|
Specialty Lines Market
Cyber liability
By Larry G. France
Some people would list the Internet as one of—if not the most—important inventions ever developed. It certainly has changed the way we do business and has affected our personal lives as well. But there are some downsides. Anyone who has had to spend the better part of a morning deleting unwanted e-mails that made it through the spam catcher can relate. Of course prior to the Internet, you often started your day by deleting unwanted phone messages, but the volume was significantly less.
The age of cyberspace has also created some very scary privacy and security issues. If you have seen the movie “Enemy of the State,” you will not only be more alarmed, but will wonder how Hollywood in 1998 saw into the future. The plot revolves around a senator’s intention to introduce a bill allowing the government to eavesdrop on cell phone transmissions between the United States and foreign countries that might present security risks to the country. Well, his plan gets sidetracked; I won’t spoil the ending. The really alarming part of the movie is how, via satellite, an egomaniac is able to track all movements, phone calls, and conversa-tions of the main character no matter where he happens to be. It would appear to be fiction if it were not happening today. There appears to be nowhere to hide from unwanted eyes attempting to pry into your financial assets, for example.
During the course of a conversation at the 2005 RIMS Convention, Brad Gow, vice president, ACE USA Professional Risk, pointed out another risk to businesses of which almost no one is aware because victims do not want it publicized—cyber liability. In fact, that conversation was the impetus for making cyber liability the topic for this Specialty Lines article. Gow related that a few weeks prior to Valentine’s Day, a florist’s Web site was shut down for a few hours by Eastern European criminals. The criminals then told the florist to wire a specified amount of money to a bank that was controlled by the gang in Eastern Europe or they would shut down the Web site through Valentine’s Day, resulting in a loss of a large percentage of the florist’s annual revenue. Gow said that sometimes the demands by cyber criminals are in the millions. (ACE provides a “Cyber Kidnap & Ransom” type product to protect against financial loss.)
According to Gow, criminals also can break in and steal valuable customer information, which they then can turn into profits. Company databases can hold sensitive customer information such as credit card numbers, Social Security numbers and other confidential information. Gow lists the most frequently targeted industries by attackers:
Education
Small business
Financial institutions
Local government
Health care
Information technology
Accounting
State government
Manufacturing
Utilities, energy
Gow maintains that electronic crime will continue to grow, and the attacks will become more sophisticated, malicious and costly.
According to a 2005 survey by the Computer Security Institute/Federal Bureau of Investigation’ s San Francisco Computer Intrusion Board, the reasons for not reporting intrusions include the fact that companies were concerned that adverse publicity could hurt their stock price and/or public image and that competitors would use that against them. Others reported that they believed that the civil remedy seemed the best course, and they also were unaware of law enforcement interest. The survey may be downloaded for free on their Web site, www.GoCSI.com. Note that the Computer Security Institute will celebrate its 33rd year at its Annual Computer Security Conference & Exhibition later this year. (See Figure 1.)
Nancy James, principal of the N.P. James Insurance Agency, relates that as a technology risk analyst, she was asked by an ISP client to find Web-related liability coverage for a complex new Internet service. This was probably the first policy written to cover cyber liability. James states: “I structured the first liability-based ‘cyberspace war game’ with my client, my client’s attorney, and ultimately with but a single interested underwriter. Technology insurers turned me down so I went to a media and publisher’s insurer, who considered the risk a small increment from a television broadcast media.
“The purpose of the war game was to see if copyright protected material could be downloaded by the site visitor; if offensive material could be posted on the chat board; and what other areas might lead to possible misuse, offense, and/or litigation. Uneasy that the test might actually accomplish some of these unwanted results,” James explains, “the insurer’s claim counsel requested elaborate hold harmless agreements against such eventualities.”
James has long referred to the Internet as “Shark Infested Cyberspace,” at least from an American liability exposure perspective. “Internet court cases have been making the news for over a decade now, suggesting that there is a tacit absolute, or close to absolute liability imposed upon the Internet service provider, carrier and everyone else with a Web site!” James warns. “Not only do U.S. statutes have to be adhered to, but also international laws, including language requirements, must be accommodated.” It is James’s opinion that, “while the Internet has blasted through national territorial boundaries, laws and legislation lag embarrassingly behind the world’s ability to do business globally.” She suggests that everyone is probably in violation somewhere and cautions her clients: “Try not to be the most solvent party making this mistake!”
