RISQ Consulting

  • Solutions
    • Employee Benefits
    • Employer Services
    • Property & Casualty
    • Individual & Family Insurance
  • Resources
    • RISQ Recap
    • COVID-19 Resources
    • Past Webinars
  • Our Story
    • Our History
    • Careers
  • Events
  • Blog
  • Business HealthIQ™
  • Contact
Get My Business HealthIQ™

Tag: coverage

War Exclusions and Cyber Coverage

Tuesday, 19 April 2022 by RISQ Consulting
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.

Wars can cause widespread devastation and emotional turmoil among affected communities. These conflicts may also result in significant losses for impacted businesses. Yet, securing adequate insurance coverage for damages stemming from acts of war could prove particularly challenging. In fact, war exclusions are commonly found within commercial insurance policies. Although these exclusions are fact-specific and often vary between policies and insurers, they generally state that damages from “hostile or warlike actions” by a nation-state or its agents won’t receive coverage. Such exclusions were created to help protect insurers against potentially systemic losses that may arise amid attacks by governments, their militaries or associated groups.

Cyber insurance policies are no exception to war exclusions. However, the rise of nation-state cyberattacks and the increased instances of international cyberthreats have posed questions regarding how these exclusions should be interpreted in the realm of digital warfare. Additionally, recent court cases and insurance industry adjustments have both broadened and narrowed the scope of war exclusions, thus further muddying the waters for policyholders.

Considering the continued expansion of digital exposures, the complexities of cyber coverage and the evolving policy language surrounding war exclusions, businesses must think proactively when evaluating their insurance programs for proper protection against cyberwarfare. This article provides more information on war exclusion developments and related cyber insurance implications, as well as best practices businesses can use to better safeguard themselves against nation-state cyberattacks.

Court Case Developments

In recent years, court cases regarding insurance claims filed for damages resulting from the 2017 NotPetya cyber incident have narrowed war exclusions as they pertain to digital warfare. Specifically, a New Jersey trial court’s 2021 ruling in the case of Merck & Co. v. ACE American Insurance Co. determined the insured’s “all-risk” property policy should provide coverage for damages caused by the alleged nation-state incident, highlighting that the policy’s war exclusion failed to include language on digital warfare.

The NotPetya incident involved a series of global ransomware attacks that targeted thousands of systems and hundreds of companies across several countries, costing billions of dollars in damages. The majority of the attacks occurred in Ukraine shortly before the country’s Constitution Day, leading cybersecurity experts to believe the incident was a politically motivated event perpetuated by the Russian government. In addition to Ukraine, affected countries included France, Italy, Poland, Germany, the United Kingdom and the United States.

Merck & Co., a U.S. pharmaceutical company, was among the companies impacted by the incident. The company reported damages to nearly 40,000 of its computers, totaling $1.4 billion in overall losses. Although the company’s $1.75 billion all-risk property insurance policy offered coverage for damages resulting from the destruction or corruption of computer data and software, its claim for the incident was denied. The company’s insurer, ACE American Insurance Co., cited the policy’s war exclusion as justification for denying the claim, categorizing the incident as an act of hostility on behalf of the Russian government.

Following the rejected claim, Merck & Co. filed a lawsuit and took its insurer to court. The court ultimately ruled in favor of the insured, explaining that the policy’s war exclusion wording didn’t specifically address digital warfare, causing the insured to reasonably believe that the exclusion only applied to losses resulting from traditional, physical acts of hostility.

The court also emphasized that, with nation-state cyberattacks on the rise, the insurer should have changed the policy’s language to clearly incorporate digital hostilities within its war exclusion if it wanted to negate such coverage. Because it failed to do so, ACE American Insurance Co. was ordered to pay out the insured’s claim.

Insurance Industry Developments

In response to the previously mentioned court case (and similar rulings), insurers have made various adjustments to protect themselves from facing unanticipated claims and subsequent losses related to cyberwarfare. Primarily, insurers are increasingly apprehensive in selecting policyholders, thus utilizing more extensive application processes and requiring insureds to provide detailed documentation on their cybersecurity practices. Furthermore, insurers are exploring ways to ensure their policy language—namely, the wording within war exclusions—provides clear and consistent guidelines for what is and isn’t covered, particularly in the scope of digital warfare.

Global insurance industry leaders have also adopted initiatives aimed at addressing coverage concerns related to cyberwarfare. For example, global insurance marketplace Lloyd’s Market Association (LMA) recently introduced four new coverage exclusions for insurers to consider. These exclusions, which were designed specifically for standalone cyber insurance policies, contain varying restrictions regarding protection against losses caused by digital warfare—ranging from no coverage whatsoever to limited coverage for incidents that fall below certain thresholds.

Insurers across the globe can adopt these exclusions directly or use them as a reference point for crafting their own specific policy exclusions. These exclusions are intended to help insurers possess greater certainty in determining possible cyberwarfare liabilities and broaden the scope of war exclusions as a whole. Yet, it’s important to note that the LMA’s exclusions may still present clarity issues and misinterpretation concerns regarding the extent of coverage provided amid various incidents.

After all, some industry experts have argued these exclusions’ introduction of ambiguous terms and use of vague guidelines for identifying attack attribution could lead to further coverage confusion. In addition, it’s unclear whether they will create conflicting or overlapping coverage complications when applied within wider insurance programs.

As a result, it’s critical for insurers and insureds to openly communicate about policy definitions and specific coverage capabilities, especially as it pertains to protection against digital warfare. Such communication will help ensure both parties are on the same page, minimizing potential issues when claims arise.

