Cyber Coverage

Navigating the Minefield

From gaps in coverage to confusing terminology and hidden exclusions, choosing the right stand-alone cyber policy is a complex and challenging process.
By: | February 20, 2017 • 7 min read

Over the past two decades, traditional lines, from GL to crime to property, have increasingly included some form of cyber cover as standard, while cyber underwriters have done their best to sculpt stand-alone policies that react to the evolving nature of both the risk and client demands. But for those seeking to buy their first stand-alone cyber policies, the landscape can be daunting.

Cyber specialist Lynda Bennett, chair of the insurance practice for law firm Lowenstein Sandler, described the increasingly crowded stand-alone cyber market as a “minefield” in which terminology, exclusions, terms and conditions can “vary wildly” from form to form.

Lynda Bennett, insurance practice chair, Lowenstein Sandler

“We are asked to review cyber policies because they can be unbelievably complex. While the appetite and demand is there for coverage, the nature of the risk is in flux and insurers are having as much trouble pinning down what risk they are willing to insure as risk managers are trying to work out what risks they need insurance for,” she said.

“Each year the traditional industry tweaks its exclusions to push buyers into a dedicated cyber policy. Then they are left in the Wild West having to negotiate a new policy,” said Bennett.

Marsh’s cyber product leader Bob Parisi believes that consistency of approach is appearing in tranches of the industry — such as underwriters who wish to write primary versus those who write excess, those who favor large companies over SMEs, and those who focus on privacy/liability versus those who underwrite direct first-party losses.

According to Jason Glasgow, vice president and practice lead for technology, privacy and network security professional liability with Allied World U.S., it is mainly terminology, not coverage, which sets most of today’s cyber policies apart. But there is no doubt first-time buyers can easily find themselves inadequately covered if they’re not careful.

Mind the Gap

Once predominantly serving to protect customer-facing sectors against data privacy breaches, the scope of cyber cover has expanded into many new areas including property damage, business interruption (BI) and bodily harm. Cobbling together adequate cyber coverage between traditional property, GL and crime policies is increasingly challenging.

Advertisement




However, buying stand-alone cyber cover is not a magic bullet; sources all agree that gaps in coverage may still remain — particularly as far as property and BI are concerned.

Many underwriters are cautious, treating every applicant as “the virtual equivalent of a stilt house on the Gulf Coast.” — Bob Parisi, managing director, Marsh FINPRO

“BI cover in the cyber space is growing but is still limited,” said Parisi. “A risk manager who knows what their property policy would pay out on a loss due to fire would find the BI cover in a cyber policy looks like property language but doesn’t truly mirror the way a property policy deals with a loss.

“Cyber focuses mainly on the IT side, nonphysical perils, and is missing around two-thirds of what a traditional property policy would cover for physical peril,” he said.

“The challenge facing cyber underwriters is how to bridge the gap between where traditional P&C forms leave off and the current cyber wordings begin. Clients don’t care what ‘silo’ the insurance market decides to place the risk in, just that it is covered.”

Bob Parisi, managing director, Marsh FINPRO

A lack of loss history, fears over risk aggregation and uncertainty over how companies will react to cyber-triggered BI events mean many underwriters are cautious, treating every applicant as “the virtual equivalent of a stilt house on the Gulf Coast,” Parisi added.

Waiting periods are one area of concern in cyber BI policies. According to Kevin Harding, partner at RGL Forensics, typical cyber insurance policies include a waiting period of four to 12 hours before BI cover begins to apply. Depending on the nature of the cyber event or the business, this means anything from none to most of the sales loss could fall within the waiting period and therefore not be covered.

“To avoid this situation, and give more certainty to both the insurer and policyholder, we feel either a fixed monetary deductible or possibly a franchise deductible could be adopted,” he said.

“Once the losses are in excess of the defined monetary amount, both parties know what will be paid and no hourly calculation is required.”

However, Harding noted, insurers would need a lot more information about the value of the potential exposures at the time of underwriting the policy to determine the deductible values.

Terrorism is another “area of discomfort” for policyholders and insurers, with Bennett arguing that the definition of what constitutes a terrorism trigger is even vaguer under a cyber policy than other policy forms. “Several recent losses are speculated to be politically motivated, but many cyber policies exclude terrorism whether it is declared or undeclared as a terrorist act, leaving insureds on uncertain ground and heading towards coverage disputes with their insurers.”