News reports on the $15 million settlement levied by the Federal Trade Commission against ChoicePoint should grab the attention of any business that retains sensitive information from clients. The settlement included a $10 million fine and $5 million for compensation to consumers who are eligible. ChoicePoint also was required to install security systems and hire independent auditors. ChoicePoint’s database contains records from insurance companies and financial institutions, among others.
Potential exposures
Melanie Derzhavets, president of Roush Insurance Services, Inc., and Barbara Ewing, vice president of Zurich North America Financial Enterprises, point out that the information technology (IT) systems of most business enterprises are connected to each other and the outside world, making them vulnerable to cyber attacks. As increasing amounts of data are stored in common electronic databases, the opportunity to create harm through the misuse of that data increases exponentially.
Businesses are becoming increasingly dependent on their electronic systems. If those systems become inoperable, businesses lose income and incur extra expenses to get those systems up and running. The amount of lost income and the cost to repair damaged systems is increasing significantly, as more business is done electronically and as IT systems become more complex. Laws such as Gramm-Leach-Bliley, Sarbanes-Oxley and the Health Insurance Portability and Accountability Act make it manda-tory for businesses to protect the data they collect and store electronically. (See Figure 2.)
Traditional insurance products, including property, general liability and professional liability, do not cover cyber risks. As in most special types of risks, it takes a specialty insurance product to address the exposure. Zurich’s E-RiskEdge Policy & Cyber Insurance is available through licensed surplus lines brokers.
This class of business appears to change more often than the price on a gas station sign. What were yesterday’s concerns are multiplied as new exposures come to the surface. You also need to speak “cyberese” to even understand what is being discussed.
Case in point. Laura Johnson, vice president at Euclid Managers, says: “Newer technologies such as blogs, vlogs (video logs) and Podcasts are all hot topics in cyberspace. While these new technologies are great communication and marketing tools, they can increase a company’s defamation, copyright and/or trademark exposure if not implemented carefully. For example, a company should secure rights to use the images of all persons their videos disseminated via the vlog. If they do not, they could face a misappropriation of likeness lawsuit.”
Johnson adds: “Identity theft is another area of concern for companies doing business online. It has received a lot of attention in the media, and new products to protect the consumer have been developed. Still, companies seem to be held to a high standard of responsibility for caring for their customer information. This means adequate security and privacy coverages are a high priority. Plus, as more and more businesses move their ordering and sales online, they need to make sure all of their systems are ready—not only to defend against security breaches but also against denial of service attacks. If the systems can’t handle the business flow to their Web site, the companies face lawsuits for denial of service and other types of negligence.”
What does the growth picture look like for cyber liability? Well, results of the CFI/FBI Computer Crime and Security Survey indicate that 75% of the organizations had no insurance in place. (See Figure 3.)
Drew Bartkiewicz, assistant vice president of Darwin Professional Underwriters, Inc., says: “Darwin is seeing much growth in the cyber liability area. Most traditional companies are now recognizing that they have emerging risks related to data privacy, network security, content/media and intellectual property. In some cases, traditional companies also have an additional tech E&O exposure with the commer-cialization of some IT services like Web hosting, Web design, data processing, or integration services.
“Though we recognize that most case law has not caught up with the emerging technology, professional errors and the risks of doing business on the Internet, one can reasonably expect to see laws quickly getting more teeth in the wake of a record year of network security lapses and a rash of headlines about ID theft,” he says. “We feel that the environment for growing the demand of technology and cyber liability coverage has never been more fertile.”
Bartkiewicz continues, “New coverages will be added to the [cyber liability] products during 2006. The main components of a good cyber liability product are a bundled mix of data privacy wrongful acts, network security wrongful acts, content and media wrongful acts, and Internet protocol wrongful acts. Many cyber liability policies stay away from ‘rogue employee’ acts related to data privacy, i.e., employees who sell data from the database to data brokers outside the scope of their normal duties.” Bartkiewicz believes that “this will change since more than two-thirds of the ID thefts within business environments occur through the employees and their breach of a company security measures.
