Risk Insider: Ryan McGuinness

Analyzing Gaps in Cyber Risk Coverage

By: | December 8, 2016 • 2 min read
Ryan J, McGuinness, M.Ed., ARM, is the Manager of Risk and Insurance for the Hershey Company. Ryan can be reached at [email protected]

The basic tenet of the risk management profession is reducing, eliminating or transferring risks that could impact an organization’s bottom line, brand and reputation. A part of that process involves identifying gaps in coverage in your organization’s portfolio of insurance.

Gap analysis of traditional lines is somewhat tangible. We are accustomed, dependent upon our industry sector, to being the experts in identifying and managing those risks. Routinely, risk managers employ some form of coverage analysis with the help of their broker(s) as a tool to plug the gap.

The challenge we face is achieving a state of continuous improvement and being prepared with contingencies as risks change and emerge. Ultimately, the risk management portfolio should not only be scalable, but have the flexibility to respond in the world of changing risks.

In today’s world, a major cyber event can take the form of a tangible loss as well as a financial loss.

Today, we see the cyber liability space maturing from an insurable risk standpoint. Underwriters and brokers are offering new, innovative products and have a professional skill-set that ensures underwriting integrity and improved risk control. Likewise, many companies have risen to the challenge to protect their assets and mitigate the cyber exposure in depth and breadth.


From the risk management point of view, business continuity coverage and potential third-party liability coverage gets murky in certain cyber losses. There are endless contingencies, particularly in a dreaded Black Swan scenario.

The importance of table-top exercises attended by the C-suite, CISO, information security, operations, HR, public relations, risk management and external counsel is paramount. You don’t want to find out your crisis management plan doesn’t work during a crisis.

Equally important is determining the interplay of coverage in your cyber, property and umbrella/excess programs. Leverage your broker resources to perform a gap analysis on the interplay between your property, cyber and umbrella programs. The goal is to understand how coverage applies and identifies potential gaps in the event of a cyber loss.

In today’s world, a major cyber event can take the form of a tangible loss as well as a financial loss. It’s possible that a cyber event can result in not only loss of data but also first- and third-party property damage and bodily injuries.

Taken further, a property loss involving business interruption can complicate how your program will respond as you work through getting your operations back up and running. A side-by-side exercise using multiple breach scenarios will help the risk manager understand how the policies work and importantly identify gaps and overlap in coverage.

Some key areas of interplay of coverage are physical damage to tangible assets and data restoration costs, business interruption and contingent business interruption.

You should understand how the waiting period applies between programs, how business interruption is calculated and what costs are covered to restore or recreate lost data among other things. Playing out these scenarios help to reduce the uncertainty of how policies respond, and how the loss impacts your bottom line before the crisis strikes.

Be prepared, understand the interplay between programs and work with your broker partners to fill the gaps in coverage.

More from Risk & Insurance

More from Risk & Insurance

2018 Most Dangerous Emerging Risks

Emerging Multipliers

It’s not that these risks are new; it’s that they’re coming at you at a volume and rate you never imagined before.
By: | April 9, 2018 • 3 min read

Underwriters have plenty to worry about, but there is one word that perhaps rattles them more than any other word. That word is aggregation.


Aggregation, in the transferred or covered risk usage, represents the multiplying potential of a risk. For examples, we can look back to the asbestos claims that did so much damage to Lloyds’ of London names and syndicates in the mid-1990s.

More recently, underwriters expressed fears about the aggregation of risk from lawsuits by football players at various levels of the sport. Players, from Pee Wee on up to the NFL, claim to have suffered irreversible brain damage from hits to the head.

That risk scenario has yet to fully play out — it will be decades in doing so — but it is already producing claims in the billions.

This year’s edition of our national-award winning coverage of the Most Dangerous Emerging Risks focuses on risks that have always existed. The emergent — and more dangerous — piece to the puzzle is that these risks are now super-charged with risk multipliers.

Take reputational risk, for example. Businesses and individuals that were sharply managed have always protected their reputations fiercely. In days past, a lapse in ethics or morals could be extremely damaging to one’s reputation, but it might take days, weeks, even years of work by newspaper reporters, idle gossips or political enemies to dig it out and make it public.

Brand new technologies, brand new commercial covers. It all works well; until it doesn’t.

These days, the speed at which Internet connectedness and social media can spread information makes reputational risk an existential threat. Information that can stop a glittering career dead in its tracks can be shared by millions with a casual, thoughtless tap or swipe on their smartphones.

Aggregation of uninsured risk is another area of focus of our Most Dangerous Emerging Risks (MDER) coverage.

The beauty of the insurance model is that the business expands to cover personal and commercial risks as the world expands. The more cars on the planet, the more car insurance to sell.

The more people, the more life insurance. Brand new technologies, brand new commercial covers. It all works well; until it doesn’t.

As Risk & Insurance® associate editor Michelle Kerr and her sources point out, growing populations and rising property values, combined with an increase in high-severity catastrophes, threaten to push the insurance coverage gap to critical levels.

This aggregation of uninsured value got a recent proof in CAT-filled 2017. The global tally for natural disaster losses in 2017 was $330 billion; 60 percent of it was uninsured.


This uninsured gap threatens to place unsustainable pressure on public resources and hamstring society’s ability to respond to natural disasters, which show no sign of slowing down or tempering.

A related threat, the combination of a failing infrastructure and increasing storm severity, marks our third MDER. This MDER looks at the largely uninsurable risk of business interruption that results not from damage to your property or your suppliers’ property, but to publicly maintained infrastructure that provides ingress and egress to your property. It’s a danger coming into shape more and more frequently.

As always, our goal in writing about these threats is not to engage in fear mongering. It’s to initiate and expand a dialogue that can hopefully result in better planning and mitigation, saving the lives and limbs of businesses here and around the world.

2018 Most Dangerous Emerging Risks

Critical Coverage Gap

Growing populations and rising property values, combined with an increase in high-severity catastrophes, are pushing the insurance protection gap to a critical level.

Climate Change as a Business Interruption Multiplier

Crumbling roads and bridges isolate companies and trigger business interruption losses.


Reputation’s Existential Threat

Social media — the very tool used to connect people in an instant — can threaten a business’s reputation just as quickly.


AI as a Risk Multiplier

AI has potential, but it comes with risks. Mitigating these risks helps insurers and insureds alike, enabling advances in almost every field.


Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]