Lawrence E. Harb (left) is executive vice president and John S. Wurzler (right) is president and CEO of WiSPManagers.com, an underwriting manager that develops specialized coverage for e-commerce exposures.
When your client's e-commerce Internet site fails, will his/her business insurance cover most of the losses? Some of the losses? Or none at all?
"Few, if any, losses from the failure of Internet service or business liabilities resulting from electronic commerce are likely to be covered by most commercial insurance policies," says Lawrence E. Harb, managing director for sales and marketing for WiSPManagers.com, an Okemos, Michigan-based underwriting agency that develops specialized commercial coverage for e-commerce exposures.
"The industry of the Internet is gaining market share every day," Harb says. This rapid growth has created the need for new insurance products because new risk exposures for business are being generated every day.
"Most companies that have been expanding into e-commerce have not bothered to assess the exposures that are associated with this new medium," Harb says. "The pressure to be on the Internet and participate in the growing online market has surpassed usual risk management caution."
As a result, most companies exploring online business opportunities "are shocked when they discover that their existing commercial coverage was never designed for e-commerce and probably will not cover any losses resulting from Web site transactions.
"In most cases, commercial coverage is so narrowly defined that it does not include many of the newest risks. And unless a company has already experienced a loss from hackers, viruses or disruption of service, they may never have considered the nature of those exposures," Harb says.
What is WiSP?
WiSP is an acronym for Website Insurance & Security Program, a combination of coverages that has recently been made available to independent agents and their commercial clients. The new coverage fills a myriad of gaps in traditional comprehensive general liability (CGL), commercial property, errors and omissions (E&0) and business crime coverages. The new coverage includes a variety of new risks associated with or exacerbated by e-commerce.
Lawrence Harb says it's important for companies to have specialized insurance coverage for their e-commerce. Few losses would be covered by most commercial insurance policies.
Among the newest risks are theft of credit card data; loss of Web site and advertising revenue and electronic funds; stolen, copied or destroyed intellectual property; destruction of data; unauthorized access; employee abuse and copyright and trademark infringement.
Though the insurance industry has offered various types of computer risk coverages for more than 30 years, most underwriters haven't been able to assess new risks associated with electronic commerce and virtual business operations.
Based on telecommunication and transactional capability rather than brick and mortar property and damage, the new risks have been difficult to evaluate, Harb says. Internet and e-commerce problems rarely involve physical losses or violations of any physical premises. As a result, they rarely fit the categories of losses defined in traditional policies.
But the need for coverage and the complexity of coverage needed is growing at an accelerating rate. Harb cites research from Network Solutions, Inc., an Internet domain registration service that indicates that the number of e-commerce Internet sites topped 6 million in 1999 and has been growing at a rate of 10% to 13% per month. E-commerce volume is increasing at a rate of 24% per month, according to Network Solutions.
WiSPManagers.com, however, has been researching the evolving risks since the beginning of the e-commerce boom, Harb notes. J.S. Wurzler Underwriting Managers, Inc., the predecessor company of WiSPManagers.com, started developing the high-tech coverage nearly five years ago, following an intuition by Principal John S. Wurzler.
Wurzler had been involved in the development of an online medical information service--MedNet--that was eventually sold to the American Medical Association. The project introduced Wurzler to Internet technology and its inherent liabilities--exposures he noticed that were not within the coverage areas of most traditional commercial insurance.
"I began working on this new insurance product in 1996, envisioning that businesses should be adapting the new media and the shift in point-of-sale," he recalls. "Professionals in various segments of the insurance marketplace were interviewed about the existing, anticipated and potential vulnerabilities."
In 1998, Wurzler reorganized his company into "a new kind of insurance company, specializing in bringing Internet technology insurance programs to market," he says.
He also added expertise with Harb, a former senior executive at Aon Corp., and John Mallory, a former executive at AT&T. Wurzler, Harb and Mallory are all managing directors of WiSPManagers.com.
In 1999, the three executives took their coverage design to Lloyd's of London and pitched the policies to broker Ballantyne, McKean & Sullivan, and several underwriters including R.F. Bailey, D.J. Newman and D.P. Mann.