“The current patent phobia of most carriers will also have to be overcome as patent infringement is a very real and widespread risk for many traditional and high-tech companies alike. The markets will have to learn how to write patent infringement insurance for those companies that demonstrate a strategic and well-governed approach to managing their overall Internet protocol, as the market need is real and immediate,” says Bartkiewicz.
“Cyber liability entails both first- and third-party exposures not typically covered under the normal insurance forms,” Rocio L. Orte, CPCU, RPLU, ASLI, of Western Security Surplus Insurance Brokers, explains. Very few carriers will offer first-party coverage, as it is very difficult to measure a loss. On the other hand, ‘combo’ PL/GL forms are somewhat proliferating. Some carriers offer shared limits and only claims-made forms, while others offer separate limits with the GL being on an occurrence form. Limits available range from under $1 million to $5 million on a primary basis with excess limits usually available. Deductibles and/or retention limits range from $2,500 to $20,000 or higher, depending on the risk.”
Orte says that premiums will vary, of course, depending on the nature of the business and in the case of technology providers, the more diversified, the tougher to place. “I have seen combo policies starting at $2,000 for a $1 million limit. Most excess minimums start at $10,000. Technology-only policies, depending on the exposures covered and the size of the risk, start at $1,500 to $2,500.
“One class that seems to be pretty hard to place is electronic money transferring; however, I am aware of at least one market that will write these.”
In the upcoming months, the Specialty Lines articles will address the hospitality industry in April, followed by special events/prize indemnification in May, and EPLI in June.
The following have responded to our survey and indicated that they offer products for this class of business:
ACE USA
436 Walnut St., WA 08E
Philadelphia, PA 19106
Contact: Brad Gow
E-mail: brad.gow@ace-ina.com
Web site: www.aceprofessionalrisk.com
An insurer that operates in all states with limits of $20 million. Target class is technology, plus non-technology accounts with network liability exposure. ACE Digital DNA program offers first-party, network risk. ACE American Insurance is A+ rated.
Bohrer, Croxdale & McAdoo, Inc.
P.O. Box 2760
Springfield, MO 65801
Contact: Vicki Cota, Debra Shelton
Phone: (800) 779-2550
Fax: (888) 869 -2550
E-mail: vcota@bcmins.com
dshelton@bcmins.com
Web site: www.bcmins.com
Arkansas office
P.O. Box 1190
Conway, AR 72033
Contact: Clay Farris
Phone: (800) 594-5101
Fax: (800) 726-7707
E-mail: cfarrisbcm@conwaycorp.net
An E&S broker that operates in AR, IL, KS, KY, MO, OK and TN with limits of up to $5 million. Various A rated admitted and nonadmitted carriers are used to place coverage.
Capitol Special Risks, Inc.
1899 Powers Ferry Rd., Ste. 100
Atlanta, GA 30339
Contact: Amanda Sedliak
E-mail: asedliak@csrisks.com
Web site: www.csrisks.com
A wholesaler specializing in professional liability and operating in all states with all limits. Will consider all classes. All carriers are rated A- or better.
CCBsure/ISG International, Inc.
204 Cedar St.
Cambridge, MD 21613
Contact: Karri Todd, Megan Jones, Estelle Cummings
Phone: (800) 336-5659
Fax: (410) 221-0085
Web site: www.ccbsure.com
A broker/program manager that operates nationwide and in Canada with limits of $1 million and up. Target classes are various technology risks, including software developers. Can offer E&O.
Darwin Professional Underwriters, Inc.
9 Farm Springs Rd.
Farmington, CT 06032
Contact: Drew Bartkiewicz
Phone: (860) 284-1456
Fax: (860) 284-1457
E-mail: drewb@darwinpro.com
Contact: Adam Sills
Phone: (860) 284-1382
Fax: (860) 284-1383
E-mail: asills@darwinpro.com
Web site: www.darwinpro.com
An insurer that operates nationwide with limits of up to $10 million. Target classes are technology providers, including ASPs, business software and services providers, IT services (consulting, installing, advising); and Internet technology services (e-business models). Also, traditional companies with Internet and network security exposures, especially health care organizations, financial institutions, and retail operations. Will not write telecommunications or hardware manufacturers. Can offer technology and information E&O liability coverage for both technology providers and traditional companies with technology exposures. Tech//404™ offers coverage for: technology E&O (including third-party business interruption); network security and data privacy exposures; patent, copyright, and trademark exposures; and electronic media/content liability exposures. Darwin Select is an A- rated company.