Collaborative Approach

Buying stand-alone cyber property or BI cover needs to be carefully woven into a company’s overall program. Certain serious property damage coverages may be best off under a property policy that is likely to have greater limits and a different pricing scheme than a cyber policy, Glasgow said.

“Clients may not want their cyber policy to erode limits in their crime, E&O, D&O or property policies — they have those limits in place for a reason and need to maintain separate limits to ensure proper coverage,” he said.

Further, when two or more policies provide overlapping first-party property coverage it can create an uncertain outcome if a loss occurs, as each insurance policy will likely contain ‘other Insurance’ provisions that make each of them excess to the other.

“Each year the traditional industry tweaks its exclusions to push buyers into a dedicated cyber policy. Then they are left in the Wild West having to negotiate a new policy.” — Lynda Bennett, insurance practice chair, Lowenstein Sandler

“This has the potential to lead to uncertainty at the worst possible time — after the loss has happened,” said Grace Ries, head of cyber risk insurance products at FM Global, whose new product, “Cyber Optimal Recovery,” allows clients to position their property policies to maximize recovery alongside cyber or designate property as primary in order to preserve the cyber policy’s non-property limit.

Steve Anderson, cyber liability product executive at QBE, said some of the next steps in cyber product development are likely to include micro insurance, artificial intelligence and Internet of Things liability coverages, as well as cyber “all risk” policies — though only if the industry can come to grips with potential risk aggregation.

Beazley has taken a step in that direction, partnering with Munich Re to offer what it terms “holistic” cyber cover — catastrophic limits (up to $100 million at present) and broad coverage against virtually any type of cyber loss.

This type of cover can be bought either as primary to any other type of cover, or to dovetail around existing policies — the latter approach requiring a collaborative approach. According to Paul Bantick, Beazley’s leader for technology, media and business, the specialty insurer is seeing huge demand for the product and is already working with about 50 large corporate clients to design holistic programs.

Advertisement




But, noted Jill Salmon, head of cyber/tech/MPL at Berkshire Hathaway Specialty Insurance: “If we are going to start writing holistic programs, broadening cover to include social engineering, crime coverages and property damage, or expanding cover to nonsecurity breach triggers such as system failure, this is not necessarily what cyber underwriters have grown up understanding, so broadening expertise in cyber is critical, as is working collaboratively with experts in other lines of insurance.”

For this reason, Salmon and others believe cyber still has a future within traditional lines such as property and crime, as well as other lines of coverage. “Cyber is a cross-line coverage. As other lines recognize cyber events as a cause of loss, they will have to integrate the cyber discipline,” she said.

With cyber products and inclusions only set to proliferate further, employing a specialist cyber broker is essential.

A good broker will not only help the client better understand what the most appropriate coverages are for their exposures, but can also negotiate better terms from carriers and in the case of bigger players may have already negotiated a degree of cross-carrier standardization of wordings through its work with other clients.

Holistic coverages may go some way toward simplifying the process for large firms, but for the majority, the future may hold an even wider choice of options as cyber grows both stand-alone and as a component of a wider array of covers.

Getting expert advice is an essential tool to help navigate the market. &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Claims Trends

Treating Pain Without Drugs

Other pain relief therapies hold substantial promise in defeating drug dependency.
By: | February 20, 2018 • 9 min read

From high praise to a spiraling crash, opioid-based pain medications are out of favor. Once thought to be the solution to chronic pain, opioids opened the door to an even bigger and scarier addiction epidemic — one that menaces the workers’ comp industry and the population in general.

Advertisement




According to the Centers for Disease Control and Prevention, since 1999, more than 183,000 people have died from narcotic painkiller addiction. An estimated 91 people die each day from opioid abuse.

“Opioids are dangerous drugs. The side effects are dangerous and severe. Their efficacy is not always what people expect,” said Marcos Iglesias, senior vice president, chief medical officer, Broadspire.

“If opioids aren’t the answer, what do we turn to?”

The time to answer that question is now. Workers’ comp professionals, physicians, insurers and employers alike are looking for that next solution to pain, one that will help curb addiction and more quickly get workers on their feet.

Medical cannabis is one candidate.

Marcos Iglesias, senior vice president, chief medical officer, Broadspire

“Marijuana is unique in that everyone comes into the conversation with a bias,” said Mark Pew, senior vice president, PRIUM, a division of Genex Services.

