Risk Manager Profile

Insuring the Towers

Shari Natovitz lost hundreds of former colleagues on 9/11. Now she manages risk for a vital piece of New York’s skyline.
By: | May 1, 2016 • 10 min read

Shari Natovitz, the director of risk management for Silverstein Properties, is a Jersey girl. She grew up in Fair Lawn, N.J., which is less than 20 miles from Lower Manhattan.

Children in her family were not coddled.

Advertisement




B-plus on your English paper? Not good enough.

A-minus in Trigonometry? Meh.

“You had to bring home an A,” Natovitz remembers as she spoke with R&I on the 46th floor of 7 World Trade Center in Lower Manhattan on a windy March morning.

“My brother and I were in the same elementary school, about two and a half years apart. I remember sitting in front of this little black and white television, with our macaroni and cheese, and ‘Jeopardy’ would be on.”

The dynamics of the house were such that the two siblings would play along, competing against one another for allowance money. The home was devoid of gender bias.

“I grew up playing baseball, softball and football out in the street. My mom ran track and field, so I ran track and field,” Natovitz said.

These days, Natovitz manages a $100 million-plus insurance program for one of the highest profile projects in the nation, the resurrection of the World Trade Center in Lower Manhattan.

In place of the seven buildings that were either destroyed or heavily damaged by terrorists in 2001, a new set of towers is rising.

Natovitz manages risk for four of them with one assistant; not to mention her responsibilities for additional Silverstein Properties holdings.

Is she intimidated by the scope and responsibility of her job? No, she is not.

Natovitz says she has the background and the passion to meet those challenges.

“Her demands are very high and she wants everyone else to be prepared.” —Tim Egan, senior vice president, property broking, Willis Towers Watson

Before joining Silverstein, Natovitz spent decades as a construction broker with Marsh, its predecessor Johnson & Higgins, and later with USI. It was at the conclusion of bidding on the broking work for part of the WTC rebuild — when Natovitz was the East Coast construction practice leader for USI — that Silverstein offered her the job of risk manager.

“I have an extremely strong brokerage background and believe in transparency and negotiations to secure a mutually acceptable outcome. Because I grew up in the Johnson & Higgins system, it was a much more consultative than transactional approach, which was really what was needed to organize this and set a solid foundation for the transition to risk manager,” she said.

The passion stems from the fact that Natovitz, like many insurance veterans, lost friends and colleagues in the inferno of 9/11.

“I was a Marsh/J&H person for 20 years and left the company in late 2000, and was a part of the construction group. The construction group was meeting at the North Tower that day,” she said.

Marsh & McLennan lost 295 people in the attack.

“For me, it became very personal and life-affirming.  It wasn’t a job, rather a mission, and a tremendous desire to be a part of and contribute to the rebuild,” she said.

The Program

Managing risk for the rebuild of the World Trade Center is, perhaps needless to say, complex and demanding. When Natovitz took the job in 2005, she had several obstacles to overcome. Perhaps the most forbidding barrier was that insurance carriers were reluctant to offer cover.

Advertisement




“What did surprise me when I got here, stunned me, were the number of markets in 2005 that did not want to do business with our company; absolutely floored me,” she said.

A number of factors played into that reluctance.

Discord over who should rebuild the towers and how they should be designed generated headlines in many New York newspapers.

“They weren’t flattering headlines. They weren’t truthful. Not unusual in the world, but frustrating,” she said.

“What did surprise me when I got here, stunned me, were the number of markets in 2005 that did not want to do business with our company; absolutely floored me.” — Shari Natovitz, director of risk management, Silverstein Properties

There was also the fact that the WTC was twice a target for terrorists. First came the 1993 attempt to bring down both towers by exploding a truck bomb in a garage of the North Tower.  Then there was the 2001 attack via two hijacked commercial jetliners that did bring them down.

Thus, two terror attacks on one site’s loss run.

“Nobody else in the U.S. had that experience,” she said.

Natovitz said that going forward she and her brokerage team needed to showcase the re-engineering and security of the new structures — including life safety — that made this a different and more robust project.

The coverage of the Silverstein buildings lost or damaged in the 2001 attack was also in dispute at the time and wouldn’t be settled until 2007, with a number of carriers eventually agreeing to pay the company $4.55 billion.

Natovitz also began her task dealing with four different insurance brokerages. Within a year or two, banking on her own deep experience as a broker, she had seen enough to put the entire program in the hands of Willis, now Willis Towers Watson.