Evolution Insurance Brokers (EIB International)
8722 S. Harrison St.
Sandy, UT 84070
Contact: Marketing Manager
Phone: (877) 678-7342
Fax: (801) 304-5551
E-mail: info@eibdirect.com quotes@eibdirect.com
Web site: www.eibdirect.com
An E&S broker that operates in all states with all limits. Will consider any class. Prime Insurance Syndicate is the B rated carrier.
Euclid Managers, LLC
1627 Main St., Ste. 800
Kansas City, MO 64108
Contact: Marcia Jenson
Phone: (816) 778-0713
E-mail:mjenson@euclidmanagerskc.comgetconnected@euclidmanagerskc.com
Web site: www.euclidmanagerskc.com
An MGA that operates in all states plus DC (not available in U.S. Virgin Islands or Puerto Rico), with primary or excess limits of $5 million. Target classes are small and mid-sized cyber risks including Web sites; Web site design, development and hosting; search engines and portals; private and public networks; Internet and application service providers; and e-commerce. Can offer E&O, personal injury and privacy, intellectual property and security coverage (protection for insured’s blog may be included or endorsed onto the policy). Hudson Insurance, and Hudson Specialty are the A rated carriers.
Gary Markel Surplus Lines Brokerage, Inc.
15950 Bay Vista Dr., Ste. 250
Clearwater, FL 33760
Contact: Michael Sullivan
Phone: (877) 545-9100
Web site: www.gmarkelsurplus.com
An E&S broker operating in FL only with limits of $5 million. Can offer cyber extortion and first-party coverage. AIG, ACE, Maxum, USLI, Seneca, Axis, Evanston, Indian Harbor, and Everest are the carriers.
Gateway Underwriters Agency
1714 Deer Tracks Trail, Ste. 210
St. Louis, MO 63131
Contact: Barbara Smeltz
Phone: (800) 325-7652
Fax: (314) 238-0065
E-mail: barb.smeltz@gua-stl.com
An E&S broker that operates in IA, IL, KS, MO and NE with limits of $10 million. Target class is most computer consultants. Will not consider ISP, ASP, and CAD applications. Can offer GL. National Casualty (A+), Houston Casualty (A+), USLI (A++), and United National (A+) are the carriers.
Insurance Innovators Group
130 S. Easton Rd.
Glenside, PA 19038
Contact: Michael Bias
Phone: (800) 523-6422
Fax: (215) 886-2482
Web site: www.iiigroup.com
An E&S broker operating in CT, DE, MA, MD, ME, NH, NJ, NY, PA, RI and VT with limits of $1 million/$2 million/$2 million. Can offer GL, commercial property and/or commercial crime, media liability, technology liability, professional liability and cyber property insurance. ACE and National Casualty are the carriers.
InsureHiTech, Inc.
584 Broadway, Ste. 912
New York, NY 10012
Contact: Alex Beurle
Phone: (646) 722-9349
Fax: (646) 722-9396
Web site: www.insurehitech.com
A wholesale broker operating in all states with limits of up to $10 million primary; excess is also available. Target markets are technology, telecom and media; life sciences; and venture capital firms and hedge funds. Can also offer E&O, media liability, network liability, intellectual property, D&O, EPL, fiduciary, fidelity/crime. More than 20 carriers are used to place coverage.
Lighthouse Underwriters, LLC
7630 Little River Turnpike
Annandale, VA 22003
Contact: Peter Stanislaw
Phone: (703) 770-3700
Fax: (703) 770-3720
E-mail: pstanislaw@lighthouseunderwriters.com
Web site: www.lighthouseunderwriters.com
An E&S broker that operates nationwide with limits of $10 million/$10 million. Target classes are ISPs, ASPs, search engines and e-commerce risks. Will not write gaming risks or online brokers. Can offer media and Internet coverage. Carriers are Hudson Insurance, Lloyd’s and Scottsdale.
