As the world emerges from the COVID-19 pandemic with workers returning to offices, customers to shops, patients to medical facilities, and clients to in-person meetings with professional service providers, those shifts are beginning to be reflected in claims activity. In this article, we will examine the claims observed across Europe in 2021, and take a closer look at emerging and growing claims risks relating to cyber incidents, environmental, social, and governance (ESG), and directors and officers (D&O)-related claims.
While the cumulative claims for Marsh’s financial and professional lines portfolio rose between 2020 and 2021, several categories of claims saw a decrease in the number of notifications (see Figure 1). D&O, crime and fraud, and employment practices liability (EPL) all saw the number of claims drop, year on year, especially during the pandemic. Meanwhile, professional indemnity (PI), cyber, and all other claims rose, with cyber seeing the most dramatic rise in claims between 2020 and 2021. The “other claims” category is made up of entries that had no clear categorisation — claims with low levels of frequency — and also includes other miscellaneous claims for confidentiality reasons.
There has been a change in the risk profile of financial lines since 2019 which has been fuelled further by the modifications in behaviour caused by the pandemic — affecting the nature and frequency of claims. We have seen a higher retention included in financial and professional lines policies, as well as insurers becoming increasingly focused on intensity of risks. The rise of working from home has affected all financial lines, although in diverse ways, and to different degrees. The recent increase in frequency of cyber claims notifications is clearly observable but there are many factors causing this sudden rise, beyond working from home, which are explored in detail in Marsh’s Changing Face of Cyber Claims Report 2022. The rapid uptake of organised cyber-crime as a profitable and innovative quasi-business model, especially through the use of ransomware, not only focused on business interruption and recovery costs through encryption, but also on threatening to leak sensitive data held by organisations. Furthermore, companies continued their transition towards digitalisation which leads to a larger potential area of attack. When the implementation of proper defence mechanisms and cyber hygiene does not grow on par with the dependencies on their digital processes, a higher frequency of cyber claims is generally observed.
The two industries with the most significant number of claims made, when PI schemes are excluded, were financial institutions and professional services (see Figure 2). This is representative of how Marsh’s portfolio is structured and the higher frequency of claims made by the professional services sector.
Even when PI schemes are excluded, PI-related claims remain just under a third of recorded notifications, with only D&O-related claims being reported more frequently. Over the last five years, these two sectors have consistently been the source of the largest number of financial and professional lines claims.
Looking at country specific data, we can see an unequal distribution of claims, with Spain and the Netherlands experiencing a much higher proportion of claims related to PI. Meanwhile, France has a higher proportion of claims related to both crime and fraud and cyber, than most other European countries.
When observing the data related to the top six industries by claims, since 2015 (see Figure 3), there is no clear trend for either growth or decline across those industries. The manufacturing sector saw a drop in claims between 2015 and 2016 but then witnessed a steep rise in claims. The energy sector saw a drop in claims from a peak in 2017, each year, until 2021. Only two industries saw a drop in claims between 2020 and 2021 — professional services and communications, media, and technology. The consistent trend we see is that financial institutions, professional services, and manufacturing sectors continue to have the highest number of claims which is almost certainly linked to the highly-regulated nature of these sectors.
Extortion was the top ranking type of cyber claim across Europe with over twice the frequency of second placed data breaches. While cyber claims have continued to rise across the region, staff training and better cybersecurity implementation is having an impact in the healthcare and financial institutions sectors. However, organisations need to remain vigilant, especially when adding companies to their cyber supply chain.
Utilising our data from France, which is a mature market with a broad distribution of claims that can be used to offer a deeper critical understanding around D&O claims across the region, we can see that criminal allegations (see Figure 5) is the leading claim in the country, followed by civil allegations and employment practice violations. This trend is evident in the majority of countries in Europe.
The often under-discussed prong on the ESG trident — governance — is clearly an issue that organisations need to consider, as D&O claims represent the highest subsection of claims. The specific laws and employment regulations may vary from country to country but every organisation, whether they operate in one jurisdiction or multiple areas, needs to have clear guidance internally on how they operate and ensure compliance.
The data shows that in Europe cyber-related incidents are increasing, as the level of digitalisation and automation continues to grow. This is part of a wider trend of event-driven litigation observed in Europe. Since 2018, the European Union and many countries across the continent, have published ambitious programmes of ESG-related regulatory measures. These are having a significant impact on the way in which companies operate and have amplified the onerous duties for the board of directors. The level of D&O- and PI-related claims may continue to rise proportionally over the next few years, as companies and employees adjust to hybrid working, evolving consumers’ expectations, a more active role taken by regulators, and intensifying ESG-related matters.
To learn more about the areas of ESG your organisation could improve upon, which could lead to coverage enhancement and additional capacity on future renewals, you can use Marsh’s free ESG Risk Rating tool.