Specialty Coverage

If you’re a small or medium-sized business with fewer than 500 employees you might think that none of your employees would file discrimination charges against your company.

But a just-released survey by Hiscox dispels that myth, showing just how costly employment matters can be for small and medium-sized enterprises (SMEs)—and how important it is to have employment practices liability (EPL) insurance.

A representative study of 446 closed claims reported by SMEs with fewer than 500 employees found that some 19 percent of employment charges resulted in defense and settlement costs averaging a total of $125,000. On average, those matters took 275 days to resolve, Hiscox found.

While the average self-insured retention (deductible) for these charges was $35,000, without employment practices liability insurance, these companies would have been out of pocket by an extra $90,000, Hiscox said.

“Most employment matters don’t end up in court, but for those that do, the damages can be substantial,” Hiscox noted.

Its survey cites data showing the median judgment is approximately $200,000, which is in addition to the cost of defense. About 25 percent of cases result in a judgment of $500,000 or more.

Where a business is located can make a big difference in the potential employment exposure it faces.

The 2015 Hiscox Employee Lawsuit Handbook found states with the highest risk of employees filing lawsuits are: New Mexico (66 percent higher than national average), Washington DC (65 percent higher), Nevada (47 percent higher), Alabama (41 percent higher) and California (40 percent higher).

Overall, U.S.-based companies of all sizes have at least an 11.7 percent chance of having an employment charge filed against them, Hiscox found.

Claims Journal has more on this story here.

Wondering what’s covered by EPL insurance? The Insurance Information Institute (I.I.I.) explains all here.


Broker Willis has just published its commercial insurance rate predictions for 2016.

What’s the outlook for insurance buyers?

Overall, the property/casualty insurance market continues to soften and Willis predicts further softening ahead, fueled by relatively benign losses and an oversupply of capacity from traditional and non-traditional sources.

For 2016, 10 lines of insurance—property, casualty, aviation, energy, health care professional, marine, political risks, surety, terrorism and trade credit—are expecting decreases.

In contrast, just five lines of insurance—cyber, employee benefits, errors & omissions (E&O), fidelity and kidnap & ransom—are expecting increases.

The main exception to the overall softening trend is in cyber and E&O insurance, Willis reports, where the growing threat of cyber intrusion and data theft is sending rates upward.

By how much?

For retailers with POS (point-of-sale) exposures and large health care companies, rate increases are up to an eye-opening 150 percent at renewal, with additional increases on excess layers.

In fact most buyers of cyber insurance are seeing primary premium increases of up to 15 percent, Willis says. For smaller organizations (with revenues less than $1 billion) lower premium increases are typical.

What about terms and conditions?

Willis observes that underwriting requirements continue to rise and cyber insurers are also increasing retentions, reducing capacity and exiting certain sectors.

Despite the reduction in capacity by some carriers, available limits in the cyber marketplace are around $350 million to $400 million.

Willis also predicts the marketplace for first-time buyers of cyber insurance (except for POS retailers and large healthcare organizations) will continue with relatively favorable terms, conditions and pricing.

Willis offers this single piece of advice to buyers of cyber insurance:

In approaching the markets, be ready to identify key investments in security and privacy protections over the past policy year that will help differentiate you from your peers.”

The I.I.I.’s new paper Cyber Risks: Threat and Opportunities sheds more light on the rapidly evolving market for cyber insurance.

The Internet of Things (IoT) is expanding rapidly—even permeating the minds of five-year olds.

My own Kindergartener’s query from the back of the car during a routine drive to swim class the other day is a good example:

“Mummy, how did God know to create all these things that we need?” As I paused to consider the appropriate response, he answered for me: “You can just ask Siri, or Google it.”

Just how far we’ve come in our technological transformation is reflected by the development of innovative insurance products to cover the associated—and growing—risk.

A new white paper from the Insurance Information Institute (I.I.I.) Cyber Risk: Threat and Opportunity which I co-authored with I.I.I. president Dr. Robert Hartwig, offers us a glimpse of how cyber insurance has evolved as a product since the mid- to late-1990s.

From a coverage that has its origins in the so-called “Y2K” or Millennium bug that prompted fears the Year 2000 date change would cause widespread computer failure, cyber coverage in the U.S. took off in response to the enactment of numerous privacy and data breach notice laws across the country.

More than 60 insurance carriers now offer stand-alone cyber insurance policies, the I.I.I. says, and interest in this coverage continues to grow following numerous high profile data breaches. Broker Marsh estimates the U.S. cyber insurance market was worth over $2 billion in gross written premiums in 2014.

