6 Emerging Supply Chain Risks You Should Know
The Wolf of RIMS
RIMS just concluded in Denver, and I had a few observations.
It was cold, very cold. Given that the Spencer/Gallagher Golf Tournament is always a part of RIMS, why isn’t the conference held in cities with much better weather? Who could forget Chicago a few years ago, where the golf tournament lasted three holes because of the snow and those who chose Cubs opening day didn’t fare much better. I know we can never really guarantee the weather but we might want to increase the chances of a good climate for a great meeting. Eighteen holes of golf in the sun beats three holes in the cold any day.
And then there was the keynote speaker – Jordan Belfort, the author of “The Wolf of Wall Street.” I actually couldn’t believe RIMS would pick him to speak at our convention. Let’s see, his redeeming values were abusing drugs, denigrating women and maybe worst of all stealing money from at least 1,500 people. Nobody should have money stolen from them, but Belfort concentrated mostly on the weak and vulnerable, retirees or people just getting by. Nice guy, our motivational speaker.
So I was thinking, is this the best our industry could do for a keynote speaker? Was there a lesson RIMS wanted to teach, like “Greed is Bad”?
Of course, people deserve a second chance, so I did a little research after I learned Belfort was the keynote speaker. Nancy Dillon from the Daily News wrote, “according to Federal prosecutors, Belfort failed to live up to the restitution requirement of his 2003 sentencing agreement. The agreement requires him to pay 50 percent of his income towards the 1,500 clients he defrauded.” The Federal government filed a complaint since Belfort had an income of $1,767,203 in 2013 from his book/movie rights and another $24k from speaking engagements like the one at RIMS. Yet, According to Ben Child of the guardian.com he has only paid back $11.6 million of the $110.4 million he was ordered to pay as restitution.
For more details of just how rotten Belfort is, read this NY Times article by Joel M.Cohen who prosecuted the case.
So I was thinking, is this the best our industry could do for a keynote speaker? Was there a lesson RIMS wanted to teach, like “Greed is Bad”? Most of us saw Michael Douglas in Wall Street, some lived it. Couldn’t we as an industry have done better?
In the last year, I saw some great conference speakers such as Garrison Wynn, author of “The Real Truth About Success” as well as Lt. Col. Rob Waldman, a highly decorated fighter pilot, author and businessman and wonderful motivational speaker. And we got a guy who stole money from people and has yet to pay it back. Belfort would be a solid choice if we we motivating crooks, however I like to think a bit more highly of our community
Maybe Albert Einstein said it best when he said “the value of a man should be seen in what he gives and not in what he is able to receive.”
There are plenty of good, decent people who give back to society – why don’t we stick with them as our guest speakers!
Read all of Joe Boren’s Risk Insider contributions.
Searching for Stability in Cyber Space
As headline-grabbing breaches crack systems and tarnish reputations of major retail, healthcare and financial companies, the need for cyber insurance has become increasingly apparent.
Given the constantly changing nature of cyber risk and the market landscape, creating a stable, sustainable cyber insurance business demands a prudent approach, with an eye on the long road.
“We’ve seen carriers jump in and out, wanting to take advantage of a new opportunity, but perhaps underestimating the risk,” said Danielle Librizzi, Senior Vice President, Head of Professional Liability, Berkshire Hathaway Specialty Insurance (BHSI).
“As cyber exposure became more tangible to carriers, in-force coverage was tested and many made radical changes to pricing and availability of coverage. BHSI is committed to entering the cyber market in a thoughtful and sustainable way. We want to be there for our customers as the risks continue to evolve.”
Diverse, Evolving Risks
Cyber exposure – and coverage — have been evolving, posing different risks and underwriting challenges for different industries. The technology, financial services and healthcare industries illustrate the diverse issues that must be considered in order to provide effective, financially sustainable cyber solutions.
The technology sector was the first cyber battleground, and technology E&O forms included some cyber coverage by virtue of the nature of the risk. “There’s inherent cyber coverage for third party liabilities in E&O,” Librizzi said.
While coverage is widely available, tech companies pose challenges to underwriters because of their unique position in the cyber “supply chain.” These companies provide software, hardware and cloud services; virtually every organization in the world is dependent on a tech provider of some stripe. If an insurer is covering both the provider and its clients, the aggregate risk should be monitored closely.
Think of a DOS attack on a cloud provider that prevents all of its clients – which could include anyone from a bank to a retailer or transportation company — from accessing stored customer or corporate data or running cloud-based service apps. That single attack could bring business in multiple industries to a grinding halt, potentially causing business interruption and E&O losses.