Media/Professional Insurance
Two Pershing Square, Ste. 800
2300 Main St.
Kansas City, MO 64108
Contact: Leib Dodell
Phone: (816) 471-6118
Fax: (816) 471-6119
E-mail: marketing@mediaprof.com
Web site: www.mediaprof.com
An MGA that operates nationwide with limits of up to $10 million primary or excess. Target market is any company providing Internet-related services or using the Internet as part of its business activities. AXIS is the A rated carrier.
Michael J. Kelly Insurance Agency
3463 State St., Ste. 224
Santa Barbara, CA 93105
Contact: Michael J. Kelly
Phone: (800) 329-5355
Web site: www.alarmchannel.com
A program administrator that operates in most states with limits of $10 million. Target markets are alarm/security dealers and telecommunications companies. Can offer GL. Various carriers are used to place coverage.
Midlands Management Corp.
P.O. Box 22778
Oklahoma City, OK 73123
Contact: Nettie Gober, Roger Park, Brandon Davis
Phone: (800) 800-4007
Fax: (405) 840-5432
E-mail: nagober@midman.com rpark@midman.com bsdavis@midman.com info@midman.com
Web site: www.midlandsmgt.com
An MGA that operates nationwide with limits of $1 million. Will consider most classes but will not write aero-space/defense firms. Can offer property and umbrella. Evanston is the carrier.
NIF Group, Inc./NIF Pro
30 Park Ave.
Manhasset, NY 11030
Contact: (GA) Deborah Christiansen(PA) Ed McGuire
Phone: (800) 892-8892 Christiansen: (866) 569-7532 McGuire: (800) 660-3467
E-mail: marketing@nifgroup.com
Web site: www.nifgroup.com
An MGA/E&S broker that operates in the eastern United States with primary limits of $10 million (excess available). Will consider all classes including software development, Web site design and hosting and consulting. Can offer network security, intellectual property infringement and hacking. All carriers are A rated.
Philadelphia Insurance Companies
One Bala Plaza, Ste. 100
Bala Cynwyd, PA 19004
Contact: Haley Talley
Phone: (800) 873-4552
E-mail: phlysales@phlyins.com
Web site: www.phly.com
An insurer that operates in all states except LA with limits of $1 million. Will consider nonprofit only. Can offer D&O, EPLI and fiduciary. Philadelphia Insurance Companies and Philadelphia Indemnity are rated A+.
Prime Insurance Syndicate Inc./I.E.B.S.
P.O. Box 4439
Sandy, UT 84091
Contact: Underwriting staff
Phone: (800) 257-5590
Fax: (877) 452-6910
E-mail: rjl@primeis.com
Web site: www.primeis.com
An insurer (Prime) and MGA (I.E.B.S.) that operates nationwide with all limits. Will consider all classes.
Professional Liability Insurance Services, Inc.-Wholesale Division
2914 Cherokee St., Ste A-1
Kennesaw, GA 30144
Contact: Sonny Bearden, or other team members
Phone: (800) 713-9473
Fax: (770) 427-9547
E-mail: info@pliswholesale.com
Web site: www.pliswholesale.com
A wholesale brokerage that operates in all states except AZ, FL, NM, and WY with limits that vary by carrier. Will consider all classes. Can offer technology E&O, hacker insurance and Internet liability. Has access to A+ rated carriers.
Progressive Casualty Insurance Co.
5920 Landerbrook Dr., PLG-L21
Mayfield Heights, OH 44124
Contact: Judi Kovach, Bob Splawn
E-mail: jkovach@progressive.com
Web site: banks.progressive.com
Phone: (800) 274-5222, Ext. 37599
Fax: (800) 456-6590
An insurer that operates in all states with limits of $5 million. Target class is community banks only. Can offer cyberliability coverage (Internet banking liability coverage which is offered only to financial institutions). Coverage extensions include cyber/network extortion, business interruption and public relations coverage. Other coverages include electronic/computer systems fraud under the financial institution bond, and D&O liability. Progressive is rated A+.
Rockwood Programs, Inc.
4001 Miller Rd.
Wilmington, DE 19802
Contact: Tom Nolan
Phone: (800) 330-7571
Fax: (302) 765-2088
Web site: www.rockwoodinsurance.com
An E&S broker that operates in all states with limits of $1 million to $10 million. Will consider most classes. Will not write adult and video game programming. Can offer MPL. Indian Harbor and AIG are the A+ rated carriers.
Roush Insurance Services, Inc.
