Category Archives: Specialty Coverage

A brief history of ransom insurance

Did you know that ransom insurance is one of the oldest insurance coverages out there?

People needed insurance because of pirates

Beginning in the early 16th and continuing into the 19th century, state-supported pirates and privateers operating out of North African coastal cities (the “Barbary States”) preyed upon European and colonial commercial shipping.

One lucrative practice was to capture a ship and sell everyone on board into slavery. We don’t know exactly how many people were captured over the centuries, but they probably numbered in the hundreds of thousands. You may have even heard of one particularly famous captive: Miguel de Cervantes, author of Don Quixote.

(Fun fact: some of the first military conflicts for a young United States were the “Barbary Wars” from 1801 – 1805 and again in 1815 – 1816, which were attempts to stop pirate depredations on American shipping. One researcher estimated that the annual costs of Barbary piracy to the U.S., including insurance costs, were equivalent to $10 billion to $20 billion in terms of today’s economy.)

How did ransom insurance work?

Slaves could generally regain their freedom in two ways (if you don’t count mounting a daring escape). One was to convert to Islam – the Barbary States were Muslim and most of their captives were Christian.

A second way was to pay a ransom.

In the early days, churches and families would set up collections to help pay for the release of enslaved captives. That’s how Cervantes was freed in 1580. But starting in the 17th century, cities and states also began to set up ransom insurance pools.

One of the first pools, called the “Sklavenkasse” (literally: “slave insurance”), was established in the German port city Hamburg in the 1620s. That’s over 60 years before Lloyd’s coffeehouse was first mentioned as a proto-insurance shop.

Other places soon followed suit with insurance pools of their own. Individual sailors, churches, and shipping organizations would typically contribute to these pools, which paid out when a participant was captured by Barbary pirates and held for ransom. There were even established rates for how much a ransom should cost: a steersman could fetch 700 Reichstaler (the currency used in Germany at the time), while a common sailor cost a mere 60 Reichstaler.

(For the German speakers out there, you can read more about how the pools worked here.)

Ransom insurance today

Although Barbary piracy faded away in the 19th century, ransom insurance is still available today, usually for important individuals who travel to dangerous regions. Called “kidnap and ransom insurance”, it generally reimburses for ransom payments and other damages, including some medical payments.

And because criminals are creative, we also now have “ransomware” insurance, which covers costs from a ransomware attack. That’s when a hacker freezes a computer system – and will only unfreeze it in exchange for a ransom payment, usually in bitcoin. How the times have changed.

Small businesses need cyber insurance – just like everyone else.

Used to be, hackers would spend most of their time hitting big companies with deep pockets and troves of customer data.  

But the times have changed. Launching a hack is as cheap and as easy as never before. Because of this, lots of hackers are playing small-ball by going after small businesses.  

Their calculations make sense. A ransomware payout might only be a few hundred dollars, but if hackers can hit hundreds of businesses simultaneously, their ill-gotten loot adds up pretty quickly.  

Small businesses know they’re at risk. According to a recent Insurance Information Institute (I.I.I.) and J.D. Power 2018 Small Business Cyber Insurance and Security Spotlight Survey, 70 percent of surveyed businesses said that the risk of being victimized by a cyberattack is growing at an alarming rate.  

But only a minority have cyber insurance. Only 31 percent said they have cyber insurance – and 70 percent said they don’t have plans to purchase a policy. (Commercial cyber insurance varies across policies but will usually cover expenses incurred from a data breach, like lost revenue, legal costs, and crisis-management.) 

Meanwhile, we found that 10 percent of respondents said they have experienced at least one cyber incident in the prior year. To give you some perspective, that’s about the same rate as drivers get into auto accidents.  

Imagine getting into an accident and not having auto insurance. It’s an expensive proposition. The same goes for cyberattacks – we found that the average small business cyber losses for the past year were $188,400. That’s a lot of money for a small company to absorb.   

As hackers continue to get nimbler, the need for small businesses to have cyber insurance will grow. It’s incumbent on insurers to educate their business clients about the value of cyber coverage.  

And the value is there to see: 97 percent of our survey respondents who had cyber insurance and were hacked said that their coverage was good enough to make them whole again.  