Cybersecurity Best Practices

Apart from fostering open communication with their insurers about coverage for losses stemming from digital warfare, it’s also vital for businesses to take steps to prevent and mitigate these losses. Such steps may also reduce potential insurer apprehensions when it comes to providing adequate coverage for damages caused by cyberwarfare.

Businesses can leverage the following best practices to help avoid and effectively respond to nation-state cyberattacks:

  • Understand specific exposures. Different businesses have varying digital exposures to nation-state cyberthreats. Therefore, it’s best for businesses to assess their specific operations and determine their likelihood of being targeted by foreign attackers. Senior leadership teams and trusted IT professionals should be actively involved in conducting these assessments. From there, businesses should adopt security measures and digital procedures catered to their particular exposures.
  • Have a plan. Cyber incident response plans are essential for businesses across industry lines. These plans establish timely response protocols for remaining operational and mitigating losses amid cyber incidents. Successful incident response plans should outline potential cyberattack scenarios (including those involving foreign attackers) and methods for maintaining key functions during these scenarios, as well as individuals responsible for doing so. These plans should also help determine when to contact external parties (e.g., law enforcement, legal counsel, IT specialists and insurance professionals) for assistance in investigating and resolving cyber incidents. Plans should be properly communicated and routinely reviewed through various activities—such as penetration testing and tabletop exercises—to ensure effectiveness and identify ongoing security gaps. Based on the results from these activities, response plans should be adjusted as needed.
  • Utilize proper security software. A wide range of security software can help businesses better detect and deter nation-state cyberattacks. Essential software to consider includes network monitoring systems, data backup and encryption services, antivirus programs, firewalls, multifactor authentication capabilities, endpoint detection products and patch management tools. Such software should be utilized on all workplace technology and updated regularly.
  • Follow government guidance. Lastly, businesses should ensure their cybersecurity practices align with guidance from applicable government agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA).

Conclusion

In summary, digital warfare has become a growing concern amid expanding nation-station cyberthreats. By understanding how their insurance policies will respond to losses stemming from cyberwarfare and taking action to minimize these losses, businesses can successfully navigate this evolving risk landscape.

For additional insurance guidance and solutions, contact us today.

coveragecyber coveragecyber securityrisk management
Read more
  • Published in Blog
No Comments

Nonstandard Auto Insurance

Monday, 27 December 2021 by RISQ Consulting
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.

 

When a driver buys auto insurance, the insurance provider will make a calculated risk by agreeing to cover them. In exchange for coverage, the driver pays the insurance company an insurance premium (typically monthly, semiannually or annually). This premium is based on various risk factors, including age, marital status, credit history, vehicle type and driving history. Sometimes, if a driver has significant operating risks, they may not be able to be covered as part of standard, low-risk insurance pools. As a result, they may be required to buy nonstandard auto insurance.

However, needing nonstandard auto insurance isn’t as uncommon as you might think. According to research from Verisk, a data and analytics company, 20% of premiums paid for auto insurance are for nonstandard policies. Other industry experts say this number could be as high as 40%.

While the average nonstandard auto policy won’t look much different from a standard plan, it often costs more overall. Nonstandard policyholders often find it a bit more challenging to find affordable coverage. Keep the following general guidelines in mind when getting coverage.

 

Who Typically Needs a Nonstandard Auto Policy?

There are a handful of groups of people who would typically need to purchase a nonstandard auto policy. One group includes drivers with major traffic violations or other significant operating risks on their records. A driver might earn this designation if they:

  • Are under 25 years old
  • Carry an SR-22 certificate, which certain states impose on drivers who commit certain driving offenses
  • Have a tarnished driving record with numerous infractions for reckless driving
  • Have had a DUI or OWI charge
  • Drive a vehicle with a salvage title
  • Have previously driven uninsured or underinsured
  • Have a poor credit rating (most states allow insurers to consider credits when setting your rates)
  • Carry a foreign license or have no driving record in the United States
  • Have a high risk of accidents

Outside of this group of high-risk drivers, other individuals may need to purchase a nonstandard auto policy if they have a luxury vehicle, racecar or another type of vehicle that has a higher risk of theft or large losses.

These indicators show an insurer that, statistically, this driver may be more likely to have another high-cost claim or accident that the insurer would need to pay for on the driver’s behalf. Since the driver is now a greater cost risk to the insurer, they will have to compensate for that risk by charging the driver a higher premium. Every insurance company is different, which is why it’s important to work with a qualified agent to determine what type of coverage may be necessary. 

 

Differences Between Standard and Nonstandard Policies

The primary difference between standard and nonstandard auto insurance policies is their cost. Nonstandard policies are offered only to drivers with the highest risk of causing accidents or filing significant claims on their policies. The higher cost that comes with the policy is designed to cover the additional cost and more frequent claims filed by these drivers, on average.

Some insurers don’t offer nonstandard policies, which might force drivers who have been newly classified as nonstandard to look for coverage from an entirely new insurance carrier. Still, nonstandard auto policies will generally contain all the coverage options available to regular drivers, and an agent can help a driver customize a policy to fit their needs.

 

Residual Market Auto Insurance Policies – Coverage for the Highest Risk Drivers

At times, some drivers will have such high operating risks that they will be unable to obtain insurance through even a nonstandard plan. To still get the coverage you are required to carry, they will have to obtain coverage through the residual market. The residual market is a pool of drivers managed by state regulators. When you apply for coverage through the residual market, your state’s Department of Insurance will then require one of the insurers operating in their borders to issue you a plan. Residual market plans are often among the most expensive policies available and should only be considered as a last resort.

autocarcoverageinsurancenonstandard
Read more
  • Published in Blog
No Comments

Copyright © 2018. RISQ Consulting all rights reserved.

California License #0G47886

Privacy Policy

TOP