Cyber Coverage

Navigating the Minefield

From gaps in coverage to confusing terminology and hidden exclusions, choosing the right stand-alone cyber policy is a complex and challenging process.
By: | February 20, 2017 • 7 min read

Over the past two decades, traditional lines, from GL to crime to property, have increasingly included some form of cyber cover as standard, while cyber underwriters have done their best to sculpt stand-alone policies that react to the evolving nature of both the risk and client demands. But for those seeking to buy their first stand-alone cyber policies, the landscape can be daunting.

Cyber specialist Lynda Bennett, chair of the insurance practice for law firm Lowenstein Sandler, described the increasingly crowded stand-alone cyber market as a “minefield” in which terminology, exclusions, terms and conditions can “vary wildly” from form to form.

Lynda Bennett, insurance practice chair, Lowenstein Sandler

“We are asked to review cyber policies because they can be unbelievably complex. While the appetite and demand is there for coverage, the nature of the risk is in flux and insurers are having as much trouble pinning down what risk they are willing to insure as risk managers are trying to work out what risks they need insurance for,” she said.

“Each year the traditional industry tweaks its exclusions to push buyers into a dedicated cyber policy. Then they are left in the Wild West having to negotiate a new policy,” said Bennett.

Marsh’s cyber product leader Bob Parisi believes that consistency of approach is appearing in tranches of the industry — such as underwriters who wish to write primary versus those who write excess, those who favor large companies over SMEs, and those who focus on privacy/liability versus those who underwrite direct first-party losses.

According to Jason Glasgow, vice president and practice lead for technology, privacy and network security professional liability with Allied World U.S., it is mainly terminology, not coverage, which sets most of today’s cyber policies apart. But there is no doubt first-time buyers can easily find themselves inadequately covered if they’re not careful.

Mind the Gap

Once predominantly serving to protect customer-facing sectors against data privacy breaches, the scope of cyber cover has expanded into many new areas including property damage, business interruption (BI) and bodily harm. Cobbling together adequate cyber coverage between traditional property, GL and crime policies is increasingly challenging.

Advertisement




However, buying stand-alone cyber cover is not a magic bullet; sources all agree that gaps in coverage may still remain — particularly as far as property and BI are concerned.

Many underwriters are cautious, treating every applicant as “the virtual equivalent of a stilt house on the Gulf Coast.” — Bob Parisi, managing director, Marsh FINPRO

“BI cover in the cyber space is growing but is still limited,” said Parisi. “A risk manager who knows what their property policy would pay out on a loss due to fire would find the BI cover in a cyber policy looks like property language but doesn’t truly mirror the way a property policy deals with a loss.

“Cyber focuses mainly on the IT side, nonphysical perils, and is missing around two-thirds of what a traditional property policy would cover for physical peril,” he said.

“The challenge facing cyber underwriters is how to bridge the gap between where traditional P&C forms leave off and the current cyber wordings begin. Clients don’t care what ‘silo’ the insurance market decides to place the risk in, just that it is covered.”

Bob Parisi, managing director, Marsh FINPRO

A lack of loss history, fears over risk aggregation and uncertainty over how companies will react to cyber-triggered BI events mean many underwriters are cautious, treating every applicant as “the virtual equivalent of a stilt house on the Gulf Coast,” Parisi added.

Waiting periods are one area of concern in cyber BI policies. According to Kevin Harding, partner at RGL Forensics, typical cyber insurance policies include a waiting period of four to 12 hours before BI cover begins to apply. Depending on the nature of the cyber event or the business, this means anything from none to most of the sales loss could fall within the waiting period and therefore not be covered.

“To avoid this situation, and give more certainty to both the insurer and policyholder, we feel either a fixed monetary deductible or possibly a franchise deductible could be adopted,” he said.

“Once the losses are in excess of the defined monetary amount, both parties know what will be paid and no hourly calculation is required.”

However, Harding noted, insurers would need a lot more information about the value of the potential exposures at the time of underwriting the policy to determine the deductible values.

Terrorism is another “area of discomfort” for policyholders and insurers, with Bennett arguing that the definition of what constitutes a terrorism trigger is even vaguer under a cyber policy than other policy forms. “Several recent losses are speculated to be politically motivated, but many cyber policies exclude terrorism whether it is declared or undeclared as a terrorist act, leaving insureds on uncertain ground and heading towards coverage disputes with their insurers.”

Collaborative Approach

Buying stand-alone cyber property or BI cover needs to be carefully woven into a company’s overall program. Certain serious property damage coverages may be best off under a property policy that is likely to have greater limits and a different pricing scheme than a cyber policy, Glasgow said.