With opioids, he said, no one knew of the dangers at first. Marijuana, on the other hand, always provoked two very polarized views: It does a great deal of good or it’s a strong drug with bad consequences.

A 2014 study published by the Journal of the American Medical Association (JAMA) found a link between legalized medical marijuana and a decrease in opioid-related deaths. States that legalized medical marijuana saw a 25 percent decrease in deaths from opioid overdoses.

Yet, “when people make the claim that medical marijuana is the solution to the opioid epidemic, it resonates with some people because of that bias,” said Pew.

Because of ongoing controversy, not to mention its classification as a Schedule 1 narcotic by the federal government, medical marijuana isn’t lined up to be the pain-relief answer anytime soon.

Non-Drug Therapies

So how about this: Let’s treat pain with no drugs. Radical as it may sound, non-drug pain therapies hold merit.

Meta-analyses collected for a U.S. National Library of Medicine study found that cognitive behavior therapy (CBT) had a positive effect on chronic pain and fatigue. Specifically, CBT was found to be a superior method to other treatments for decreasing pain intensity in fibromyalgia patients.

Iglesias, who has worked as a physician for more than 25 years, said CBT, a psycho-social therapy used to teach patients about the emotional and psychological factors influencing their pain, leaves a lasting impression on the injured.

“The methods I’ve seen work well are behavioral approaches — giving people tools and methods so they can manage their own life.”

“Marijuana is unique in that everyone comes into the conversation with a bias.” — Mark Pew, senior vice president, PRIUM

In workers’ comp, physicians using a CBT approach look at an injured worker’s life outside the office walls. Their home life, their health, their financial responsibilities and their mental ability to cope with an injury all factor into the healing process and could potentially lead to a lengthened claim if untreated.

Assessing these additional forces enables a physician to recommend therapies beyond the typical pill prescription.

Sometimes that means sending a patient to physical or occupational therapy. Sometimes yoga or acupuncture will do the trick, with both philosophies tapping into the mind-body connection  and encouraging relief. Exercise, diet and overall wellness are factored into an injured worker’s chronic pain management.

“Drug-related therapies tend to mask the pain symptoms,” said Michelle Despres, vice president, national product leader physical therapy, One Call Care Management. “Opioids are like the ‘quick fix.’ In physical therapy, we investigate pain patterns, seek to correct musculoskeletal problems and teach people about their anatomy.”

Advertisement




A non-drug pain therapy, PT looks at the physical components of an injury, educating injured workers about the muscles that hurt and how to effectively use them in daily activities. The big question physical therapists ask: What triggers the pain?

“We look at outside activities that could be affecting the injured worker,” she said. “We look at strength, range and flexibility. We want to change the behavior instead of masking the pain.”

Iglesias pointed to another example of non-drug pain therapy called acceptance and commitment therapy (ACT), in which health care professionals work with an injured worker to accept their chronic pain but then commit to living their values in spite of that pain.

ACT, in essence, focuses on mindfulness and function in a person’s life.

Iglesias added he’s seen disability duration lessen because more professionals are starting to address function instead of pain.

Cost and Well-being

But pain is still a big factor in an injury, and CBT primarily focuses on pain management. It’s being used increasingly as an alternative to opioids, too. So much so, in fact, that some states are starting to draft legislation aimed at adopting  its methods.

In Ohio, for example, residents with work-related back injuries are now required by law to try remedies such as rest, physical therapy or chiropractic care before surgery or opioids are even brought into the discussion.

And Ohio isn’t alone; at least 17 states have added restrictions on opioid prescriptions, including limiting the length of time such pills can be prescribed. But not all states are turning to CBT and like methods to combat the growing epidemic.

Michelle Despres, vice president, national product leader physical therapy, One Call Care Management

“In workers’ comp, anytime we talk about change, it’s about cost containment,” said Pew. “But this has nothing to do with cost containment, premiums, closing claims, scale of benefits. It’s about personal well-being.”

Iglesias added he has seen much more acceptance of CBT and other non-drug therapies on the payers’ side, though not everyone is on board.

“Payers see opioids have not helped patients. They’re cognizant of needing to move beyond just drug medications. However, psych and behavioral factors can be a significant issue in workers’ comp. Some individual payers are afraid that a behavior approach might induce a psych claim,” he said.

“Nobody wants to pay for everything that happened to you in your life but, in essence, we do when psychosocial concerns aren’t addressed early and it delays recovery,” added Pew.

