6 Types of Employees at Risk in Growing Companies
The Risk List is presented by:
Cyber risk is everywhere. Embedded in the hardware of every computer system, in the cloud, in the headlines of national newspapers, and in the worries of risk managers across every sector.
It’s not a new risk, but its constantly evolving nature makes it tough for companies to stay up to speed on exposures, and to know how best to mitigate and transfer the risk.
“While the market for cyber coverage is maturing rapidly, it’s still less developed than other lines,” said Tim Marlin, Head of Cyber Underwriting, The Hartford.
“We hear a lot of clients say they want cyber coverage, but often they aren’t really sure what that means.”
“There’s no uniformity of cyber products on the market,” said Marlin. “That complicates conversations about exposures and cyber coverage.”
Oftentimes insureds may not understand the full extent of their exposure, so they don’t know what kind of coverage to ask for.
Without industry-wide standards, it’s a real challenge for brokers to advise clients on what good cyber coverage should look like. Just because a coverage is available in the market doesn’t mean it’s a good fit for the client. A lack of understanding makes insureds more likely to buy improper coverage, or buy nothing at all.
“As an industry, we need to do a better job of talking with our clients about cyber in a clear and concise way. We have to remove the fear around the risk,” Marlin said.
Cyber becomes less scary when it’s broken down into the exposures and coverages that insureds already are familiar with.
“The coverage is much simpler than many people realize. Do you understand coverage for third-party liability? Do you understand coverage for the first-party costs related to notification and credit monitoring in the event of a breach? If you have a firm grasp of those, then you already have a basic understanding of cyber coverage,” Marlin said.
“It’s the cryptic term ‘cyber’ that throws people off. It conjures up images of bad guys in black hats, doing nefarious things over the internet, but the exposure is much older and broader than that.”
Cyber risk connotes computer and network-related exposures. But good “cyber” coverage and advice addresses a much broader range of information risk.
“It has to do with the use and exchange of information; how we move it around; how we process it; and how we store it,” Marlin said.
The dominance of digital media, a richly connected society, distributed processing, and the speed at which information moves amplifies risk.
Compound that with controls that lag behind both technology and threats, a bit of regulatory uncertainty, and you have a rather intimidating risk landscape. It’s our job to help simplify that for clients.
Core business functions are carried out electronically. Paper-based processes, where they still exist, are surely on the way out.
The information housed in digital processes, however, is much harder to protect when buried in an internet server or floating around in the cloud. A locked filing cabinet was a simpler, more easily-understood solution.
Some industries, like health care, financial services and education, are better-versed in the protection of private information in the digital era, simply because they bear greater scrutiny from regulators. Often, they’re also better resourced, and more focused on the issue making them more likely to buy cyber coverage.
However, other industries have been slower to understand their cyber risk exposure.
In life sciences, for example, the drug discovery process and protection of intellectual property has changed dramatically.
“Generations ago, drug discovery was done more or less in the lab and documented in lab notebooks,” said Mark Silvestri, Sr. Managing Director, Products & Innovation, The Hartford Specialty Commercial.
“Now, it’s often enabled computationally through bioinformatics or computational biology. Molecular models for drug compounds can be built online and scientists can simulate their effect on biological systems on a computer,” Silvestri said.
An early stage life sciences company’s value is primarily its intellectual property. That IP is now stored on a computer system, making it more susceptible to theft or ransomware attacks. There’s a market for that stolen IP too.
Manufacturing faces similar challenges.
“They are relying on information in a number of ways that are critical to their ability to make money and service their clients,” Silvestri said. “Just-in-time inventory supply management, for example, is all done on a computer. Any sort of cyber outage could disrupt the delivery of crucial materials.”
Supply chain or network disruption could disrupt income or delay production and delivery. Manufacturers generally understand these risks in the physical world. Connecting them back to a cyber incident as the underlying cause is a step many just haven’t taken yet — and where some fall short on protecting themselves.
These are just two examples of industries that may not necessarily think they are in the crosshairs of cyber risk, but they have just as much exposure as any other sector.
“We hear a lot of clients say they want cyber coverage, but often they aren’t really sure what that means.”
-Tim Marlin, Head of Cyber Underwriting, The Hartford
In the move to a digital environment, access to data at any given moment is critical.
