Eduard Goodman, chief privacy officer of Scottsdale, Ariz.-based
IDT911, an identity theft protection firm, isn’t too high on the
industry’s knowledge of cyber insurance, cybercrime and data theft.
Goodman assigned a grade of C- when asked to assess the average insurance agent’s knowledge in this area.
He also discussed what questions agents need to ask – both of clients
and providers – to ensure they are making the best cyber insurance
recommendations, as well as pricing and other topics, with Insurance
Journal. This interview was edited for brevity.
Insurance Journal: Cyber insurance is growing in popularity, but do you think independent agents have a good handle on this topic?
Goodman: I think, generally speaking, no. I think
generally, your average agent broker doesn’t truly understand what the
risks are, and what’s available out there in the market to address those
risks.
I do think, specifically, there are lots of agents out there, and
brokers, that are very well-educated in this area, and are becoming more
educated as time goes by, but they are fewer and far between right now,
so I think the mass of folks selling general commercial insurance out
there, if I had to test their knowledge of that, I’d say maybe they’d
get a C-.
IJ: Do agents need to offer this type of insurance to stay competitive?
Goodman: I think absolutely they do. I think what’s
being lost on lots of brokers and agents now, though, is that this is
such a common risk.
So many more carriers, on a day-to-day basis even, now are adding it,
or are covering these types of risks in different manners, that in some
respects, frankly not offering it, not mentioning it, and bringing it
up with your commercial clients, it doesn’t just put you at a
competitive disadvantage, it probably puts you at some risk of
professional liability for failing to recommend covers, and restricting
strategies to deal with what frankly, unfortunately, is a very, very
common risk that hits businesses of all sizes and all types, on
operational, and administrative, legal and other levels.
I think it’s more than competitive advantage, frankly. I think it’s
one of self-preservation, at least from their own professional
liability, and any potential errors or omissions they might face, and
things of that nature as a broker who is a professional, who supposed to
be helping manage risk insurance.
IJ: What are some of the advantages of offering it?
Goodman: I think that there’s so many different
advantages. I’ll start out with the fact that I think most folks don’t
recognize how some of these different cyber events really hit a
business. I think the first advantage is, if you want to have a
recurring customer next year, to sell insurance products to, you want to
make sure they’re still in business.
The advantage primary, to focusing on offering these types of
coverages, is frankly in ensuring the continuity of your own clients.
We’ve seen scenarios where an event like this turns out not to be
covered – we could talk different events – and it sinks a company, and
of course they just shut down, or it creates liabilities they just can’t
bear.
I think that’s one of the prime ones, but I think all the other
things, really it’s just when you do offer these types of coverages, I
think what’s lost on most folks is that cyber coverage – we won’t credit
this – there was a reinsurance provider that we work with, that when it
clicked with them, they understood, real cyber insurance isn’t just
about writing a check to make you whole, like when your building burns
down.
It’s really more of a conduit to services, because you don’t know
what you’re dealing with. You need the professionals, you need the right
legal counsel, different folks in the right positions to help you work
through what’s a very murky situation, because it’s not a traditional
tangible loss or experience.
Most of the time, when that’s handled right, when you take a client
really from panic to peace of mind around an incident like that, it
always invariably translates back to the broker or agent who offered the
policy to begin with, sometimes with the client saying, ‘Do I really
need that?’ Yeah, you do.
IJ: Name some factors, beyond revenue, that are taken into consideration when determining price.
Goodman: Revenue aside, I think the thing that is
also a bit of a misnomer in cyber is that revenue corresponds to risk,
and that’s not always the case, especially with mandated responses
around data breaches, for instance, and things like that.
Some of the factors that are considered is obviously going to be your
industry type. Most notably would be professional services, with
medical standing out, but also legal and CPAs. They deal with a lot of
data, a lot of data on consumers. Again, they’re going to tend to be on a
higher price, or different type of offering, when it comes to what’s
available. Financial services in general are higher risk.
I think certain industry, and industry segments, most of them know
and wouldn’t be surprised when they find out they’re in a higher risk
class and are going to pay a little bit more. Size, also is going to
benefit it. Not just revenue, but the amount of transactions.
I give people the example that you could be a small business owner
who owns a kiosk that sells bubblegum at LAX, but you might have
100,000, 200,000 transactions in the course of a couple months, just
from people buying 75 cent bubblegum. That’s still a lot of data, as far
as card information and things like that.
Revenue wouldn’t correspond with the potential risk they might have,
as an easy example. The amount of transactions, the type of business
they’re in, and the industry again, like I said – are they specifically
targeted? – and those types of risks.
Those are the other factors that go in, besides simply looking at revenue, revenue streams, and that type of issue.
IJ: Can you give me three or four good questions that agents need to ask their clients, as well as providers?
Goodman: Yeah, I think starting on the provider
side, it’s really trying to figure out what the carrier itself is
actually covering. I think that’s a big issue, and a bit of a difficulty
for brokers right now, to understand that not all cyber coverages are
created equal. It’s not a very well-defined area. Different carriers
cover and exclude different things, which does make it tricky.
I think they need to go to their carriers and they need to get a
clear answer to, “What exactly is being covered? Is this just going to
cover my clients in the event of a data breach? Is this going to cover
them if they don’t deal with information on people, but maybe make
software products or things like that,” and maybe network liability,
which is an older type of cyber coverage might be more apropos?
I think it’s trying to understand the coverages that are being
offered by the carriers that they work with, whether it’s stand-alone
coverages, which there’s plenty of them out there, more specialized and
even pricier, or even add-ons to BOPs and CCP packages that have been
out there for years, as well.
Really knowing what’s covered, what’s not, how they address things
like payment card-related issues, which has been a sticky issue, as
well. Those are the things to clarify with your carriers that you’re
working with, to understand the products, frankly.
I think the other side, in dealing with who you’re selling those
products to, your actual clients as a broker or an agent, I think
getting to understand the nature of the business is really important,
and one of those key questions that people don’t really talk about, that
I think comes into play, is trying to discern right off the bat, are
they a B2B business, or B2C?
B2C is going to really tend to cause you, when it’s business to
consumer, to focus very heavily on data breach related coverages. Those
are coverages that respond to a lot of your own costs as an entity, to
have to comply with regulatory notifications, and notifications to the
public, which can be very costly. Sometimes defending lawsuits as well,
but mostly the first-party costs.
If you work with consumers, those are the types of coverages you
should be looking to offer. Those types of businesses that are retail,
or physicians’ offices, law firms, or any business that’s going to deal
with that.
If you make widgets for other companies that make widgets, you’re
going to want to concentrate on other issues. Business continuity is
going to be very big. Cyber ransom and those types of coverages would
also be very important to look at, but you want to have a good
understanding of where the risk is.
I think that’s one of the things to understand primarily – What do
your businesses do, how do you do it? It sounds like a fairly obvious
question, but it’s not always, when people think about it from cyber.
I think that’s one of them. I think understanding size and scope,
meaning obviously transaction amounts, not just dollar amounts, but also
understanding where they do business. Is it global? Is it only in the
U.S.? Those are the things, as we’re seeing more and more privacy risks,
and other types of risks expand outside of the U.S., are really, really
important.
Credit: http://www.mynewmarkets.com
- Blogger Comment
- Facebook Comment
Subscribe to:
Post Comments
(
Atom
)
0 comments:
Post a Comment