How Cyber Security Raters and Other Vendors May Help You Diffuse Third-Party Cyber Risk

By: Jack Hampton | August 5, 2020

John (Jack) Hampton was a Professor of Business at St. Peter’s University, a core faculty member at the International School of Management (Paris), and a Risk Insider at Risk and Insurance magazine where he was named a 2018 All Star. He was Executive Director of the Risk and Insurance Management Society (RIMS), dean of the schools of business at Seton Hall and Connecticut State universities, and provost of the College of Insurance and SUNY Maritime College in New York City.

Ah, just give me the facts.

“Personal computers will never replace large scale mainframe computers.”

Of course they won’t. Companies will not trust employees to download sensitive corporate data to local PC harddrives. Spreadsheets without passwords will never leave the window-less rooms of the data processing department.

The year was 1983.

“Cyber security will never be outsourced to third-party service providers.”

No need to do it. Organizations will build their own information technology units to deny access to outsiders who attempt to breach their cyber walls.

Of course they will. When troublemakers try to sneak through their system doorways, they will raise the drawbridge that crosses the cyber moat.

The year was 2008.

“To be truly secure, we need the world’s best cyber security team.” Each organization will build its own to handle attempted misbehavior.

The year is 2020.

These attitudes reflect an understanding of the past. Today, cyber security needs a fresh perspective.

The walls are tall at 30 feet. Only governments, criminal associations, and ultra-skilled individuals have 31-foot ladders.

When walls reach 33 feet, these players will develop the newly-improved 35-footer.

Protecting the walls is likely to be a forever project.

The doors in the cyber walls are something else. We open them today. We will always open them. That’s one of the nice things about a doorway. Only Santa Claus has to go down the chimney.

As we continue to open doors, true cyber security has to answer a simple question. “Who do authorized parties bring with them when we open the cyber door?”

Answering this question requires the CEO and board of trustees to ask, “How much will it cost for sufficient resources to identify and restrict potentially-compromised visitors?”

This would have been a daunting question in 1983 or 2008. The answer for many entities was, “Too much.”

Today, the answer may be, “Not so much.” Two parallel developments are occurring.

Cyber Security Raters. A growing cyber risk market is forming around companies that help you understand the exposure represented by suppliers, distributors, customers, and strangers who knock on the door. They rate the level of cyber risk posed by each party and alert you to parties that should be denied entry, or at least be frisked for a hidden weapon.
Microservice Architects. These companies help divide a single integrated computer system into discrete self-contained modules separated by their own secure internal doorways. When an organization restricts individuals who unleash a cyber loss, the whole system is not affected.

Think about what it means if an organization converts to a microservice architecture monitored by a cyber security rater. A person knocks on the cyber wall door triggering risk management responses:

Risk Identification. Who is it? What do they want?
Risk prevention. What is the visitor’s cyber score separately from our own knowledge? Do we open the door for people in this category? If yes, where do we allow them to go.
Risk mitigation. Even if they get in, visits are restricted to a single area.
Risk avoidance. If visitation is restricted, no harm is done in other areas.

Many organizations are likely to be evaluating cyber security ratings and microservice architecture in the near future.

Maybe not all. You can hear it now.

“We can’t afford to hire someone to give us cyber risk scores on our visitors.”
“We have to trust our suppliers and partners to stay in their authorized area.”
“Even though our system has legacy features that make us vulnerable, we can live with the exposures.”

These statements encourage a time check. Is it still 1983? Is it 2008? Is it 2020?

Or, if we don’t make changes, will it soon be too late? &

How a Carrier Partner Can Help Navigate a Challenging Management and Professional Liability Market

A combination of a choppy economy with increased claims frequency and severity could lead to rate increases in the Management & Professional Liability market.

By: Risk & Insurance | April 3, 2024

Rates in the management & professional liability (M&PL) markets were on the rise from 2020 to early 2023 and are now falling rapidly.

M&PL divisions manage a number of different insurance products including management liability (D&O), professional liability (E&O), employment practices liability (EPL), fiduciary liability policies, cyber, etc. In 2023 and into 2024, a big influence on the marketplace has been the extremely aggressive and softening public company D&O market.

Though these rates have been softening for management liability, that may change over the next few years as companies continue to adjust their business models motivated by economic uncertainty. Layoffs were up nearly 200% last year, Forbes reported, even as other recession indicators, like the inflation rate, improved. A recession could lead to an increased claim activity and force carriers to raise rates.

“Whenever there is a meaningful downturn in the economy, we tend to see claim frequency pop up,” said George Schalick, Jr., senior vice president of the Management and Professional Liability Division at Philadelphia Insurance Companies (PHLY).

With continued fiscal uncertainty, businesses potentially already burdened with pandemic-related claims should seek a carrier with a long history in M&PL products. They will provide much-needed risk management guidance and be better positioned to support their insureds during market fluctuations.

Why Insureds Might See an Uptick in M&PL Claims

George Schalick, Jr., Senior Vice President of the Management and Professional Liability Division, Philadelphia Insurance Companies

The current soft market might come as a bit of a surprise as it does not track with previous underwriting cycles and economic conditions. Afterall, many privately held and non-profit organizations struggled during the early days of the pandemic with shutdowns and rapidly declining revenues. But the Government assistance programs, like the Paycheck Protection Program loans, helped keep many afloat during the tough times.

“During COVID many organizations stopped doing business until they were able to sort out all of the health and safety challenges,” Schalick said. “They were forced to lock down, but then all the government assistance programs allowed them to keep people employed. The increased volume of claims we anticipated we would see coming from the lockdowns and restrictions that were imposed upon businesses in the U.S. didn’t manifest at first.”

