Cybersecurity Among Biggest Presidential Challenges

Just days after the disclosure of a massive data breach at email provider Yahoo, believed to have been the work of a state-sponsored actor, it’s notable that cybersecurity made news during the first of three U.S. presidential debates last night.

As Democratic U.S. presidential nominee Hillary Clinton and Republican U.S. presidential nominee Donald Trump squared off, moderator Lester Holt, asked:

“Our institutions are under cyber attack, and our secrets are being stolen. So my question is, who’s behind it? And how do we fight it?”

In her response, Clinton described cybersecurity, cyber warfare as one of the biggest challenges facing the next president.

She said the U.S. faced two different kinds of adversaries: independent hacking groups that try to steal information so they can use it commercially to make money; and cyber attacks coming from states and organs of states.

Clinton noted:

“We need to make it very clear—whether it’s Russia, China, Iran or anybody else—the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private sector information or our public sector information.”

Trump and Clinton then went back-and-forth on whether Russia was responsible for the hacking of Democratic National Committee emails earlier this year.

Setting that discussion aside, both nominees appeared to agree on the enormity of the cybersecurity challenge, as Trump said:

“We have to get very, very tough on cyber and cyber warfare. It is — it is a huge problem… The security aspect of cyber is very, very tough. And maybe it’s hardly doable.”

The just-disclosed 2014 Yahoo breach, in which 500 million accounts were compromised, highlights concerns around the number of state-sponsored cyber attacks, according to this article by the Wall Street Journal.

While organizations should consider the purchase of cyber insurance to manage the financial consequences of an attack, a 2015 Ponemon study found that a more popular approach to managing the risk of a nation state attack is a government-subsidized insurance policy (see below).

screen-shot-2016-09-26-at-10-46-23-pm

What do you think?

Some 17,475 IT and IT security practitioners located in all regions of the U.S. participated in the Ponemon survey.

The Insurance Information Institute’s latest white paper on cyber risk threats and challenges is available here.

Charlotte Unrest and Business Insurance

Ongoing civil unrest and protests in Charlotte, North Carolina following the police shooting of Keith Scott are reported to have caused significant property damage to businesses in the central area of the city.

The Charlotte Observer reports that entertainment complex EpiCentre faced looting and sustained significant damage Wednesday night. Numerous businesses were damaged, including Sundries EpiCentre, CVS, Enso and Fleming’s Prime Steakhouse, it said.

The NASCAR Hall of Fame was among other sites hit by vandals, with adjacent restaurants and hotels also damaged after officials declared a state of emergency for the city.

As clean-up gets underway it’s important to note that most commercial insurance policies generally include coverage for losses caused by riots. civil commotions and fires.

The definition of rioting covers looting by people who steal merchandise or other property from a premises. Vandalism is also covered.

According to The Charlotte Observer, a possible curfew for Thursday night is being discussed by city officials.

The Insurance Information Institute (I.I.I.) notes that if a business has to suspend operations or limit hours due to rioting, business interruption coverage is only covered if there is direct physical damage to the premises, forcing a business to suspend operations.

A “civil authority provision” in a business policy provides coverage for lost income and extra expenses in the event the police or fire department bars access to a specific area as a result of the danger caused by a riot or civil commotion.

In April 2015, looting and arson in Baltimore, Maryland, following the funeral for Freddie Gray, a 25-year-old who died after suffering a severe spinal cord injury while in police custody, resulted in estimated property damage of about $24 million, according to the I.I.I..

Five of the costliest civil disorders in the U.S. occurred in the 1960s. Here’s they are:

screen-shot-2016-09-22-at-10-35-42-am

Brushing up on Terrorism Insurance

Multiple explosions over the weekend in New York and New Jersey as well as a knife attack by an individual at a mall in Minnesota come amid heightened concerns of terrorist attacks 15 years after 9/11.

Some 29 people were injured in the blast Saturday night in New York City’s Chelsea neighborhood, which is also reported to have caused significant property damage. Meanwhile, nine were injured in the Minnesota mall attack, where the suspect was killed by police.

Monday morning another explosion was reported near Elizabeth train station in New Jersey, where up to 5 devices were found, and as the FBI investigation intensified and security tightened around major transportation hubs, law enforcement officials arrested a suspect in the NY/NJ blasts.

While the unfolding events are unsettling, it’s good to know that if the home you own were damaged by an explosion and fire, personal insurance policies have you covered.