And while there are many guesstimates out there, PwC suggests the global cyber insurance market could grow to at least $7.5 billion in annual premiums by the end of the decade. PwC also suggests insurers need to move quickly to innovate before a disruptor such as Google enters the market.

No business or industry is immune from the cyber threat. Our paper takes a look at where the threats are coming from and the challenges that cyber insurers face writing this coverage given the rapidly evolving nature of cyber attacks.

How insurers manage these risks while creating products for this multi-billion market opportunity as the legal and regulatory landscape becomes more defined will determine how best we all are protected from cyber risks in the years to come.

A poll of board directors and executives from Forbes Global 2000 companies finds that cybersecurity is being taken much more seriously in the boardroom these days, as is cyber insurance.

Nearly two-thirds (63 percent) of respondents to the study developed by the Georgia Tech Information Security Center (GTISC) say they are actively addressing computer and information security, up from 33 percent in 2012.

There has also been a significant shift in the number of boards reviewing cyber insurance. Nearly half (48 percent) of respondent boards were reviewing their company’s insurance for cyber-related risks, compared with just 28 percent in 2012.

However, the 2015 survey suggests there may be confusion over what type of insurance to purchase or appropriate coverage limits. Only about half of the respondents (47-54 percent) indicated that they had quantified their business interruption and loss exposure from cyber events.

Almost all boards (90 percent) are reviewing risk assessments, and an increasing number of them (53 percent) are hiring outside experts to assist on risk issues. Interestingly, the highest degree of attention was being paid to cyber risks associated with supplier relationships.

The survey, which was supported by Forbes, the Financial Services Roundtable (FSR), and Palo Alto Networks, found that some of the biggest improvements over time have been organizational.

For example, the majority of boards (53 percent) have established a risk committee, separate from the audit committee, with responsibility for oversight of cyber risk. In 2008, just 8 percent of boards had this in place.

The financial sector far exceeds other industry sectors with 86 percent having a board risk committee separate from the audit committee, followed by the IT/Telecom sector at 43 percent.

Another positive sign? Boards are now placing much more importance on risk and security experience when recruiting board directors, with 59 percent saying their board had a director with risk expertise, and nearly one quarter (23 percent) one with cybersecurity expertise.

Something to bear in mind: the response rate to the 2015 survey was low – with results received from just 6 percent, or 121 respondents at the board or senior executive level at 1,927 Forbes Global 2000 companies.

Corporate data breaches and privacy concerns may dominate the headlines, but a new report by Allianz Global Corporate & Specialty makes the case that future cyber threats will come from business interruption (BI), intellectual property theft and cyber extortion.

The impact of BI from a cyber attack, or from operational or technical failure, is a risk that is often underestimated, according to Allianz.

It predicts that BI costs could be equal to—or even exceed—direct losses from a data breach, and says that business interruption exposures are particularly significant in sectors such as telecoms, manufacturing, transport, media and logistics.

Vulnerability of industrial control systems (ICS) to attack poses a significant threat, Allianz says.

To-date, there have been accounts of centrifuges and power plants being manipulated, such as the 2012 malware attack that disabled tens of thousands of computers at oil company Saudi Aramco, disrupting operations for a week.

However, the damage could be much higher from security sensitive facilities such as nuclear power plants, laboratories, water suppliers or large hospitals.

Business interruption can also be caused by technical failure or human error, Allianz notes.

For example, in July 2015, stocks worth $28 trillion were suspended for several hours on the New York Stock Exchange due to a computer glitch, and that same month 4,900 United Airlines flights were impacted by a network connectivity issue.

As a result, Allianz believes that within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape.

It points out that in the context of cyber and IT risks, BI cover can be very broad including business IT computer systems, but also extending to ICS used by energy companies or robots used in manufacturing.

Allianz currently estimates the cyber insurance market is worth around $2 billion in premium worldwide, with U.S. business accounting for around 90 percent of the market. However, the cyber market is expected to experience double-digit growth year-on-year and could reach in excess of $20 billion in the next 10 years.

The Allianz Cyber Risk Guide is available here.

Check out I.I.I. facts and statistics on cybercrime here.

The cyber insurance market for small- to mid-sized companies is much friendlier than the market for larger insureds, according to the findings of an annual survey just released by Betterley Risk Consultants.

The Cyber/Privacy Insurance Market Survey 2015 notes that there are many insurance products competing for the business of small and mid-sized (SME) organizations.

