Welcome to The Betterley Report Blog on Specialty Insurance

Welcome to The Betterley Report Blog on Specialty Insurance Products.  In this blog, I hope to shed some light on the different specialty insurance products available to commercial insureds, and how individual products differ from one another.  With luck, we’ll be providing information that helps readers choose the right types of products for themselves and their clients.

If you are familiar with The Betterley Report, you know that I write about specialty insurance products designed for commercial insureds of all sizes.  I have been authoring these Reports since the mid-’90s (!), and am fortunate to have many of the leading insurance companies, agents and brokers, reinsurers, attorneys, and service providers, as well as Risk Managers and CFOs, as subscribers.

As I talk with my readers, they often ask me about new developments in the products I cover.  With each Report limited to an annual freshening, we have not had a way to provide interim updates.  I figure that this blog might solve that problem nicely, since I can report on new products and changes in existing products as they are hitting the market.  Since I don’t want to just be an outlet for press releases, I’ll be sure to offer some observations about those products as well.

These Reports are available only to subscribers, and each Report is updated annually.  Some of the products I research are Cyber Risk, Directors & Officers Liability, Technology Errors & Omissions, Employment Practices Liability, and Intellectual Property insurance.  There are 6 Reports each year.

I write The Betterley Report for insurance professionals that want to find out who has the most appropriate insurance product for their clients, and for insurance companies  looking for competitor intelligence.  To be candid, I also write because I believe that comparative information helps drive improvement in the product .  As an independent risk management consultant (which means I advise clients on the types of insurance they need and which insurers they should buy them from, as well as alternatives such as self insurance), improving the breed is a passion for me.

So, welcome – this is a work in progress, and I hope you will join me in moving the specialty insurance products business forward.

Note: just got my first comment on our October issue (covering Side A D&O products), so I’d better get blogging.

Cyber Endorsements for Traditional Insurance Policies

Sandy Hauserman (of Digital Risk Resources) and I co-authored an article on cyber product add-ons to traditional insurance policies (such as BOPs and Management Liability).  It is published in the May issue of IRMI’s Risk Report.  Although normally available only by subscription, IRMI was kind enough to make this article available at no charge.

The article examines the various mechanisms by which cyber coverages and services can be offered to smaller insureds on a cost-effective basis, as well as some of the challenges of doing so.  It includes examples of the approaches various carriers are using.

The article is here.

More on Cyber Risk Management Services – An Interview with Oliver Brew of Liberty International Underwriters

I have been thinking, researching, and writing about applying the lessons we have learned from the property and EPL lines of insurance to Cyber/Privacy insurance for some time now.  As a line, Cyber seems to have a great opportunity to educate, encourage, and reward insureds that are careful with the data for which they are responsible.  Insurance can be a great lever to improve the risk profile of its customers; Cyber 3.0 makes use of that lever by making available Value-added Risk Management Services to insureds.

One area that I am very interested in is the intersection of risk management services offered by the Insurer and the use of those services by their Insureds.  As we learned in EPLI, a good set of services doesn’t necessarily mean that Insureds will make use of them.

Liberty International Underwriters is offering a particularly deep set of value-added Risk Management Services to its Cyber insurance insureds.  I interviewed Oliver Brew, Vice President, Specialty Casualty, Liberty International Underwriters to gain a better understanding of those services and how they are delivered.

Q: Oliver, you recently introduced your Data Insure Privacy and Security Risk Management Services product for mid-sized and larger insureds.  What does it provide for services that an insured wouldn’t normally find in a Cyber/Privacy policy?

A: Risk management services have evolved a lot since they were first offered almost as an afterthought with the early privacy policies. We include access to privacy specialists who can, for example, answer that tricky question about how a new product or service might impact the privacy stance of an organization. We offer an online client portal with a wealth of resources regarding privacy compliance and regulatory issues, but also practical help like training templates and posters, and sample privacy policies to help guide clients through what is a complex and fast-changing area.

Q: Who provides these services and how did you select the providers?

A: We have partnered with ePlace Solutions who have been long-time experts in providing data privacy risk management solutions to complement our insurance offering. We work with them to develop relevant content about current issues, and also to respond to client demands as they change.

 Q: One problem I often see with Value-added Risk Management Services is that insureds don’t take advantage of them as much as they should.  This obviously makes the service less valuable and even worse leads underwriters to resist reducing premiums for what ought to have been an effective loss reduction strategy.  How does LIU address this dilemma?

A: Yes – I have seen that issue in my career, where what starts as well-intentioned service becomes a cost to the carrier without the associated benefit due to lack of usage.  We have addressed this by a dual approach – firstly we spend a lot of time with brokers, educating them about the services as a core part of our offering, so that it is integral to our insurance solution. Secondly every client is contacted after purchasing an LIU Data Insure policy to let them know about the services and make sure that the appropriate people within the organization have access to the resources. The person making insurance purchase decisions may not be the same person responsible for privacy issues.

Q: Is there any additional cost or a time limitation for the insured using these services?

A: No – these costs are paid for by LIU. I firmly believe there is a long-term benefit to LIU loss ratios when our clients are better educated and aware of the exposures.

 Q: What if the insured would like to obtain more services from the providers; can they do so at a favorable cost?

A:  Yes – we have relationships with a number of providers of comprehensive privacy risk management services such as a HIPAA privacy assessments and more technical legal reviews which we can facilitate.

 Q: Can you describe which insureds should consider this approach to coverage, and what their incentives are?