“Willis didn’t get anything they didn’t deserve,” she said.

Insuring the safety of those building the World Trade Center towers ranked high in the minds of the Silverstein Properties risk management team.

Insuring the safety of those building the World Trade Center towers ranked high in the minds of the Silverstein Properties risk management team.

Natovitz said she was impressed by the way Tim Egan — a WTW senior vice president, property broking — solved problems for her on a property placement for 7 World Trade Center.

“That made me feel like they were the broker who best understood the market challenges and lack of  market identity and could best lead us through that,” she said.

The insurance program for the operational buildings was fragmented.

The coverage for each property was being placed separately, under the name of each building, as opposed to one comprehensive program.

“There was no understanding of the collective premium that was being put in the marketplace. This not only affected the quality of coverage, but also the buying power,” she said.

She was also impressed with the assertion that $6 billion in needed builders’ risk capacity could be developed and had confidence in the plan put together by Neil Kent, a WTW builders’ risk placement leader.

A prior broker told Natovitz, a Maryland resident, that she didn’t understand the New York market (she had worked for her first 10 years in the New York market) and stated that the capacity needed to protect the project was unobtainable.

A year and a half into her new position, the redesign of the Freedom Tower and responsibility for it — which formerly fell into Natovitz’s risk management portfolio — transferred to the Port Authority.

Natovitz met with Silverstein Properties management to explain why they needed their “own dog in the hunt” for limited capacity. That preferred bloodhound was what we now know as Willis Towers Watson.

With her WTW team, Natovitz set about creating an owner-controlled insurance program, known as an OCIP, for the construction of 2 WTC, 3 WTC and 4 WTC and a builders’ risk and terrorism program that required $6 billion in capacity, which was a hard sell.

The solution to the builders’ risk capacity challenge was to break the risk into three $2 billion risks, and pull the terror and fire following risk out and put that in a captive.

“We knew that $6 billion of construction capacity was not available in the market. But we knew that there was $2 billion available in the market,” WTW’s Kent said.

The captive option for terrorism needed to be explained to management.

Advertisement




“Among the real estate community there was a lot of differing opinions as to whether it was a viable risk transfer option,” Natovitz said, “but over the past 10 years, it has become an option that many have adopted to address capacity/aggregation issues.”

Be on Your Toes

Neil Kent and Tim Egan said Natovitz expects everyone that works with her to be very well-prepared.

“I think she reads everything and knows everybody,” said Kent.

“Her demands are very high and she wants everyone else to be prepared,” Egan said.

Tim Egan, senior vice president, property broking, Willis Towers Watson

Tim Egan, senior vice president, property broking, Willis Towers Watson

“This is a very important project to everybody, and I think everybody feels the same way. She’s done a lot of things to bring this project to the front and center,” he said.

“Certain risk managers, when you deal with them, you learn from them how they see this. I don’t think there is a better example of that than Shari in that respect,” Kent added.

Natovitz and her risk management partners at WTW are also very conscious of the importance of maintaining long-term relationships with carriers.

Throughout the recent coverage history of the WTC, from the terror attacks through the rebuild, transparency and buy-in from senior insurance carrier management occupied a place of utmost importance.

“The key to all of this was never operating in a vacuum with the marketplace,” said Ray Blackton, an executive vice president with Willis Towers Watson.

“When Shari first took the job, one of her big concerns was that her company was not really known by the markets or had a misconception of the markets. Our first plan was high-level meetings with the most senior people of the organizations before any submission ever went out on the Trade Centers,” Blackton said.

There are now more than 50 carriers/carrier profit centers, including the domestic and international markets, on the Silverstein Properties program overall.

“Everybody’s a key to the placement, but Lexington, Munich Re, Zurich, Swiss Re and Starr really provide a significant part of the capacity, along with XL Catlin and Chubb,” she said.

Through high-stakes insurance settlement litigation, political squabbling and the flooding from Superstorm Sandy, keeping an eye on the long-term and the value of respectful relationships remained of paramount concern.

“We have enjoyed a great working relationship with Shari over the years,” said George Stratts, president, property and special risks for AIG.

Neil Kent, builders’ risk placement leader, Willis Towers Watson

Neil Kent, builders’ risk placement leader, Willis Towers Watson

“And as with any good relationship or partnership, it’s honest, it’s open. And one of the things that I think we have appreciated from Shari is seeing both sides of an issue. How do you see multiple points of view so that we arrive at the best answer for all parties?” he said.

