Business assets, such as key personnel and brand value, along with damage from cyber attacks, are difficult to quantify – and are strikingly underinsured by risk managers
As the French romantic saying puts it, far from the eyes is far from the heart. Intangibles are all the things in a business which can’t be seen and, when it comes to risk management, that means they are often overlooked.
Most businesses simply don’t protect intangibles. According to new research by Clydesdale Bank and Yorkshire Bank, only one in four (27 per cent) of UK small and medium-sized firms has taken steps to value non-physical assets. It’s not much better at larger firms. Government figures state only 2 per cent of big enterprises have cyber insurance, despite 80 per cent being breached in the last year. Accountancy body CIMA calls intangibles “a collective blind spot for decision makers”.
So what intangibles should businesses be looking to protect? The list includes key personnel, brand value, intellectual property, cyber security, supply chain and third-party behaviour. Each category needs a risk mitigation policy in place. And, if there is a serious chance of disruption, insurance should be acquired to offset the damage when disaster strikes.
Official guidelines imply it is straightforward to calculate the value of intangibles. CIMA published a guide in late-2014 on reporting intangibles as part of global management accounting principles. But talk to insurance industry chiefs and it is clear there are grey areas.
Take brand reputation. Valuing a brand is a common exercise. Agencies such as Millward Brown, Brand Finance and Interbrand perform brand valuations for purposes including mergers and acquisitions, insurance and credit guarantees. They use methods outlined in standards set in ISO 10668. There are seven methods cited in the ISO. For example, the “price and volume premium” method uses comparisons with generics. Nurofen painkillers are pure ibuprofen, but command triple the price over generic alternatives due to strong branding.
Key people insurance is riven with disputes over how to calculate a value and what cover should protect
Yet there are two shortcomings no matter which methodology is used. First, rival agencies frequently produce divergent valuations. Millward Brown and Interbrand rate Apple’s brand with a variance of up to $100 billion. Second, the impact of specific events on a brand is extremely hard to quantify using the ISO-approved system.
David Philip, partner at Kennedys law firm, points out: “It is possible to insure a brand against detriment, although placing a value on intangibles is extremely difficult as they are so subjective.” Garry Sidaway, of risk management consultancy NTT Com Security, agrees, adding there are numerous complicating factors: “You can protect yourself to some degree from individual social comments and remarks, but insurance is based on actuarial data and loss, and brand value is a very difficult thing to measure effectively. The impact on market value is one measure, but again what am I insuring, how do I determine the necessary cover, and what controls must I put in place to protect my own interests?”
The solution? Insurance companies are increasingly offering more than cash payments to cover loss. Packages include consulting services in the event of a loss, such as help with public relations in the case of a product recall. Practical help, rather than a hand-out, may be of far greater value, when payment terms would be so hard to agree on.
Key people insurance suffers from similar difficulties. The category is riven with disputes over how to calculate a value and what cover should protect.
Ben Butler, director at insurance broker Macbeth, advises on key person valuations. He says the broad aim is to maintain a company’s profits or turnover in case of the loss of a key person. “These can range from loss of goodwill or technical skills and knowledge, through to financial arrangements or potential expansion opportunities or business projects,” Mr Butler says.
Methods of calculating risk vary. “Multiple of salary, cash flow and multiple of profits are all common methods,” he explains. “None of these are perfect. For example, an individual’s salary may not be a true reflection of their actual involvement. But, in establishing a plan, the very process of financial underwriting will assess the level of cover necessary.”
These challenges mean key person insurance is gravely underused. Chris Hickey of broker Sutton Winson remarks that “very few people have heard of this type of cover”. Which is troubling. A Legal & General survey shows 41 per cent of business owners expect their business to fold within 18 months following the death or critical illness of a key person. Six out of ten rated the loss of a key person as the worst disaster their firm could experience. Even a basic key person policy can avert catastrophe.
The biggest growth area in intangibles is cyber insurance. Lloyds of London reported a 50 per cent increase in submissions in the first three months of this year compared to 2014. First-time purchasers account for 70 per cent of Lloyds’ customers. Globally, IBISWorld research reports premiums growing from $400 million in 2009 to $2 billion this year and estimates $10 billion in five years.
Yet the mood from the cyber defence sector is one of incredulity that more isn’t being done. John Watters, chief executive of cyber security consultancy iSIGHT Partners, says paranoia ought to be standard: “If you’re an investment firm, focused on global investing, you don’t think sovereign funds want to know what your strategy and target list is? If you’re an investment banking firm specialising in M&A, you don’t think criminals want to gain insight into your M&A pipeline?”
Attacks are hardly rare. As Mr Watters says: “We can assume the data we have almost certainly understates the problem due to under-reporting.”
The sector is trying to lure more businesses into taking out cover by diversifying policies. Some new contracts include reimbursement for reputation and PR damage caused by a cyber attack. This is a welcome development, when you consider the press frenzy following the high-profile breaches at US retailer Target and Sony Entertainment.
To promote coverage, the insurance industry needs to assure clients that threats can be quantified and explain clearly what a policy will cover.
Tim Ryan, executive chairman of the independent broker alliance UNA, stresses his colleagues have work to do. “Finding solutions to insuring intangible risks presents an opportunity for the insurance industry as traditional policies just won’t cut it in these instances. This is where the insurance sector is set to evolve in order to plug the gaps,” he says.
Until it completes the transformation, intangibles will remain the Achilles’ heel in risk management. Both insurers and companies have a duty to change this.