The tech industry hasn’t seen a large scale event like this yet, but it isn’t waiting around for one to strike before addressing the underlying risk. Controlling and accounting for the aggregate exposure will mold the direction that coverage development takes.
“Our combined form, introduced in October, 2015, is a comprehensive solution that includes first and third party cyber coverage as well as traditional E&O coverage,” Librizzi said.
However, that approach may not be appropriate for other industries. Financial Institutions, for example, may seek a dedicated cyber only policy which does not include traditional E&O coverage.
While banks typically have strong protocols for network security and privacy, they also have a much greater exposure in massive stores of customer data. Financial Institutions are looking to address liability in the form of class action lawsuits or heavy regulatory investigations and fines emanating from cyber, and may not want to compromise their traditional E&O limits.
“Additionally, given the increased reliance on outsourced providers for technology solutions, we have started to see the introduction of sub-limited coverage for dependent business interruption and payment card industry (PCI) fines and assessments as enhancements to coverage,” Librizzi said. “We might see those sub-limits go to full coverage as competition gets heavier.”
Other industries, which may not be as advanced as financial institutions in addressing cyber threats, have suffered more from a lack of robust cyber coverage that can keep up with increasing exposure.
Healthcare, for example, has seen a surge of cyber attacks since hospitals and other health systems went electronic. To a hacker, healthcare providers represent a warehouse of valuable personal identifiable and protected health information.
Email addresses from healthcare systems typically are white-listed and less likely to get caught in a spam filter, giving hackers incentive to obtain access and gain control of a healthcare provider’s network in order to launch phishing attacks.
After some high-profile breaches in 2015, Human Health Services and the Office for Civil Rights came under scrutiny for not doing enough enforcement of HIPPA. Fines imposed by regulators increased dramatically over the past decade, and seem poised to only get higher.
“They’ll be ramping up enforcement of regulations in 2016, and that’s only a peek of what’s on the horizon,” Librizzi said.
The burgeoning of healthcare’s cyber exposure has challenged the insurance industry to better understand the nature of the risk and how best to secure hospital systems. Coverage for this sector remains the most difficult to write effectively.
BHSI understands the need for different customers to have different solutions. Some customers desire a dedicated cyber policy that does not include traditional E&O coverage. BHSI’s Network Security and Privacy stand-alone policy is designed to address the needs to those customers.
“The cyber exposures and coverages needs of healthcare, financial services and technology are on different timelines and will look very different in the future,” Librizzi said.
Even in more mature markets, the conflation of commercial and personal cyber risk will challenge insurers going forward. Most existing cyber products don’t cover property damage and personal injury; as the risks emerge and the Internet of Things becomes more pervasive, the coverage will have to evolve as well.
“We must always be thinking about what is on the horizon from a risk and coverage perspective – our technology driven society demands it,” Librizzi said.
Anticipating challenges and adapting to each industry’s needs has been a cornerstone of BHSI’s approach to cyber. It’s careful and measured approach has also helped the specialty insurer build an arsenal of experts and ancillary services to help clients better grasp and mitigate their exposure.
“We know the importance of really understanding the risk and communicating it clearly to our customers,” Librizzi said. “We don’t bury our coverage in a pile of definitions, and we provide the expertise to help insureds stay ahead of the next big breach.”
To learn more about BHSI’s professional liability products, visit http://www.bhspecialty.com/.
Berkshire Hathaway Specialty Insurance (www.bhspecialty.com) provides commercial property, casualty, healthcare professional liability, executive and professional lines, surety, travel, programs, medical stop loss and homeowners insurance. The actual and final terms of coverage for all product lines may vary. It underwrites on the paper of Berkshire Hathaway’s National Indemnity group of insurance companies, which hold financial strength ratings of A++ from AM Best and AA+ from Standard & Poor’s. Based in Boston, Berkshire Hathaway Specialty Insurance has offices in Atlanta, Boston, Chicago, Fort Lauderdale, Houston, Los Angeles, New York, San Francisco, San Ramon, Stevens Point, Auckland, Brisbane, Hong Kong, Melbourne, Singapore, Sydney and Toronto. For more information, contact [email protected].
The information contained herein is for general informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product or service. Any description set forth herein does not include all policy terms, conditions and exclusions. Please refer to the actual policy for complete details of coverage and exclusions.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Berkshire Hathaway Specialty Insurance. The editorial staff of Risk & Insurance had no role in its preparation.