That came into play when there were World Trade Center construction delays. The delays meant that Silverstein was paying insurance premiums for two years when there was no exposure.

Natovitz went to her brokers and asked them to approach the markets to adjust the premium for the two years without any exposure and move the term forward to represent the new schedule.

“I knew this would be a difficult request, but wanted to work out a solution to continue coverage with the same carriers for the completion of the project without the financial burden of paying for an extra two years with no construction taking place.

“In addition, we were now only going to build two of the three towers,” she said.

“The carriers were very fair in their responses and almost one-third of the casualty program was returned, with the knowledge that the coverage would be placed with those same insurance partners down the line. We have continued the placement through 2019 with these partners,” Natovitz said.

New York’s Brilliant Place

No American citizen could look out from the 46th floor of  7 World Trade Center and not be moved.

The view is stunning. The human drama that unfolded over time in New York and that’s reflected in its skyline is profound.

Then there is our more recent history. Brutal attacks of terrorism, grief and a remarkable recovery.

“I can always say I worked on the World Trade Center project when it was being built and operational,” said WTW’s Tim Egan.

“I think it’s the most important thing I’ve done in my career,” he said.

Advertisement




“When you get to the core of what we do as risk and insurance professionals, it’s making good and helping restore and being part of that restoration process,” said AIG’s Stratts.

“That rebuilding process has been a way to affirm what we do as a profession and also honor the suffering that took place,” he added.

“Everybody who is on this placement through not even two or three degrees of separation knows somebody whose name is on that memorial,” Natovitz said.

“This is part of reinvesting and honoring them in the future.” &

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Risk Report: Entertainment

On With the Show

Entertainment companies are attractive and vulnerable targets for cyber criminals.
By: | December 14, 2017 • 7 min read

Recent hacks on the likes of Sony, HBO and Netflix highlight the vulnerability entertainment companies have to cyber attack. The threat can take many forms, from the destruction or early release of stolen content to the sabotage of broadcast, production or streaming feeds.

Brian Taliaferro, entertainment and hospitality specialist, JLT Specialty USA

“Cyber attacks are becoming the biggest emerging threat for entertainment companies, bringing risk to reputations, bottom lines and the product itself,” said Brian Taliaferro, entertainment and hospitality specialist, JLT Specialty USA.

For most entertainment firms, intellectual property (IP) is the crown jewel that must be protected at all costs, though risk profiles vary by sub-sector. Maintaining an uninterrupted service may be the biggest single concern for live broadcasters and online streaming providers, for example.

In the case of Sony, North Korea was allegedly behind the leak of stolen private information in 2014 in response to a film casting leader Kim Jong Un in what it considered an unfavorable light.

This year, Netflix and HBO both faced pre-broadcast leaks of popular TV series, and Netflix last year also had its systems interrupted by a hack.

Advertisement




Online video game platforms are also ripe for attack, with Steam admitting that 77,000 of its gamer accounts are hacked every month.

The list goes on and will only get more extensive over time.

Regardless of the platform, any cyber attack that prevents companies from producing or distributing content as planned can have huge financial implications, particularly when it comes to major releases and marquee content, which can make or break a financial year.

“People and culture are the biggest challenges but also the keys to success.” — David Legassick, head of life science, technology and cyber, CNA Hardy

The bottom line, said David Legassick, head of life science, technology and cyber, CNA Hardy, is that these firms have a combination of both assets and business models that are inherently open to attack.

“Vulnerabilities exist at every point in the supply chain because it’s all tech-dependent,” he said, adding that projects often run on public schedules, allowing criminals to time their attacks to maximize impact.

“The combination of IP, revenue and reputation risk make entertainment a hot sector for cyber criminals.”

Touch Point Vulnerabilities

Film, TV, literary and music projects invariably involve numerous collaborators and third-party vendors at every stage, from development to distribution. This creates multiple touchpoints through which hackers could gain access to materials or systems.

According to Kyle Bryant, regional cyber manager, Europe, for Chubb, there is nothing unique about the type of attack media companies suffer — usually non-targeted ransomware attacks with a demand built in.

“However, once inside, the hackers often have a goldmine to exploit,” he said.

He added targeted attacks can be more damaging, however. Some sophisticated types of ransomware attack, for example, are tailored to detect certain file types to extract or destroy.

“NotPetya was designed to be non-recoverable. For a media company, it could be critical if intellectual property is destroyed.”

