From personal items such as e-cigarettes, cellphones and laptops to power tools, hoverboards, electric vehicles and alternative energy storage, rechargeable lithium-ion batteries (LIBs) come in all shapes and sizes, and are integral to modern living.
But despite their increasing application, the fire risks associated with LIBs have gained publicity of late, piquing the interest of insurers across a range of disciplines, from property and casualty to supply chain to product and environmental liability.
If overheated, LIBs can enter “thermal runaway,” emitting flammable material — sometimes in the form of small explosions; the bigger or more powerful the battery, the more impactful the event.
LIBs include a number of safety features to minimize the risk of thermal runaway. However, overcharging, damage to the battery, using an improper charging device or even excessive discharge can all trigger the problem.
After a UPS plane carrying a bulk LIB cargo caught fire and crashed in 2010, at least 18 airlines, including Cathay Pacific, Emirates and Qatar Airways, banned the bulk haulage of such cargo, causing supply chain headaches for companies transporting LIB products.
There have also been incidents when personal items have ignited in the carry hold on passenger flights.
A study by the Federal Aviation Administration (FAA) showed that gas venting from the batteries had the potential to “rocket” the battery away from the heat source. In a bulk storage facility, this could send batteries off into other parts of the warehouse, spreading the fire.
“If you are selling lithium batteries, it is even more important to have detailed instructions and warnings because there are so many things that can go wrong.” — Paul Owens, products liability manager, Sadler Products Liability Insurance
Indeed, bulk storage situations pose the biggest threat due to the risk of contagious overheating when multiple batteries are in close proximity.
“When you have a lot of these batteries together, fires can grow very quickly and be very damaging,” says Lou Gritzo, vice president of research at FM Global.
However, Gritzo’s firm said it made a major research breakthrough in April that could help mitigate LIB fire risk.
In partnership with the National Fire Protection Agency and the Fire Protection Research Foundation’s Property Insurance Research Group, FM Global conducted a first-of-its-kind warehouse fire test on the type of LIBs used in electric cars and energy storage. The test, he said, identified a sprinkler configuration that provides an “adequate fire protection point.”
Gritzo hopes the test results, which he expects to be published in a few months following data quality assurance checks, can be taken on board as an industry standard.
The results do not resolve the issue of air cargo safety, though some findings may be extrapolated out to develop in-flight fire extinguishing systems and improve safety for LIB cargo transportation.
Beyond the warehouse environment, LIB-powered devices present a product liability risk for manufacturers, importers, distributors and retailers. The biggest hazard lies in importing products that have been installed with defective or even counterfeited batteries that have been repackaged and rebranded to look superior.
In February, for example, U.S. Customs and Border Protection seized 3,500 hoverboards worth $1.8 million that reportedly contained substandard counterfeit batteries that posed a safety risk.
“If you are an electronics manufacturer, it is essential you know who and where you are buying your batteries from, that you are getting high quality batteries, and that they have high thermal runaway thresholds,” said Morgan Kyte, senior vice president and technology team leader at Marsh.
Detailed Warnings Required
The importer of defective goods is considered the manufacturer in the eyes of the law, and in the eyes of insurers in the event of a claim, said Paul Owens, products liability manager at Sadler Products Liability Insurance.
“Importers are top of the pyramid in the U.S. as no one is going overseas to recover,” he said. Most importers are buying from companies whose product liability policies won’t respond in the United States.
“Warning and instruction defect is a common entry into a product liability lawsuit,” Owens added.
“If you are selling lithium batteries, it is even more important to have detailed instructions and warnings because there are so many things that can go wrong.”
“When you have a lot of these batteries together, fires can grow very quickly and be very damaging.” — Lou Gritzo, vice president of research, FM Global
Retailers and wholesalers who purchase from U.S. manufacturers at least know they have a route of recourse in the event of a claim, though it is likely they would be dragged into litigation.
When e-cigarette user Jennifer Reis was set on fire in 2015 when the battery in her device exploded, the e-cigarette’s distributor, wholesaler and even the Tobacco Expo store where she bought it were all named in the lawsuit. Reis was awarded $1.9 million in damages.
“Retailers and distributors should ask their suppliers to name them as additional insureds on their policies,” said Owens.
“If you are named as an additional insured, the importer’s policy is primary and yours is secondary, which is an important step for retailers and wholesalers.”
However, Owen noted, not all insurance carriers are comfortable writing coverage for LIB-powered products.
“You have to be very careful with the policies you buy as some can be very narrowly written — some have full health-hazard exclusions, and for items like e-cigarettes this leaves very little coverage.”
It is not always easy to determine whether a thermal runaway event has been caused by a defective LIB, a defective electronic device or human error, Kyte said.
“Often there is not much material left after one of these, though there are certain tests that can be done and sometimes it is possible to extrapolate a sequence of events to determine the cause.”
