Category Archives: Privacy Insurance

Specialty Insurance Year End Wrap-up Webinar 12/12 at 11 AM by Advisen

Please forgive me for a bit of self-promotion, but this program should be really good; I already learned a lot from our panelists’ conference call.

On Thursday morning, December 12 at 11 AM (eastern time), I will be on a panel moderated by Advisen’s David Bradford to review the trends and developments of 2013 in Specialty Lines insurance. The panel of experts will also provide insight into 2014 & beyond. This free, one-hour webinar is sponsored by OneBeacon Professional Insurance; registration is here.

The panel includes:

  • Paul Romano, President, OneBeacon Professional Insurance
  • David Lewison, National Practice Leader, AmWINS
  • Rick Betterley, President, Betterley Risk Consultants
  • David Bradford, President, Research & Editorial division, Advisen (moderator)

The economy continued to improve in 2013, which generally benefitted the insurance market. For specialty insurers, however, the year posed a number of challenges. Healthcare reform continued to reshape the risk landscape of hospitals and other healthcare organizations. Lawyers continued to feel the fallout of the credit crisis and recession as claims activity remained above historical averages. Network security challenges further evolved in the endless cat-and-mouse game between cyber criminals and system security experts.

This webinar will review the trends and developments of 2013 in “Specialty Lines” insurance. Our panel of experts also will provide their insights into the factors that will influence the market in 2014 and beyond.

Hope you can join us!


Private Company Management Liability Markets – WRINTV interview

WRINTV asked me to share our findings about the Private Company Management Liability market and product trends; here is the link to the interview.  It builds off of our August issue (Private Company Management Liability Market Survey 2013).

I continue to be impressed with the depth and breadth of WRIN TV’s content (and not just because I am a source, although I do like the opportunity to share our findings with its audience).  John Greene, Ken Simon, and their colleagues at World Risk and Insurance News have really done something special by creating and nurturing this resource.  Well done.

My Recent Thoughts on Cyber Value-added Services and on the Small/medium Organization Marketplace

Many of you may know that I am deeply interested in specialty insurance value-added risk management services, especially for Cyber and for EPL products.  I’m always happy to share my thoughts about the current state of those services, and what might be done to make them even better.

After my panel presentation on Cyber at PLUS in November, Insurance Journal interviewed me on Cyber value-added services and on the challenges of marketing Cyber to the small- and-mid-sized organization.  The interview video is brief (4 minutes) and can be viewed here.  I hope that the video will give a good sense of how I see these services and the SME marketing challenges.

My thanks to Insurance Journal for asking all the right questions, and for giving me the opportunity to offer my thoughts.

An Empirical Analysis of Data Breach Litigation – an analysis of 230 federal data breach lawsuits

Good data are hard to find – especially about data breach litigation.  But thanks to the NetDiligence blog, I came across this interesting study of 230 federal data breach lawsuits heard during the 2000-2010 time period.  Although originally published in February, I haven’t seen the study mentioned as much as I might have expected.

The study (available here) asks:

  • What data breaches are being litigated in federal court? and
  • Which data breach lawsuits are settling?

Well worth reading.

Cyber Privacy Insurance Market Survey 2012 published last night

And a lot of work it was, as we weeded out much of the Technology E&O coverage details that had crept in over the years.  The issue of Tech E&O coverages combined with Cyber/Privacy coverages is important to pay attention to; many Cyber products are built on a common platform with Tech E&O coverages, and it is not easy to separate them.  We do, though, as we believe our Cyber readers want to know about Cyber, our Tech readers want to know about Tech E&O, and mingling the two in our Reports makes it harder to make use of them.

We also added 3 new carriers (Argo Pro, Berkley, and RSUI), and have removed Euclid, as that market is only available to insureds that buy Technology E&O.  Euclid is still included in our February Tech E&O Market Survey.