Standard homeowners insurance policies cover the homeowner for damage to property and personal possessions due to explosion, fire and smoke—the likely causes of damage in a terrorist attack, according to the Insurance Information Institute (I.I.I.), even if terrorism is not specifically referenced in the insurance policy.

Condominium or co-op owner policies also provide coverage for damage to personal possessions resulting from acts of terrorism, while damage to common areas of a building like the roof, basement, elevator, boiler and walkways would be covered providing the condo/co-op board has purchased terrorism coverage.

Standard renters insurance policies also include coverage for damage to personal possessions due to a terrorist attack. Again, coverage for the apartment complex itself must be purchased by the property owner or landlord.

If your car is damaged or destroyed in an explosion your auto insurance policy will cover the damage if you have purchased “comprehensive” coverage.

Commercial insurers are required to offer coverage against terrorist attacks and many owners of commercial property, such as office buildings, factories, shopping malls and apartment buildings,  have purchased the coverage.

Marsh estimates some 60 percent of U.S. businesses have purchased terrorism insurance, up from 27 percent in 2003.

However, losses are only covered by a commercial terrorism insurance policy if the government officially certifies an attack as an act of terrorism. Several criteria must be met for the certification to be made. If property/casualty losses do not exceed $5 million in the aggregate, the act will not be certified as an act of terrorism.

Acts of terrorism are excluded from most standard business insurance policies.

Workers compensation—a compulsory line of insurance for all businesses—covers employees injured or killed on the job and therefore automatically includes coverage for acts of terrorism.

Check out I.I.I. facts and statistics on terrorism.

Samsung Recall Underscores Emerging Tech Fire Risks

A formal recall by US safety regulators of the Samsung Galaxy Note 7 smartphone due to serious fire and burn hazards should put users on notice to power down and stop using their devices immediately and return them for a free replacement or refund.

Samsung has received 92 reports of batteries overheating in the United States, including 26 reports of burns and 55 reports of property damage, including fires in cars and a garage.

In its warning, the Consumer Product Safety Commission (CPSC) states:

“The lithium-ion battery in the Galaxy Note7 smartphones can overheat and catch fire, posing a serious burn hazard to consumers.”

The recall covers 1 million phones in the U.S., but some 2.5 million of the devices need to be recalled globally, Samsung said.

It follows a Federal Aviation Administration (FAA) brief last week urging passengers not to use Samsung Galaxy Note 7 devices on planes, nor to stow them in their checked luggage.

As the Wall Street Journal reported, identifying a specific brand or model as a potential hazard is a highly unusual move for the FAA, though agency officials previously issued warnings about the overall dangers of checking any kind of cellphones, other battery-powers electronic devices or spare batteries in the holds of planes.

Following the FAA announcement, Samsung accelerated its massive recall.

The cost of the recall to Samsung have been estimated at about $1 billion, but the costs in terms of the hit to market value, tarnished brand and reputation, and lost revenues, as well as opportunity cost could be much higher, as Forbes reports. (Note: Apple’s new iPhone 7 goes on sale today)

From the insurance perspective, the story does underscore broader concerns over increased fire risks from lithium-ion batteries.

As this National Fire Protection Association blog post explains:

“Rechargeable lithium batteries overheat more than any other type of batteries and tend to have manufacturing defects. They are also very poorly regulated. The low weight batteries house substantial energy and fit into smaller devices, but have been causing fire safety issues in smart phones, tablets, hover boards and other emerging tech devices that are popular with the buying public.”

The homeowners line of business saw the majority of fire losses in 2014, according to Insurance Information Institute facts and statistics on fire losses here.

The risks of lithium batteries are also on the radar of commercial insurers. FM Global has partnered with fire protection groups to research the fire hazards of lithium-ion batteries in warehouse storage and cargo containers, for example.

 

 

Growth Potential of Sharing Economy, and Insurance

If, like me, you’ve taken a ride to the airport with Uber, or looked into renting a holiday home via Airbnb, did you take a moment to think about your insurance coverage?

If the answer to that question is “no,” you’re not alone.

A recent public opinion survey from the Insurance Research Council (IRC) found that 56 percent of all adult Americans who said they have participated in the sharing economy indicated that they did not consider their insurance coverage at the time.

This is despite the fact that more than half of all respondents said that the sharing economy exposes the general population to increased risk.

