When it is non-existent or poorly executed, risk management becomes the subject of intense scrutiny, especially when a municipality or public entity is assigned responsibility for an occurrence resulting in widespread damage or singular tragedy.
“How did this happen?,” we demand to know. “And who is to blame?”
From natural catastrophes to a global pandemic, from cyberattacks to sexual abuse by school employees, from police misconduct to mass shootings, we’ve had no shortage of public-sector risk management shortcomings to scrutinize in recent years, and the consequences have been devastating: lives lost or damaged, property destroyed, claims totaling billions of dollars.
What we don’t often hear about is risk management success. That’s because preventing injury and mitigating damage doesn’t usually create breaking news alerts and boldface headlines. But public-sector risk management does happen, and when it’s successful, the rewards are extensive. They include high-functioning infrastructure, well-maintained public buildings, highly trained law enforcement and educators, adroit disaster response and sound finances – all of which contribute to comparatively advantageous market conditions for property and casualty (P&C) insurance.
Municipalities and public entities that haven’t invested in risk management and the elements that make up a safe community, as well as those located in an area prone to natural catastrophe, are more likely to have a troublesome claims history and experience greater difficulty purchasing insurance. Risk management and loss control are essential components of obtaining coverage and containing costs. if a public entity is seen as a good risk, coverage is generally available and relatively affordable. If it has a lengthy claims history, old or poorly maintained property, a location in a hazardous area, or lax security or safety protocols, insurance is going to be hard to come by.
P&C Market Outlook
In December 2021, Alera Group published the Property and Casualty 2022 Market Outlook. Acknowledging that major questions regarding municipal liability related to COVID-19 remained unanswered at the time, here’s what we had to say in the whitepaper’s section on insurance for the public sector:
“The growing number of natural catastrophes, nuclear jury verdicts, civil unrest and the effects of the global pandemic will likely lead to continued pricing increases, and restrictions in capacity and coverage.”
We cited these factors as influencing the market:
- Immunity is in question. The Public Readiness and Emergency Preparedness (PREP) Act is intended to provide immunity of liability for entities and individuals involved in testing, distributing and/or administrating counter measures against a present or credible threat to public health. While this could provide protections for public entities, the PREP Act continues to be challenged in the courts.
- Insurers continue to be highly selective in deploying casualty capacity. As a result, limits on Excess and Umbrella, Cyber Liability, Public Officials Liability and, more recently, Law Enforcement Liability are among the lines most affected.
- Property insurance availability and pricing will vary based on catastrophe exposure. While pricing continues to go up, trends indicate some softening in the market. More moderate increases will likely be reserved for loss-free clients with good deductible structures and limited catastrophe exposure.
- Anticipate an emphasis on “insurance to value.” Insurers have experienced large losses with public entities where property values were underreported. It is critical to have plans in place to keep values current. Without reliable valuations, Excess coverage will be difficult to obtain.
- Storm deductibles are on the rise. Some insurers are adding new and broad convective storm (e.g., thunderstorm) deductibles and expanding the geographic scope of the wind/hail deductibles.
- Insurers are concerned about aging infrastructure. With the decline in tax revenues, tight budgets make it difficult for entities to inspect and maintain their infrastructure. Failure of vital infrastructures such as bridges, tunnels and dams has implications for property and liability.
- Cyberattack is a growing threat. According to a recent Barracuda Networks study, local government bodies are more likely to be targeted by ransomware attacks than any other type of organization. While the risks remain high, the appetite and budgets to mitigate them remain lacking. As a result, pricing in the public entity space for Cyber Liability has doubled in many cases, while limits have been cut in half for those with less-than-favorable loss history.
- Sexual abuse and molestation claims are becoming a more pressing issue. Insurers are seeing an uptick in the frequency and severity of claims. In response, they are limiting coverage through sub-limits, changing the way coverage is triggered, and, in some cases, carving out the coverage from the general liability policies.”
Since publication of the Market Outlook, Russia’s war on Ukraine has worsened inflation, supply chain issues and cyber risks, while the COVID-19 pandemic has carried into a third year. As a result, market conditions for P&C insurance have, for the most part, only gotten worse. There is one notable exception: Workers’ Compensation Insurance, which is widely available and generally stable in terms of rates, capacity and underwriting scrutiny.
The Price of Poor Policing
America may be divided in its views on the Black Lives Matter movement, but regardless of perceptions regarding race and police, taxpayers are paying a substantial monetary cost for incidents of alleged misconduct by law enforcement. Along with ransomware attacks and lawsuits involving allegations of sexual abuse by public school employees, police misconduct and wrongful incarceration cases are among the main factors driving the rising cost of liability insurance for municipalities.
An investigative report by the Seattle Times revealed in April 2022 that cities and counties in the state of Washington paid at least $34.3 million to settle misconduct and wrongful death cases in 2021 alone – part of a five-year total of more than $100 million in such payments over the past five years.