“Clients may not want their cyber policy to erode limits in their crime, E&O, D&O or property policies — they have those limits in place for a reason and need to maintain separate limits to ensure proper coverage,” he said.

Further, when two or more policies provide overlapping first-party property coverage it can create an uncertain outcome if a loss occurs, as each insurance policy will likely contain ‘other Insurance’ provisions that make each of them excess to the other.

“Each year the traditional industry tweaks its exclusions to push buyers into a dedicated cyber policy. Then they are left in the Wild West having to negotiate a new policy.” — Lynda Bennett, insurance practice chair, Lowenstein Sandler

“This has the potential to lead to uncertainty at the worst possible time — after the loss has happened,” said Grace Ries, head of cyber risk insurance products at FM Global, whose new product, “Cyber Optimal Recovery,” allows clients to position their property policies to maximize recovery alongside cyber or designate property as primary in order to preserve the cyber policy’s non-property limit.

Steve Anderson, cyber liability product executive at QBE, said some of the next steps in cyber product development are likely to include micro insurance, artificial intelligence and Internet of Things liability coverages, as well as cyber “all risk” policies — though only if the industry can come to grips with potential risk aggregation.

Beazley has taken a step in that direction, partnering with Munich Re to offer what it terms “holistic” cyber cover — catastrophic limits (up to $100 million at present) and broad coverage against virtually any type of cyber loss.

This type of cover can be bought either as primary to any other type of cover, or to dovetail around existing policies — the latter approach requiring a collaborative approach. According to Paul Bantick, Beazley’s leader for technology, media and business, the specialty insurer is seeing huge demand for the product and is already working with about 50 large corporate clients to design holistic programs.

Advertisement




But, noted Jill Salmon, head of cyber/tech/MPL at Berkshire Hathaway Specialty Insurance: “If we are going to start writing holistic programs, broadening cover to include social engineering, crime coverages and property damage, or expanding cover to nonsecurity breach triggers such as system failure, this is not necessarily what cyber underwriters have grown up understanding, so broadening expertise in cyber is critical, as is working collaboratively with experts in other lines of insurance.”

For this reason, Salmon and others believe cyber still has a future within traditional lines such as property and crime, as well as other lines of coverage. “Cyber is a cross-line coverage. As other lines recognize cyber events as a cause of loss, they will have to integrate the cyber discipline,” she said.

With cyber products and inclusions only set to proliferate further, employing a specialist cyber broker is essential.

A good broker will not only help the client better understand what the most appropriate coverages are for their exposures, but can also negotiate better terms from carriers and in the case of bigger players may have already negotiated a degree of cross-carrier standardization of wordings through its work with other clients.

Holistic coverages may go some way toward simplifying the process for large firms, but for the majority, the future may hold an even wider choice of options as cyber grows both stand-alone and as a component of a wider array of covers.

Getting expert advice is an essential tool to help navigate the market. &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Workers' Comp

Keeping Workers on Their Feet

Slip and fall prevention programs must interweave all of the factors contributing to the risk.
By: | July 6, 2017 • 11 min read

If you peruse the last decade’s worth of literature from the CDC, NIOSH, or numerous other agencies or organizations, you’re bound to come across the “good news” that slips, trips and falls are largely preventable.

Advertisement




So it’s frustrating, then, that slip, trip and fall injuries consistently account for more than a quarter of all nonfatal occupational injuries, and at least 65 percent of those injuries happen on same-level walking surfaces. And those figures just don’t budge all that much from year to year.

According to the “2016 Liberty Mutual Workplace Safety Index,” falls on same level currently rank as the second highest cause of disabling injuries in the U.S., with direct costs of $10.17 billion, accounting for 16.4 percent of the total national injury burden.

“Not only are they still happening often, but they tend to be very significant injuries,” said Mike Lampl, director of research at the Ohio Bureau of Workers’ Compensation.

“We’ve seen these trends grow over the years,” said Wayne Maynard, product director, risk control, with Liberty Mutual. “Bottom line is, it’s a real, real big problem.”

So why are preventable falls so hard to prevent? This stubborn status quo, say experts, is that the causes of slips and trips are typically far more complex than they seem. There are nearly always multiple factors in play, from footwear and flooring and the interplay of both, to cleaning procedures, lighting, housekeeping, weather, and workers’ mental or physical conditions as well as overall awareness.

And all of these factors are being exacerbated by the fact that incidents often go unreported.

“Slips, falls — people get up, move on, they don’t report it,” said Maynard.

“When somebody’s injured and files a claim — in the workers’ arena, how many are behind the scenes that may have happened that are not reportable? …. The unreported number is considerable in my opinion.”