Insurance plays critical role in World Cup

Soccer fans are eagerly anticipating the 2018 World Cup to commence in Russia on June 14.  The monthlong competition presents significant risks ranging from kidnapping, to cyberattack, to event cancellation, and without insurance it’s unlikely an event such as this could take place.

The London insurer Beazley, estimates that construction related risks are insured for $2.5 billion, event cancellation, including loss of TV rights and sponsorship, for $1.6 billion and terrorism and acts of violence for $1.3 billion. Star players are insured for injury for up to $200 million each.

“Without insurance there would be no World Cup, no Olympics or little organized competitive sport”,

said Michael Furtschegger, head of entertainment international at insurer Allianz Global Corporate & Specialty.

Marijuana in the Workplace: What Happens When Business Managers in Legal-Use States “Just Say ‘No’”?

By James Ballot, I.I.I. senior advisor, special content projects

The conversation about marijuana use has evolved. Once, in the not too distant past, we (meaning our appointed civic leaders, parents and other authority figures) had the luxury of taking an absolutist stance about weed. Fast-forward to today, and the discussion is mostly a constructive exchange between or among parties invested in positive outcomes, and willing to embrace wide-ranging points of view.

Marijuana users—particularly persons permitted lawful therapeutic use of cannabis—are both empowered and motivated to pursue legal protection from discrimination potentially caused by employer “zero tolerance” policies.

So, what’s an employer to do? In “Marijuana, the Workplace and EPLI – Clearing the Haze,” Mindy Pollack, J.D., Product Specialist and Vice President in Gen Re’s Treaty department, lays out a few hypotheticals to clarify the situation (i.e., legal use of cannabis by new hires and employees). She also identifies solutions like EPLI policies that offer coverage against claims, as well as guidance for how employers can tailor conduct bylaws to better fit the new realities as legal marijuana use becomes the norm.

In short, the courts are split on discrimination claims related to marijuana use. That leaves employers with no single answer when the marijuana question comes up. Add to that the variations in state laws and workplace scenarios, and you have even less clarity.

Small business and cyber insurance

Risk management services are an important way cyber insurance adds value for small businesses, according to a new I.I.I. paper.

In Protecting Against #Cyberfail: Small Business and Cyber Insurance, I.I.I. co-authors James Lynch and Claire Wilkinson say:

“The provision of these types of services is considered a growth area in the cyber market for SMBs, where price may be a barrier to insurance coverage in the first place. For larger companies, cyber-related risk management services may be offered at a discount or for free.

“For SMBs in particular, offering a risk management or training solution where they can learn more and keep themselves up-to-date on current threats is perhaps most valuable.”

Also heard at the Advisen Cyber Risk Insights Conference in NYC last week: part of the value proposition for SMBs is that cyber policies offer solutions, not just coverage.

Andy Lea, vice president underwriting for E&O, Cyber and Media, CNA, told the conference: “The value proposition is more prominent with SME and middle market companies that just don’t have resources available in-house to manage risks. This is an opportunity for brokers and carriers to add value.”

What cybersecurity measures do businesses have in place?

In the third week of National Cyber Security Awareness Month, Insurtech Insights newsletter by CB Insights gives a timely update on the cyber insurance market, and where startups are playing in this growing industry.

It notes the “tremendous opportunity” to sell cyber insurance to small businesses.

A recent Better Business Bureau study estimates that 15 percent of small businesses have cyber insurance. BBB Accredited Businesses are almost three times as likely to include cybersecurity insurance.

Fortunately, about nine out of 10 businesses reported to the BBB they have some cybersecurity measures in place, with the most common ones: antivirus; firewall; and employee education:

How to protect employees against harassment

What are companies doing to protect employees against harassment? This question has added weight after the October 8 firing of Harvey Weinstein by the board of Weinstein Co. following reports of sexual harassment complaints against him. Earlier firings at Fox News and Uber have also brought the issue into focus.

From MarketWatch: “Companies are increasingly buying insurance, including employment practices insurance to cover costs associated with employment lawsuits,” said David Yamada, a professor of law and the director of the New Workplace Institute at Suffolk University.”

Some insurers are also providing training materials for companies to teach their employees about sexual harassment in hope of avoiding it, Yamada added.

