such as structured (re)insurance and contingent capital solutions.

Dussuyer cited the approach of “more collaboration to bolster risk-mitigation plans so that there are additional preventive measures, and to make better use of data analytics to assess risk.”

For policies covering major disasters, underwriters rely on forecasting. “Some of the models for drilling risk are 30 years old,” Dussuyer said. “The less credible the data/models, the more insurers will want to charge energy companies higher premiums to protect themselves from unexpected loss experience.”

What's more, drilling now occurs in the Arctic and other environments that are harsher than the Gulf of Mexico.

Windstorm Exposure

Since Hurricane Ike in 2008, the third most expensive event in insurance history, “energy companies operating in the Gulf of Mexico have struggled to buy protection for the hurricane season, even though climate change threatens to increase the risk of severe weather events,” said the Willis Towers Watson paper. “That is because losses caused by Ike, particularly those suffered by upstream operators, far exceeded insurers' estimates, and there followed an immediate concentration of capacity, a massive increase in rates, and a virtual tripling of insurance retentions.

Figure 1
Power and utilities was the third fastest growing sector in cyber insurance take-up in 2014, according to Guy Carpenter/Marsh Global Analytics.

“Capacity for this type of exposure in the market is thought to be about $750 million, compared to a potential overall windstorm exposure of more than $20 billion.”

According to Dussuyer, “The solution is to relax some restrictions that have been imposed by upstream energy insurers.”

When it comes to supply chains, a disruption could conceivably cost an energy company operating in Asia $1 billion. Yet no more than $150 million of coverage is available in the insurance markets.

Information is lacking here, too, “due to the complexity of the supply chain,” said Dussuyer. “There are multitudes of people active in the supply chain in the form of suppliers' suppliers, and increased coverage requires a supply chain report or assessment provided by oil companies so that insurers can understand vulnerability.”

Educate the Providers

The onus is on the industry to increase the comfort level of insurers so that they will offer the additional coverage.

“Risk managers are thus on the horns of a dilemma,” Dussuyer wrote. “They are particularly concerned about this type of risk since the Japanese earthquake, and their managements expect them to do everything possible to mitigate it. But they lack the appetite to spend two years or more assessing their supply chains in the way the insurance market demands, as they do not have the resources to do so.”

William Helander, executive vice president with insurance agency JLT Specialty USA's Energy Practice, said, “Energy companies that provide due diligence around underlying infrastructure, feasibility and contingency risk will have a profound impact on what's available to them in terms of additional coverage.”

For big supply chain risk, Helander continued, companies can “get contingent business-interruption risk coverage. They also need to buy property insurance to protect their contingent risk of transporting hydrocarbons from the ground to market, where it can be refined and sold.”.

Operating Agreements

When all other insurance options fail, operating agreements that indemnify contractors is a way to offset liability and protect against risk.

“Commercial contracts cover every aspect of a working relationship between two parties, and they include mutual indemnification provisions, which are known in the industry as knock for knock agreements,” Loeber explained. “It is essential that oil and gas companies enlist coverage counsel to ensure that their commercial contracts are squarely aligned with their insurance portfolios.”

Neither the upstream nor downstream energy insurance markets provide cover for cyber attacks, according to the Willis Towers Watson report. Cyber exclusions are common in insurance policies, It has been left to “cyber specialists who offer standalone cyber products, but generally only with limited cover as the market remains small.”

Available direct insurance options include the Bermuda-based energy industry mutual Oil Insurance Limited and Chrysalis, a London upstream insurance market facility.

“There is also some $350 million of standalone cyber market insurance becoming available that offers coverage for physical loss or damage and consequent business interruption incurred as a result of a cyber attack,” Dussuyer said.

The Consequences of 'Cyber'

Reinsurer Guy Carpenter surveyed cyber risk in its September 2015 Emerging Risks Report, saying, “In addition to exposure from cyber network security and privacy liability policy portfolios, the potential for loss to physical assets could be especially significant for energy and utility infrastructures, financial institutions and power grids that are now facing the consequences of 'cyber' as a peril.

“The limited history, lack of data and emerging exposure make it difficult for (re)insurers to measure cyber risk and calculate capital needs,” the report went on. “There is an opportunity to innovate with the development of modeling capabilities that can measure and quantify the cyber risk to determine pricing, correlated loss and capital support.

“This is critically important because of the expected growth of the cyber insurance market, which is projected to increase from approximately $2 billion today to $5 billion over the next five years. This is driven by new purchasers of the product as well as by existing buyers purchasing more limit.”

The report showed that the standalone cyber insurance take-up rate among clients of Guy Carpenter's Marsh affiliate rose to 16% in 2014, from 13% in 2013. The power and utilities sector was above those figures, climbing to 21% from 14%. Financial institution takeup was also 21%, compared with 17% in 2013.

“The number of first-time purchasers is increasing, while many existing buyers continue to increase limits purchased,” Guy Carpenter observed.

“Cyber attacks represent a present and growing danger that threatens businesses, irrespective of size and sector,” the firm added. “The U.K. government's annual breach report shows that 81% of large businesses and 60% percent of small businesses suffered a security breach in 2014.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2022 Global Association of Risk Professionals