The key to making any headway in reducing slips and falls on the same surface, say experts, is to have a comprehensive fall prevention plan that addresses all possible factors. No small task.

Engineering Solutions

Flooring conditions are often the most obvious starting point. Ideally, said Maynard, all the right choices are made at the planning and design stage. But sometimes mistakes are made, and in other cases, a business may be inheriting an older space with floor chosen for a different purpose.

Patricia Showerman, senior loss control consultant, Arthur J. Gallagher & Co.

So even flooring in good condition may be the wrong type of material and may not have the necessary coefficient of friction (slip resistance) needed for the work being done.

If companies want to drill down into all the details of the surfaces in their facilities, a friction coefficient study is always an option, said Patricia Showerman, senior loss control consultant at Arthur J. Gallagher & Co.

But if a company doesn’t want to take that step, she said, it may be a simpler matter of saying, “Let’s look at what you’ve got. Let’s look at your floor surfaces and how you’re maintaining them.”

A lot of people want that “shiny grocery store glam look,” she said. “And if you can do it properly, and maintain it properly and keep that coefficient of friction and have the shiny look, that’s great. That’s what everybody wants but how do they get there?”

Certain surfaces may start out with an adequate coefficient of friction when they’re clean and dry. But add even an invisible layer of dust or debris, “and it’s like microscopic little BBs that you slide across,” said Showerman. “So if you have dust on your floor, you are dramatically reducing your slip coefficient.”

For companies that do have flooring surfaces in need of improvement, ripping up the floor and replacing it isn’t typically a feasible option. Fortunately there are more budget-friendly ways to get the maximum slip resistance from existing flooring, such as coatings and etchings.

A coating adds a microscopic layer on top of the flooring that creates a grip surface while maintaining the shine. Showerman likened the effect to the way that Velcro fasteners work.

“You want that hook effect … sharp points are going to microscopically stick into the soles of your shoes, rather than rolling off the top.”

Etching can work in a similar way, chemically altering the existing surface to make it imperceptibly gritty. Etching can also be used to create pores in an existing surface, which is useful for areas such as machine shops, she said.

Be Smart With Surfactants

While keeping floor surfaces clean is one of the best ways to remove slip and fall hazards, cleaning them the wrong way can actually do more harm than good.

Failure to follow appropriate cleaning procedures can severely diminish a surface’s coefficient of friction.

Experts suggest that companies engage with their chemical suppliers, and discuss their flooring as well as the types of dirt or grease removal and disinfectant needs. Detergents – which can contain different types of surfactants — aren’t a one size fits all solution.

Advertisement




Sometimes purchasers might be inclined to try to cover all their bases by buying the strongest product on the market, but that might mean adding unnecessary surfactants that make surfaces less slip resistant.

“Clearly identify the types of surfaces you’re using it for, the type of oil or dirt or debris you have, and whether or not you need a sanitizing step,” said Showerman.

“You’ve got to find the right balance.”

But that’s only half the battle. A significant problem experts see time and time again is that companies don’t understand how their flooring is being maintained on a day-to-day basis by front-line employees. Failure to follow appropriate cleaning procedures can severely diminish a surface’s coefficient of friction.

“This is where you’re seeing someone with a mop and bucket and they are just re-smearing that grease from one place to another. They put the dirty mop in the dirty bucket, the mop gets full of that emulsified grease and you’re smearing it across the room. In high grease areas, you have to replace with clean water consistently.”

In other cases, a worker without the proper training may grab the first detergent he finds, even if it’s meant for the equipment rather than the floor. Or perhaps he mixes equal parts detergent and water when he was supposed to only use 8 oz. of detergent for every five gallons of water.
Sometimes people will even over-concentrate the detergent on purpose, she added.

Peter Koch, safety management specialist, The MEMIC Group

“I see that in the food industry frequently,” said Showerman. “They find that the more detergent they leave on the floor, the easier it is to clean up next time … but then everyone’s slipping and falling like in a cartoon.”

A company could invest a significant amount in flooring improvements, only to have the benefits undone by improper detergent use or failure to follow recommended rinsing procedures.

It’s incumbent upon safety managers to reinforce that maintaining floor surfaces isn’t just a matter of housekeeping, but a key part of the company’s workplace safety program.

The Human Factor

When you’ve done everything possible to address hazards in the physical work environment, workers themselves remain the wildcard. Most employers routinely include slip and fall hazards in their safety awareness training or toolbox talk programs. But that training should go well beyond a general “watch where you walk” message, say experts.

“One of the most overlooked parts for employee safety is actually employee training,” said Peter Koch, safety management specialist at  The MEMIC Group.