“Just because there wasn’t an onslaught of reported claims at the beginning of the pandemic, doesn’t mean the circumstances that would give rise to a claim being reported didn’t occur. Courts and the judicial system were closed or slowed and now that they are back open, we’re starting to see the circumstances that occurred during the COVID lockdowns becoming claims today,” Schalick said. “Litigation is progressing.”

Added to the delayed pandemic litigation is a concern over newer claims that might be filed as the country inches toward an economic downturn. Though a recession was avoided in 2023, experts think a soft dip could occur in 2024, with 76% of economists saying there’s a 50% or less chance of an economic downturn this year — that almost always results in more management liability claims.

“During the Great Recession in 2008, we saw an almost immediate spike in claims because of the economic conditions and the pressure it placed on organizations. They were making personnel changes with significant belt tightening almost immediately.” Schalick said.

What’s in Store for M&PL Policy Rates in 2024?

Despite an uptick in claims and increased economic uncertainty, management liability rates haven’t increased, resulting in market-wide pricing levels that may not meet the increased pressure of rising settlements and jury verdicts.

“Rates are going the other direction and settlement values are not falling,” Schalick said.

The mismatch between rates, claim frequency and severity is, in part, because carriers experiencing the dramatic soft market in the public D&O market are seeking premium gain in the private and non-profit market.

“In the public company market, the rates have been decreasing significantly. The rates were increasing in the private, not-for-profit market, and rightfully so, but there’s a desire to supplement overall mid-size D&O for carriers who also write private not-for-profit, and they see that as an opportunity to aggregate premium,” Schalick said. “So the always competitive landscape in the private, not-for-profit market has dramatically increased in the last 18 to 24 months.”

Still, companies of all sizes and types should be concerned about management liability rates in the future. Legal system abuse is resulting in increases in both the amount of litigation and the size of verdicts plaintiffs are receiving.

Certain areas of the country are particularly vulnerable to this type of legal system abuse. As a result, insureds in these localities are likely to be vulnerable to rate increases.

“The environment is so positive for the plaintiff that forces premium increases so carriers are able to stay in that market long term,” Schalick said.

Why a Tenured Carrier Partner Can Help Insureds Navigate An Uncertain Market

It’s clear that insureds are facing an uncertain M&PL market over the next few years. Fortunately, carriers with a long history in the M&PL space will be there to offer stability.

Philadelphia Insurance Companies has been supporting this market for 35 years. PHLY is committed to offering long-term rate stability, even as economic and claims trends start to push premiums upwards. They have an appetite for all sorts of companies, large and small, for-profit and nonprofit alike.

“We’ve been at this game for a long time and are one of the most tenured underwriters in this space,” Schalick said. “We like to stay very consistent.”

PHLY has worked with both for-profit and non-profit on management liability policies. With dedicated M&PL teams throughout the company’s 13 regions, PHLY provides the support agents and brokers are looking for on behalf of their clients. The teams know their regions well and can respond to local trends. They’re also dedicated to making the renewal process as easy as possible for their partners and policyholders.

“We have real confidence in our results, so we focus a lot on making the renewal experience as painless as possible for all agents and insureds,” Schalick said.

The company is also investing in tools to help insureds avoid losses. Earlier this year, they launched a new online risk management platform, PHLYGateway, which offers resources for insureds on how to create an employee handbook and trainings on issues such as recognizing workplace sexual harassment and discrimination.

If insureds have questions, they can consult a Best Practices Help Line, provided via the platform. That way, they can get on the spot risk management guidance to help them prevent claims.

To learn more, visit: https://www.phly.com/mplDivision/managementLiability/default.aspx.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.

How Cyber Security Raters and Other Vendors May Help You Diffuse Third-Party Cyber Risk

The year was 1983.

The year is 2020.

Trending Stories

7 Questions for RGA’s Carmony Wong

Navigating Global Travel Uncertainties: Business Travel Risk Insights from HUB’s Will Mule

Planck’s Leandro DalleMule Discusses the Ethics of AI in Insurance

3 Keys to Combat ‘Big Brother’ Fears with Safety Technology

More from Risk & Insurance

Lockton Appoints Trevor Smith as Managing Director, Technology Risk

The Cyber Insurance Market Is Booming. How to Stay on Top of Evolving Exposures

Triaging Operational Risks: A Practitioner’s Guide to Business Continuity

$800 Million Settlement Reached for Retirees in CalPERS Long-Term Care Pension Plan Blunder

How Cyber Security Raters and Other Vendors May Help You Diffuse Third-Party Cyber Risk

The year was 1983.

The year is 2020.

Share this article!

Trending Stories

7 Questions for RGA’s Carmony Wong

Navigating Global Travel Uncertainties: Business Travel Risk Insights from HUB’s Will Mule

Planck’s Leandro DalleMule Discusses the Ethics of AI in Insurance

3 Keys to Combat ‘Big Brother’ Fears with Safety Technology

More from Risk & Insurance

Lockton Appoints Trevor Smith as Managing Director, Technology Risk

The Cyber Insurance Market Is Booming. How to Stay on Top of Evolving Exposures

Triaging Operational Risks: A Practitioner’s Guide to Business Continuity

$800 Million Settlement Reached for Retirees in CalPERS Long-Term Care Pension Plan Blunder

Sponsored: Philadelphia Insurance Companies

How a Carrier Partner Can Help Navigate a Challenging Management and Professional Liability Market

Why Insureds Might See an Uptick in M&PL Claims

What’s in Store for M&PL Policy Rates in 2024?

Why a Tenured Carrier Partner Can Help Insureds Navigate An Uncertain Market

Share this article!