One of the benefits of captive insurance companies is their ability to write customizable lines of cover. This is particularly important for non-core, non-traditional and evolving risks. There are many risks that cannot be adequately or affordably insured by third party commercial insurance. This may be the case because commercial insurers refuse to cover risks that are difficult to quantify and price. It may also be the case because commercial insurers don’t have enough experience with a form of risk to provide adequate and affordable coverage. Also, this may be the case because a risk is relatively new and rapidly evolving. The result is that commercial insurance policies offered are often overpriced and filled with exclusions.
Risk management and purchasing business insurance policies can be a daunting task. It can be particularly challenging when you’re not sure about what you are paying for. What exclusions apply to the insurance policies you are purchasing? Is there coverage for all the secondary damage caused by an accident or loss including possible lawsuits and reputational damage?
Consider a June 9 article in The New York Times on the evolving field of cyber attack insurance. The article was written by Nicole Perloth and Elizabeth Harris titled “Cyberattack Insurance a Challenge for Business.” To read the entire article CLICK HERE.
The authors begin the article with a humorous tone, but quickly point out that cyber risk is no laughing matter.
Julia Roberts’s smile is insured. So are Heidi Klum’s legs, Daniel Craig’s body and Jennifer Lopez’s derrière. But the fastest-growing niche in the industry today is cyberinsurance.
The writers point out, “As data breaches have become a reality of the business world, more companies are buying policies” with demand increasing 21 percent last year from 2012. Importantly – and this is why a captive insurance company is ideal for addressing cyber risk – the article notes:
Yet companies say it is difficult to get as much coverage as they need, leaving them vulnerable to uncertain losses. The main problem is quantifying losses from attacks, because they are often intangible — lost sales or damage to a brand name, like the public relations disaster Target suffered after the breach of its point-of-sale systems late last year.
Commercial insurers are reluctant to extend adequate coverage, and coverage is expensive. The article also points out that “underwriters lack the data they need to figure out how likely it is that an attack will occur, or what it will cost.” The article further points out that “Some experts say insurers keep policies narrow simply because there are too many unknowns.” This makes cyber attack insurance a particular challenge for small and mid-size businesses who cannot easily afford to pay large cyber premiums for sketchy coverage. If there are no losses, the business has paid out significant premiums with nothing to show for it. Purchasing cyber attack insurance from a captive insurance company can have the three-fold benefit of providing cyber cover, providing cover with few or no exclusions and building captive reserves in the event of no claims. And, captive reserves insure future losses and also can be translated into profit for the business or its owner (s).
Another reason that cyber attack insurance is difficult and expensive to acquire is that the nature of the threat isn’t static. The article points out that, “Information on past attacks is not particularly helpful because attackers are always getting more advanced, and the risk is increasing as companies put their most valuable data online.” Furthermore, the authors note that, “Cyber insurance policies vary widely…[t]he most comprehensive ones reimburse for immediate cleanup costs like hiring a forensics firm, notifying customers, setting up call centers and paying for free credit monitoring…[s]ome also cover legal fees and the cost of hiring a crisis management firm.” However, the insurance cover rarely goes far enough. The article points out that “those costs can be only the tip of the iceberg…after the breach at Target, its profit was cut nearly in half — down 46 percent over the same period the year before — in large part because the breach scared away its customers.”
Clearly, cyber attack insurance is a very logical choice as a line of cover to be included in many captive insurance policies. In light of this recent article in the New York Times, business owners and risk managers could easily justify cyber policies to pay for clean-up, administrative actions, lawsuits and other costs. Business owners with a captive in place should also consider insuring several years of future profit via a reputational risk policy through their captive insurance company. A captive is the vehicle of choice to insure a business’ risk management strategy is “ON TARGET.”