Category Archives: Specialty Coverage

Allergic Reaction: EpiPen Needed to Restore Reputation

As the mother of a young child with a life-threatening nut and sesame allergy, it’s hard to remain objective and impartial when it comes to a company increasing the price of EpiPen, the life-saving allergy injector, by more than 400 percent since 2007.

However, the latest example of a company facing a public backlash, political pressure and social media storm due to its business practices illustrates the importance of having the necessary resources in place to mitigate the effects of a reputational risk crisis if and when it occurs.

As we’ve noted before in an earlier blog post, reputational risk is among the most challenging categories of risk to manage. A survey from ACE Group found that 81 percent of companies view reputation as their most significant asset—and most of them admit that they struggle to protect it.

The survey suggests that organizations need a clear framework for managing reputational risk that reduces the potential for crises, taking a multi-disciplinary approach that involves the CEO, PR specialists and other business leaders.

Mylan, the company at the center of the EpiPen controversy, has moved quickly to respond to the angry mob and to stem the drop in its share price which has so far lost investors $3 billion.

Yesterday, Mylan’s CEO Heather Bresch went on CNBC to announce the company was increasing financial assistance to patients to offset out-of-pocket costs of the EpiPen.

However, as The New York Times reports, Mylan did not say it would lower the list price — which has risen to about $600 for a pack of two EpiPens, from about $100 when Mylan acquired the product in 2007.

By the way, actress Sarah Jessica Parker also announced she is ending her relationship with Mylan after the pricing debacle broke.

Wherever you stand in this debate, the reality is the pharmaceutical industry is for-profit, as noted by Ms Bresch, and in the absence of a competitor or a generic, EpiPen is the latest example of a company trying to maximize profit.

Reputational risk is not covered by a standard business insurance policy, but companies can purchase coverage via a stand-alone policy which typically would pay fees for professional crisis management and communications services; media spending and production costs; some legal fees; other crisis response and campaign costs including research, events, social media and directly associated costs.

Newer reputation insurance products have also been developed that would cover a company’s financial losses due to reputational and brand damages.

In the mean time, in a climate of increased public, regulatory and investor scrutiny, the Mylan case is a good example of why companies need to be more proactive than ever to respond to challenges before they do serious damage to their brand and reputation.

Banner Health Breach: Are You Covered?

Up to 3.7 million payment card and patient medical records are reported to have been compromised in a cyber attack at Phoenix, Arizona-based healthcare provider Banner Health, underscoring the threat faced by the medical/healthcare sector.

Beginning June 17, the attack targeted Banner Health patients, health plan members, healthcare providers and retail customers.

On its website, Banner Health said it had discovered in early July that cyber attackers may have gained unauthorized access to computer systems targeting payment card data at food and beverage locations, including cardholder name, card number, expiration date and internal verification code.

In late July, Banner Health also discovered that patient information, health plan member and beneficiary information may have been compromised—including names, birthdates, addresses, physicians’ names, dates of service, claims information, and possibly health insurance information and social security numbers.

Physician and provider information may also have been compromised, including names, addresses, dates of birth, social security numbers and other identifiers.

As investigators look into the specifics of this breach, a glance at the numbers reveals that Banner Health will almost double the number of records compromised in U.S. data breaches targeting the medical/healthcare sector in 2016, per figures released by the Identity Theft Resource Center (ITRC).

As of August 2, 2016, some 206 data breach events, exposing just under 5 million records, had been tracked against the medical/healthcare sector, according to the ITRC. Make that 207 data breaches, exposing 8.7 million records.

With Banner Health, total data breach events year-to-date will also rise to at least 573 breaches, with 17.2 million records exposed. (This does not account for any other data breaches that may have occurred since August 2).

A recent Ponemon report wisely reminded us that “no healthcare organization, regardless of size, is immune from data breach.”

In the last two years, the average cost of a data breach for healthcare organizations was estimated at more than $2.2 million, according to Ponemon.