Advertisement




As entertainment companies have large consumer bases, they are also attractive targets for ideological attackers wishing to spread messages by hijacking websites and other media, he added.

They also have vast quantities of personal information on cast and crew, including celebrities, which may also have monetary value for hackers.

“It is essential to identify the most critical information assets and then put a value on them. After that, it is all about putting protection in place that matches the level of concern,” Bryant advised.

As with any cyber risk, humans are almost always the biggest point of vulnerability, so training staff to identify risks such as suspicious messages and phishing scams, as well as security and crisis response protocols, is essential. Sources also agree it is vital for entertainment companies to give responsibility for cyber security to a C-suite executive.

“People and culture are the biggest challenges but also the keys to success,” said Legassick.

“Managing the cyber threat is not a job that can just be left to the IT team. It must come from the top and pervade every aspect of how a company works.”

David Legassick, head of life science, technology and cyber, CNA Hardy

Joe DePaul, head of cyber, North America, Willis Towers Watson, suggested entertainment companies adopt a “holistic, integrated approach to cyber risk management,” which includes clearly defining processes and conducting background checks on the cyber security of any third party that touches the IP.

This includes establishing that the third parties understand the importance of the media they are handling and have appropriate physical and non-physical security at least equal to the IP owner in place. These requirements should also be written into contracts with vendors, he added.

“The touchpoints in creating content used to be much more open and collaborative, but following the events of the last few years, entertainment firms have rapidly introduced cyber and physical security to create a more secure environment,” said Ryan Griffin, cyber specialist, JLT Specialty USA.

“These companies are dealing with all the issues large data aggregators have dealt with for years. Some use secure third-party vendors, while others build their own infrastructure. Those who do business securely and avoid leaks can gain an advantage over their competitors.”

Quantification Elusive

If IP is leaked or destroyed, there is little that can be done to reverse the damage. Insurance can cushion the financial blow, though full recovery is very difficult to achieve in the entertainment space, as quantifying the financial impact is so speculative.

As Bill Boeck, insurance and claims counsel, Lockton, pointed out, there are only “a handful of underwriters in the world that would even consider writing this risk,” and sources agreed that even entertainment firms themselves struggle to put a monetary value on this type of exposure.

“The actual value of the IP taken isn’t generally going to be covered unless you have negotiated a bespoke policy,” said Boeck.

“If you’re in season five of a series with a track record and associated income stream, that is much easier, but putting a value on a new script, series or novel is difficult.”

Companies for whom live feeds or streaming are the primary source of revenue may find it easier to recoup losses. Determining the cost of a hack of that sort of service is a more easily quantifiable business interruption loss based on minutes, hours, ad dollars and subscription fees.

Advertisement




Brokers and insurers agree that while the cyber insurance market has not to date developed specific entertainment products, underwriters are open for negotiation when it comes to covering IP. The ball is therefore in the insured’s court to bring the most accurate projections to the table.

“Clients can get out of the insurance market what they bring to the equation. If you identify your concerns and what you want to get from insurance, the market will respond,” said Bryant.And according to Griffin, entertainment companies are working with their brokers to improve forecasts for the impact of interruptions and IP hacks and to proactively agree to terms with underwriters in advance.

However, Legassick noted that many entertainment firms still add cyber extensions to their standard property policies to cover non-physical damage business interruption, and many may not have the extent of coverage they need.

Crisis Response

Having a well-planned and practiced crisis response plan is critical to minimizing financial and reputational costs. This should involve the input of experienced, specialist third parties, as well as numerous internal departments.

Ryan Griffin, cyber specialist, JLT Specialty USA

“The more business operation leaders can get involved the better,” said Griffin.

Given the entertainment industry’s highly public nature, “it is critically important that the victim of a hack brings in a PR firm to communicate statements both outside and within the organization,” said Boeck, while DePaul added that given that most cyber attacks are not detected for 200-plus days, bringing in a forensic investigator to determine what happened is also essential.

Indeed, said Griffin, knowing who perpetrated the attack could help bring the event to a swifter and cheaper conclusion.

“Is it a nation state upset about the way it’s been portrayed or criminals after a quick buck? Understanding your enemy’s motivation is important in mitigating the damage.”

Some hackers, he noted, have in the past lived up to their word and released encryption keys to unlock stolen data if ransoms are paid. Inevitably, entertainment firms won’t always get so lucky.

Given the potentially catastrophic stakes, it is little surprise these firms are now waking up to the need for robust crisis plans and Fort Knox-level security for valuable projects going forward. &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]