Third party liability, business interruption and IP risks may be covered under other policies, but forgoing cyber coverage could leave companies in a lurch if they cannot quickly get to their data or begin the remediation process after a breach.
Partnering with the right carrier means more than getting the right coverage. It means access to the expertise and guidance to help companies actually understand what cyber risk means for them, and what they can do to mitigate their exposure.
At The Hartford, a panel of experts dubbed The Hartford First RespondersSM is available to help insureds assess their information security practices, review contracts with third parties, and get a better understanding of the full breadth of their cyber exposure.
“We negotiated below-market rates with a number of risk service providers and security vendors that our customers can take advantage of to remediate any pre-existing weaknesses they have in their system security,” Marlin said. “They are also there to help companies react quickly in the event of a breach or other cyber incident.
“In addition, we provide a cyber risk services fund, which is rather unique in the industry,” Marlin said. In the event that an insured has a covered loss, The Hartford provides insureds with a fund, in addition to incident related expenses and costs to help remediate the issues that resulted in the incident in the first place.
“The better off our customers are, the better off we are,” Marlin said. “The bottom line is, we’re here to help you become a better risk before, during and after a loss.”
To learn more about The Hartford’s cyber coverage, visit www.thehartford.com/cyber.
FOR PRODUCERS ONLY. CyberChoice First Response is offered on a SURPLUS LINES* basis. This material is not to be used for solicitation purposes. The Hartford has arranged for data risk management services for our policyholders at a discount from some third-party service providers. Such service providers are independent contractors and not agents of The Hartford. The Hartford does not warrant the performance of third-party service providers even if paid for as part of the policy coverage, and disclaims all liability with respect to use of or reliance on such third-party service providers.
*Eligibility for surplus insurance coverage is subject to state regulation and requires the use of a licensed surplus line broker. Surplus lines insurance policies are generally not protected by state guaranty funds. Policies should be examined carefully for suitability and to identify all exclusions, limitations, and other terms and conditions. Surplus lines coverage is underwritten by Pacific Ins. Co. Ltd (except in CT and HI) and The Hartford Ins. Co. of Illinois in CT and HI. The Hartford® is The Hartford Financial Services Group, Inc. and its subsidiaries. Its headquarters is in Hartford, CT. All rights reserved.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with The Hartford. The editorial staff of Risk & Insurance had no role in its preparation.
For Southern communities, current recovery efforts in the wake of Hurricane Harvey will recall the painful devastation of 2005, when Katrina and Wilma struck. But those who look skyward will notice one conspicuous difference this time around: drones.
Much has changed since Katrina and Wilma, both economically and technologically. The insurance industry evolved as well. Drones and other visual intelligence systems (VIS) are set to play an increasing role in loss assessment, claims handling and underwriting.
Farmers Insurance, which announced in August it launched a fleet of drones to enhance weather-related property damage claim assessment, confirmed it deployed its fleet in the aftermath of Harvey.
“The pent-up demand for drones, particularly from a claims-processing standpoint, has been accumulating for almost two years now,” said George Mathew, CEO of Kespry, Farmers’ drone and aerial intelligence platform provider partner.
“The current wind and hail damage season that we are entering is when many of the insurance carriers are switching from proof of concept work to full production rollout.”
According to Mathew, Farmers’ fleet focused on wind damage in and around Corpus Christi, Texas, at the time of this writing. “Additional work is already underway in the greater Houston area and will expand in the coming weeks and months,” he added.
No doubt other carriers have fleets in the air. AIG, for example, occupied the forefront of VIS since winning its drone operation license in 2015. It deployed drones to inspections sites in the U.S. and abroad, including stadiums, hotels, office buildings, private homes, construction sites and energy plants.
At present, insurers are primarily using VIS for CAT loss assessment. After a catastrophe, access is often prohibited or impossible. Drones allow access for assessing damage over potentially vast areas in a more cost-effective and time-sensitive manner than sending human inspectors with clipboards and cameras.
“Drones improve risk analysis by providing a more efficient alternative to capturing aerial photos from a sky-view. They allow insurers to rapidly assess the scope of damages and provide access that may not otherwise be available,” explained Chris Luck, national practice leader of Advocacy at JLT Specialty USA.
