The Target Data Breach – Changing Cyber Risk Insurance

In addition to gaining massive media attention, the Target data breach is also changing the nature of Cyber Risk Insurance.  Key changes, discussed below in more detail:

• Risk Management works – this could have been prevented
• Liability coverage in a Cyber Risk Insurance is now critical
• Underwriters will accelerate their review of their own offerings – underwriting, policy forms and pricing – and the market will tighten
• Most companies will buy Cyber Risk Insurance
• Smaller organizations will closely review the coverage they have – is it adequate?

The data breach itself is fascinating – see here at BloombergBusinessweek and here at KrebsonSecurity for specific accounts of what happened.  It shows that risk management works – this breach could have been prevented, according to BloombergBusinessweek:

The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.

This breach may be the tipping point for the liability portion of Cyber Risk Insurance policies.  A large part of losses to date have been for breach notification costs – first party losses to help victims monitor their credit.  It is looking like the Target breach could result in significant liability losses.  According to BloombergBusinessweek:

More than 90 lawsuits have been filed against Target by customers and banks for negligence and compensatory damages.

With huge losses expected within the liability part of the policy, underwriters will reassess the liability coverage provided in most Cyber Risk policies.  This will likely impact the Cyber Risk Insurance market as the competitive landscape shifts.

The magnitude of the breach and media attention will push the last remaining organizations off the fence and they will start buying coverage.  Cyber Risk Insurance is easy to obtain, comprehensive and relatively inexpensive.  For the moment.  According to the Wall Street Journal (here), insurance buying is increasing:

The Target data breach was the equivalent of 10 free Super Bowl ads

Not surprisingly, smaller organizations have much the same exposure as larger organizations.  According to Robert Hartwig, President of the III.

Small businesses are transacting more of their business online [and] have many of the same exposures as a company like Target, just on a smaller scale

Coverage is becoming increasingly important.  Policy forms vary, with some forms providing significantly more coverage than others.  And some smaller organizations are relying on low-limit endorsements for coverage.  Policy extensions typically provide limited coverage, and GL insurers are expected to begin rolling out specific Cyber Risk exclusions soon.  And many smaller organizations do not buy Cyber Risk Insurance, or are not properly covered. 

Tennant Risk Services is Cyber Risk Insurance specialist.  As a specialty wholesale broker and underwriting manager, Tennant Risk delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber).  We excel at hard to place accounts, including Cyber Risk Insurance.  Review our expectations here.

Specialty Insurance Expertise: Tennant Risk Services
Supporting Insurance Entrepreneurship: Tennant Capital Partners

 

Data Breach Report: Cyber Risks Continue to Increase

Verizon has just released its 2014 Data Breach Investigations Report, and anyone interested in Cyber Risk and Cyber Risk Insurance should check it out.  Also see an excellent summary article from Re/Code here.  Key points:

• 2013 is going to go down as something of a watershed year…It was a year when computer security incidents became something that mainstream people worried about a lot
• The number of overall attacks is on the rise
• [The report identifies] nine patterns that together describe 92% of the confirmed data breaches
• Attempts to steal intellectual property rose…There were two basic motivations: Sell the data to a competitor, or start a competitive company
• In more than 70% of the IP theft cases, insiders stole the information within 30 days of announcing their resignation.

There are steps that organizations can take, including small organizations, to protect information from theft and employee errors, and the Verizon report includes some of these.  Called Recommended Controls, these include a number of process and audit recommendations.

In addition, all organizations should have Cyber Risk Insurance.  Cyber Risk Insurance is easy to obtain and affordable (see here), with premiums for smaller organizations starting at less than $1,000.  Policy terms vary widely, so work with an expert in order to ensure you are getting a comprehensive insurance policy with adequate limit that is right for your organization.

Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber), including Data Breach or Cyber Risk insurance.

Specialty Insurance Expertise: Tennant Risk Services
Supporting Insurance Entrepreneurship: Tennant Capital Partners

 

 

 

 

Program Managers Need to Be Licensed

A recent bulletin from the Excess Lines Association of NY (ELANY) notes that a program manager underwriting on behalf of an excess lines insurer must be licensed as an excess lines broker.  Program manager also means cover holder, managing general agent or program administrator. 

Of note – the bulletin also notes:  Excess line brokers owe their duty to the insured not the insurer under New York law.

Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). 

Specialty Insurance Expertise: Tennant Risk Services
Supporting Insurance Entrepreneurship: Tennant Capital Partners

Side A D&O Insurance

D&O insurance (Directors & Officers) policy forms have evolved dramatically over the last decade or so, and now typically include a variety of coverage extensions.  For private companies and non-profit entities EPL is an obvious example – something we take for granted today.  Entity coverage is another example, and one that is not always helpful.  In certain extreme situations entity coverage can deplete limits rapidly, leaving no coverage for individual directors and officers.

Side A D&O insurance coverage, also called Side A Excess or Side A DIC, has become a mainstream insurance product ensuring that the private assets of the directors and officers are protected in the event that the organization’s D&O insurance policy is not available.  Bankruptcy is an example of a situation where an organization’s D&O policy limits could be depleted due to the entity coverage provided in the policy, leaving individual directors and officers with little or no coverage – personally.

A recent article, Dispelling the Myths of Side A Directors and Officers Insurance, by Robert F. Carangelo and Paul A. Ferrillo of Weil, Gotshal & Manges LLP, (see here) provides some background on Side A D&O insurance.

Side A D&O insurance covers non-indemnifiable Loss, meaning that a Company (1) cannot advance or indemnify its directors and officers under its bylaws, or (2) is financially unable to do so.

D&O insurance is a critical coverage for most organizations, and Side A may be an important component of an organization’s D&O program.  Tennant Risk Services is a specialty E&S wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services for its retail agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber).  Call to speak to one of our wholesale broker experts with your questions and concerns about D&O exposures, including Side A, or review our website for information on D&O and Side A excess.

Specialty Insurance Expertise: Tennant Risk Services
Supporting Insurance Entrepreneurship: Tennant Capital Partners