Cyberinsurers, Producers: Opportunists or Saviors?

Since the introduction of cyberinsuranceproducts roughly three years ago, articles have been writtenquestioning the insurance industrys approach to the new cyberspaceexposures.

The critics of standalone cyberinsurance products usually buildtheir arguments around two general themes.

The first argument is that insurance companies (and I assumebrokers, as well) are always looking for new ways to repackageexisting coverage to collect more premium (and commissions).

The second argument that these same critics make is thatcoverage provided under cyberinsurance policies already exists.

Therefore, in a nutshell, the insurance industry is made up ofredundant money scavengers and opportunists.

I think both arguments not only underestimate the exposure, butthey also underestimate the quality of individuals and companies inthe insurance industry.

Let us address the contractual weaknesses of standard policiesin order to address the arguments put forth against dedicatedcyberinsurance programs.

Three-plus years ago, a few underwriters and brokers saw acoverage and expertise void in the marketplace. Once underwriterstook the time to gain expertise and to understand the exposuresthat the new economy produced, they began to re-evaluate theproducts being offered in light of these new exposures.

They quickly realized what both the traditional property andliability underwriter fully understood–that existing policies werenot designed for these new perils, such as viruses, hacker/crackerexposures, or denial-of-service attacks. The traditionalunderwriters who were offering standard policies (covering tangibleperils, such as flood, fire, and wind) were not comprehensivelyunderwriting these new perils.

Therefore, a new breed of underwriter–and in some cases,broker–was born.

After these “new” underwriters gained an appreciation for the“e-perils,” they rightfully designed products that they feltallowed them to protect against cyberspace exposures.

Did they see this as a way to make money?

I am sure they did. I can tell you, however, that in the pastyear, not all of them made money on their cyberinsurance policies.As a matter of fact, a number have withdrawn from the marketcompletely, because of the large losses that they have alreadysustained in this new segment of the insurance industry in theproducts infancy.

Business interruption coverage provides one of the most overtexamples of how a traditional policy will not fulfill the uniqueneeds of insureds conducting business on the Internet–or usingother technologies, such as cellular. It would be hard, if notimpossible, to find a well-informed individual that couldintellectually argue that a denial of service to an insured using abusiness-to-business (B2B) or business-to-consumer (B2C)Internet-based business model results in “physical damage” to“tangible property.” Yet this is a standard requirement of atraditional property (business interruption) policy.

There are other examples as well.

I will concede that a cyberliability (third-party liability)policy potentially has some overlap with a well-designed,comprehensive property-casualty program. I will also say, however,that there are cyberinsurance policies available that providecoverage that does not exist in standard policies.

I will not give in to those who argue that an insured thatconducts business on the Internet would be fully protected withouta dedicated cyberliability policy. There are clear advantages ofcyberliability policies, such as contractual comprehensiveness andrisk manageability.

Assuming there is coverage for certain perils elsewhere, I wouldsuggest that it would be because the “standard” policy is “silent,”not because the underwriter expressly intended to cover them.

Intellectual property rights, specifically trademark andcopyright, are a major source of exposure in the World Wide Web. Aquality cyberliability policy will protect the insured frominfringement litigation. The comprehensive general liability is notintended to provide this coverage to an Internet company. Thecoverage under a CGL is for incidental advertising. I suggest thata Web site is not “incidental.”

Because it was not the intent of the underwriter to cover suchperils, courts are hearing (and will continue to hear) argumentsover the nuances of contract language in standard policies.

To advise an insured to presume coverage under standard policyconditions is, in my opinion, misleading and ill advised. One couldeasily question the prudence of an agent or broker who chooses notto discuss a dedicated cyberinsurance product, in this newenvironment.

It is equally important to consider typical claims scenariosunder one policy or numerous policies. What happens, for example,if an insured is an “e-broker”–a stock broker conducting businessover the Internet–who falls victim to a major denial-of-serviceattack?

First, there is the business interruption loss–and we havealready addressed the reasons why a standard property policy wouldnot cover a denial-of-service attack claim that is submitted to thefirst-party underwriter.

Second, the e-brokers clients, who suffered financial lossesresulting from their inability to access their accounts when theservice was down, will likely bring lawsuits against the broker.Such lawsuits, which could have class action potential, would besent to third-party underwriters. Whether or not a comprehensivegeneral liability policy would cover this type of third-party lossis a legitimate question.

I would suggest that it would not, since the peril is notassociated in any way with “bodily injury” or “propertydamage.”

Under the correct cyberinsurance policy, the insured would onlyhave to deal with one company–and that company would be one thathas seen this type of claim before–rather than two companies thatdo not have individuals dedicated to handling these types of claimsor the experience.

We see the majority of cyberinsurance policies being offered,not as attempts to “rake in more money selling the same box of soaptwice.” Instead, the professionals who have created them arewilling to underwrite the new perils in dedicated, specificpolicies. They are hoping to be players in this new market for along time and to earn the respect of brokers and insureds thatrecognize these new e-perils.

Finally, it is important to note that each insured is unique andthat one approach will not be right for everyone. To trulydetermine whether “piggybacking” on existing policies is the bestrisk management strategy–or whether a specific cyberinsurancepolicy is a better alternative–the potential insured must firstestablish priorities and fully explore all options, evaluating thepros and cons of each approach. Only then can the insured make anintelligent decision.

If you are an agent or broker, be sure to seek expert advice onthe constantly and rapidly changing products that are emerging inthis area.

If you are an insured, be sure to talk to the right agent orbroker.

Peter R. Taffae is the president of e-perils.com in LosAngeles. A division of Worldwide Facilities, Inc., e-perils.com isan independent insurance wholesaler specializing in cyberinsurance,directors and officers liability, errors and omissions, employmentpractices liability, medical malpractice, crime and legalmalpractice insurance for commercial and financial institutions.Mr. Taffae may be reached at [email protected].

Reproduced from National Underwriter Property &Casualty/Risk & Benefits Management Edition, September 10,2001. Copyright 2001 by The National Underwriter Company in theserial publication. All rights reserved.Copyright in this articleas an independent work may be held by the author.

Contact Webmaster