“How do you train an employee to not slip and fall? I think many times that is wrapped in a “you have to be more careful” message, which is valid but nebulous and not very helpful — it means something different to everyone based on your risk tolerance as an individual.”

Koch’s employee training regimen revolves around four elements: surfaces, awareness, footwear and environment (SAFE).

Advertisement




The first goal of the surface portion is just to get employees to start thinking about the different types of surfaces they walk on and how it can change throughout the work day. Koch said he likes to ask: “How many different types of surfaces did you have to walk on the get to this training room?”

The footwear piece of it is the most straightforward. Are your shoes designed for the work that you’re doing and the surfaces you’re walking on? Are they in good condition? Are the soles worn out?

There is no ASTM standard for measuring the performance of slip-resistant footwear, added Gallagher’s Showerman. So workers should be reminded that wearing the right shoe isn’t a guarantee — it’s just one piece of the solution.

Awareness, said Koch, may be the most challenging piece of the puzzle — helping people to think about their gait, what they’re carrying, what they’re doing, and simply where their heads are at any given moment.

“If you’re thinking about 15 things you have to get done by the end of the day, or you have a particularly challenging employee interaction coming up that day, or you had a fight with your girlfriend last night— or whatever it is — you’re not focused. Then you take that step through the icy patch, and now it relies completely on your athletic ability and luck to stay upright.”

Workers may not necessarily make the connection between personal factors and fall risk. Someone who has an ear infection or is taking certain medications, for example, may not even be aware that their balance might be compromised, putting them at higher risk for a fall.

Employees also should be reminded of how even normal daily stressors can contribute to risk. Everyone is under pressure to deliver more in less time. Everyone is rushing, everyone is stretched to their limits. Add the ever-present cellphone beeping and buzzing and demanding our attention and perhaps it’s a wonder slips and falls don’t happen even more often than they already do.

We’re so conditioned to react when the vibration goes off or the tone chimes in our pockets that we just grab it without thinking, Koch said.

“If you knowingly put yourself at risk by knowingly going quickly through an area with slip and fall exposures, it’s just Russian roulette – at some point you’re going to get broken.” — Peter Koch, safety management specialist, The MEMIC Group.

“Even that, in certain conditions, is going to be enough to put you on the ground.”

Awareness of environmental factors should also be part of the training, Koch said, especially in terms of what workers can’t control, like inclement weather.  He said the main thing he tries to impress upon people is to slow down in a high-risk environment.

“If you knowingly put yourself at risk by knowingly going quickly through an area with slip and fall exposures, it’s just Russian roulette – at some point you’re going to get broken.”

Koch says that getting people to put all of these facets of awareness together is where the training can really click.

The goal is that when they approach an area with a higher-risk surface, employees are thinking “for those few seconds or minutes that I’m going to be walking through it, I need to have a greater sense of awareness, I need to put away the mental [distractions] and focus on what I’m doing – don’t answer your phone, don’t answer your texts.”

Some employers are looking to address the human piece of the slip and fall puzzle by using training that goes far beyond hazard awareness. Active slip-prevention training focuses on body mechanics and teaches workers how to respond when they feel themselves begin to slip.

One such program revolves around the Slip Simulator, technology born of a research partnership between Virginia Tech researchers and UPS. The simulator that creates slippery and hazardous conditions in a controlled environment while participants walk in a harness so they can slip safely. An instructor offers real-time guidance on how to alter their movements to avoid falling.

Advertisement




After mastering the initial technique, trainees face additional challenges related to their specific work environments, such as walking up ramps or turning wheels. A New Mexico security team practiced drawing firearms while standing on the simulator, which led to a change in how they wear their weapons. Workers at an Ohio refinery practiced stepping over pipes and turning large valves.

Clients of the program are reporting 60 to 80 percent reductions in accident rates.

The Road Ahead

A comprehensive slip and fall prevention plan is a must for employers, experts agreed, with clear, consistent procedures that empower employees to be a part of the solution.

“Employees play a very critical role,” said Liberty Mutual’s Maynard. “If they see a slip risk or a slipperiness issue, they need to be able to report it and they need to be able to get that corrected immediately. They have an important role in maintaining a safe facility and reducing risk themselves — be proactive, don’t walk by, clean it up.

“Any time you can involve the employee in solutions …. the likelihood of success of that intervention is higher.”

Maynard added that the best prevention plans will also be forward-looking.

“Understand where current safety performance is. Then make a roadmap to get better,” he said. “Emphasize where you’re doing well,” then identify opportunities to effect improvement, now and over the next three, four or five years.

“Prevention is too often reactive,” Maynard said. “We’ve got an issue and now what do we do? The goal is for companies to be proactive.” &

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]