Cyber Insurance and the SME Market – How SME’s are the Soft Underbelly of the Cyber Security World

WRIN.TV interviewed me recently about the Small- to Mid-sized enterprise and its place in the Cyber security and insurance worlds.  Note that I used the plural, as the two are still way too separate.

This is a topic that is really interesting, as the interconnections of our global economy create exposures where none existed before.  It is my contention that large enterprises need to tighten up their vendor security to have any hope of being secure themselves.

The 1st part of my interview is here:

Part two will focus on the Cyber insurance market for SMEs and should be available later in February; when it is, I will post the link here.



A Briefing on Cyber Insurance for the Compliance Office

Nymity, a global research company specializing in compliance tools for the privacy office, asked me to offer my thoughts on Cyber insurance from the perspective of the Chief Compliance Officer.  The idea was to provide the non-insurance professional with key information about:

  • The coverages available,
  • The risks of not buying coverage,
  • Why so many organizations don’t buy coverage,
  • Coverage traps to avoid,
  • Value-added risk management services, and
  • Five recommendations for buying coverage

Nymity allowed me to publish it in this blog, so here it is: What is Cyber Insurance Interview

I’d like to thank Nymity for making this information available to the Compliance Officer profession.  There are many parties interested in the purchase of a Cyber policy; helping get the word out to all of them is vital.

Please click here for more information about Nymity.

Intellectual Property and Media Liability insurance – state of the market and a forecast for the future; interviews on WRIN TV

For those of us that can’t get enough of IP and Media insurance, here is a 2-part interview on the state of that market and my comments on its prospects.

Part one covers the current state of the IP and Media Liability insurance market:

Part two offers my forecast for its future and observations as to why there aren’t more buyers (yet):



RIMS Cyber Insurance Session Tuesday 9-11 AM – Cyber 3.0: Cutting-Edge Advancements in Insurance Coverage for Cyber Risk and Reality

I’ll be on the panel at this Innovative Level session on advanced Cyber insurance, addressing our vision of what Cyber needs to be, both for the benefit of insureds and of insurers. If you are attending, please feel free to come up to the podium after the session to say ‘hi’.
Here is the session description:

Category: Insurance and Contract Management
Level: Innovative
Date: Tuesday, April 29, 2014
Time: 9:00 AM – 11:00 AM
Room: 607

Cyber attacks are on the rise with unprecedented frequency, sophistication and scale. They are pervasive across industries and borders. Network security alone cannot fully address the issue-no security system is impenetrable. Every organization is at cyber risk, but not all understand the vital role that insurance can play. Some mistakenly assume that cyber insurance is primarily for financial, health care or retail institutions. Yet, the U.S. Securities and Exchange Commission advises that all disclosures should include a description of “relevant insurance coverage” for cyber risk. This session is hosted by RIMS Pittsburgh Chapter.
Learning Objective:

Explore the newest cyber insurance products.

Assemble a best practices checklist to facilitate successful placement.
Know how to enhance off-the-shelf insurance forms through negotiation.


Ellen Holland, Chief Risk Officer, Oregon University System
Roberta Anderson, Partner, K&L GATES LLP
Roberta Anderson, Partner, K&L GATES LLP
Richard Betterley, President, Betterley Risk Consultants, Inc.
Mark Camillo, Head of Network Security & Privacy Products, Americas, AIG
Risk Manager
Debra Samuel, Manager, Insurance Risk Management, Alcoa Inc.

Comments on the EPLI Market Place

Why rates are increasing at a faster pace than most commercial liability products, and comments on Wage & Hour and Social Media coverages.

Less dry, more personal – my WRINTV interview on the EPLI marketplace, in which I expand on some of my thoughts in EPLI Market Survey 2013.

Updates to Our EPLI Market Survey 2013 – The HSB Product

We wrote about the HSB fully-reinsured EPLI product in our December EPLI Market Survey.  We call it a ‘private label’ product as it is developed, serviced, and continually enhanced by HSB but provided by specific insurers.  This product has been an important coverage offering for carriers that may wish to take a more turn-key approach to the complex EPLI line.

HSB notes that the product uses their claims adjusting services (not just guidelines) and that it has recently been made available for employers with fewer than 100 (previously 50) employees. By referral, the product may be available for employers with up to 500 employees.

Technology E&O Insurance Market Survey 2014

Our most recent Betterley Report reviews 28 leading Tech E&O products; this is our 14th annual review of this important coverage.  New carriers added were Endurance, RLI, and Swiss Re.

Tech E&O may not get as much attention as Cyber/Privacy, but it is an important part of the insurance portfolio of many organizations.  With the help of Dr. Fritz Yohn and his team at MarketStance (, along with input from carriers, we estimated the U.S. annual premium to be almost $800 million in 2013.

As the tech industry grows, most insurance brokers will have at least some insureds from the Tech industries, and so knowledge of this product and trends in pricing and coverage are much needed.  And not only for ‘traditional’ tech companies.  There are many non-tech organizations, including not-for-profits, that have substantial Tech E&O exposures.  So product knowledge to identify those exposures and to understand the types of coverage that might be needed is important.

This year’s Report found that, unlike most other commercial insurance lines, rates were trending down, although the % was slight. We attribute this to the heavy competition amongst insurers for this desirable type of insured.  Loss experience has generally been favorable for many insurers, too, so writing more may seem attractive.

Some of our findings:

Cyber/Privacy Coverage Specifically Added to Many Products – Continuing to support our belief that specific Cyber/Privacy coverage should be considered by Tech insureds (and thus not rely on the E&O coverage to pay for breach events), more carriers are adding Cyber options to their Tech products.

Media Liability a Common Option – All carriers reviewed except one can include a Media Liability coverage as a part of their Tech policy

Increasing Premium Volume as the Tech sector recovers – Although rates are in slight decline, the exposure base increases attributable to the tech sector recovery is accelerating the trend toward higher Gross Written Premiums.  However, individual carriers are having a harder time increasing their Gross Written as more carriers slice up the market.

Demand by Third Parties Continues to Drive the Market – Technology product and services providers, the audience for this coverage, is seeing greatly increased demand for proof of privacy insurance by their business partners.  These clients are concerned about technology risk, and want proof that their vendors are covered.  Proper coverage and significant limits are required by new or existing vendors if they want to do business with many organizations.

We think that this demand will be a strong force in growing the market for Technology E&O products.  While historically many technology companies have been reluctant to buy coverage, the demand by clients to buy it or perhaps lose a valuable business relationship will greatly expand this market.  As more and more data is held by multiple parties, the desire for protection is increasing—a positive for the market segment.

Increased Interest by Risk Management Service Providers in Supporting Technology E&O Insurers – As in the Cyber/Privacy market segment, risk management service providers are seeing that they can greatly extend their reach by providing their services through an insurance policy.  We think that it is a natural fit for carriers to identify quality vendors that can help the insureds avoid data breaches, and to provide cost-effective responses if a breach occurs.