Imagine expanding your revenue stream because you are providing essential protection to your best clients.
First, consider the joys of boating. The boat and yacht industry is enjoying increased sales following years of decreases. In addition, individuals are removing their boats from storage because recreational dollars are returning as the economy improves. The marketplace for insuring these vessels is alive and well and many brokers and specialists are available to help retail agents provide their clients with the best coverage and pricing.
Now consider what the consequences would have been if your best customer helped spark the Target cyber breach or another major cyber breach. This month takes a serious look at a variety of cyber security problems and why most commercial entities need to carry cyber liability coverage. The article provides helpful tips for cyber protection, management, and mitigation. It also suggests ways for agents to incorporate cyber risk coverage into the basic sale and not just as a nice optional coverage to have.
RECREATIONAL BOATING ON THE REBOUND
Opportunities for brokers and agents are opening up as boat owners enjoy better times
By Dave Willis
Ten or 15 years ago, the recreational boat business was in its heyday. Manufacturing was strong. Inventory was moving. And people across the country were enjoying boating-many for the first time. "In the late 1990s, a buyer could get a 10-year loan on a good boat for about $250 a month," explains Paul Sexton, CMIP, vice president, boat & yacht at Norman-Spencer Agency Marine Insurance Services. "That was ridiculous. The industry should have never done anything so crazy, but it led to a boom of boat sales across the country." The growth proved unsustainable. Tough economic conditions several years ago brought new boat sales to a halt. And many owners put their boats up in storage, sold them or, worst of all, had them repossessed.
A year or two ago, the market started to rebound. Numbers aren't at the level they were-and they may never be-but business is improving. "Boating has started to increase again," explains Frank Atlass, chairman and CEO of Atlass Insurance Group. "The economy has started to percolate a little bit. Gas prices are down somewhat.
"People are starting to buy boats," Atlass adds. "And those who already own boats are a little better off and are in a better position to be able to enjoy them. Yacht brokers around Fort Lauderdale are smiling. They've been very glum for the last four years."
Sexton has seen a turnaround, as well. "People who stored their boats during the tough times are starting to get a lot more use out of them now," he explains. "That's been the case since 2012 or so. Things picked up more in 2013 and they should continue to get better."
Sales results are mixed. "We're not seeing an overabundance of new boat sales because the inventory of used boats for sale is so great," Atlass says. "Some new boats-for instance, center-console outboard multiples-are selling. We're seeing more and more triples and quads every day. When you put three or four engines on those, they really become performance boats. The newer ones being sold are generally bigger and heavier."
Data from early boat shows indicate modest growth. "Those dealers who have done a better job of marketing themselves-those who are on the forefront of social media, for example-are doing better," Sexton notes. "Dealers are becoming more aggressive these days with their attendance at the shows, and manufacturers are coming out more than they were a few years ago, when they were struggling to stay afloat."
There's been an uptick in the sale of smaller boats. "Many of the boats being sold seem to be 25 feet and under," he explains. "Loans are bit more accessible today-and much more accessible for people with enough money to put down a down payment-so that it allows people to enter or re-enter the market."
The business side of boating is doing well, also. Thomas Murphy, director of ocean marine at The Hanover, points out that, according to the National Marine Manufacturers Association, recreational boating in the United States is a $35 billion industry and creates an estimated 339,000 marine industry jobs. "Many of those jobs are within marine accessories and services including fuel, repair, storage, insurance and taxes," he explains.
Fall-off of sales several years ago has led to pullbacks in some lines and classes of boats. "Dealerships and marinas have diversified their operations some-perhaps taking on storage, where they wouldn't havedone that before because of risks associated with it," Sexton explains.
The past year has seen some rate movement in the boat insurance market. But it's been inconsistent. "For the small to mid-range vessel, rates have been so depressed for so long that I don't know that insurance companies could take rates down any further and still make a profit," explains Sexton. "So I don't really see a huge change with the everyday, ordinary boater. They'll pay similar premiums." If anything, he adds, there may be a minor inflationary increase.
"From a yacht perspective, many carriers have made their bread and butter on the eastern seaboard," he says. "Sandy hurt them, but you'd think that an overall lack of hurricanes in the Gulf and southeast would have helped somewhat. For yachts, which generally are 27 feet and larger, customers should expect to pay more in these areas, while rates in the non-exposed midwest and west coast are still quite depressed."
Atlass observes, "A couple of companies have been firming rates-anywhere from 5% to 8%-following Sandy, but they've been losing business to firms willing to do business at the old rates. A rate increase on boat insurance generally gives people impetus to shop, and the marketplace is still very competitive. There's lots of capacity."
Robert Kinsey, owner of Marine Underwriters Agency, says rates should continue to rise this year. "Companies writing in the northeastern United States are still licking their wounds from Sandy, while companies in the southeast continue to anticipate hurricane exposures," he explains. "They continue to favor newer boats over older."