“Data breaches in healthcare are increasingly costly and frequent, and continue to put patient data at risk. Based on the results of this study, we estimate that data breaches could be costing the healthcare industry $6.2 billion.”

Criminal attacks are currently the leading cause of breaches in healthcare, Ponemon said. All the more reason for cyber insurance to be purchased, as the I.I.I. advises in this white paper.

Insurers Ready for the Summer Olympics

Opening ceremonies for 2016 Summer Olympics in Rio de Janeiro are just days away and amid crime, security and public health concerns, it is the global insurance industry that provides the critical risk coverage needed for this sporting event to go ahead.

More than 10,000 athletes from 206 countries will come together in Rio to participate in a total of 665 events which are expected to attract up to 500,0000 international spectators as well as a considerable number of domestic tourists.

Approximately $1 billion in insurance is in place for this event, via a policy purchased by the International Olympic Committee (IOC), Business Insurance reports.

The policy, underwritten by major reinsurers Swiss Re and Munich Re, covers the IOC in the event the games need to be canceled due to a natural catastrophe, civil unrest, pandemic or terrorism.

It also covered the 2012 London Summer Olympics and the 2014 Winter Olympics in Sochi, Russia.

Terrorism coverage for the Olympic Village which will house the athletes, has been underwritten in the London and international markets, according to the Business Insurance article.

Though a major global sporting event gives terrorists a worldwide audience for spectacular attacks, London-based risk consulting firm Control Risks continues to assess the terrorism threat in Rio as low.

Screen Shot 2016-08-01 at 10.55.54 AM

Bomb disposal experts detonated a controlled explosion Sunday night to destroy a suspicious package found at Maracana Stadium, site of the Olympics opening ceremonies (pictured above). There are also concerns about lone wolf attacks.

In a security briefing, Control Risks notes that there is no history of transnational terrorism in Brazil, and the country continues to rely heavily on its foreign policy (based on principles of multilateralism, peaceful settlement of disputes and non-interventionism) as a main source of protection.

Brazil has set up its largest security operation in history to address the unique challenges surrounding the event and its counter-terrorism strategy is built on the lessons learned from the country’s successful hosting of the 2014 World Cup.

Some 47,000 Brazilian security professionals have been deployed and the country is also relying on foreign expertise. In 2015, Brazil sent around 100 police officers abroad to learn about best practices for managing large international events, including the Boston and Berlin marathons, and the Tour de France.

In addition to the events taking place in Rio, the football tournament will also be held in five other cities: Manaus, Belo Horizonte, Brasília, Salvador and São Paulo. Some 38,000 members of the armed services as well as security forces will patrol the five football host cities.

Crime and public safety will be the most pressing concerns during the sporting events, Control Risks notes, though significant disruption to travel and logistics is also anticipated due to protests.

Tensions in many urban centers, including Rio de Janeiro, remain elevated as a result of Brazil’s ongoing political and economic crisis. While most demonstrations are likely to be peaceful, there is a credible risk of clashes between security forces and protesters, particularly if the security forces adopt a heavy-handed approach.

Control Risks advises companies to continue to monitor the situation closely.

While the Zika virus has been billed as the biggest public health threat, experts say the bigger concerns for visitors are actually traffic accidents, the Flu, and pollution.

Check out Insurance Information Institute facts and statistics on terrorism. Check out CDC guidance on the Zika virus in Brazil here.

Employment Matters Cost

If you’re a small or medium-sized business with fewer than 500 employees you might think that none of your employees would file discrimination charges against your company.

But a just-released survey by Hiscox dispels that myth, showing just how costly employment matters can be for small and medium-sized enterprises (SMEs)–and how important it is to have employment practices liability (EPL) insurance.

A representative study of 446 closed claims reported by SMEs with fewer than 500 employees found that some 19 percent of employment charges resulted in defense and settlement costs averaging a total of $125,000. On average, those matters took 275 days to resolve, Hiscox found.

While the average self-insured retention (deductible) for these charges was $35,000, without employment practices liability insurance, these companies would have been out of pocket by an extra $90,000, Hiscox said.