The best way to avoid expensive product liability claims is to only buy and sell LIBs and chargers of the highest quality.
“This will cost you and your customer a little more, but it’s nothing compared to the increase in premiums after a product liability claim,” said Owens.
Lithium manganese (lMR) and hybrid (NiMH) batteries are considered chemically safer than most LIBs and do not require protection circuits, he said.
“Importers need to be good engineers. They should make sure they buy from reputable sources and it is advisable to batch test products that contain LIBs,” he added. &
Crisscrossing the ocean floor, undersea optical fiber data cables are an essential component of an increasingly interconnected world, quietly carrying massive amounts of data communications between the Earth’s landmasses.
But they are not invulnerable. Individual cables are severed or damaged dozens of times each year, most commonly by fishing boat anchors, but also by storms, scrap collectors and even shark bites.
The U.S. and other major markets, like Europe and Japan, are served by numerous cables, providing enough redundancy that traffic from a single damaged cable is rerouted before end users even notice. Wider outages, however, can have more far-reaching effects.
VIDEO: IDG.TV follows along as undersea data cables are manufactured and then loaded aboard a ship to place them in the ocean.
That’s why in October 2015, when Russian ships were observed lurking near undersea data cables, U.S. military and intelligence officials were concerned about possible sabotage.
Some experts, however, see that as unlikely.
“Cables during peacetime are protected by law under the provisions of the United Nations Convention on the Law of the Sea,” said Keith Schofield, general manager of the International Cable Protection Committee, representing the submarine cable community of interest.
Attempted sabotage, he said, would likely be detectable and stopped before any significant harm could be done to trunk cable routes.
“Before 10 or 20 percent of them were affected, owners would realize that something pretty serious was happening and could respond appropriately.”
Sean Donahue, an assistant vice president and underwriter specializing in cyber and technology at XL Catlin, agreed.
“These commercial cables have too much intrinsic value,” Donahue said. “Anybody who may have that sort of capability, such as Russia … would be hurting their own self-interest.”
Seismic activity, however, has been known to damage enough cables to cause wide service interruptions and service degradation, even in areas with ample cable connections.
A 2006 earthquake in Taiwan severed several undersea cables, causing major disruptions in Asia and ripple effects that interrupted phone service to Europe. Smaller incidents can have far reaching impacts, as well.
In 2013, a string of separate cable cuts in Egypt caused widespread data slowdowns in large portions of Africa and Asia.
And a single cut off of Northern Ireland in 2015 sparked headlines claiming it had “sent broadband into meltdown.”
When cables are cut, rerouted data can overwhelm unaffected networks, causing slowdowns even for those not directly affected. Smaller countries with less redundancy — and the companies doing business with them — can suffer substantial repercussions from such events.
Even in the U.S., outages involving multiple cables could cause data traffic to be rerouted to undersea cables on the opposite side of the country, potentially triggering domestic slowdowns along the way.
As businesses become increasingly dependent on fast data communications, even minor slowdowns can impede business. For web-centric and cloud-based companies, as well as content providers, such slowdowns could be a serious problem.
According to TeleGeography, a data cable industry research firm, Google and Bing report that minor lags lead to decreased click-throughs and search result views, and “Amazon has claimed that every 100 milliseconds of latency reduces its sales by 1 percent.”
High-frequency trading companies sometimes own dedicated data cables, but others are dependent on the same networks as the rest of us, and if those networks slow down, it hampers performance and costs them money.
Built with Redundancy
The undersea cable industry goes to great lengths to ensure uninterrupted service.
“The systems are built with redundancy in mind,” said Peter Jamieson, chair of the industry group European Subsea Cable Association.
“You should always aim to have at least two cables from each operator so that if you lose one cable … you automatically switch onto the other one. The redundancy is built into the network on the global network as well.”
Excess capacity is also built into the system. Most cables were originally built to handle optical data traffic in a single wavelength, but they now use a technique called Dense Wave Division Multiplexing (DWDM), which handles many wavelengths.
“We are now getting potentially 400 times the capacity on one optical fiber than what you probably got 15 to 20 years ago,” Jamieson said.
Routing protocols ensure that in the case of a service interruption, data instantaneously finds alternate routes. And the different cable owners work together in various consortia to operate roughly 60 cable-repair ships throughout the world, which are on call to ensure that any damage is repaired quickly. Repairs generally take a minimum of four days to complete.
But according to Helen Thompson, director of commercial marketing at Esri, a software company specializing in geographic information systems, it is not inconceivable that the individual smart systems meant to ensure seamless rerouting could have unexpected results — much the way automated trading programs can produce dramatic and unexplained lows or highs in financial markets.
“Those individual response plans come together and aggregate in such a way that they themselves might have an impact,” Thompson said.