Taking action
"As the boating industry continues to show signs of growth and expansion, independent agents and brokers who invest in the market and partner with experienced carriers have a significant opportunity to grow their businesses in the marketplace," Murphy says.
According to Sexton, the aluminum boat market and small fishing boats are doing quite well compared to other markets. "Previously devastated markets like ski boats also are starting to come around," he explains. "Unfortunately, the days of the $40,000 ski boat are long gone. If you want to get a really good ski boat, you are talking $75,000 or more. That cuts a big portion of the market out and those buyers are now turning to more affordable options."
He adds, "What is exploding, and it has been for the past couple of years, is the pontoon boat market. It's not the pontoon boat we might have seen growing up. These can be rather extravagant vessels with higher horsepower that can easily tow skiers and are able to navigate rougher waters than in the past. With the various amenities you can get, it's almost like buying an open-air yacht.
"From an economics standpoint, quality of pontoons is much better these days, and they're easier to repair," Sexton notes. "People are moving towards these and getting away from the typical stern drive, family run-about, which I think is suffering the most."
Mega-yachts-the $50 million boats and up-don't seem to have been affected by the economic downturn. "People who can afford those are fortunate and haven't had to worry," Atlass explains. "Smaller yachts-those in the 80- to 90-foot range-have seen prices drop by more than half, because the cost of maintaining them hasn't changed. People can buy a very large yacht today for half a million dollars, but it will probably cost that much a year to run it, if you run it right."
Marina market opportunities
Murphy encourages retail agents and brokers to consider opportunities in the marinas business. "The marina marketplace is a $4.2 billion industry that is expected to grow at an average annual rate of 2.1% over the next five years," he explains.
"Clearly, marina owners face a great deal of exposure to potential losses," he adds. "From the liability of maintaining a marina to the potential property damage to buildings, other structures, contents, docks and piers, the need for comprehensive commercial marine insurance coverage is critical. This creates opportunities for agents who know the industry, who can offer valuable expertise and offer customized solutions with industry leading products."
"The most successful agents and brokers in the marina marketplace are those who can offer unique expertise, knowledge, and counsel," Murphy notes. "In addition, they provide quality insurance products and services through a leading carrier, along with additional risk solutions and support, from online educational Webinars, to print resources, and on-site training sessions."
Most important, he adds, agents and brokers who specialize in this business are very close to the marine industry and understand the latest trends and developments in the market. "Whether it's the latest regulatory change or a new environmental exposure, agents and brokers are uniquely positioned to provide valuable counsel and support to their customers," Murphy says. "They are investing in the marina market and understand the risks their clients' face."
Kinsey points out that marine insurance often is a small part of the typical agent's business. "As a result, it tends to get placed with one of the outlets that advertises extensively and claims to be the least expensive," he explains. "I'm not sure that is the best for their clients, and it's certainly not where we would place them.
"Agents and brokers with small amounts of marine business would be far better served working with boat and yacht specialists who know their business and who work with a number of companies," Kinsey adds.
"Point-of-sale marketing-developing relationships and creating a presence where people are buying boats-has worked well for retail agents and brokers who can connect with their local dealers, marinas and yacht brokers," Sexton explains. "The marine industry is really based on relationships. Agents with good relationships who are willing and able to respond quickly whenever the dealer calls can do well."
He adds, "Working with a program manager or similar resource can help agents and brokers bring better and more targeted products to their clients and can help them access the market knowledge and expertise they need."
Sexton says program managers across the country may not have suffered through recent storms. "Pricing and capacity concerns may not be as prevalent with program managers as it is with long-time marine carriers now suffering from a few years of profitability distress," he adds.
He stresses the importance of agents and brokers being accessible to clients from a service perspective. "Protecting existing relationships and remarketing take time," he says. "For the small to mid-sized agent, this may be difficult due to lack of markets. For larger marine agents, it's a bit easier but does put a strain on the goal to increase revenue year over year.
"We routinely review all markets for customers when there's a rate increase or substantial change to coverage," he adds. "While it doesn't increase our revenue, it protects the business. Maintaining a customer for years to come is a far cry better than finding a new one. When a customer knows that you have their best interest in mind, it sets up a long-term relationship-one you will most definitely lose if you chose to not help during these times."
Atlass adds, "There are differences in insurance policies, but they're not always of a significant magnitude. If you have a policy with really strong carrier, you probably won't want to give it up even if you could save 5% or 10% or 15%. We always encourage clients to take a better policy if they can get it for a similar price."