“Most employment matters don’t end up in court, but for those that do, the damages can be substantial,” Hiscox noted.

Its survey cites data showing the median judgment is approximately $200,000, which is in addition to the cost of defense. About 25 percent of cases result in a judgment of $500,000 or more.

Where a business is located can make a big difference in the potential employment exposure it faces.

The 2015 Hiscox Employee Lawsuit Handbook found states with the highest risk of employees filing lawsuits are: New Mexico (66 percent higher than national average), Washington DC (65 percent higher), Nevada (47 percent higher), Alabama (41 percent higher) and California (40 percent higher).

Overall, U.S.-based companies of all sizes have at least an 11.7 percent chance of having an employment charge filed against them, Hiscox found.

Claims Journal has more on this story here.

Wondering what’s covered by EPL insurance? The Insurance Information Institute (I.I.I.) explains all here.

 

Bucking the Rating Trend

Broker Willis has just published its commercial insurance rate predictions for 2016.

What’s the outlook for insurance buyers?

Overall, the property/casualty insurance market continues to soften and Willis predicts further softening ahead, fueled by relatively benign losses and an oversupply of capacity from traditional and non-traditional sources.

For 2016, 10 lines of insurance–property, casualty, aviation, energy, health care professional, marine, political risks, surety, terrorism and trade credit–are expecting decreases.

In contrast, just five lines of insurance–cyber, employee benefits, errors & omissions (E&O), fidelity and kidnap & ransom–are expecting increases.

The main exception to the overall softening trend is in cyber and E&O insurance, Willis reports, where the growing threat of cyber intrusion and data theft is sending rates upward.

By how much?

For retailers with POS (point-of-sale) exposures and large health care companies, rate increases are up to an eye-opening 150 percent at renewal, with additional increases on excess layers.

In fact most buyers of cyber insurance are seeing primary premium increases of up to 15 percent, Willis says. For smaller organizations (with revenues less than $1 billion) lower premium increases are typical.

What about terms and conditions?

Willis observes that underwriting requirements continue to rise and cyber insurers are also increasing retentions, reducing capacity and exiting certain sectors.

Despite the reduction in capacity by some carriers, available limits in the cyber marketplace are around $350 million to $400 million.

Willis also predicts the marketplace for first-time buyers of cyber insurance (except for POS retailers and large healthcare organizations) will continue with relatively favorable terms, conditions and pricing.

Willis offers this single piece of advice to buyers of cyber insurance:

In approaching the markets, be ready to identify key investments in security and privacy protections over the past policy year that will help differentiate you from your peers.”

The I.I.I.’s new paper Cyber Risks: Threat and Opportunities sheds more light on the rapidly evolving market for cyber insurance.

Cyber Insurance: Growing and Innovating

The Internet of Things (IoT) is expanding rapidly–even permeating the minds of five-year olds.

My own Kindergartener’s query from the back of the car during a routine drive to swim class the other day is a good example:

“Mummy, how did God know to create all these things that we need?” As I paused to consider the appropriate response, he answered for me: “You can just ask Siri, or Google it.”

Just how far we’ve come in our technological transformation is reflected by the development of innovative insurance products to cover the associated–and growing–risk.

A new white paper from the Insurance Information Institute (I.I.I.) Cyber Risk: Threat and Opportunity which I co-authored with I.I.I. president Dr. Robert Hartwig, offers us a glimpse of how cyber insurance has evolved as a product since the mid- to late-1990s.

From a coverage that has its origins in the so-called “Y2K” or Millennium bug that prompted fears the Year 2000 date change would cause widespread computer failure, cyber coverage in the U.S. took off in response to the enactment of numerous privacy and data breach notice laws across the country.

More than 60 insurance carriers now offer stand-alone cyber insurance policies, the I.I.I. says, and interest in this coverage continues to grow following numerous high profile data breaches. Broker Marsh estimates the U.S. cyber insurance market was worth over $2 billion in gross written premiums in 2014.

