Category Archives: Specialty Coverage

Small business and cyber insurance

Risk management services are an important way cyber insurance adds value for small businesses, according to a new I.I.I. paper.

In Protecting Against #Cyberfail: Small Business and Cyber Insurance, I.I.I. co-authors James Lynch and Claire Wilkinson say:

“The provision of these types of services is considered a growth area in the cyber market for SMBs, where price may be a barrier to insurance coverage in the first place. For larger companies, cyber-related risk management services may be offered at a discount or for free.

“For SMBs in particular, offering a risk management or training solution where they can learn more and keep themselves up-to-date on current threats is perhaps most valuable.”

Also heard at the Advisen Cyber Risk Insights Conference in NYC last week: part of the value proposition for SMBs is that cyber policies offer solutions, not just coverage.

Andy Lea, vice president underwriting for E&O, Cyber and Media, CNA, told the conference: “The value proposition is more prominent with SME and middle market companies that just don’t have resources available in-house to manage risks. This is an opportunity for brokers and carriers to add value.”

What cybersecurity measures do businesses have in place?

In the third week of National Cyber Security Awareness Month, Insurtech Insights newsletter by CB Insights gives a timely update on the cyber insurance market, and where startups are playing in this growing industry.

It notes the “tremendous opportunity” to sell cyber insurance to small businesses.

A recent Better Business Bureau study estimates that 15 percent of small businesses have cyber insurance. BBB Accredited Businesses are almost three times as likely to include cybersecurity insurance.

Fortunately, about nine out of 10 businesses reported to the BBB they have some cybersecurity measures in place, with the most common ones: antivirus; firewall; and employee education:

How to protect employees against harassment

What are companies doing to protect employees against harassment? This question has added weight after the October 8 firing of Harvey Weinstein by the board of Weinstein Co. following reports of sexual harassment complaints against him. Earlier firings at Fox News and Uber have also brought the issue into focus.

From MarketWatch: “Companies are increasingly buying insurance, including employment practices insurance to cover costs associated with employment lawsuits,” said David Yamada, a professor of law and the director of the New Workplace Institute at Suffolk University.”

Some insurers are also providing training materials for companies to teach their employees about sexual harassment in hope of avoiding it, Yamada added.

Per this 2016 Betterley report, more insurers are partnering with vendors to offer risk management services, such as training and education, consultation and outreach to insureds:

“EPLI value-added services remain an important part of the product when done right, offering employers access to tools that can truly make a difference in the frequency and the severity of claims—as well as the bad feelings that accompany employee/ employer disputes.”

Gross written premium for employment practices liability insurance (EPLI) increased to $2.1 billion in 2015, according to MarketStance data.

I.I.I. information on EPLI coverage is available here.

A first look at the Equifax cyber loss

$125 million. That’s the first estimate of the insurance industry loss due to the Equifax cyber breach published by Property Claim Services (PCS).

Per Artemis blog:

“PCS’ initial estimate of the insurance market impact due to the Equifax hack attack is $125 million, however the firm said that the economic impact to the credit giant is expected to be much larger.

“PCS noted that there are outstanding coverage issues which could reduce the likelihood of the Equifax cyber insurance loss reaching the $125 million estimate, so it could be revised down it would appear.”

Equifax’s specific cyber insurance policy could provide as much as $150 million of coverage, according to Artemis.

Launched in early September, the PCS Global Cyber service provides industry loss estimates for cyber risk loss events of at least $20 million worldwide. The Equifax hack was its first designated event and PCS has since designated its second global cyber loss event, the impact of the Petya/non-Petya malware attack on pharmaceutical giant Merck & Co in June.

Why music festivals are among the hardest risks to insure

Headed to a music festival this summer? It’s the insurance for these events, rather than the music, that is drawing the headlines.