The Time for Cyber Coverage is Now
Cyber crimes can impact businesses of any size and type
By Dave Willis
A number of cyber events-hacks, data? breaches, denial-of-service actions, ransom? attacks and more-have made headlines? over the past few months. Such events call for increased vigilance on the part of businesses and organizations and demonstrate the need for appropriate insurance and risk management. "All of the events we've been reading about are troubling, in that the exposure continues to grow and impacts organizations of all types," explains Brent Rickabaugh, CPCU, AU, product management supervisor at EMC Insurance Companies.
"The lack of a unified international law enforcement body gives the advantage to the hackers," says Joseph Schneider, professional liability manager at Jimcor Agencies. "The WikiLeaks event in 2010 highlights a troubling trend of classified information being used for unlawful purposes. The most recent story in this category of cyber events is that the British intelligence agency Government Communications Headquarters has reportedly infiltrated hacktivist groups and used denial-of-service and other techniques to disrupt their online activities."
According to Jake Kouns, cyber liability product line leader at Markel, "We are continuing to see an increasing trend of data breaches across industries and in all different sizes of organizations and they're showing little sign of a slowdown. Many might point to the recent Target, Niemen Marcus or Michaels breaches and think that such events happen only to large organizations. That's not the case."
He adds, "It would be a mistake for business owners or leaders to look at the headline-grabbing events and conclude that data breaches happen only to large companies and it couldn't happen to them."
"If you expose an individual's data, if you get hacked, if somebody loses a laptop or if they leave an iPad in an airplane seat pocket, you can wind up with some pretty significant liability, depending on what data may have been exposed," explains Lori Nugent, national data security and privacy practice leader for the law firm Wilson Elser Moskowitz Edelman & Dicker.
In addition, Kouns notes, "Companies are working closer than ever with third parties and outsourcers to get access to various IT services. We see a growing risk of data breaches from third party providers whether it be outsourced services or cloud providers."
Nugent concurs. "Your organization can be absolutely perfect, but if you share data with others and they get breached, it can come back to you. We used to talk about data security as building a really strong moat so nobody could get across. That doesn't work anymore, because we operate in an ecosystem where information has to be shared between organizations. You're only as strong as the weakest link."
Kevin Ribble, program underwriter at Edgewater Holdings, says, "A recent report shows that nearly 20% of cyber-attacks are on small firms-those with fewer than 250 employees. Many of these firms have a false sense of security and believe they are immune from a possible cyber-attack. "Small businesses generally don't have sufficient resources to monitor and combat cyber threats," he adds. "This makes them easy targets for expert criminals."
"Breaches of personal information are very expensive to respond to appropriately," says Rickabaugh. "An event carries with it direct costs to respond and the possibility of lawsuits, which will cost in terms of legal fees and lost productivity. But it can have more than a direct financial impact on the company; it also has a reputational impact that can reduce revenue for years to come."
Schneider agrees. "The myth that 'there is no such thing as bad publicity' is disproven when a cyber event takes place. Sony, Target and Neiman Marcus are just three of the many examples of brands facing a loss of customers, maybe forever, over a data breach incident."
Kouns points to added costs that result from cyber events. "The resources and technical knowledge required to determine what has happened and recover their systems also can be very costly if organizations are not prepared," he explains. "While notification and credit monitoring still seem to get all the attention in terms of costs of a data breach, other costs need to be understood and considered."
Insuring and managing risks
"Because of the growing awareness of cyber and hacking damages and litigation, agents and brokers almost have to offer cyber liability or run the risk of an E&O exposure," explains Ribble. "They need a cyber product tailored to the industry group they're going after. It has to be easy to write, it needs to be fast and efficient, because it's a small premium, and they-the agents and brokers-need to understand what the coverages are."
Insurance can help in a couple of ways. "First, insurance programs can provide insureds with a number of loss mitigation tools, such as security self-assessments, templates for incident response plans and privacy training," explains Rickabaugh. "Second, in the event of a breach, insurance can not only indemnify the insured for costs to respond to a breach, but also reduce the costs associated with the response through pre-negotiated rates and coordination efforts."
Kouns adds, "Depending on the carrier, cyber liability insurance policies can help provide pre-breach risk reduction to avoid a breach as well as post-breach response services. These types of services are critical for companies when it comes to reducing data breach-related costs."
"One of the things we see companies missing until they've had a breach is an evaluation of their actual cyber liability exposure," explains Nugent. "You wouldn't buy property insurance without evaluating the maximum probable loss and the frequency of your likely losses. Do the same thing with cyber."
According to Schneider, the key is being prepared. "The data privacy and security products we recommend include more than just insurance. They also address breach containment and mitigation services. These include forensic investigation to verify the breach, crisis management advice and the cost of system repair and security restoration. The most significant potential cost of a widespread breach can be funding of their notification costs and possible extortion coverage-paying expenses to investigate and settle, as well as arranging a payment."
Nugent says "We need to look no further than the United States government to see a key line of defense against cyber incidents. The biggest headline grabber that requires careful thought is the Affordable Care Act's portal, which opened on time but quickly experienced a breach," she explains. "The government failed to put privacy concerns first when rolling that out.
