I have been thinking, researching, and writing about applying the lessons we have learned from the property and EPL lines of insurance to Cyber/Privacy insurance for some time now. As a line, Cyber seems to have a great opportunity to educate, encourage, and reward insureds that are careful with the data for which they are responsible. Insurance can be a great lever to improve the risk profile of its customers; Cyber 3.0 makes use of that lever by making available Value-added Risk Management Services to insureds.
One area that I am very interested in is the intersection of risk management services offered by the Insurer and the use of those services by their Insureds. As we learned in EPLI, a good set of services doesn’t necessarily mean that Insureds will make use of them.
Liberty International Underwriters is offering a particularly deep set of value-added Risk Management Services to its Cyber insurance insureds. I interviewed Oliver Brew, Vice President, Specialty Casualty, Liberty International Underwriters to gain a better understanding of those services and how they are delivered.
A: Risk management services have evolved a lot since they were first offered almost as an afterthought with the early privacy policies. We include access to privacy specialists who can, for example, answer that tricky question about how a new product or service might impact the privacy stance of an organization. We offer an online client portal with a wealth of resources regarding privacy compliance and regulatory issues, but also practical help like training templates and posters, and sample privacy policies to help guide clients through what is a complex and fast-changing area.
Q: Who provides these services and how did you select the providers?
A: We have partnered with ePlace Solutions who have been long-time experts in providing data privacy risk management solutions to complement our insurance offering. We work with them to develop relevant content about current issues, and also to respond to client demands as they change.
Q: One problem I often see with Value-added Risk Management Services is that insureds don’t take advantage of them as much as they should. This obviously makes the service less valuable and even worse leads underwriters to resist reducing premiums for what ought to have been an effective loss reduction strategy. How does LIU address this dilemma?
A: Yes – I have seen that issue in my career, where what starts as well-intentioned service becomes a cost to the carrier without the associated benefit due to lack of usage. We have addressed this by a dual approach – firstly we spend a lot of time with brokers, educating them about the services as a core part of our offering, so that it is integral to our insurance solution. Secondly every client is contacted after purchasing an LIU Data Insure policy to let them know about the services and make sure that the appropriate people within the organization have access to the resources. The person making insurance purchase decisions may not be the same person responsible for privacy issues.
Q: Is there any additional cost or a time limitation for the insured using these services?
A: No – these costs are paid for by LIU. I firmly believe there is a long-term benefit to LIU loss ratios when our clients are better educated and aware of the exposures.
Q: What if the insured would like to obtain more services from the providers; can they do so at a favorable cost?
A: Yes – we have relationships with a number of providers of comprehensive privacy risk management services such as a HIPAA privacy assessments and more technical legal reviews which we can facilitate.
Q: Can you describe which insureds should consider this approach to coverage, and what their incentives are?
A: All organizations can benefit from the support provided by risk managements services, but particularly those where perhaps the privacy function is not as mature. Many companies are still considering data privacy insurance for the first time, and this can be a significant factor in their decision-making as to how the insurance will support them, not just in the event of a claim. There are also aspects of the product they can use and benefit from, even if they do not have a claim. For clients, it is like having access to an employee privacy training department without the overhead.
Q: How can our readers get more information about this product?
Thank you, Oliver – I appreciate your providing some insight into the value-added risk management services LIU is providing to its Cyber insureds.