Some 71 percent of respondents to the same survey reported little familiarity with the sharing economy, with 46 percent saying they were “not at all familiar” with the sharing economy, while 25 percent reported being “not too familiar.”

Survey respondents gave numerous reasons for not participating in the sharing economy. Unfamiliarity was cited most frequently (65 percent), while lack of need was cited by 60 percent and lack of interest by 54 percent.

However, a lack of insurance was the least cited reason for not participating.

Elizabeth Sprinkel, senior vice president of the IRC, noted:

“The substantial number of people with little experience or familiarity with the sharing economy suggests tremendous growth potential in the years ahead.”

And for insurers, too, we would add.

Check out a recent Insurance Information Institute (I.I.I.) presentation on the role of insurance in the sharing economy.

Other I.I.I. resources include information on car sharing and peer-to-peer car rental insurance as well as peer-to-peer home rental and homeowners insurance.

The IRC report, The Sharing Economy: Public Participation and Views, presents findings from an online survey conducted by GfK Public Affairs & Corporate Communications on behalf of the IRC.

A total of 1,105 online interviews were conducted for the study, using a sample drawn from GfK’s Knowledge Panel. Survey data were weighted to the U.S. population of adults aged 18 and above.

Faster Decisions, Fewer Challenges Among Cyber Buyers

Good news for cyber insurers. A majority of companies continue to have network security and data privacy insurance, and are making their purchase decisions faster and experiencing fewer purchasing challenges than in 2015.

The findings come in the newly-released 2016 Network Security and Data Privacy Study by Wells Fargo Insurance.

While in 2015 the study showed that 22 percent of companies buying insurance took more than 12 months to make the purchase decision, in 2016 just 8 percent of companies are currently taking that long, while 59 percent are taking six months or less.

Cost of coverage and finding a policy that meets a company’s needs remain the top two insurance purchasing challenges of 2016. However, the study found that 19 percent of companies did not experience any purchasing challenges, a significant improvement over 2015 when only 6 percent did not experience challenges.

The easier purchasing process may be related to less internal resistance, Wells Fargo said. Likewise, in 2016, fewer companies (24 percent) believed the risk was not big enough to warrant the purchase of network security and data privacy insurance.

screen-shot-2016-09-08-at-10-03-24-am

Of the companies in the study that had purchased insurance, one-fifth reported filing a network security and data privacy insurance claim in the last 12 months, and most were satisfied with their coverage.

Another key takeaway for cyber insurers? Protecting the business against financial loss was the primary reason for purchasing coverage (81 percent) in 2016, as in 2015. However, protecting the company’s reputation is an increasing concern, with 70 percent citing it in 2016, compared to just 58 percent in 2015.

Purchasing insurance is an important step, but it should be used in tandem with developing and testing a comprehensive incident response plan and performing a thorough cyber risk assessment, Wells Fargo noted.

The second annual study analyzed trends of network security and data privacy issues among 100 decision makers at companies with $100 million or more in annual revenue.

Check out Insurance Information Institute’s (I.I.I.’s) latest white paper on cyber risk threats and challenges here.

Disaster Preparedness? There’s an App for That

Research tells us that 40 percent of Americans use their smartphone to look up government services or information, so if you’re charging your mobile devices in preparation for Tropical Storm Hermine you might want to download the Federal Emergency Management Agency’s (FEMA) updated disaster app.

The free FEMA app now lets you receive weather alerts from the National Weather Service, so you can get alerts on severe weather happening anywhere in the country even if your phone is not located in the area. This makes it easy to track severe weather—such as a hurricane—that may be threatening you, your family and friends.

Other features of the FEMA app that will help you weather the storm include a customizable checklist of emergency supplies, maps of open shelters and disaster recovery centers, and tips on how to survive natural and man-made disasters.

Important features of the app for after the storm, include a disaster reporter where you can upload and share photos of damage and recovery efforts to help first responders, as well as easy access to apply for federal disaster assistance.

Craig Fugate, FEMA administrator:

“Emergency responders and disaster survivors are increasingly turning to mobile devices to prepare for, respond to and recover from disasters. This new feature empowers individuals to assist and support family and friends before, during, and after a severe weather event.”

The FEMA app is available for free in the Apple store for Apple devices and Google Play for Android devices.

Here at the Insurance Information Institute (I.I.I.) we also recommend you download our award-winning Know Your Plan app which helps you, your family and even your pets prepare to safely get out of harm’s way ahead of the storm.

