Sponsored Content by Nationwide

Hot Hacks That Leave You Cold

Cyber risk managers look at the latest in breaches and the future of cyber liability.
By: | December 14, 2016 • 5 min read

Nationwide_SponsoredContent_1016Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.

“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”

Phishing Out Fraud

According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.

“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”

According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”

On the flip side, behavior also helps determine the best course of action to prevent phishing.

“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”

Lee stressed that phishing can affect employees at all levels.

“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”

Locking Down Ransomware

Nationwide_SponsoredContent_1016Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.

“These events are happening, and businesses aren’t reporting them,” Lee said.

In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.

After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.

Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.

“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”

And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”

The Future of Cyber Liability

According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”

“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”

About Nationwide’s Cyber Solutions

Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.

Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.

Nationwide_SponsoredContent_1016
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.




Nationwide, a Fortune 100 company, is one of the largest and strongest diversified insurance and financial services organizations in the U.S. and is rated A+ by both A.M. Best and Standard & Poor’s.

More from Risk & Insurance

More from Risk & Insurance

Alternative Energy

A Shift in the Wind

As warranties run out on wind turbines, underwriters gain insight into their long-term costs.
By: | September 12, 2017 • 6 min read

Wind energy is all grown up. It is no longer an alternative, but in some wholesale markets has set the incremental cost of generation.

As the industry has grown, turbine towers have as well. And as the older ones roll out of their warranty periods, there are more claims.

This is a bit of a pinch in a soft market, but it gives underwriters new insight into performance over time — insight not available while manufacturers were repairing or replacing components.

Charles Long, area SVP, renewable energy, Arthur J. Gallagher

“There is a lot of capacity in the wind market,” said Charles Long, area senior vice president for renewable energy at broker Arthur J. Gallagher.

“The segment is still very soft. What we are not seeing is any major change in forms from the major underwriters. They still have 280-page forms. The specialty underwriters have a 48-page form. The larger carriers need to get away from a standard form with multiple endorsements and move to a form designed for wind, or solar, or storage. It is starting to become apparent to the clients that the firms have not kept up with construction or operations,” at renewable energy facilities, he said.

Third-party liability also remains competitive, Long noted.

“The traditional markets are doing liability very well. There are opportunities for us to market to multiple carriers. There is a lot of generation out there, but the bulk of the writing is by a handful of insurers.”

Broadly the market is “still softish,” said Jatin Sharma, head of business development for specialty underwriter G-Cube.

“There has been an increase in some distressed areas, but there has also been some regional firming. Our focus is very much on the technical underwriting. We are also emphasizing standardization, clean contracts. That extends to business interruption, marine transit, and other covers.”

The Blade Problem

“Gear-box maintenance has been a significant issue for a long time, and now with bigger and bigger blades, leading-edge erosion has become a big topic,” said Sharma. “Others include cracking and lightning and even catastrophic blade loss.”

Long, at Gallagher, noted that operationally, gear boxes have been getting significantly better. “Now it is blades that have become a concern,” he said. “Problems include cracking, fraying, splitting.

Advertisement




“In response, operators are using more sophisticated inspection techniques, including flying drones. Those reduce the amount of climbing necessary, reducing risk to personnel as well.”

Underwriters certainly like that, and it is a huge cost saver to the owners, however, “we are not yet seeing that credited in the underwriting,” said Long.

He added that insurance is playing an important role in the development of renewable energy beyond the traditional property, casualty, and liability coverages.

“Most projects operate at lower capacity than anticipated. But they can purchase coverage for when the wind won’t blow or the sun won’t shine. Weather risk coverage can be done in multiple ways, or there can be an actual put, up to a fixed portion of capacity, plus or minus 20 percent, like a collar; a straight over/under.”

As useful as those financial instruments are, the first priority is to get power into the grid. And for that, Long anticipates “aggressive forward moves around storage. Spikes into the system are not good. Grid storage is not just a way of providing power when the wind is not blowing; it also acts as a shock absorber for times when the wind blows too hard. There are ebbs and flows in wind and solar so we really need that surge capacity.”

Long noted that there are some companies that are storage only.

“That is really what the utilities are seeking. The storage company becomes, in effect, just another generator. It has its own [power purchase agreement] and its own interconnect.”

“Most projects operate at lower capacity than anticipated. But they can purchase coverage for when the wind won’t blow or the sun won’t shine.”  —Charles Long, area senior vice president for renewable energy, Arthur J. Gallagher

Another trend is co-location, with wind and solar, as well as grid-storage or auxiliary generation, on the same site.

“Investors like it because it boosts internal rates of return on the equity side,” said Sharma. “But while it increases revenue, it also increases exposure. … You may have a $400 million wind farm, plus a $150 million solar array on the same substation.”

In the beginning, wind turbines did not generate much power, explained Rob Battenfield, senior vice president and head of downstream at JLT Specialty USA.

“As turbines developed, they got higher and higher, with bigger blades. They became more economically viable. There are still subsidies, and at present those subsidies drive the investment decisions.”

For example, some non-tax paying utilities are not eligible for the tax credits, so they don’t invest in new wind power. But once smaller companies or private investors have made use of the credits, the big utilities are likely to provide a ready secondary market for the builders to recoup their capital.

That structure also affects insurance. More PPAs mandate grid storage for intermittent generators such as wind and solar. State of the art for such storage is lithium-ion batteries, which have been prone to fires if damaged or if they malfunction.

“Grid storage is getting larger,” said Battenfield. “If you have variable generation you need to balance that. Most underwriters insure generation and storage together. Project leaders may need to have that because of non-recourse debt financing. On the other side, insurers may be syndicating the battery risk, but to the insured it is all together.”

“Grid storage is getting larger. If you have variable generation you need to balance that.” — Rob Battenfield, senior vice president, head of downstream, JLT Specialty USA

There has also been a mechanical and maintenance evolution along the way. “The early-generation short turbines were throwing gears all the time,” said Battenfield.

But now, he said, with fewer manufacturers in play, “the blades, gears, nacelles, and generators are much more mechanically sound and much more standardized. Carriers are more willing to write that risk.”

There is also more operational and maintenance data now as warranties roll off. Battenfield suggested that the door started to open on that data three or four years ago, but it won’t stay open forever.

“When the equipment was under warranty, it would just be repaired or replaced by the manufacturer,” he said.

“Now there’s more equipment out of warranty, there are more claims. However, if the big utilities start to aggregate wind farms, claims are likely to drop again. That is because the utilities have large retentions, often about $5 million. Claims and premiums are likely to go down for wind equipment.”

Advertisement




Repair costs are also dropping, said Battenfield.

“An out-of-warranty blade set replacement can cost $300,000. But if it is repairable by a third party, it could cost as little as $30,000 to have a specialist in fiberglass do it in a few days.”

As that approach becomes more prevalent, business interruption (BI) coverage comes to the fore. Battenfield stressed that it is important for owners to understand their PPA obligations, as well as BI triggers and waiting periods.

“The BI challenge can be bigger than the property loss,” said Battenfield. “It is important that coverage dovetails into the operator’s contractual obligations.” &

Gregory DL Morris is an independent business journalist based in New York with 25 years’ experience in industry, energy, finance and transportation. He can be reached at [email protected]