From Bloomberg, via Claims Journal:

“Big events, those the caliber of Coachella and Bonnaroo, typically take on at least five kinds of insurance policies: cancellation, including terrorism coverage, general liability, umbrella policies, workers’ compensation, and business auto coverage.”

FiveThirtyEight asks: what’s the typical cost of cancellation insurance for a music festival? Bloomberg has the answer:

“Cancellation insurance will typically cost 1 percent to 1.5 percent of the overall cost of an event, as much as $150,000 for a $10 million festival.”

Unpredictable weather, the threat of terrorism, and the demographics of festival attendees, are some of the factors that make music festivals one of the hardest risks to insure.

From the Argo Global blog, a post by David Boyle, contingency class underwriter, offers this perspective on why: Without intervention, festivals are likely to disappear from insurers’ books:

“Festivals, which sometimes include dozens of acts, can’t often be rescheduled in the event of inclement weather unlike concerts or other live performances.”

And:

“Threats to festivals are not isolated to the increasingly unpredictable weather. Terrorism is now a very real threat to high profile events which often lack the security procedures of more permanent crowded places.”

Key takeaway:

“In our view, if the festival insurance market is to return to profitability, then intervention will have to come in the form of significantly increased pricing and, particularly for smaller events, improved risk mitigation processes.”

How do ransomware attacks impact cyber insurance loss ratios?

Another global ransomware attack, dubbed Petya, has disrupted operations at major firms across Europe and the United States.

More than 100 companies and organizations across various industries were affected, including shipping and transport firm AP Moller-Maersk, advertising firm WPP, law firm DLA Piper, Russian steel and oil firms Evraz and Rosneft, French construction materials company Saint-Gobain, food company Mondelez, drug giant Merck & Co, and Pennsylvania healthcare systems provider Heritage Valley Health System.

Today’s Insurance Information Institute Daily, via The Wall Street Journal, reports that the attack has exposed previously unknown weaknesses in computer systems widely used in the West.

The U.S. cyber insurance market grew by 35 percent from 2015 to 2016, based on recent reports.

From A.M. Best: U.S. property/casualty insurers wrote $1.35 billion in direct written premium for cyber insurance in 2016.

Overall, cyber insurance for the majority of companies was profitable and the direct loss ratio decreased by 4.5 percentage points to 46.9 percent in 2016, from 51.4 percent in 2015.

Ransomware attacks are part of the reason for the decline in the loss ratio, A.M. Best explains:

“The decline in direct loss ratio for 2016 is partially attributed to the majority of reported cyber-attacks being related to ransomware heists. In almost all ransomware cases, the losses were well below the deductible and a simple backup recovery resolved and remedied any negative long-term effect of the attacks.”

Read our earlier post on insurance for ransomware attacks.

Ransomware: Does Cyber Insurance Make Sense?

As organizations look to recover from the disruption caused by Friday’s massive global ransomware cyberattack, the value of cyber insurance, and other cybersecurity tools, just multiplied exponentially.

Security researchers at Kaspersky Lab recorded more than 45,000 attacks in 74 countries including the UK, Russia, Ukraine, India, China and Italy, the Guardian reports.

The UK’s National Health Service, French car manufacturer Renault, and Spain’s telecommunications giant Telefonica were among those hit by the so-called WannaCry ransomware, which locks up computer systems until the victims pay a ransom.

Cyber risk modeling firm Cyence estimates the average individual ransom cost from the attacks at $300, and the total economic costs from interruption to business at $4 billion, according to this Reuters report.

Kevin Kalinich, global head of Aon’s cyber risk practice, told Reuters:

“If you’re a hospital that turned away patients, if you’re a global delivery company that can’t send a package, or a telecom company in Spain, Russia or China, the financial statement impact from the business interruption is much larger than the $300 ransomware.”

Insurance coverage for ransomware (see earlier post), and other forms of extortion, is available under cyber insurance policies, or other types of policies that specifically cover cyber extortion.

