Cyber Insurance

Brokers: More Interest in Cyber Cover

The expenses related to a breach as well as the increasing number of cyber targets are troubling companies in all industries.
By: | July 8, 2015 • 4 min read

Demand for cyber security insurance ranks No. 1, slightly topping that for supply chain disruption coverage. That’s according to a survey of 135 insurance professionals by RKH Specialty, a London-based specialty lines broker, now a unit of Hyperion Insurance Group.


Cyber coverage was the most sought-after insurance at 70 percent, followed by supply chain disruption at 61 percent, and flood at 30 percent. Other coverages in demand were product recall and drones (both 11 percent), tornadoes at 9 percent, and e-cigarettes, autonomous vehicles and telematics, all at 8 percent.

Many brokers are seeing that concern put into action, with increased purchases of cyber coverage.

“Many of these companies are particularly concerned about business interruption and dependent business interruption from cyber attacks.” — Adam Cottini, managing director, cyber liability practice, Arthur J. Gallagher Risk Management Services

Adam Cottini, managing director, cyber liability practice, at Arthur J. Gallagher Risk Management Services Inc. in New York, said his firm has seen “a really nice pickup” of cyber coverage — exceeding 50 percent year-over-year.

“Some of that growth has been achievable by streamlining our processes for clients under $100 million in sales, but a portion is also due to more business from the middle market — and not just health care, financial institutions and public entities, but a wider array of industries, including manufacturing,” Cottini said.

“Many of these companies are particularly concerned about business interruption and dependent business interruption from cyber attacks.”

David Rees, an RKH divisional director specializing in cyber, agreed that cyber policies were attracting companies across various industries as executives realize that cyber attackers do not always target theft of consumer data, but also aim to disrupt operations or supply chains.


He said some cyber policies now cover such exposures.

“For example, a cyber attack on an energy company with an oil pipeline could cause a valve to be shut or an explosion that causes a leak,” he said.

“Policies now cover business disruption in those situations as well as any resulting environmental impact.”

Alternatively, companies can negotiate with insurers of business interruption policies to remove any exclusion for cyber attacks, though it can be a “tug of war” to accomplish that, Rees said.

Marsh is another firm that has seen the take-up of cyber insurance across all industries over the past three years.

 Robert Parisi, managing director and cyber product leader, Marsh

Robert Parisi, managing director and cyber product leader, Marsh

At this point, the firm is seeing manufacturers, and power and utility companies buying almost at the same rate as retailers, higher education and health care companies, said Robert Parisi, a managing director and cyber product leader for Marsh in New York.

“They are looking to cover losses when a cyber attack or technology glitch disrupts their manufacturing assembly lines or supply chains,” Parisi said. “This is almost now at the same level of concern as stealing personal information is to retailers, higher ed and health care firms.”

The pickup in cyber insurance purchasing via Aon has increased from less than 10 percent in 2014 to more than 30 percent through the first half of 2015, said Kevin Kalinich, global practice leader, cyber risk, at Aon in Chicago.

He said the bulk of the interest has been from larger companies in pharmaceutical, manufacturing, energy and food production.

But not all companies truly understand the threat, Kalinich said, pointing to survey results of 2,243 executives in 37 countries released in April in a “2015 Global Cyber Impact Report,” sponsored by Aon Risk Services and conducted by Ponemon Institute LLC.

While 72 percent of those respondents consider cyber risk as a top 10 business risk, 54 percent of respondents did not plan to purchase cyber insurance.

The main reasons for not purchasing coverage is that it is inadequate for their exposure (31 percent of respondents), premiums were too expensive (29 percent), property and casualty policies were sufficient (26 percent) or there were too many exclusions, restrictions and uninsurable risks (26 percent).

Rees said the interest in cyber policies has been heightened by news reports of breaches. It has made companies increasingly aware of how expensive it can be to fix such problems, including notifying potential victims of the breach and hiring forensic firms and privacy attorneys, among others.

For example, a privacy attorney can charge from $700 to $900 an hour, but with a cyber policy, companies can get preferential rates and pay from $400 or $500 per hour for that same attorney, he said.

