Insurance Banana Skins - An Australian Perspective

Insurance Banana Skins describes the most urgent risks, or "Banana Skins", facing the insurance industry. Informed by a global survey conducted last year, it provides a snapshot of where the industry has come from, where it is now, and where it is heading.

The Banana Skins Index gauges the industry’s level of anxiety in responding to risks. In 2023, it showed a higher degree of apprehension among Australia’s insurance industry players, compared to their global peers. Anxiety in Australia in 2023 was also higher than it was in Australia in 2021 (Figure 1).

In terms of how ready Australia’s insurance industry is to handle these risks, the Preparedness Index suggests there has been a decline since 2021. The Australian industry also trails the 2023 global average on this Index (Figure 1).

_{Figure 1
The Banana Skins Indices, Australia, 2021 - 2023 (scale 1 to 5)}

A complex array of risks has been brought into sharp focus by the 2023 survey. Australia’s insurers are particularly concerned by the risks stemming from cyber, regulation, climate change, reputation, technology, and talent. Similar risks are dominating insurers’ agendas everywhere, with cyber, regulation and climate change cited as the top risks across Asia Pacific and Globally (Figure 2).

_{Figure 2
Top 10 insurance Banana Skins 2023}

Cyber crime

In this year’s survey Cyber remains the top risk identified by insurers both globally and in Australia. In Australia, Cyber has been the greatest concern identified by our respondents for the past 9 years since 2015. Respondents cited fears of attack from increasingly sophisticated threat actors and the growing manifestation of operational outages from cyber vulnerabilities. In Australia these fears are also reflected in increasing regulatory scrutiny and obligations related to cybersecurity and ​digital resilience.​

The risk of attack is very real, recent years have seen insurers the target of significant and targeted attacks, such as supply chain attacks, ransomware incidents and data breaches, with threat actors ranging in sophistication from disgruntled employees through to state sponsored and organised crime. Given the significant amount of monetary assets, the vast quantity of sensitive personal data, and the corporate intellectual property held across the insurance ecosystem, financially motivated crime is the top threat for this sector.​

This year’s survey suggested the overall mood of the industry has deteriorated since 2021 with a key reason cited as rising concerns around operational resilience. In Australia this trend is evidenced by several high-profile cyber attacks, together with system outages arising from both cyber and technology vulnerabilities associated with legacy systems.​

Increased regulations for insurers related to cyber obligations are also reflected in Australian survey respondents reasoning for prioritising cyber risk. Insurers are now impacted by obligations in: APRA’s CPS 234, focusing on measures to be resilient against information security incidents and the upcoming CPS 230, aiming to strengthen the management of operational risk which comes into effect in 2025; and the Security Legislation Amendment (Critical Infrastructure Protection - SLACIP) Act, for managing risks relating to critical infrastructure.

Regulation

The survey's results highlight that regulation remains a top concern for Australian companies. This is not surprising given the raft of new regulations which continue to lift the bar on expectations – especially board oversight, accountability and risk management – with the ultimate objective of ensuring positive customer outcomes.​

In Australia, the pipeline of regulatory change includes CPS 230 Operational Risk Management and the Financial Accountability Regime legislation, as well as new financial reporting standards with the sustainability standards introducing significant new reporting requirements over the next few years, and this year’s adoption of IFRS 17 Insurance Contracts.

Key to the successful implementation of these requirements will be starting early and involving the right people throughout the business. Insurers should look to focus on sustainable implementation that is integrated into business operations and aligned to their strategic direction to avoid adding complexity to business processes. It's likely these regulatory changes will require substantial investment from insurers so ensuring long term benefits to the business are derived is important, as well as using these as a competitive advantage rather than seeing the new requirements as an onerous compliance exercise.​

These regulatory concerns are likely to be linked to the pressures felt by the Australian industry regarding reputational risk (ranking nine points higher than the global results). Regulatory scrutiny continues over policyholder outcomes with regulatory intervention on IDII, pricing promises and the ASIC claims handling review, as the industry continues to work to rebuild public trust following the Royal Commission.

Climate change

Climate risk is another topic which features heavily within the survey results and is having considerable impacts both in Australia and globally.​

Natural perils are some of the most unpredictable and costly events for any company, causing more than $30bn in losses in Australia in the past decade. General insurers are adversely affected by increased risk of natural disasters, compounded by climate change, due to high exposures through customers, products and assets. Chronic changes like elevated temperatures and prolonged drought – as well as acute events like increasingly frequent and severe hurricanes and wildfires – can significantly affect health and longevity risks for health and life insurers. Climate change compounds the impact of rising premiums and affordability challenges in large parts of Australia.

Key areas of focus from a regulatory perspective will focus on the risk of greenwashing in making claims which have not been fully validated and supported. These principles will be underpinned and supported by the recently released AASB Exposure Draft ED SR1 Australian Sustainability Reporting Standards – Disclosure of Climate-related Financial Information in October 2023. As a result of these standards, many entities within Australia, will be required to disclose details around their climate related risks and opportunities, including the impacts on financial statements, including obtaining Assurance as part of a tiered approach.

While facing these risks, insurers are also pursuing financial objectives, including pricing selection, cost management, growth and profitability. This balancing act is notoriously hard, but waiting and responding to incidents as they arise is not an option. Instead, there are several ‘no regrets’ steps that insurance leaders can take to prepare.

Read PwC Australia’s Insurance Banana Skins - An Australian Perspective.