A: All organizations can benefit from the support provided by risk managements services, but particularly those where perhaps the privacy function is not as mature. Many companies are still considering data privacy insurance for the first time, and this can be a significant factor in their decision-making as to how the insurance will support them, not just in the event of a claim. There are also aspects of the product they can use and benefit from, even if they do not have a claim. For clients, it is like having access to an employee privacy training department without the overhead.

 Q: How can our readers get more information about this product?

A: http://www.liu-usa.com/omapps/ContentServer?pagename=LIUUSA/Views/Main&ft=2&cid=1240007318048&ln=en

Thank you, Oliver – I appreciate your providing some insight into the value-added risk management services LIU is providing to its Cyber insureds.

 

WRIN TV Story About Cloud Computing

Discussion and confusion continue to reign when it comes to cloud computing (is that a pun?).  WRIN.TV brought some clarity to the topic and how coverage might apply.

I liked the idea that the interview questions went beyond insurance risks to include business risk.

The interview is here.

Intellectual Property and Media Liability Insurance Market Survey 2013 posted – some observations

April is the month in which I release our IP and Media Liability Market Survey, which focuses on the 2 lines that cover the various forms of Intellectual Property.  The free Executive Summary is here.  The full Report can be ordered from IRMI here.

The Report includes a discussion of the RPX RRG for patent infringement as well as adds the Euclid Media Liability product to the carriers we review.

This year I included an interview with Bob Fletcher of Intellectual Property Insurance Services; the interview focuses on the history of the coverage, marketing challenges, and how he sees its future.  Bob is the godfather of IP insurance and I am pleased to include his thoughts.

Your comments and suggestions are welcomed.

 

Intellectual Property insurance interview on WRIN.tv

You can see my most recent thinking on the topic of IP coverage and the market need on WRIN.tv by clicking here.  In case it isn’t obvious, this was a challenging interview, even though it was based on a Report I had just finished.  IP is a complex topic from an insurance standpoint.

Speaking of that Report – it is the April issue (Intellectual Property and Media Liability Insurance Market Survey 2013), which has now been posted at the  IRMI site (scroll down on the IRMI page and click on Intellectual Property and Media Liability link).

As always – feel free to let me know if you have any questions or suggestions.

WRIN.TV interview on current trends in Cyber insurance

Yesterday WRIN.TV asked me for an update on Cyber insurance products.  They asked specifically about new and emerging threats, whether coverage forms would provide protection, and trends in the market.

Naturally I had some thoughts to share.

The interview can be viewed at WRIN.TV On Demand or by clicking here.

Larry Clinton of The Internet Security Alliance and some startling statistics about privacy security in the health care industry

Larry Clinton, the longtime head of the Internet Security Alliance spoke at last week’s PHI Protection Forum, the founding conference of the PHI Protection Network.

Larry’s keynote presentation focused on PHI Security and Privacy, and reminded me of the challenges facing underwriters of Cyber/Privacy coverage for health care organizations.

He spoke about the significant and ongoing attacks on our technology infrastructure and the theft of intellectual capital by state-sponsored actors, and about the need to defend against those attacks on a national level.

Larry also spoke at length about the theft and corruption of data ongoing at individual organizations and the ability of organizations to protect themselves from those threats - whether state sponsored or by criminal gangs (reminding us that the individual hobby hacker is far from the only threat).

He made some pointed observations about the state of the health care industry in its protection of Private Health Data, especially with regard to the implementation of Electronic Health Records.  EHR systems are vulnerable given industry practice & the skill level needed to exploit them is low.

(I have edited the following for clarity)

Citing an important study of the state of health care information security, PWC’s 2013 State of Info Security Survey data regarding health care organizations, Larry noted:

• Most executives in the HC industry are confident in the effectiveness of their security practices. They believe their strategies are sound and many consider themselves to be leaders in the field
• (And yet, only) 42% have a strategy & (are) proactive in executing it
• 65% are confident their info sec practices are effective - that is DOWN 15% from 2009
• Of the 4 key criteria of information security leadership, ONLY 6% RANK AS LEADERS
• 60% do NOT have a policy for third parties to comply with privacy policies
• 73% use mal code detection tools; DOWN 16%
• 48% use tools to find unauthorized devices; DOWN 14%
• 51% use intrusion detection tools; DOWN 19%
• 48% use vulnerability scanning tools; DOWN 15%
• 31% DON’T KNOW when info sec is part of major projects –ONLY 18% at project inception
• 90% HC respondents say protecting employee & customer data is important - few know where the data is stored (43% have an accurate inventory of data)
• Adopting new technology (is outpacing) security – new technology referring to cloud 28%, mobile 46%, soc media 45%, personal devices 51%

The reasons? As noted by Larry:

• Lack of funding 53%
• 20% top leadership “is an impediment to improved security.”
• Only 43% report security breaches
• Diminished budgets have resulted in degraded security programs, incidents are on the rise, new technologies are being adopted faster than safeguards
• There are short-term economic incentives to be insecure (VoIP, use personal devices, the Cloud)
• HC providers report lower $ loss from incidents but many do not perform thorough or consistent analysis to appraising those losses, e.g. only 33% consider damage to brand as a financial loss

I certainly understand the pressures on the health care industry – severe cost pressures, a focus on the patient above all, and rapidly evolving technology.

So – why am I posting this? Because in my research, I find that Health Care insureds are the most often cited target markets for standalone Cyber insurers.  And because I care about the quality of health care.

I ask – are Cyber insurers sufficiently equipped to assess the Cyber risks of the health care industry?  Considering the poor state of Cyber/Privacy security reported in PWC’s study – I sure hope so.