Defending the Digital Frontier
Digital technology continues to transform the global publishing arena, from changes in copyright law to ways in which media and technology are insured.
Kevin P. Kalinich, Chicago-based global practice leader for cyber/network risk at Aon Risk Solutions, emphasized just how dramatic the transformation in global publishing has been in recent years.
“If you take a look at the top four or five publishers like Pearson, Reuters, Thomson, Reed Elsevier and Wolters Kluwer … in just the last five years they’ve converted from being 75 percent hard copy to being 80 percent electronic.
“It’s amazing, and here’s why it’s so important,” Kalinich added. “In the old world when hard copy ruled, the end user — the consumer — would not be liable because the publisher was liable for publishing it.”
Now, however, there are few limits to how an end user can use digitally published content. And it’s not always clear where the line is between fair use and infringement.
Kalinich and others said that publishers walk the tightrope of trying to protect the original content owner while protecting the end user from unintentional intellectual property infringement.
“End users need the appropriate legal rights to use copyrighted materials or they could potentially commit copyright or trademark infringement,” said Kalinich. “Typically, the IP rights are granted through a licensing agreement or ‘fair use exception’ to copyright violations. Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work.”
The Role of Intent
In the past year, there have been two landmark copyright decisions in the online publishing realm that have media/technology experts buzzing.
One is Authors Guild Inc., et al. vs. Google Inc., a decision rendered in mid-November. The other is the Associated Press vs. Meltwater U.S. Holdings Inc., a decision reached last March.
In the Google case, book authors and several major book author associations challenged Google’s reproductions of books and “snippets” of millions of books on its website. The book authors claimed this did not constitute “fair use” and violated their copyright protection.
The decision by U.S. Circuit Court Judge Denny Chin in Manhattan — if it survives an announced appeal of the ruling — lets Google continue expanding the online library. Chin ruled that Google’s product helps readers find books they might not otherwise locate.
The institutions that have provided works for scanning of snippets include Harvard University, Oxford University, Stanford University and the New York Public Library.
A key element in Chin’s “fair use” decision was that Google does not receive any monetary gain from posting whole volumes or snippets of some 20 million books in its electronic library.
In the Meltwater case, New York District Court Judge Denise Cote ruled that online aggregator Meltwater infringed upon AP’s copyright protection by using original content that AP had “labored to create.”
Not long after Cote’s ruling, AP and Meltwater entered into an agreement for AP to produce and Meltwater to electronically distribute content in a joint venture.
“It’s encouraging to see collaborations like the one between the Associated Press and Meltwater aggregating service as they try to work together, because clearly this is what the future looks like,” said Joanne Richardson, New York-based practice leader, U.S. media and entertainment, E&O at Hiscox USA.
“Companies that find ways to bring content and distribution together are really going to be the winners at the end of the day,” Richardson added. “I think it’s the way things are going to have to go. They need each other. It’s a win/win for everybody.”
Eric Seyfried, New York-based senior vice president at Marsh & McLennan Cos.’ FINPRO group, makes a distinction between online aggregators that are in business for monetary gain, like Meltwater, and online aggregators like Google Books, which exist to serve research and other scholarly purposes.
“In Judge Chin’s decision, he talks about Google providing significant public benefit,” said Seyfried. “Are they making available information that has been buried in the bowels of libraries, for example? In the Google case you have to look at the purpose and character of the use. Are they bringing potentially long-lost volumes to light for scholarship and research?”
Seyfried believed that Chin was “growing the pie” of books available.
Aon Risk Solutions’ Kalinich noted that Chin said he believed the authors involved would get more sales because Google was cataloguing their work, and that Google wasn’t making any money off the arrangement.
In the Meltwater case, Marsh’s Seyfried said, Meltwater used its proprietary technology to “scrape” the Internet for news stories and then processed the information into some sort of news digest for their subscribers.
“Is Google trying to further some level of scholarship and research, whereas Meltwater is looking to monetize content for its own benefit through selling subscriptions?” asked Seyfried. “It’s not some sort of academic or intellectual exercise, while Google is about building the brand rather than a subscription base.”
Louis Scimecca, Kansas City, Mo.-based senior vice president for AXIS PRO, which provides media and entertainment coverage, among other solutions, noted: “With the Internet and electronic communications flourishing and expanding, in a lot of cases the law hasn’t caught up with new technology. The technology comes and then the law follows.”