Some of the highlights of the Report:

  • Total premiums estimated at $1 billion for the first time, up from $800 million in 2011
  • Substantial growth in policy count as smaller insureds buy coverage, and premium growth as larger insureds buy higher limits
  • Rates remain competitive as carriers try to defend or gain market share
  • Higher limits available for Breach Response coverages
  • Industry specialization continues, especially for health care insureds (probably the fastest growing Cyber insurance buying segment)
  • More carriers are negotiating improved prices for breach response services

Our Report also includes a guest article by Mac Brinton, President of InfoGard Laboratories, describing the Safe Harbor opportunities for certified protected health care information, a concept that we think significantly reduces the chance of a breach response claim for qualified health care organizations.  Mac’s article begins on page 13.

The Executive Summary of the Report can be found at our website and at the IRMI site.  Subscribers should go here to log in for access to the full Report.

Poll results are in: thoughts and a summary on renaming Cyber Insurance

Little did I know when I created my simple LinkedIn poll on ideas for renaming Cyber Insurance that we would receive 122 votes and 27 comments.  Since it is now closed, here are the results:

The poll was limited in that it required the participants to choose from 5 names, and did not allow an answer of ‘none of the above.’  Happily, some of the comments included their own suggestion.

Summarizing the poll results:

  • Information Security Insurance – 63 votes (52%)
  • Network Security Insurance – 23 votes (19%)
  • Privacy Insurance – 16 votes (13%)
  • Data Breach Insurance – 14 (11%)
  • Network Breach Insurance – 6 votes (5%)

There were several suggestions offered up; some of the more creative included:

  • Complete Data Breach insurance (which tried to get at a description of all kinds of data, not just electronic, which is an important distinction; won’t fly with the insurance industry, but I like the attitude)
  • Information (or Data) Wellness insurance (doing healthy things to better manage exposures)
  • Information insurance (to simplify the name, similar to life insurance, auto insurance, fire insurance, etc.)

And there were some great comments, such as:

  • The term Cyber focuses insureds too much on technology risk, and may encourage investments in technology solutions while ignoring risks that arise from non-tech risk
  • And from one commentator, although he didn’t originally like the term ‘cyber’, he has warmed to it, because:

– It means nothing (which means we can apply the definition we want to it)
– It is catchy (true)
– Some people actually know what it generally means

What does all of this say about the product term Cyber Insurance?

I took away the following:

  • There’s a lot of unease about the accuracy of the product term Cyber, which seems to emanate from the idea that this line of insurance (should) cover a lot more than cyber-related risks
  • Suggestions seem to focus on Information instead of Cyber.  I like that idea, since (as noted) cyber-based data is only one source of claims.  Claims can result from loss of data that occurs not only through network breaches but also through other  channels, such as lost or stolen laptops, thumb drives, disks, tapes, and paper records.  I believe that Information includes cyber but is not restricted to cyber, so is a more accurate term.
  • But, before we go about changing names (not that I have that kind of influence), cyber has been the term for some time now, and many users know what it means.  We might change it to a more current (accurate?) term, but will it really be understood any better?

I promised a free copy of The Betterley Report Cyber Insurance Market Survey 2011 and our Middle Market Purchasing Opinions on Cyber Insurance Study to the best suggestion.  Although there were many good ones I thought Erich Bublitz of ThinkRisk showed great insight when he commented:

“It is difficult naming the coverage in part because the coverage varies so much from market to market and what is a good description for one policy is not a good description for another policy. However, keeping the term Cyber is doing a disservice to the industry and to the insureds. When people hear cyber, they assume IT which often makes the IT leader assume this coverage is being bought to cover IT and they then want to make the case they could better spend the money on a firewall or IDS. Additionally, we as an industry want, and the data security industry want, clients to start thinking about enterprise risk management, rather than IT risk management. The term cyber is not helping make the transition to ERM.”

I’d like to thank the 122 participants in the poll and the many others that read the comments, even if they didn’t offer any themselves.

Poll results for ‘Does Cyber insurance need a new name?’

If you recall, I created a poll on LinkedIn, asking for suggestions and comments.

The results are here, although there may still be additional comments in the next couple of weeks.

Looking at those results, there is a clear preference for Information Security Insurance, which I rather like (and admittedly proposed – although I randomized the poll questions, I did make my vote public, which probably biased the results).

There have been requests to broaden the choices; I had restricted them to 5 in the interest of clarity, but maybe I need to rethink this.

Anyway – go take a look at the results for some interesting insight into how some very knowledgeable people in the cyber insurance arena see the product and its role.