Brokers are actively selling cyber policies to their SME insureds, and more are buying than ever before, as they realize the potential for liability, breach and response costs, arising out of the possession of private data.

The report says:

Rates for the SME segment are still competitive and renewals are generally flat, even a bit soft, undoubtedly affected by the numerous insurers getting a foothold in the cyber insurance market. Smaller insureds tend to have lower limits and often have relatively modest claims.”

In contrast, cyber coverage for larger organizations, especially those in retail and healthcare, are finding it more difficult to buy adequate limits at a reasonable price, the report suggests, as insurers are increasingly strict about adherence to cyber security and payment card industry standards.

For the larger/retail/healthcare insured, rates are rising, with increases in the 10-25 percent range most common. But the report points out:

This is for untroubled organizations; it’s worse (up to 200 percent) if they have claims experience that has yet to result in significantly improved cybersecurity measures.”

While annual premium volume information about the U.S. cyber insurance market is hard to come by, the report concludes that annual gross written premium is growing and may be as much $2.75 billion in 2015, up from $2 billion in last year’s report.

We think the market has nowhere to go but up—as long as insurers can still write at a profit.”

This year’s report includes products offered by 31 insurers, up from 28 in 2014.

Check out the Insurance Information Institute’s (I.I.I.) online resource for business insurance here.


You may have read that the Justice Department is warning food manufacturers that they could face criminal and civil penalties if they poison their customers with contaminated food.

Recent high profile food recalls, such as the one at Texas-based Blue Bell Creameries and another at Ohio-based Jeni’s Splendid Ice Creams, have drawn attention to this issue once again.

Now a new report by Swiss Re finds that the number of food recalls per year in the United States has almost doubled since 2002, while the costs are also rising.

Half of all food recalls cost the affected companies more than $10 million each and losses of up to $100 million are possible, Swiss Re says. These figures exclude the reputational damage that may take years for a company to recover from.

Contaminated food also takes a financial toll on the public sector. According to the U.S. Department of Agriculture, costs for the U.S. public health system from hospitalized patients and lost wages in 2013 alone was $15.6 billion. In total, 8.9 million people fell ill from the 15 pathogens tracked, with over 50,000 hospitalized and 2,377 fatalities.

Demographic change is putting more sensitive consumer groups at risk. Ageing societies, an increase in allergies in the overall population and the fact that malnourishment is still prevalent in many countries are significant drivers of the increase in exposure, Swiss Re notes.

Which brings us to insurance.

A variety of insurance products are available to help companies protect their bottom line from this potentially catastrophic exposure.

Product recall/contaminated product insurance will cover the costs of recalling accidentally or maliciously contaminated food from the market, and impaired or mislabeled products that cause bodily injury, sickness, disease or death.

Product liability insurance also provides compensation of third party liability claims for bodily injury and property damage caused by an impaired product.

As Roland Friedli, risk engineer at Swiss Re and co-author of the report says:

Food recalls can be caused by something as simple as a labeling error on the packaging, or as complex as a microbial contamination somewhere along a vast globalized supply chain. Yet event a simple mistake can cost a food manufacturer millions in losses and even more in terms of reputation. Insurance and sound risk management are essential for keeping affected businesses afloat.”

Further information on product liability, recall and contamination insurance and is available from the Insurance Information Institute (I.I.I.) here.

The unfolding story on what is being described as the largest cyberattack into the systems of the United States government reads like an episode out of CSI Cyber.

Today the head of the Office of Personnel Management (OPM) Katherine Archuleta resigned as fallout continued in the wake of Thursday’s revelation that the second of two massive data breaches exposed the personal data of 21.5 million federal employees, contractors, applicants and family members.

This follows the previous breach OPM announced in June in which some 4.2 million federal personnel records were exposed.

The magnitude of the second breach is incredible. In a release, OPM states:

OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.”

As the New York Times reports here, every person given a background check for the last 15 years was probably affected (that’s 19.7 million people), as well as 1.8 million others, including their spouses and friends.

It is thought that both OPM attacks emanated from China, though this is not confirmed.

In a week in which reported technical issues halted trading on the New York Stock Exchange, grounded United Airlines flights and took the Wall Street Journal’s website offline for several hours, the OPM announcement once again highlights the limitless nature of cyber exposures.

Meanwhile, a joint report from Lloyd’s and the University of Cambridge, points to the insurance implications of a cyber attack on the U.S. power grid and potential aggregation issues for insurers.