Scimecca said that the issue isn’t restricted to content aggregators. Any individual can find themselves in a legal tangle for using another party’s copyrighted material or trademarked digital matter without permission. “Generally right now, if a person or an entity is taking somebody’s else’s copyright material without permission or consent, that is a problem,” he said.
As in the Google case, Scimecca said, “fair use” might be a defense if material is used for educational, scholarly or teaching purposes.
Protecting the Business
In the realm of insuring risks at media/technology companies, Chad Milton, a partner at Kansas City, Mo.-based Media Risk Consultants LLC, said that as technology at media companies with innovative strategies change, these businesses threaten somebody else’s old business model.
“And the result more often than not leads to a copyright infringement claim,” said Milton. “The history of this kind of litigation is that it’s really about business practices rather than about individual bits of content. We’re not really talking about infringements in a writer’s product or work, we’re really talking about infringements in the way media companies do business.”
It wasn’t often that anybody cared about copyright infringement when content was free, Milton added. “But now that so many online publishers are trying to find ways to monetize their content, it now conflicts with the business models of the online aggregators who want to use other people’s content without paying for it.”
This environment creates interesting risks for insurers because formerly the insurers were asked to insure individual bits of media content: individual songs, individual films, individual stories and individual broadcasts, Milton said.
“They’re now being put in the position of insuring business models, and it’s harder for insurers to be able to insure the innovators,” Milton said. “And I think they need to find a way to convince underwriters that this is a manageable risk. I know there’s some resistance on the carriers’ part about this.”
But Hiscox USA is not one of those underwriters. As long as a decade ago Hiscox was creating product to address the merger of media and technology.
“We were able to put a form together that addressed both, so there was no gap in coverage because media companies now had technology exposure and technology companies had media exposures,” said Hiscox’s Richardson. “Today, there’s a lot more combined forms of media, technology and data privacy.”
Richardson said Hiscox tends to look at things on an individual risk basis, which means they want to understand how these new technologies work and function and be able to sort out exactly what some of the hiccups for them might be along the way.
“We will need a lot more case law to develop in some of these areas before we’re able to ultimately and completely understand all the exposures,” she added.
Observed Marsh’s Seyfried: “The key to insuring a media company is to try to come up with a comprehensive professional liability program. The foundation of that program is based on media liability insurance and making sure that a robust program covers a variety of media perils.”
The next step is finding a market that has the appetite to take on the risk. The other piece of the coverage is some sort of technology offering.
“I can say I do not have one significant media client in the whole risk management space that does not buy some combination of network privacy coverage and/or technology products and services coverage,” Seyfried said.
Coping with Cancellations
Airlines typically can offset revenue losses for cancellations due to bad weather either by saving on fuel and salary costs or rerouting passengers on other flights, but this year’s revenue losses from the worst winter storm season in years might be too much for traditional measures.
At least one broker said the time may be right for airlines to consider crafting custom insurance programs to account for such devastating seasons.
For a good part of the country, including many parts of the Southeast, snow and ice storms have wreaked havoc on flight cancellations, with a mid-February storm being the worst of all. On Feb. 13, a snowstorm from Virginia to Maine caused airlines to scrub 7,561 U.S. flights, more than the 7,400 cancelled flights due to Hurricane Sandy, according to MasFlight, industry data tracker based in Bethesda, Md.
Roughly 100,000 flights have been canceled since Dec. 1, MasFlight said.
Just United, alone, the world’s second-largest airline, reported that it had cancelled 22,500 flights in January and February, 2014, according to Bloomberg. The airline’s completed regional flights was 87.1 percent, which was “an extraordinarily low level,” and almost 9 percentage points below its mainline operations, it reported.
And another potentially heavy snowfall was forecast for last weekend, from California to New England.
The sheer amount of cancellations this winter are likely straining airlines’ bottom lines, said Katie Connell, a spokeswoman for Airlines for America, a trade group for major U.S. airline companies.
“The airline industry’s fixed costs are high, therefore the majority of operating costs will still be incurred by airlines, even for canceled flights,” Connell wrote in an email. “If a flight is canceled due to weather, the only significant cost that the airline avoids is fuel; otherwise, it must still pay ownership costs for aircraft and ground equipment, maintenance costs and overhead and most crew costs. Extended storms and other sources of irregular operations are clear reminders of the industry’s operational and financial vulnerability to factors outside its control.”
Bob Mann, an independent airline analyst and consultant who is principal of R.W. Mann & Co. Inc. in Port Washington, N.Y., said that two-thirds of costs — fuel and labor — are short-term variable costs, but that fixed charges are “unfortunately incurred.” Airlines just typically absorb those costs.