And while there are many guesstimates out there, PwC suggests the global cyber insurance market could grow to at least $7.5 billion in annual premiums by the end of the decade. PwC also suggests insurers need to move quickly to innovate before a disruptor such as Google enters the market.

No business or industry is immune from the cyber threat.  Our paper takes a look at where the threats are coming from and  the challenges that cyber insurers face writing this coverage given  the rapidly evolving nature of cyber attacks.

How insurers manage these risks while creating products for this multi-billion market opportunity as the legal and regulatory landscape becomes more defined will determine how best we all are protected from cyber risks in the years to come.

Cybersecurity Governance Moves Up Boardroom Agenda

A poll of board directors and executives from Forbes Global 2000 companies finds that cybersecurity is being taken much more seriously in the boardroom these days, as is cyber insurance.

Nearly two-thirds (63 percent) of respondents to the study developed by the Georgia Tech Information Security Center (GTISC) say they are actively addressing computer and information security, up from 33 percent in 2012.

There has also been a significant shift in the number of boards reviewing cyber insurance. Nearly half (48 percent) of respondent boards were reviewing their company’s insurance for cyber-related risks, compared with just 28 percent in 2012.

However, the 2015 survey suggests there may be confusion over what type of insurance to purchase or appropriate coverage limits. Only about half of the respondents (47-54 percent) indicated that they had quantified their business interruption and loss exposure from cyber events.

Almost all boards (90 percent) are reviewing risk assessments, and an increasing number of them (53 percent) are hiring outside experts to assist on risk issues. Interestingly, the highest degree of attention was being paid to cyber risks associated with supplier relationships.

The survey, which was supported by Forbes, the Financial Services Roundtable (FSR), and Palo Alto Networks, found that some of the biggest improvements over time have been organizational.

For example, the majority of boards (53 percent) have established a risk committee, separate from the audit committee, with responsibility for oversight of cyber risk. In 2008, just 8 percent of boards had this in place.

The financial sector far exceeds other industry sectors with 86 percent having a board risk committee separate from the audit committee, followed by the IT/Telecom sector at 43 percent.

Another positive sign? Boards are now placing much more importance on risk and security experience when recruiting board directors, with 59 percent saying their board had a director with risk expertise, and nearly one quarter (23 percent) one with cybersecurity expertise.

Something to bear in mind: the response rate to the 2015 survey was low — with results received from just 6 percent, or 121 respondents at the board or senior executive level at 1,927 Forbes Global 2000 companies.

Cyber Business Interruption Risk Often Underestimated

Corporate data breaches and privacy concerns may dominate the headlines, but a new report by Allianz Global Corporate & Specialty makes the case that future cyber threats will come from business interruption (BI), intellectual property theft and cyber extortion.

The impact of BI from a cyber attack, or from operational or technical failure, is a risk that is often underestimated, according to Allianz.

It predicts that BI costs could be equal to–or even exceed–direct losses from a data breach, and says that business interruption exposures are particularly significant in sectors such as telecoms, manufacturing, transport, media and logistics.

Vulnerability of industrial control systems (ICS) to attack poses a significant threat, Allianz says.

To-date, there have been accounts of centrifuges and power plants being manipulated, such as the 2012 malware attack that disabled tens of thousands of computers at oil company Saudi Aramco, disrupting operations for a week.

However, the damage could be much higher from security sensitive facilities such as nuclear power plants, laboratories, water suppliers or large hospitals.

Business interruption can also be caused by technical failure or human error, Allianz notes.

For example, in July 2015, stocks worth $28 trillion were suspended for several hours on the New York Stock Exchange due to a computer glitch, and that same month 4,900 United Airlines flights were impacted by a network connectivity issue.

As a result, Allianz believes that within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape.

It points out that in the context of cyber and IT risks, BI cover can be very broad including business IT computer systems, but also extending to ICS used by energy companies or robots used in manufacturing.