“It’s like the butterfly effect. … That’s increasingly the nature of connectivity and a consequence of the very widespread, multi-point-of-touch communications network that we rely on.”
While DWDM vastly increased capacity on data cables, demand and usage have been steadily catching up as businesses and individuals demand and depend on more and more data.
A company called Hibernia Express recently laid a pair of superfast transatlantic cables, the first new cables in 13 years. More may be on the way.
“The content people want to have their own fibers right now,” said Jamieson.
“Can you prove that you would have made X amount of dollars versus Y amount of dollars because of a degraded service?” — Sean Donahue, assistant vice president and underwriter, at XL Catlin
“So the Facebooks, Googles, Amazons and Microsofts of this world … they want to have their own fiber to control their own traffic on cable, so they are driving a lot of new systems as well.”
It is a sign of how seriously data-driven businesses take their dependence on fast, dependable transmission infrastructure.
As data usage skyrockets, Thompson cautioned against taking network resiliency and capacity for granted.
“We could be in a situation where ‘out of sight, out of mind’ [and] all these things are running at 99 percent capacity, and we’re one point … away from total failure.
“We don’t know. I’m not suggesting that is the case, but it behooves us to provide evidence that we have redundancy and resilience in the systems that we’ve become reliant on. We increasingly are engineering our future to be more dependent on them.”
Smart houses, self-driving cars, and other web-dependent gadgets and systems will not only add to data traffic, but to the list of systems that could malfunction in the case of outages and slowdowns, opening new areas of risk for homeowners, as well.
Protecting Data Flows
Traditional business interruption coverage focuses on perils like flood and fire, power outages and physical infrastructure failures.
“But, when we move to businesses where data is a utility, we have a different sort of business interruption, and that is going to be increasingly important to service-based economies,” said Thompson.
“We think about site liability and data breaches, but what I think we’re going to start moving to more and more is providing business interruption insurance around data.”
Cloud coverage insurance is still a rarity, but probably not for long. “Many more companies should think about cloud computing insurance,” she said.
“It will become a vital part of what’s included in business interruption insurance.”
Businesses should know their providers’ contractual obligations and dependent business interruption coverage in case of outages, as spelled out in the service level agreement, she said.
“More and more major businesses are expecting that as part of their service level agreement,” Thompson said.
“I think that will become an integral part of the transfer of risk and liability. If you’re completely dependent upon the web and the cloud to do business, and you don’t protect yourself with a service agreement on the cloud provider, you’re going to be subject to claims from other people. So, that discussion with your insurance provider should be absolutely central.”
Even with coverage, however, calculating business interruption losses, especially for traders and other market-dependent businesses, can be extremely difficult, particularly during incidents that may themselves be roiling the markets.
“Can you prove that you would have made X amount of dollars versus Y amount of dollars because of a degraded service?” Donahue asked. “There’s a lot of moving parts to that scenario.” &
To Keep Cool in a Crisis, Companies Need a Comprehensive Solution
Threats against corporate security come in many forms, from intentional acts of violence to civil unrest to cyber-attacks. The perpetrators don’t discriminate by company size or sector, and the consequences can range from several thousand dollars lost to several lives lost.
The recent shooting in an Orlando nightclub that killed 49, for example, or last year’s San Bernardino shooting that killed 14, are somber reminders that terrorism and violence can erupt anywhere and in any type of business. In addition to loss of life, violence can translate into business interruption and property damage. In Ferguson, Mo., riots lead to over $4 million in property damage.
Cyber-attacks have also become commonplace, with hackers infiltrating private networks to steal data or hold it ransom.
Is your organization prepared for these risks?
“A lot of companies have a crisis response plan on paper, but they don’t have outside resources to come to their aid if there is an incident,” said Reggie Gibbs, Underwriter and Product Manager, Starr Companies.
Mid-size companies especially tend to lack comprehensive insurance coverage and crisis management services for a variety of security events due either to limited resources or an underestimation of their exposure.
Starr Companies’ Cyber and Terror Response (CTR) solution provides three coverages as well as crisis response services tailored to meet the needs of these companies. Each of its components addresses a common security threat.
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them.”
— Reggie Gibbs, Underwriter & Product Manager, Starr Companies
Terror and Political Violence
“Political violence can be defined as a strike, riot, protest, or any type of unrest that gets out of hand and turns violent,” said Gibbs, who specializes in terrorism and political violence, workplace violence, and crisis management.
In the case of the Ferguson protests, any first party property damage or third party liability incurred by the disruption would be covered under the terrorism and political violence segment of the CTR solution.
In the case of a terror attack, organizations cannot necessarily rely on TRIA to pick up property losses. In the case of the Orlando shooting, for example, the likelihood of TRIA being invoked is low because property damage will not meet the threshold for coverage to kick in.