“I am not aware of any airline that has considered taking out business interruption insurance for weather-related disruptions; it is simply a part of the business,” Mann said.
Chuck Cederroth, managing director at Aon Risk Solutions’ aviation practice, said carriers would probably not want to insure airlines against cancellations because airlines have control over whether a flight will be canceled, particularly if they don’t want to risk being fined up to $27,500 for each passenger by the Federal Aviation Administration when passengers are stuck on a tarmac for hours.
“How could an insurance product work when the insured is the one who controls the trigger?” Cederroth asked. “I think it would be a product that insurance companies would probably have a hard time providing.”
But Brad Meinhardt, U.S. aviation practice leader, for Arthur J. Gallagher & Co., said now may be the best time for airlines — and insurance carriers — to think about crafting a specialized insurance program to cover fluke years like this one.
“I would be stunned if this subject hasn’t made its way up into the C-suites of major and mid-sized airlines,” Meinhardt said. “When these events happen, people tend to look over their shoulder and ask if there is a solution for such events.”
Airlines often hedge losses from unknown variables such as varying fuel costs or interest rate fluctuations using derivatives, but those tools may not be enough for severe winters such as this year’s, he said. While products like business interruption insurance may not be used for airlines, they could look at weather-related insurance products that have very specific triggers.
For example, airlines could designate a period of time for such a “tough winter policy,” say from the period of November to March, in which they can manage cancellations due to 10 days of heavy snowfall, Meinhardt said. That amount could be designated their retention in such a policy, and anything in excess of the designated snowfall days could be a defined benefit that a carrier could pay if the policy is triggered. Possibly, the trigger would be inches of snowfall. “Custom solutions are the idea,” he said.
“Airlines are not likely buying any of these types of products now, but I think there’s probably some thinking along those lines right now as many might have to take losses as write-downs on their quarterly earnings and hope this doesn’t happen again,” he said. “There probably needs to be one airline making a trailblazing action on an insurance or derivative product — something that gets people talking about how to hedge against those losses in the future.”
To Keep Cool in a Crisis, Companies Need a Comprehensive Solution
Threats against corporate security come in many forms, from intentional acts of violence to civil unrest to cyber-attacks. The perpetrators don’t discriminate by company size or sector, and the consequences can range from several thousand dollars lost to several lives lost.
The recent shooting in an Orlando nightclub that killed 49, for example, or last year’s San Bernardino shooting that killed 14, are somber reminders that terrorism and violence can erupt anywhere and in any type of business. In addition to loss of life, violence can translate into business interruption and property damage. In Ferguson, Mo., riots lead to over $4 million in property damage.
Cyber-attacks have also become commonplace, with hackers infiltrating private networks to steal data or hold it ransom.
Is your organization prepared for these risks?
“A lot of companies have a crisis response plan on paper, but they don’t have outside resources to come to their aid if there is an incident,” said Reggie Gibbs, Underwriter and Product Manager, Starr Companies.
Mid-size companies especially tend to lack comprehensive insurance coverage and crisis management services for a variety of security events due either to limited resources or an underestimation of their exposure.
Starr Companies’ Cyber and Terror Response (CTR) solution provides three coverages as well as crisis response services tailored to meet the needs of these companies. Each of its components addresses a common security threat.
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them.”
— Reggie Gibbs, Underwriter & Product Manager, Starr Companies
Terror and Political Violence
“Political violence can be defined as a strike, riot, protest, or any type of unrest that gets out of hand and turns violent,” said Gibbs, who specializes in terrorism and political violence, workplace violence, and crisis management.
In the case of the Ferguson protests, any first party property damage or third party liability incurred by the disruption would be covered under the terrorism and political violence segment of the CTR solution.
In the case of a terror attack, organizations cannot necessarily rely on TRIA to pick up property losses. In the case of the Orlando shooting, for example, the likelihood of TRIA being invoked is low because property damage will not meet the threshold for coverage to kick in.
TRIA, reauthorized in 2015, provides a federal insurance backstop in the event of a terror attack. The U.S. Secretary of the Treasury, U.S. Attorney General, and U.S. Secretary of Homeland Security must declare an attack to be an act of terrorism, and property damage must exceed $5 million to trigger TRIA.