An insured’s ransom payment following an attack is typically covered, subject to individual policy terms and conditions, according to this I.I.I. white paper.

Cyber policies also provide coverage for the costs of forensic investigation, restoring lost or corrupted data, legal expenses and business interruption.

Here are some of the considerations that go into the decision to purchase coverage.

A Recovered Rockwell And The Art Of Coverage

Artwork and other valuable items like antiques and jewelry are often targets of theft which is why it’s important to have them properly appraised and insured.

Take this story of the Norman Rockwell painting “Boy Asleep with Hoe” (pictured below) which has been returned to the family of its original owners in Philadelphia more than 40 years after its theft.

In today’s I.I.I. Daily: the painting was taken in 1976 from a family home in Cherry Hill, New Jersey. The family then filed a claim to their insurer, Chubb. Chubb insured the painting, paid the claim and acquired the painting’s title.

As Antiques and the Arts reports, the 40-year art mystery was solved when a lawyer contacted the FBI’s art crimes division in October that a client had a painting that didn’t belong to him that he wished to return.

The estimated value of the recovered painting is put at between $600,000 and $1 million, significantly more than its value at the time of theft.

The family returned the 1970s claims payment to Chubb in exchange for the painting. Chubb will donate the funds to Norman Rockwell Museum in Stockbridge, Massachusetts.

I.I.I. tip: A standard homeowners policy offers only limited coverage for high value items. If you have belongings that exceed these limits, you should consider supplementing your policy with a floater, a separate policy that provides additional insurance. Before purchasing a floater, the items covered must be professionally appraised. Don’t forget to add these belongings to your home inventory.

Flaming Insurance

No, we’re not talking insurance for damage or loss to property because of fire. This type of flaming insurance helps businesses recover when unflattering information that hurts their brand or image goes viral online.

Asia Insurance Review reports that Sompo Japan has started selling “enjo” insurance (flaming insurance) coverage to compensate a target of “enjo” (widespread flaming of a target due to negative rumors or scandals.)

Sompo’s new product – a first of its kind in Japan – will compensate any target of “enjo” whether or not the rumors are groundless or based on fact.

In the event of a viral outbreak, Sompo will cover expenses for a positive media campaign, research into why the negativity began, and the cost of public apologies if needed.

Coverage could be useful for businesses suddenly the target of unwanted social media attention. For example, as RocketNews24 reports, McDonald’s Japan had to deal with a long-burning enjo after a tainted chicken scandal.

What’s the cost of this coverage? Premiums will run from JPY500,000 to JPY600,000 ($4,343-$5,213).

Minimizing Human Error At The Oscars

One week since we were left scratching our heads following the botched best picture announcement at the 89th Academy Awards ceremony, the liability ripples from an apparent act of human error continue to spread.

Just to recap: the mix-up occurred after a PricewaterhouseCoopers partner mistakenly handed presenter Warren Beatty the wrong envelope for the best picture award.

As the LA Times reported early on, the mistake instantly turned into a public relations nightmare for the accounting firm which has handled the balloting process for the Academy Awards for 83 years.

For its part, PwC quickly moved to mitigate damage to its brand, issuing an apology and accepting full responsibility for the mixup.

Brian Cullinan and Martha Ruiz, the two PwC partners involved, have been permanently removed from all Academy activities. PwC said the partners did not follow through protocols for correcting the error quickly enough.

Whether or not the Academy will terminate its contract with PwC, industry lawyers say there are a number of potential liability issues that could arise, per this article by The Hollywood Reporter.

Others say public perception and doubts about PwC’s expertise could be a costly risk factor going forward.

As the fallout continues, the two PwC accountants involved now need security protection due to the public backlash.

While this human error did not happen in the process of crunching the numbers, it does highlight how important it is for businesses to manage their professional liability risks.

Insurers have developed professional liability policies to meet the unique needs of a wide range of industries. Crisis response and helping businesses to protect their reputation are among the services insurers provide.