“There are payers who have started to see the value in the biopsychosocial model [looking at every aspect of a person’s life], but there’s still an obstacle with psych.”

Still, cost-wise, moving beyond opioids yields reduced pharmacy expenses — not just for opioid prescriptions but also for other prescriptions written for opioid-related side effects like nausea, vomiting, headaches, lack of sleep and so on.

“Opioids have addictive qualities,” said Despres. “It’s easy for us as a society to want to see something diagnostic tied to a drug-based solution. But with alternatives, we lose nothing and chances are we can mitigate chronic pain. We know there are no long-term bad effects to physical therapy.

“The cost to get people off of opioids is huge. Just getting them back to their daily routine, the back-end cost of detox from opioids is enough to at least consider other non-drug pain relief methods as the first treatment option.”

Changing Mindsets

Effective change comes once the employers and their workers understand the benefits of non-drug pain therapies.

Untill now, “in between the payer and the treatment is the patient who has often created this passive mindset that someone else will take care of them,” said Pew.

This mindset isn’t going to help in the long run. Education is key for both employees and employers to work toward pain management.

Advertisement




“One appointment isn’t going to solve the problem,” said Despres. “We have to break the cycle. Time is the biggest downfall; we have to get people moving versus letting someone sit at home. For chronic pain, we provide the education [to the injured worker] on what’s happening inside when they do activities and how to not only manage their symptoms but also correct musculoskeletal imbalances.

“Workers’ comp, as a practice, needs to embrace the idea of being seen quickly and early and getting the injured worker in the mindset of having a role to play,” she added.

For employers, Pew said those who are engaged in their workers’ well-being see more positive outcomes when injuries occur. Investing in wellness programs enables workers to address those outside factors — like psych and diet and exercise routines — before any injury.

“[Wellness programs are] a way of trying to show there is more than a drug or a procedure; employers and physicians can work to teach that concept before an injury even occurs,” said Iglesias.

“There’s a fear that we’re taking something away. There’s a belief that opioids are the best pain modality. Could we develop more programs to teach about opioids to an employer’s population before an injury?”

His answer is a resounding yes.

Public perception plays a big role in the move away from opioids. Workers’ comp professionals, health care workers and legislators see and understand the negative effects of opioids; however, the public isn’t as convinced.

Mark Pew, senior vice president, PRIUM

The New England Journal of Medicine released a study in January entitled, “The Public and the Opioid-Abuse Epidemic.” In it, researchers examined several national polls conducted in 2016 and 2017 regarding how the public believes opioid addiction should be addressed. They found that a significant number (28 percent) don’t actually see it as a national emergency.

Fifty-three percent did say it was a major problem, though only 38 percent of respondents said it affected their home communities.

“An important finding from our review is that at a time when [we] are seeking a substantial increase in government funding for opioid-addiction treatment programs … polls show a large share of the public uncertain about the long-term effectiveness of treatment,” the authors wrote.

They speculate this uncertainty might lead to less funding for alternative treatments to opioids and less funding for people recovering from addiction.

“Sometimes we don’t know everything,” said Despres, “but we should still open up and embrace what could be. If [non-drug therapies] don’t work, you haven’t lost anything. If it does help, you’re better off.”

That’s why engaging employers and their employees is imperative.

“If we see an employer with a pattern of the same injuries, we can offer many possible solutions from ergonomic improvements to classes for body mechanics training.”

A Balancing Act

But one size doesn’t fit all when it comes to pain relief, and while non-drug pain therapies do help, Pew said that doing away with drugs altogether would be unwise.

“Every person is an individual and needs customized — individualized — treatment plans. Every individual is different. How they deal with pain is different, what their support system is like is different — that’s why treating pain is so difficult.

Advertisement




“Exercise, a better diet, yoga and other non-pharmaceutical treatments are effective, but often underutilized components to a successful pain management protocol. But trying to come up with a one-size-fits-all is counter to common sense,” he added.

In a 2017 study released by JAMA, researchers examined patients admitted to the emergency room for pain-related causes. They monitored the cause of their pain and what medicine brought them relief.

Acetaminophen and ibuprofen were found to be more effective than opioids. Combined, they had as much of an effect on pain as opioids.

Iglesias added, “We do need to move beyond opioids. Other pharmaceuticals do have a role to play, but we need to embrace other modalities of treating pain.” &

Autumn Heisler is a staff writer at Risk & Insurance. She can be reached at [email protected]