Getting the Policy Right: An Attorney’s Conversion to Insurance Brokering
As a cyber insurance coverage litigator, Darin McMullen often saw how a policy’s wording failed to deliver on its intent due to ambiguous language. When there’s a misunderstanding between insurers and insureds over what a policy says and what it means, both parties end up in the courtroom. But in those cases, McMullen saw an opportunity to leverage his 20 years of legal experience to close that gap.
“As cyber insurance is a still-maturing product, I saw the chance to move over to broking and be on the frontline of negotiations, making sure that the intent of policy was reflected in the wording,” he said.
So he left his position as co-chair of Anderson Kill’s cyber insurance recovery group and made his way to Aon, where he is now a senior vice president and cyber and E&O product leader. Since the switch, he has been helping clients find innovative solutions to the ever-evolving challenges cyber risk presents.
Those challenges include finding coverage at the intersection of cyber and property exposure. When a cyber event causes property damage and incurs significant business interruption expenses, which policy picks up the loss? It’s a question for which the insurance industry’s best answer so far has been, “It depends.”
Because there is no standard approach to this type of loss from carriers, insureds are often left parsing through cyber, property and financial lines policies to patch together coverage.
One of McMullen’s clients experienced this scenario when a cyber event damaged a manufacturing facility, leading to significant business income loss.
Going forward, they wanted a comprehensive program that would not only cover traditional cyber losses, like breach notification and data restoration, but that would also provide for BI and extra expenses stemming from a cyber event causing physical damage.
“Many programs we’ve built have been for traditional manufacturers,” McMullen said.
“It required asking underwriters to step out of their comfort zone and challenged them to collaborate within their own organizations, across multiple lines, so that traditional cyber losses would be covered along with business interruption and actual physical property loss.”
A ‘Painstakingly Detailed’ Process
Cyber and property specialists were brought to the table to discuss policy wording and clear up any potential misinterpretations so the policy would perform as planned.
“Bridging the gap between how cyber underwriters and property underwriters approach different concepts from a wording standpoint was one of the biggest challenges,” McMullen said.
Though the discussions were long, McMullen drove forward “by shining a spotlight on legal considerations that could arise from differences in terminology. By focusing on specific provisions that if not reconciled were going to create problems — that got everyone to the table.”
Once the primary market was on board, McMullen and his team had to take their product to excess carriers, which had never seen a policy quite like this one. It was critical to explain what the program was trying to accomplish, why certain language was chosen and how decisions were made.
“By shining a spotlight on legal considerations that could arise from differences in terminology, by focusing on specific provisions that if not reconciled were going to create problems — that got everyone to the table.” — Darin McMullen, SVP, cyber and E&O product leader, Aon
“So much of the success was incumbent on explaining the why and how to the underwriters so they can appreciate it themselves,” McMullen said.
Calculating the financial impact of BI and determining how extra expenses would be treated were two sticking points, but ultimately, both were addressed directly in the policy. The resulting program was comprehensive — broad enough to cover both traditional cyber and cyber-related property losses — while still being tailored to the client’s specific exposures and needs.
While the program in this case was very bespoke, McMullen said the process of building it laid the foundation from which similar programs can be built for clients in other industries. He and his team now understand how early they must get the ball rolling in terms of setting expectations in the marketplace and ironing out specific insuring agreements.
“We’ve seen where things can require more back and forth, so it’s been a good lesson for us to build out our own internal framework. It’s allowed us to streamline the process and given us credibility with the markets as well,” he said.
Increasing Demand for Innovative Cyber Solutions
That’s especially important now as more companies are taking cyber risk seriously and exploring the variety of coverage options available.
“We are seeing this type of breadth and specificity being requested and explored much more often than even 12 or 24 months ago,” McMullen said.
He pointed to two key factors driving the demand for cyber solutions. First was the NotPetya attack in 2017. The event’s staggering losses served to drive awareness of exposure and boost both the pursuit and reception of innovative solutions. Second was the constriction of the property market following 2017’s catastrophe season.
“Limitations or restrictions in property coverage have caused a number of clients to re-evaluate how to address and where to cover cyber-related losses, whether that’s in part still in property or as part of a cyber program or across multiple programs,” McMullen said.
What is clear is that when it comes to cyber insurance, there is no one-size-fits-all solution. An organization’s unique operations, risk appetite and approach to enterprise risk management will dictate how their program takes shape. The cyber market, however, remains as willing as ever to accommodate ever-changing needs and to explore new and unique solutions.
“As always, it’s about finding the right carrier for the client based on their appetite and existing relationships,” McMullen said. “The cyber insurance market continues to be receptive to innovation and certainly growth. We are seeing more of these types of placements being bound.” &