A hypothetical blackout that plunges 15 states into darkness, including New York City and Washington DC, leaving 93 million people without power would result in estimated insurance claims of $21.4 billion, rising to $71.1 billion in the worst case scenario, the report suggests.

Insurers would see losses across many lines of business, including property damage, business interruption, contingent business interruption, liability, homeowners and events cancellation.

Claims across other areas of insurance not included in the estimate are also possible, such as: injury-related claims; auto; property fire; industrial accidents; and environmental liability.

As Lloyd’s says in the report, one of the biggest concerns for insurers is that cyber risk is not constrained by the conventional boundaries of geography, jurisdiction or physical laws:

The scalability of cyber attacks – the potential for systemic events that could simultaneously impact large numbers of companies – is a major concern for participants in the cyber insurance market who are amassing large numbers of accounts in their cyber insurance portfolio.”

The financial impact of cyber exposures is close to exceeding those of traditional property, yet companies are reluctant to purchase cyber insurance coverage.

These are the striking findings of a new Ponemon Institute  survey sponsored by Aon.

Companies surveyed estimate that the value of the largest loss (probable maximum loss) that could result from theft or destruction of information assets is approximately $617 million, compared to an average loss of $648 million that could result from damage or total destruction of property, plant and equipment (PP&E).

Yet on average, only 12 percent of information assets are covered by insurance. By comparison, about 51 percent of PP&E assets are covered by insurance.

The survey found that self-insurance is higher for information assets at 58 percent, compared to 28 percent for PP&E.

In some ways, these results are not surprising.

Cyber insurance is a relatively new product, and while interest continues to increase, it will take time for the purchase rate to catch up with traditional insurances.

That said, the values at stake are enormous and as the report states, the likelihood of loss is higher for information assets than PP&E.

Another important takeaway from the survey is that business disruption has a much greater impact on information assets ($207 million) than on PP&E ($98 million).

This suggests the fundamental nature of probable maximum loss (PML) varies considerably for intangible assets vs. tangible assets, Ponemon says.

Business disruption represents 34 percent of the PML for information assets, compared to only 15 percent of the PML for PP&E.

A footnote states that while the survey results suggest PML in the neighborhood of $200 million, a growing number of companies are using risk analysis and modeling to suggest potential losses in excess of $500 million to over $1 billion and seek cyber insurance limit premium quotes and policy terms for such amounts.

More information on the growth in cyber insurance is available from the I.I.I. here.

Some 2,243 individuals involved in cyber and enterprise risk management at companies in 37 countries responded to the Ponemon survey.

The Kentucky Derby is upon us and insurers are more than just spectators at this major sporting event.

Bloodstock and equestrian insurance is big business with underwriters who specialize in offering tailored protection for high value animals.

Consider the staggering values at stake. A BloombergBusiness article by Mason Levinson tells the tale of American thoroughbred racehorse Tapit.

Tapit began his stud career with an initial stallion fee of $15,000. That fee has soared 20-fold in the past decade and in 2015 Tapit will generate over $30 million for his owners.


Tapit’s offspring tend to win races.

As Bloomberg reports:

By 2009, his offspring’s racetrack earnings placed him 28th on a national ranking of stallions, according to data compiled by the Bloodhorse. He climbed to 12th the next year, then third in 2011 and first in 2014, a position he has maintained over the first four months of this year.”

One of Tapit’s sons, Frosted, is a top contender in Saturday’s Kentucky Derby.

Today, Tapit’s total value is estimated at about $120 million, the article reports.

Luckily, there’s insurance for that. Whether you own racehorses, stallions, broodmares, or showjumpers, insurers are able to tailor a policy that meets your needs.

A bloodstock insurance policy typically would cover a number of different risks.

For example, all risks mortality would cover the value of the animal if it dies as a result of accident, disease or illness. Theft can also be covered, as well as loss of use (covering financial loss) and public liability.

If you run an equine breeding program, permanent infertility insurance is another important coverage. Stallions are the “calling card” of a major farm and can be synonymous with the farm’s name and reputation.

If a stallion becomes permanently impotent, infertile, or incapable of serving mares, it can be a huge setback for the owner, breeder or shareholder. This important coverage protects one of their most valuable assets.

Perhaps one of the most high-profile equine insurance claims over the years involved the death of thoroughbred Alydar in 1990. Check out this Blood-Horse feature article by Tom Dixon, the Lloyd’s of London insurance adjuster who was first on the scene when Alydar was found in his stall at Calumet Farm with a broken leg.

Next Page »