“The pent-up demand for drones, particularly from a claims-processing standpoint, has been accumulating for almost two years now.” — George Mathew, CEO, Kespry
“In our experience, competitive advantage is gained mostly by claims departments and third-party administrators. Having the capability to provide exact measurements and details from photos taken by drones allows insurers to expedite the claim processing time,” he added.
Indeed, as tech becomes more disruptive, insurers will increasingly seek to take advantage of VIS technologies to help them provide faster, more accurate and more efficient insurance solutions.
One way Farmers is differentiating its drone program is by employing its own FAA-licensed drone operators, who are also Farmers-trained claim representatives.
Keith Daly, E.V.P. and chief claims officer for Farmers Insurance, said when launching the program that this sets Farmers apart from most carriers, who typically engage third-party drone pilots to conduct evaluations.
“In the end, it’s all about the experience for the policyholder who has their claim adjudicated in the most expeditious manner possible,” said Mathew.
“The technology should simply work and just melt away into the background. That’s why we don’t just focus on building an industrial-grade drone, but a complete aerial intelligence platform for — in this case — claims management.”
Duncan Ellis, U.S. property practice leader at Marsh, believes that, while currently employed primarily to assess catastrophic damage, VIS will increasingly be employed to inspect standard property damage claims.
However, he admitted that at this stage they are better at identifying binary factors such as the area affected by a peril rather than complex assessments, since VIS cannot look inside structures nor assess their structural integrity.
“If a chemical plant suffers an explosion, it might be difficult to say whether the plant is fully or partially out of operation, for example, which would affect a business interruption claim dramatically.
“But for simpler assessments, such as identifying how many houses or industrial units have been destroyed by a tornado, or how many rental cars in a lot have suffered hail damage from a storm, a VIS drone could do this easily, and the insurer can calculate its estimated losses from there,” he said.
In addition,VIS possess powerful applications for pre-loss risk assessment and underwriting. The high-end drones used by insurers can capture not just visual images, but mapping heat, moisture or 3D topography, among other variables.
This has clear applications in the assessment and completion of claims, but also in potentially mitigating risk before an event happens, and pricing insurance accordingly.
“VIS and drones will play an increasing underwriting support role as they can help underwriters get a better idea of the risk — a picture tells a thousand words and is so much better than a report,” said Ellis.
VIS images allow underwriters to see risks in real time, and to visually spot risk factors that could get overlooked using traditional checks or even mature visual technologies like satellites. For example, VIS could map thermal hotspots that could signal danger or poor maintenance at a chemical plant.
“Risk and underwriting are very natural adjacencies, especially when high risk/high value policies are being underwritten,” said Mathew.
“We are in a transformational moment in insurance where claims processing, risk management and underwriting can be reimagined with entirely new sources of data. The drone just happens to be one of most compelling of those sources.”
Ellis added that drones also could be employed to monitor supplies in the marine, agriculture or oil sectors, for example, to ensure shipments, inventories and supply chains are running uninterrupted.
“However, we’re still mainly seeing insurers using VIS drones for loss assessment and estimates, and it’s not even clear how extensively they are using drones for that purpose at this point,” he noted.
“Insurers are experimenting with this technology, but given that some of the laws around drone use are still developing and restrictions are often placed on using drones [after] a CAT event, the extent to which VIS is being used is not made overly public.”
Drone inspections could raise liability risks of their own, particularly if undertaken in busy spaces in which they could cause human injury.
Privacy issues also are a potential stumbling block, so insurers are dipping their toes into the water carefully.
There is no doubt, however, that VIS use will increase among insurers.
“Although our clients do not have tremendous experience utilizing drones, this technology is beneficial in many ways, from providing security monitoring of their perimeter to loss control inspections of areas that would otherwise require more costly inspections using heavy equipment or climbers,” said Luck.
In other words, drones could help insurance buyers spot weaknesses, mitigate risk and ultimately win more favorable coverage from their insurers.
“Some risks will see pricing and coverage improvements because the information and data provided by drones will put underwriters at ease and reduce uncertainty,” said Ellis.
The flip-side, he noted, is that there will be fewer places to hide for companies with poor risk management that may have been benefiting from underwriters not being able to access the full picture.
Either way, drones will increasingly help insurers differentiate good risks from bad. In time, they may also help insurance buyers differentiate between carriers, too. &