In addition, the I.I.I. Know Your Stuff home inventory app allows you to keep an up-to-date record of your belongings so you’re fully covered in the event of an emergency.

Both I.I.I. apps are available for iPhone or Android.

Hawaii, Florida, Georgia and North Carolina Prepare for Storms

With numerous tropical systems in the Atlantic and two major hurricanes (Madeline and Lester) threatening Hawaii in the Pacific, insurers are keeping a close watch to see how things develop.

Over at Wunderblog, Dr. Jeff Masters observes that the dual scenario of two major hurricanes heading towards Hawaii is unprecedented in hurricane record keeping.

Hurricane Madeline, the closer of the two to Hawaii, intensified rapidly, growing from tropical storm to Category 3 strength in just 24 hours, Dr. Masters notes, and has since intensified to Category 4.

While the forecast models are not conclusive on the exact tracks and intensity of these named storms, it’s clear that both Hurricane Madeline and Hurricane Lester could affect Hawaii with high surf, torrential rain, and potential winds over the next week.

Hawaii’s costliest hurricane, based on insured property losses, was Hurricane Iniki in September 1992. Iniki caused $1.6 billion in damage when it occurred, or $2.7 billion in 2014 dollars, according to the Insurance Information Institute (I.I.I.).

Check out the I.I.I.’s Hawaii Hurricane Insurance Fact File for more information, including the top writers of homeowners, commercial and auto insurance.

Meanwhile, on the U.S. Atlantic coast, a tropical storm warning is in effect for the coast of North Carolina from Cape Lookout to Oregon Inlet for tropical depression eight.

A second system—tropical depression nine— is also being closely watched in the Gulf of Mexico. In its latest public advisory, the National Hurricane Center says the system is set to strengthen and that interests in central and northern Florida, and southeastern Georgia should monitor its progress.

Screen Shot 2016-08-30 at 8.29.16 AM

I.I.I.’s Florida insurance representative Lynne McChristian offers some sound advice on making sure your property insurance is ready for named storms in her latest blog post.

Take a look at I.I.I.’s North Carolina Hurricane Insurance Fact File, Georgia Hurricane Insurance Fact File, and Florida Hurricane Fact File for more information.

Allergic Reaction: EpiPen Needed to Restore Reputation

As the mother of a young child with a life-threatening nut and sesame allergy, it’s hard to remain objective and impartial when it comes to a company increasing the price of EpiPen, the life-saving allergy injector, by more than 400 percent since 2007.

However, the latest example of a company facing a public backlash, political pressure and social media storm due to its business practices illustrates the importance of having the necessary resources in place to mitigate the effects of a reputational risk crisis if and when it occurs.

As we’ve noted before in an earlier blog post, reputational risk is among the most challenging categories of risk to manage. A survey from ACE Group found that 81 percent of companies view reputation as their most significant asset—and most of them admit that they struggle to protect it.

The survey suggests that organizations need a clear framework for managing reputational risk that reduces the potential for crises, taking a multi-disciplinary approach that involves the CEO, PR specialists and other business leaders.

Mylan, the company at the center of the EpiPen controversy, has moved quickly to respond to the angry mob and to stem the drop in its share price which has so far lost investors $3 billion.

Yesterday, Mylan’s CEO Heather Bresch went on CNBC to announce the company was increasing financial assistance to patients to offset out-of-pocket costs of the EpiPen.

However, as The New York Times reports, Mylan did not say it would lower the list price — which has risen to about $600 for a pack of two EpiPens, from about $100 when Mylan acquired the product in 2007.

By the way, actress Sarah Jessica Parker also announced she is ending her relationship with Mylan after the pricing debacle broke.

Wherever you stand in this debate, the reality is the pharmaceutical industry is for-profit, as noted by Ms Bresch, and in the absence of a competitor or a generic, EpiPen is the latest example of a company trying to maximize profit.

Reputational risk is not covered by a standard business insurance policy, but companies can purchase coverage via a stand-alone policy which typically would pay fees for professional crisis management and communications services; media spending and production costs; some legal fees; other crisis response and campaign costs including research, events, social media and directly associated costs.

Newer reputation insurance products have also been developed that would cover a company’s financial losses due to reputational and brand damages.

In the mean time, in a climate of increased public, regulatory and investor scrutiny, the Mylan case is a good example of why companies need to be more proactive than ever to respond to challenges before they do serious damage to their brand and reputation.

Latest research and analysis