John Wurzler began creating high-tech coverage nearly five years ago for WiSPManagers.com's parent company, J.S. Wurzler Underwriting Managers, Inc.
Coverages
The coverage is designed for retailing, manufacturing, business-to-business and publishing companies engaging in e-commerce and may be applicable to independent agents developing an Internet sales presence as well as client companies. The program does not include coverage for Internet Service Providers (ISP) who sell Internet connectivity to other companies.
Coverage is arranged into five categories:
Breach of Security Losses Insurance. This type of coverage includes business interruption insurance for Web site revenue losses and extra expense; defense expenses resulting from intellectual property claims; loss and defense expenses resulting from computer virus attacks; and loss and defense expenses resulting from theft of credit card data.
Crime and Intranet Insurance. Coverage includes losses resulting from dishonest, fraudulent or malicious acts committed by an employee or accomplice; intruder theft or losses resulting from fraudulent use or data input by an unauthorized person; losses from destruction or modification of data as the result of malicious acts of an intruder or computer virus; and loss of property and other consideration resulting from extortion.
Merchant Credit Card Fraud Insurance. This covers losses from stolen credit card numbers and transactions that were charged back to the merchant. It also covers reimbursement payments for Card Not Present (CNP) transactions in which merchants are responsible for the full risk of improper credit card transactions.
Web Site Liability Insurance. This includes coverage for personal injury, defamation, libel and slander and infringement of advertising patents, copyright title and trademark.
Professional Liability Insurance. Coverage includes errors and omission, directors and officers and employment practices liability coverages.
Coverage limits up to $25 million are available for loss revenue, intellectual property, and credit card losses. Third-party property damage standard limits are $50,000 per occurrence and $100,000 annual aggregate.
"Risk management and loss control are key components of the coverage," Harb notes. "Each risk underwritten by the company must undergo a Web site assessment that is used to eliminate any immediately correctable risks and create a policy design that matches a client's risk profile.
"No Web site is 100% secure. That's why appropriate coverage is so important to e-marketers and Internet entrepreneurs. However, our risk management process is extremely important, not only to assess risks for underwriting, but as a loss control tool to prevent losses and disruptions from identifiable risks."
The Web site assessment includes an online evaluation of a Web site's "perimeter," Internet access and visibility. WiSP contracts with Internet security professionals to analyze the physical, technological and transactional security and to improve the site configuration for better recovery from any violations.
WiSP also provides security updates and alerts and conducts periodic monitoring of policyholder Web sites.
"The front line of risk management for most companies, however, is their independent agents who need to conduct an effective early risk assessment for clients," Harb says.
"The number one challenge is education. First, we need to educate agents about these new risks and the resulting coverage needs so they can educate their clients. For many companies, their agent may be the first professional to demonstrate to them the nature of their growing commercial risks and their insurance needs," Harb says.
Knowledge is also critical when marketing these new coverages, Harb maintains. Agents who do not understand the risks and coverages are less likely to convince their clients of their needs for protection.
In April, WiSPManagers.com conducted a special seminar for agents titled "E-Business and the New E-Economy" at the Hilton at Chicago's O'Hare Airport. In a session on Internet insurance marketing, two agents--John Moccia, director of the technology division of The Rollins Agency, Inc., in Tuckahoe, New York; and Michael Flanagan, president of SiliconInsurance.com in Chicago--recommended that agents contact the key executives within their client organizations who are responsible for e-commerce operations, even if they don't normally have responsibility for risk management. Most likely, these executives include chief financial officer, chief information or technology officer and Web site designers as well as risk managers and legal counselors.
Agents need to be prepared to identify the exposures to their clients and confirm the gaps in their existing coverage.
Agents also need to understand existing security precautions such as computer firewalls and contractual agents designed to transfer risk. Clients may use these precautions as excuses for not purchasing appropriate coverage. While these precautions are valuable, they do not provide for reimbursement of what could be extensive losses. *
For more information:
WiSP
Website Insurance & Security Program
Lansing, MI
Contact: Larry Harb
E-mail: lharb@jswum.com
Phone: (517) 349-6601
Fax: (517) 349-5874
Web site: www.wispmanagers.com