"It's a microcosm of what we too often see," Nugent adds, "namely, that business urgency causes people to move forward quickly, and privacy and security follow in the wake. One initiative that helps companies address this is something called 'privacy by design.' Whenever you do an IT project, look at how privacy and security are built into it. Make sure security is job one when designing systems, processes and procedures."
Kouns says that if a business has yet to implement basic security controls, that is a good starting point. "A sound security policy communicated to all users and partners is a must as a first step," he explains. "From there, since each company is different, they should conduct a risk assessment. This will help them understand their most important assets and where confidential information is stored, as well as help them prioritize their security efforts."
Ribble agrees. "A good security policy addresses whether employees should be permitted to have personal data on business devices, what business data, if any, should be allowed on employees' personal devices, and what to do in case a device is lost or stolen," he explains.
Rickabaugh adds, "Make sure the security policy and procedures are in writing and communicated to all employees. Require employees to log off their computers and lock their offices at the end of the day. Educate them about what type of information is sensitive or confidential and what responsibilities they have to protect that data."
Schneider adds, "Encryption of confidential information on portable storage devices and the use of encryption on e-mails that may contain sensitive data is an effective layer of protection. Additional steps should be taken when disposing of documents-they need to be shredded-and when recycling computer drives. Make sure they're wiped clean.
Rickabaugh agrees. "It's important to 'destroy before disposal.' Destroy disks, CDs, DVDs and other portable media before you get rid of it. Deleting files or reformatting hard drives doesn't erase data. Instead, use software designed to permanently wipe the hard drive or physically destroy the drive itself."
He also recommends managing what data is kept. "Inventory the type and quantity of information in your files and on your computers," Rickabaugh says. "Reduce the volume of information collected and retain only what is necessary. Minimize the number of places you store personal private data. Know what is kept and where it is stored."
Ribble encourages businesses to encrypt data. "You can't always keep hackers out of your systems, so protect the data they contain. Disk encryption tools are standard on many operating systems. These essentially convert system data into unreadable code that's not easy for hackers to decipher."
Rickabaugh advises organizations to keep security software up-to-date. "Make sure security patches for your computers are current," he explains. "Use firewall, anti-virus and anti-spyware software, and update virus and spyware definitions daily. Check software vendors' Web sites for any updates concerning vulnerabilities and associated patches."
Employers also must review and manage employee access to data. "Conduct background checks on those given clearance," Schneider explains. "And conduct audits to track if there is unwarranted access."
Businesses also should update some of their management procedures. "For example," Rickabaugh explains, "don't use Social Security numbers as employee ID numbers or client account numbers. Develop another ID system. Make sure that procedures comply with any applicable state or federal laws. Also, make sure they align with any applicable industry required standards, such as those that may be required by the Payment Card Industry (PCI) Data Security Standard."
He also encourages careful management of portable media and how it's used. "DVDs, CDs and USB 'flash drives' are more susceptible to loss or theft," he explains. "So are smartphones, MP3 players and other personal electronic devices with hard drives that 'sync' with computers. Only allow encrypted data to be downloaded to portable devices."
A simple step Ribble suggests is the use of stronger passwords. "This may seem like a no-brainer, but it's a real problem," he says. "If a password is a common word, or something that can be guessed based on public information, consider changing it to something more difficult to crack."
Building cyber into the sale
"If agents and brokers want to grow their business, they need to invest some time into learning the cyber products and the available coverage in the marketplace," explains Kouns. "Many brokers still seem afraid of the line due to the complexity, but once they start working on it, they'll find it's worth the investment of time.
"The hardest part is making sure they understand the offerings from each of the different carriers and are able to map that to their insured's exposure profile," he adds. "If they are concerned and not sure where to start, they can attend CE classes, various cyber liability conferences offered throughout the year, or find a partner to work with that can help with the education process."
Rickabaugh agrees that awareness is critical. "Agents need to understand the exposures and the various products available to respond," he says. "The interesting thing to note is that insurance agents, in particular, tend to understand the cyber exposure related to data breaches, given the business they themselves are in."
Schneider says, "I view my role as an educator. Many agents and brokers are familiar with the problem, but don't know enough about the available solutions. I've been sharing my knowledge by conducting CE seminars in our agents' offices. Information in this area is growing quickly and moving in many directions. Sharing resources with our clients is the path to growth."
Ribble adds, "If agents and brokers have the knowledge and possess some basic skills, they'll be able to grow their business with cyber. It depends on the industry group; for some groups, like high tech, cyber is more expensive. But even with mainstream business, agents and brokers can make money."
The author
Dave Willis is a New Hampshire-based freelance insurance writer and regular Rough Notes magazine contributor.
|