Allianz currently estimates the cyber insurance market is worth around $2 billion in premium worldwide, with U.S. business accounting for around 90 percent of the market. However, the cyber market is expected to experience double-digit growth year-on-year and could reach in excess of $20 billion in the next 10 years.

The Allianz  Cyber Risk Guide  is available here.

Check out I.I.I. facts and statistics on cybercrime here.

More Small and Mid-Sized Companies Buying Cyber Insurance

The cyber insurance market for small- to mid-sized companies is much friendlier than the market for larger insureds, according to the findings of an annual survey just released by Betterley Risk Consultants.

The Cyber/Privacy Insurance Market Survey 2015 notes that there are many insurance products competing for the business of small and mid-sized (SME) organizations.

Brokers are actively selling cyber policies to their SME insureds, and more are buying than ever before, as they realize the potential for liability, breach and response costs, arising out of the possession of private data.

The report says:

Rates for the SME segment are still competitive and renewals are generally flat, even a bit soft, undoubtedly affected by the numerous insurers getting a foothold in the cyber insurance market. Smaller insureds tend to have lower limits and often have relatively modest claims.”

In contrast, cyber coverage for larger organizations, especially those in retail and healthcare, are finding it more difficult to buy adequate limits at a reasonable price, the report suggests, as insurers are increasingly strict about adherence to cyber security and payment card industry standards.

For the larger/retail/healthcare insured, rates are rising, with increases in the 10-25 percent range most common. But the report points out:

This is for untroubled organizations; it’s worse (up to 200 percent) if they have claims experience that has yet to result in significantly improved cybersecurity measures.”

While annual premium volume information about the U.S. cyber insurance market is hard to come by, the report concludes that annual gross written premium is growing and may be as much $2.75 billion in 2015, up from $2 billion in last year’s report.

We think the market has nowhere to go but up–as long as insurers can still write at a profit.”

This year’s report includes products offered by 31 insurers, up from 28 in 2014.

Check out the Insurance Information Institute’s (I.I.I.) online resource for business insurance here.

 

Insurance Responds To Rising Costs of Food Recalls

You may have read that the Justice Department is warning food manufacturers that they could face criminal and civil penalties if they poison their customers with contaminated food.

Recent high profile food recalls, such as the one at Texas-based Blue Bell Creameries and another at Ohio-based Jeni’s Splendid Ice Creams, have drawn attention to this issue once again.

Now a new report by Swiss Re finds that the number of food recalls per year in the United States has almost doubled since 2002, while the costs are also rising.

Half of all food recalls cost the affected companies more than $10 million each and losses of up to $100 million are possible, Swiss Re says. These figures exclude the reputational damage that may take years for a company to recover from.

Contaminated food also takes a financial toll on the public sector. According to the U.S. Department of Agriculture, costs for the U.S. public health system from hospitalized patients and lost wages in 2013 alone was $15.6 billion. In total, 8.9 million people fell ill from the 15 pathogens tracked, with over 50,000 hospitalized and 2,377 fatalities.

Demographic change is putting more sensitive consumer groups at risk. Ageing societies, an increase in allergies in the overall population and the fact that malnourishment is still prevalent in many countries are significant drivers of the increase in exposure, Swiss Re notes.

Which brings us to insurance.

A variety of insurance products are available to help companies protect their bottom line from this potentially catastrophic exposure.

Product recall/contaminated product insurance will cover the costs of recalling accidentally or maliciously contaminated food from the market, and impaired or mislabeled products that cause bodily injury, sickness, disease or death.

Product liability insurance also provides compensation of third party liability claims for bodily injury and property damage caused by an impaired product.

As Roland Friedli, risk engineer at Swiss Re and co-author of the report says:

Food recalls can be caused by something as simple as a labeling error on the packaging, or as complex as a microbial contamination somewhere along a vast globalized supply chain. Yet event a simple mistake can cost a food manufacturer millions in losses and even more in terms of reputation. Insurance and sound risk management are essential for keeping affected businesses afloat.”

Further information on product liability, recall and contamination insurance and is available from the Insurance Information Institute (I.I.I.) here.