20 added · 24 removed between the two most recent 10-Ks. The risks a company starts — or stops — disclosing are often the story.
Newly disclosed
For new and renewal policies effective October 1, 2025, and later, we implemented ISO's cyber incident exclusion for general liability, which eliminates coverage for "bodily injury" and "property damage." • By statute, workers compensation policies cannot include cyber exclusions, and a cyber-attack-related workplace injury could trigger coverage.
For example, (i) tariffs and related trade policy shifts can disrupt supply chains and increase costs, creating uncertainty for pricing and loss cost assumptions, and (ii) prolonged government shutdowns result in a lapse in the National Flood Insurance Program ("NFIP") , which would impact our Standard Personal Lines results.
These global regional differences, whether attributable to nature or human activities, include increases in (i) mean temperature in most land and ocean regions, (ii) hot extremes in most inhabited regions, (iii) heavy precipitation in several regions, and (iv) the probability of drought and precipitation deficits in some regions. 23 Table of Contents Human-made catastrophes Cyber Attacks and Incidents The risk of a wide-scale criminal or terrorist cyber-attack has become more significant and has drawn increased attention from IT and national security experts, U.S. policymakers, the U.S. military, and the insurance industry.
In addition, we apply cyber incident exclusions that eliminate coverage for malicious cyber except for the sub-limited coverage in the base ISO coverage forms and our property and businessowners' property “virus and harmful code” extension endorsements. • Most of our general liability and businessowners' policies exclude cyber-related liability losses, except for "bodily injury." Our specific cyber-exclusion and liability forms' lack of affirmative sub-limited cyber coverage effectively limits most "silent cyber" exposure.
These potential impacts from a malicious cyber-attack could have a material adverse effect on our results of operations, liquidity, financial condition, financial strength, and debt ratings. 32 Table of Contents Through encryption and authentication technologies, we have implemented system- and process-based risk mitigations intended to secure our IT systems and prevent unauthorized access to or loss of sensitive data.
Our cyber-specific policies for commercial lines and personal lines customers are 100% reinsured with highly-rated specialty cyber markets.
For example, certain aggregators are pursuing strategies to consolidate their business with fewer insurers and demanding customized compensation agreements.
This exposure may exist if courts, regardless of intent, interpret policy forms without specific related coverage exclusions to provide coverage for a cyber-related incident.
In recognition of this risk, management's experience and sound business judgment must be used to interpret and apply model results. 28 Table of Contents Risks Related to Our Investments Segment Our investments are exposed to credit risk, interest rate fluctuation, and changes in value.
Aggregators accounted for approximately 51% of our DPW at December 31, 2025, up from 46% in the prior year.
While medical inflation has been low for several years, it has risen recently and, in combination with rising utilization, is driving increases in workers compensation medical severities.
We encounter credit risk in various areas of our insurance operations, particularly from third parties: • Our reinsurers, which have payment obligations under our reinsurance agreements.
No longer disclosed
For policies effective October 1, 2022 and later, we implemented cyber incident exclusions that exclude malicious cyber except for the sub-limited coverage provided in the base ISO coverage forms and our property and businessowners' property “virus and harmful code” extension endorsements.
This exposure may exist if courts, regardless of intent, interpret policy forms without specific related coverage exclusions to provide coverage for a cyber-related incident. 23 Table of Contents We provide cyber-specific policies to our commercial lines and personal lines customers through 100% reinsured solutions with highly-rated specialty cyber markets.
We limited our "silent cyber" exposure through an affirmative coverage grant subject to a sub-limit. • Our base property forms typically include a $2,000 or $10,000 cyber coverage grant.
Human-made catastrophes Cyber Attacks and Incidents The risk of a wide-scale criminal or terrorist cyber-attack has become more significant and has drawn increased attention from IT and national security experts, U.S. policymakers, the U.S. military, and the insurance industry.
These exclusions clarify coverage and have no premium impact. • Most of our general liability and businessowners' policies exclude cyber-related liability losses, except for "bodily injury." Our specific cyber-exclusion and liability forms' lack of affirmative sub-limited cyber coverage, effectively limit most "silent cyber" exposure. • By statute, workers compensation policies do not have cyber exclusions, and a cyber-attack-related workplace injury could trigger coverage.
The reinsurance market became increasingly challenging and expensive since January 1, 2023, as monetary and social inflation-driven demand for increased reinsurance coverages coincided with reduced reinsurance capacity from poor reinsurance loss experience, particularly for general liability and catastrophe and non-catastrophe property losses, increased reinsurer investment losses, and foreign exchange rate impacts.
While reinsurance market conditions have since stabilized, as pricing has moderated and capacity has increased, reinsurance purchasers continue to face higher pricing and more restrictive coverage appetite from reinsurers than they did before January 1, 2023.
For example, Aggregators could develop and implement strategies to consolidate their business with fewer insurers and demand higher base and supplemental commissions.
These potential impacts from a malicious cyber-attack could have a material adverse effect on our results of operations, liquidity, financial condition, financial strength, and debt ratings.
These global regional differences, whether attributable to nature or human activities, include increases in (i) mean temperature in most land and ocean regions, (ii) hot extremes in most inhabited regions, (iii) heavy precipitation in several regions, and (iv) the probability of drought and precipitation deficits in some regions.
Our statistical models are extremely useful in monitoring and controlling risk, but are no substitute for senior management's experience or judgment. 28 Table of Contents Risks Related to Our Investments Segment Our investments are exposed to credit risk, interest rate fluctuation, and changes in value.
Consequently, we can neither predict such new risk factors nor assess the potential future impact on our business. 22 Table of Contents Risks Related to our Insurance Operations We are subject to losses from catastrophic events.