According to the Times, “The data shows that the number and size of settlements have grown precipitously over that time period — from $1.15 million in 2017 to the more than $34 million in 2021, a 2,990% increase. Nearly two-thirds of the total $100 million has been paid since the May 2020 murder of George Floyd by Minneapolis officers renewed outrage over unchecked police brutality and bolstered the Black Lives Matter movement.”
Washington state is not unique. In March 2022, the Washington Post reported that, nationally, “More than $1.5 billion has been spent to settle claims of officers repeatedly accused of wrongdoing. Taxpayers are often in the dark.”
In New Jersey, according to CNN, Camden County recently agreed after years of litigation to pay a man paralyzed in a police encounter $10 million. In Minnesota, the state agreed in May “to pay $1.5 million to a man who said police used excessive force when he was arrested during the protests that followed George Floyd’s death,” Insurance Journal reported. And in Wilkes-Barre, PA, the Patriot-News reported in February, the city’s insurance costs increased by 300% following a “wave of big-money lawsuits” against its police department.
Insurance typically covers much of the cost of lawsuits against a municipality’s police department, but that – as in the case of Wilkes-Barre – in turn leads to higher premiums and deductibles, along with increased underwriter scrutiny.
Alternative Funding Solutions
As in other market sectors, insurance challenges confronting municipalities and other public entities are leading financial decision-makers to explore alternative funding solutions to manage the cost of risk. In Washington, the Seattle Times noted in its report on the cost of law enforcement liability cases, the Washington Cities Insurance Authority (WCIA) is a pool that covers 90 police agencies in the state.
“The WCIA and other municipal pools are collectives that use premiums paid by the individual cities to either purchase insurance or actually provide the insurance themselves,” the Times explained. “Having a number of cities and counties pay spreads out the costs of risk management and can help in purchasing broader coverage. Like most insurance purchases, they pay a deductible or absorb the costs when something occurs that isn’t covered by the policy.
“Cities and counties purchase insurance as protection against negligence or liability claims by their employees or outside entities, much as a homeowner buys insurance to protect against accidents and disasters. In some cases, larger government agencies are self-insured, but still purchase secondary policies to cover unexpectedly large payouts or unanticipated liability.”
Other states, including Michigan, New Jersey and Ohio, also have found success using public entity risk-sharing pools to address unique exposures and manage costs. With the P&C insurance market likely to remain hard for the foreseeable future, risk-sharing pools and Captive Insurance programs are certain to gain attention from more states and public entities.
Cyber Risks and Strategies
One line of coverage for which public entities everywhere are looking toward alternative risk transfer solutions is Cyber Insurance.
Municipalities and schools are among the most frequent targets for cyberattack and ransomware extortion. And roughly half of state and local governments have been paying their hackers’ ransom, the website Governing reported in its recent article “Local Governments Seek Other Options Amid Cyber Insurance Woes.”
“This is a relatively high rate of payment, globally – topped only by the K-12 education sector,” Governing stated, citing information in cybersecurity firm Sophos’ “State of Ransomware 2022” report. “Sophos found 49 percent of state and local agencies paying in 2021, and 53 percent of K-12 entities doing the same.”
While Sophos found that state and local governments paid a ransom average of $214,000 in 2021, the national co-chair of the Coalition of City CISOs told Governing that anecdotal information led him to believe the average in the U.S. was significantly greater – around $500,000.
Because of the frequency of attacks, size of ransom demands and lack of financial resources to adequately protect the sensitive data they possess, some public entities are seeing Cyber Insurance renewal rates rising as much as 100% — if they’re offered renewal at all. Again, risk management is essential. Entities that have security software, practices and protocols such as third-party authentication in place are likely to have access to Cyber Insurance. Those who don’t are not.
Rate and availability issues are among the main reasons some municipalities – the City of Boston being one, Governing reports – have chosen to self-insure, establishing a fund to cover the cost of attacks and their aftermath, and backing that with re-insurance.
What Public Entities Can Do
In its 2011 whitepaper “Strengthening risk management in the U.S. public sector,” the management consulting firm McKinsey & Company offers five recommendations:
- Create transparency both internally and externally.
- Develop a “risk constitution,” or statement of principles regarding risk.
- Initially focus on modifying a few core processes.
- Establish a dedicated risk management organization.
- Build a risk culture.
“An initial step to building a risk culture is the creation of a risk-training curriculum and the launch of training programs that address the organization’s needs,” McKinsey states, adding, “Developing skills, although crucial, is only one component of creating a risk culture. A conscious effort by the leadership and the risk department in three additional dimensions is required: fostering understanding and conviction across the organization, role modeling, and establishing formal mechanisms for reinforcement.”
While the McKinsey document is a useful guide, it does omit one important recommendation: Work with an insurance agent or broker who is experienced in working with public entities and knows the laws governing your state. A qualified insurance professional will consult with you to assess your risks, evaluate your current coverage and market your public entity to underwriters in the most favorable possible light.
With more than 130 locations around the country, Alera Group combines local service with national reach that enables our agents and brokers to collaborate with other specialists on innovative insurance, employee benefit and retirement plan solutions customized to each client’s industry and organization.
About the Author
Greg Zinn, CIC
Zinn, an Alera Group Company