“We would still view the Orlando shooting as an act of terror, however, because of who the shooter claimed he was working for regardless if the ties to terror groups are clear or not. Therefore, our coverage would apply,” Gibbs said. Even if TRIA was enacted, however, companies would still have a lot of pieces to pick up following an attack. They may have injured or deceased employees, or face legal action from third parties.
For these situations, and any other incident of violence not driven by terrorism, the workplace violence component of Starr’s CTR solution would act as an umbrella to cover other liabilities such as legal liability, loss of life benefits, psychiatric care, and other crisis response services.
One such incident struck a Boston-area Bertucci’s in early May. An attacker wielding a knife drove his car into a Boston shopping mall before making his way into the nearby restaurant. He killed five, including restaurant workers and patrons.
“There was no ideological or political motivation behind it. He was just deranged.” Gibbs said. “Our workplace violence coverage can handle the loss of life benefits for both the employees and patrons killed in situations like this one.”
In the best cases, though, violence can be prevented altogether.
“If an employee reports a stalking threat, the policy would cover the expense of security guards,” Gibbs said. “In this case, it’s more of a pre-workplace violence coverage. It would de-escalate the situation.”
Attacks can also be non-physical.
Cyber extortion in particular is on the rise. Phishing scams lead employees to click on malicious links, unknowingly downloading ransomware onto their internal networks. The cyber criminals then hold companies’ networks ransom, asking for a sum of money in return for the release of data or to prevent a business interruption. The ransoms can be low — amounts that organizations can afford to pay.
“The hackers don’t want to attract the attention of law enforcement or regulatory agencies,” said Annamaria Landaverde, National Cyber Practice Leader & Professional Liability Underwriting Manager, Starr Companies. Landaverde specializes in the cyber component of the CTR coverage. “The FBI may not get involved if someone asks for $5,000. They are more likely to get involved if someone asks for $5 million.”
Since companies are not required by law to report cyber extortion —like they are for data breaches — many choose simply to pay the ransom and move on without generating any negative news headlines.
“The hackers don’t want to attract the attention of any law enforcement or regulatory agencies. The F.B.I. won’t get involved if someone asks for $5,000. They will get involved if someone asks for $5 million.”
— Annamaria Landaverde, National Cyber Practice Leader & Underwriting Manager, Professional Liability Division, Starr Companies
“A California medical center recently had an incident like this where the hackers asked for $17,000 in ransom,” Landaverde said,” but the amounts can vary.”
While the ransom itself may seem manageable, many companies fail to recognize other costs associated with the identification and removal of the malware from their system. There may also be costs associated with forensics investigations, legal experts, public relations firms, third party lawsuits, and notification and credit monitoring.
“The cyber arm of the CTR coverage extends to liability that an organization would suffer as a result of a breach, or failure of security of the insured’s network,” Landaverde said. That includes not just cyber extortion, but outright data theft or denial-of-service attacks.
Crisis Management Services
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them,” Gibbs said.
The fourth component of Starr’s CTR solution – crisis response — provides two outside consultants to insureds, with one specializing in “hard” security services like guards or instances of cyber extortion, and another focusing on crisis communications.
Without these outside services, there is only so much insurance can do in the aftermath of a crisis. Experienced consultants provide a range of security preparedness and response services to complement coverage and help insureds recover from an episode of violence or cyber event.
“From a communications perspective, our consultants can manage the public relations front to create clear and consistent messaging, but they can also stay in touch with families after a terror or other violent attack to make sure everyone stays informed,” Gibbs said.
They also serve as a first point of contact for insureds immediately after an event. If they need guidance quickly, consultants await at the ready.
“When a client purchases the product, they get a 24-hour hotline set up with one of our consultancies,” he said. “They can report an incident at any time, and our consultant will help either resolve a situation or deal with the aftermath in whatever way they can.”
While the Cyber and Terror Response package provides a comprehensive solution tailored for mid-size companies, Starr also offers standalone cyber liability and crisis management coverage on a primary and excess basis.
“For companies with greater exposure to a particular type of risk, or who simply want higher limits or greater customization, we have those standalone polices.” Landaverde said.
For more information on Starr Companies’ Cyber and Terror Response solution, visit https://www.starrcompanies.com/Insurance/CyberAndTerrorResponse.
Starr Companies is the worldwide marketing name for the operating insurance and travel assistance companies and subsidiaries of Starr International Company, Inc. and for the investment business of C. V. Starr & Co., Inc. and its subsidiaries.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Starr Companies. The editorial staff of Risk & Insurance had no role in its preparation.