Marsh’s Parisi has been working in the cyber sector for almost 20 years and has seen hacks from industrial espionage and state-sponsored terrorism to simple vandalism. However, particularly troubling these days is the increased sophistication, size and scope of denial-of-service attacks.


“The past year has seen dramatic growth in high-volume denial-of-service attacks, with the largest attacks using multiple techniques concurrently — and it’s definitely not coming from some kid in a basement,” Parisi said.

“Whether it’s ‘I don’t like your company’ [or] ‘I don’t like your country,’ something is going on to cause these attacks to become stronger year after year.”

Katie Kuehner-Hebert is a freelance writer based in California. She has more than two decades of journalism experience and expertise in financial writing. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

4 Companies That Rocked It by Treating Injured Workers as Equals; Not Adversaries

The 2018 Teddy Award winners built their programs around people, not claims, and offer proof that a worker-centric approach is a smarter way to operate.
By: | October 30, 2018 • 3 min read

Across the workers’ compensation industry, the concept of a worker advocacy model has been around for a while, but has only seen notable adoption in recent years.

Even among those not adopting a formal advocacy approach, mindsets are shifting. Formerly claims-centric programs are becoming worker-centric and it’s a win all around: better outcomes; greater productivity; safer, healthier employees and a stronger bottom line.


That’s what you’ll see in this month’s issue of Risk & Insurance® when you read the profiles of the four recipients of the 2018 Theodore Roosevelt Workers’ Compensation and Disability Management Award, sponsored by PMA Companies. These four programs put workers front and center in everything they do.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top,” said Steve Legg, director of risk management for Starbucks.

Starbucks put claims reporting in the hands of its partners, an exemplary act of trust. The coffee company also put itself in workers’ shoes to identify and remove points of friction.

That led to a call center run by Starbucks’ TPA and a dedicated telephonic case management team so that partners can speak to a live person without the frustration of ‘phone tag’ and unanswered questions.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top.” — Steve Legg, director of risk management, Starbucks

Starbucks also implemented direct deposit for lost-time pay, eliminating stressful wait times for injured partners, and allowing them to focus on healing.

For Starbucks, as for all of the 2018 Teddy Award winners, the approach is netting measurable results. With higher partner satisfaction, it has seen a 50 percent decrease in litigation.

Teddy winner Main Line Health (MLH) adopted worker advocacy in a way that goes far beyond claims.

Employees who identify and report safety hazards can take credit for their actions by sending out a formal “Employee Safety Message” to nearly 11,000 mailboxes across the organization.

“The recognition is pretty cool,” said Steve Besack, system director, claims management and workers’ compensation for the health system.

MLH also takes a non-adversarial approach to workers with repeat injuries, seeing them as a resource for identifying areas of improvement.

“When you look at ‘repeat offenders’ in an unconventional way, they’re a great asset to the program, not a liability,” said Mike Miller, manager, workers’ compensation and employee safety for MLH.

Teddy winner Monmouth County, N.J. utilizes high-tech motion capture technology to reduce the chance of placing new hires in jobs that are likely to hurt them.

Monmouth County also adopted numerous wellness initiatives that help workers manage their weight and improve their wellbeing overall.

“You should see the looks on their faces when their cholesterol is down, they’ve lost weight and their blood sugar is better. We’ve had people lose 30 and 40 pounds,” said William McGuane, the county’s manager of benefits and workers’ compensation.


Do these sound like minor program elements? The math says otherwise: Claims severity has plunged from $5.5 million in 2009 to $1.3 million in 2017.

At the University of Pennsylvania, putting workers first means getting out from behind the desk and finding out what each one of them is tasked with, day in, day out — and looking for ways to make each of those tasks safer.

Regular observations across the sprawling campus have resulted in a phenomenal number of process and equipment changes that seem simple on their own, but in combination have created a substantially safer, healthier campus and improved employee morale.

UPenn’s workers’ comp costs, in the seven-digit figures in 2009, have been virtually cut in half.

Risk & Insurance® is proud to honor the work of these four organizations. We hope their stories inspire other organizations to be true partners with the employees they depend on. &

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]