Per this 2016 Betterley report, more insurers are partnering with vendors to offer risk management services, such as training and education, consultation and outreach to insureds:

“EPLI value-added services remain an important part of the product when done right, offering employers access to tools that can truly make a difference in the frequency and the severity of claims—as well as the bad feelings that accompany employee/ employer disputes.”

Gross written premium for employment practices liability insurance (EPLI) increased to $2.1 billion in 2015, according to MarketStance data.

I.I.I. information on EPLI coverage is available here.

A first look at the Equifax cyber loss

$125 million. That’s the first estimate of the insurance industry loss due to the Equifax cyber breach published by Property Claim Services (PCS).

Per Artemis blog:

“PCS’ initial estimate of the insurance market impact due to the Equifax hack attack is $125 million, however the firm said that the economic impact to the credit giant is expected to be much larger.

“PCS noted that there are outstanding coverage issues which could reduce the likelihood of the Equifax cyber insurance loss reaching the $125 million estimate, so it could be revised down it would appear.”

Equifax’s specific cyber insurance policy could provide as much as $150 million of coverage, according to Artemis.

Launched in early September, the PCS Global Cyber service provides industry loss estimates for cyber risk loss events of at least $20 million worldwide. The Equifax hack was its first designated event and PCS has since designated its second global cyber loss event, the impact of the Petya/non-Petya malware attack on pharmaceutical giant Merck & Co in June.

Why music festivals are among the hardest risks to insure

Headed to a music festival this summer? It’s the insurance for these events, rather than the music, that is drawing the headlines.

From Bloomberg, via Claims Journal:

“Big events, those the caliber of Coachella and Bonnaroo, typically take on at least five kinds of insurance policies: cancellation, including terrorism coverage, general liability, umbrella policies, workers’ compensation, and business auto coverage.”

FiveThirtyEight asks: what’s the typical cost of cancellation insurance for a music festival? Bloomberg has the answer:

“Cancellation insurance will typically cost 1 percent to 1.5 percent of the overall cost of an event, as much as $150,000 for a $10 million festival.”

Unpredictable weather, the threat of terrorism, and the demographics of festival attendees, are some of the factors that make music festivals one of the hardest risks to insure.

From the Argo Global blog, a post by David Boyle, contingency class underwriter, offers this perspective on why: Without intervention, festivals are likely to disappear from insurers’ books:

“Festivals, which sometimes include dozens of acts, can’t often be rescheduled in the event of inclement weather unlike concerts or other live performances.”

And:

“Threats to festivals are not isolated to the increasingly unpredictable weather. Terrorism is now a very real threat to high profile events which often lack the security procedures of more permanent crowded places.”

Key takeaway:

“In our view, if the festival insurance market is to return to profitability, then intervention will have to come in the form of significantly increased pricing and, particularly for smaller events, improved risk mitigation processes.”

How do ransomware attacks impact cyber insurance loss ratios?

Another global ransomware attack, dubbed Petya, has disrupted operations at major firms across Europe and the United States.

More than 100 companies and organizations across various industries were affected, including shipping and transport firm AP Moller-Maersk, advertising firm WPP, law firm DLA Piper, Russian steel and oil firms Evraz and Rosneft, French construction materials company Saint-Gobain, food company Mondelez, drug giant Merck & Co, and Pennsylvania healthcare systems provider Heritage Valley Health System.

Today’s Insurance Information Institute Daily, via The Wall Street Journal, reports that the attack has exposed previously unknown weaknesses in computer systems widely used in the West.

The U.S. cyber insurance market grew by 35 percent from 2015 to 2016, based on recent reports.

From A.M. Best: U.S. property/casualty insurers wrote $1.35 billion in direct written premium for cyber insurance in 2016.

Overall, cyber insurance for the majority of companies was profitable and the direct loss ratio decreased by 4.5 percentage points to 46.9 percent in 2016, from 51.4 percent in 2015.

Ransomware attacks are part of the reason for the decline in the loss ratio, A.M. Best explains:

“The decline in direct loss ratio for 2016 is partially attributed to the majority of reported cyber-attacks being related to ransomware heists. In almost all ransomware cases, the losses were well below the deductible and a simple backup recovery resolved and remedied any negative long-term effect of the attacks.”

Read our earlier post on insurance for ransomware attacks.