P.O. Box 1060
Noblesville, IN 46061
Contact: Melanie DerzhavetsTony Armor
Phone: (800) 752-8402
Fax: (317) 776-6891
E-mail: melanie.derzhavets@roushins.comtony.armor@roushins.com
Web site: www.roushins.com
An MGA that operates in IL, IN and OH only with limits of up to $5 million. Target classes are financial services including banks, credit unions, thrifts, mortgage bankers, stock brokers and insurance companies. Contact for information regarding classes not written. Can cover cyber attack: loss of business income and extra expense, development costs for intellectual property (such as electronic data and software), and public relations expenses used to combat negative publicity; liability for electronic publishing wrongful acts such as slander, libel, copyright infringement or release of private information; computer systems fraud; and e-business extortion. Carriers are certain A rated underwriting companies of Zurich in North America.
S.H. Smith & Co.
41 N. Main St.
West Hartford, CT 06107
Contact: Todd McDonald
Phone: (800) 356-0168
Fax: (800) 329-7648
E-mail: todd_mcdonald@shsmith.com
Web site: www.shsmith.com
An E&S broker that operates in all states with limits of $500,000 to $100 million. Will consider any tech user or provider. Can offer property, equipment and products. ACE, AIG, Darwin, and USLI are the A rated carriers.
Tennant Risk Services Insurance Agency, LLC
99 Pratt St., Ste. 200
Hartford, CT 06103
Contact: Victoria Gardner, Lisa Hauser
Phone: (860) 527-9717
Gardner: (860) 280-2156
Hauser: (860) 280-2147
E-mail: info@tennant.com
Web site: www.tennant.com
An E&S broker that operates in all states with various limits (primary and excess available). Target classes range from small tech consultants to large software and hardware development companies from ASPs to ISPs. Will accept more challenging risks including those entities with security exposure and heavy military work. Can offer Internet, intellectual property/personal injury/advertising injury and hacker coverage. Carriers are rated A- or better.
Victor O. Schinnerer & Co., Inc.
2 Wisconsin Circle
Chevy Chase, MD 20815
Contact: Mark S. Wolf
Phone: (301) 961-9800
Wolf: (301) 961-9867
Fax: (301) 951-5444
E-mail: mark.s.wolf@schinnerer.com vos.info@schinnerer.com
Web site: www.schinnerer.com
An underwriter that operates in all states except AK, ND and NH with maximum limits of $2 million. Target classes are custom programmers, consultants, data processors, system designers, Web designers, ISPs, network communication providers, and other IT specialists. Indian Harbor is the A+ rated carrier.
Western Networked Insurance Services
988 McCourtney Rd.
Grass Valley, CA 95949
Contact: Kathy Boorman
Phone: (800) 682-8476
E-mail: kathy.boorman@networkedins.com
Web site: www.networkedins.com
A marketing and placement service for member brokers operating in AZ, CA, CO, ID, NM, NV, OR, TX, UT and WA with limits of $1 million, plus umbrella. Will consider all classes. AIG, Chubb, Hartford and others are the A- or better rated carriers.
Western Security Surplus Insurance Brokers, Inc.
790 E. Green St.
Pasadena, CA 91101
Contact: Rocio L. Orta
Phone: (800) 733-5844
Fax: (626) 396-1088
E-mail: rorta@wssib.com
Web site: www.wssib.com
An E&S broker that operates in CA and TX with primary limits of $1 million to $5 million (excess available). Target classes are technology users and technology providers, and online money transferring services. Can offer crime, business interruption (first-party coverages), and GL combo policies. Hudson Specialty, Axis Surplus, Admiral, Colony, Landmark, and London underwriters are A rated nonadmitted companies; AIG is admitted and nonadmitted.
Yates & Associates Insurance Services, Inc.
2100 E. Fourth St., 2nd Fl.
Santa Ana, CA 92705
Contact: Laurie Mann, Maria Guerra, Bob Mestayer
Fax: (800) 378-8588
Web site: www.yates-assoc.com
An MGA that operates in CA only with various limits. Target classes are Internet access providers, cyberspace software developers, Web hosts and administrators, and e-commerce providers. Can offer E&O, personal injury, and copyright/trademark infringement. All admitted and nonadmitted carriers are A rated. *
|