TRIA, reauthorized in 2015, provides a federal insurance backstop in the event of a terror attack. The U.S. Secretary of the Treasury, U.S. Attorney General, and U.S. Secretary of Homeland Security must declare an attack to be an act of terrorism, and property damage must exceed $5 million to trigger TRIA.
“We would still view the Orlando shooting as an act of terror, however, because of who the shooter claimed he was working for regardless if the ties to terror groups are clear or not. Therefore, our coverage would apply,” Gibbs said. Even if TRIA was enacted, however, companies would still have a lot of pieces to pick up following an attack. They may have injured or deceased employees, or face legal action from third parties.
For these situations, and any other incident of violence not driven by terrorism, the workplace violence component of Starr’s CTR solution would act as an umbrella to cover other liabilities such as legal liability, loss of life benefits, psychiatric care, and other crisis response services.
One such incident struck a Boston-area Bertucci’s in early May. An attacker wielding a knife drove his car into a Boston shopping mall before making his way into the nearby restaurant. He killed five, including restaurant workers and patrons.
“There was no ideological or political motivation behind it. He was just deranged.” Gibbs said. “Our workplace violence coverage can handle the loss of life benefits for both the employees and patrons killed in situations like this one.”
In the best cases, though, violence can be prevented altogether.
“If an employee reports a stalking threat, the policy would cover the expense of security guards,” Gibbs said. “In this case, it’s more of a pre-workplace violence coverage. It would de-escalate the situation.”
Attacks can also be non-physical.
Cyber extortion in particular is on the rise. Phishing scams lead employees to click on malicious links, unknowingly downloading ransomware onto their internal networks. The cyber criminals then hold companies’ networks ransom, asking for a sum of money in return for the release of data or to prevent a business interruption. The ransoms can be low — amounts that organizations can afford to pay.
“The hackers don’t want to attract the attention of law enforcement or regulatory agencies,” said Annamaria Landaverde, National Cyber Practice Leader & Professional Liability Underwriting Manager, Starr Companies. Landaverde specializes in the cyber component of the CTR coverage. “The FBI may not get involved if someone asks for $5,000. They are more likely to get involved if someone asks for $5 million.”
Since companies are not required by law to report cyber extortion —like they are for data breaches — many choose simply to pay the ransom and move on without generating any negative news headlines.
“The hackers don’t want to attract the attention of any law enforcement or regulatory agencies. The F.B.I. won’t get involved if someone asks for $5,000. They will get involved if someone asks for $5 million.”
— Annamaria Landaverde, National Cyber Practice Leader & Underwriting Manager, Professional Liability Division, Starr Companies
“A California medical center recently had an incident like this where the hackers asked for $17,000 in ransom,” Landaverde said,” but the amounts can vary.”
While the ransom itself may seem manageable, many companies fail to recognize other costs associated with the identification and removal of the malware from their system. There may also be costs associated with forensics investigations, legal experts, public relations firms, third party lawsuits, and notification and credit monitoring.
“The cyber arm of the CTR coverage extends to liability that an organization would suffer as a result of a breach, or failure of security of the insured’s network,” Landaverde said. That includes not just cyber extortion, but outright data theft or denial-of-service attacks.
Crisis Management Services
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them,” Gibbs said.
The fourth component of Starr’s CTR solution – crisis response — provides two outside consultants to insureds, with one specializing in “hard” security services like guards or instances of cyber extortion, and another focusing on crisis communications.
Without these outside services, there is only so much insurance can do in the aftermath of a crisis. Experienced consultants provide a range of security preparedness and response services to complement coverage and help insureds recover from an episode of violence or cyber event.
“From a communications perspective, our consultants can manage the public relations front to create clear and consistent messaging, but they can also stay in touch with families after a terror or other violent attack to make sure everyone stays informed,” Gibbs said.
They also serve as a first point of contact for insureds immediately after an event. If they need guidance quickly, consultants await at the ready.
“When a client purchases the product, they get a 24-hour hotline set up with one of our consultancies,” he said. “They can report an incident at any time, and our consultant will help either resolve a situation or deal with the aftermath in whatever way they can.”
While the Cyber and Terror Response package provides a comprehensive solution tailored for mid-size companies, Starr also offers standalone cyber liability and crisis management coverage on a primary and excess basis.
“For companies with greater exposure to a particular type of risk, or who simply want higher limits or greater customization, we have those standalone polices.” Landaverde said.
For more information on Starr Companies’ Cyber and Terror Response solution, visit https://www.starrcompanies.com/Insurance/CyberAndTerrorResponse.
Starr Companies is the worldwide marketing name for the operating insurance and travel assistance companies and subsidiaries of Starr International Company, Inc. and for the investment business of C. V. Starr & Co., Inc. and its subsidiaries.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Starr Companies. The editorial staff of Risk & Insurance had no role in its preparation.