NAVIGATOR

THE

Fall 2015

Infrared Sensors, Telematics and Drones: Are You Ready To Insure The Next Generation Of Hi-Tech Businesses?By Dean GoodwinMarketing Manager RPS Technology & Cyber

Consider the Following Scenarios• You and your family are traveling at 55 MPH in an

automobile down a major highway. All eyes are glued to a movie playing inside your car. There is no driver.

• A tropical storm has flooded your city. An unmanned aircraft searches for families stranded in their cars and on their roofs.

• As you walk down the pathway to a national monument, your Social Security number, current address and phone number is broadcast on a screen to a surveillance team monitoring terrorism activity.

• Your child returns from the first day of school with a colorful, square, thin piece of plastic inserted into their backpack. The material is a layer of ballistic protection.

These are not science fiction stories from the 1950’s. The technology of self-driving automobiles, (telematics) unmanned aircraft systems (drones), facial recognition data accretion and armored apparel are in use right now.

Where Have We Come From? Advancements in technology are occurring at breakneck speed. In the 1990’s, with the explosion of the internet, mobile wireless connections, online multi-player gaming and satellite technology; insurance for businesses that supported this burgeoning industry were in their infancy. Carriers struggled to keep up with Professional Liability policy language needed to protect software developers, IT programmers and the businesses that were hiring them at a record pace. As we fast-forward to 2015, the insurance industry is trying to keep pace with a new layer of connected intelligence that supports and automates processes and incorporates machines into our lives. Intelligent interfaces such as home sensors that monitor every aspect of your home life and comfort; computers that fit on your wrist, inside your ear and even your contact lenses; and vehicle telematics including “self-driving cars” are expanding rapidly in number. The Federal Aviation Administration estimates that more than 10,000 commercial drones will be in our airspace within the next five years.

Businessinsider.com predicts 10 Million self-driving cars will be on the road by 2020.

IT companies that are designing and manufacturing this next generation of technology will still need traditional coverages including General Liability, Technology E&O, Workers Compensation, Business Interruption, Excess Liability, Cyber Liability and EPLI/D&O. What will change is the growing liability related to personal injury, data collection and concerns of invasion of privacy and how each carrier’s individual policy responds as our technology expands beyond the limits of what the original coverage was meant to protect.

Challenges AheadIn addition to the regulatory and legal challenges, there

is a myriad of complex liability and coverage issues brought about by the overwhelming amount of Personally Identifiable Information that is currently being stored. Questions will arise as to how this information is being utilized by national and state governments as well as their private industry partners.

As this new type of technology expands and develops and entrepreneurs launch new businesses to provide the materials and IT infrastructure for the next wave of technology, there will be a multitude of liability and coverage issues that must be addressed ranging from personal injury and invasion of privacy to aerial surveillance and data collection. The exact purpose of the technology and “who and how” the technology will be used should leave nothing to the imagination of the underwriter.

While there are concerns for carriers with these new types of risks, there will be benefits to consumers. Self-driving cars would give aging or visually-impaired drivers their independence. Traffic accidents could be reduced dramatically; deaths and injuries from terrorist acts could be reduced with ballistic shields; and food, water and medicine could be delivered quickly and efficiently by air drones without the risk to human life. Of course, obvious liability concerns would be raised by programming errors and hacking terrorists as driverless autos speed along highways with human lives inside. Will the increase in privacy rights litigation outweigh the security of constant surveillance? In 2013, the Drone Aircraft Privacy and Transparency Act was introduced to help regulate the industry and provide a guideline for the use of drones including privacy protection, data collection and enforcement. More government regulations should be expected as technology overtakes every aspect of our lives.

Opportunities For GrowthThe launch of new hi-tech businesses is expected to

significantly increase in the next 10 years. There will be tremendous opportunities for agents who can understand and speak the language of this next generation of technology. It is incumbent upon the agent to ask the right questions. For

IT companies providing the software and design for smart technology here are some questions you should be asking:

• How will the data be collected and stored? • What processes are being controlled? • Where will the end product be used? • Are there foreign suppliers? • Look at the contracts - what is the insured promising?

Specialized coverages may be needed for many of these risks including Inland Marine to protect the transportation of drones when they are not in the air and Aviation Liability to protect them when they are in the air. However, a mine field of options, policy wordings, enhancements and amendments from carriers can trip up even the most knowledgeable independent broker. Aligning your office with professionals at the forefront of Technology and Privacy Liability can help protect not only your clients, but your office’s E&O exposure as well.

Due to the dizzying array of processes, software and the unique exposures of this new technology, the underwriting time can by lengthy. Underwriters are proceeding very cautiously. In the new world of smart data, every risk is unique and while we have carrier partners that are anxious to look at many of these types of risks, there can be no guarantee that your hi-tech client will find coverage quickly or easily.

About RPS Technology & CyberFor more than 20 years, the Technology & Cyber experts at

RPS have been helping agents in all 50 states insure high-tech businesses. From traditional IT consulting and software companies to cutting-edge firms in video game development, online media publishing and social networking, RPS Technology & Cyber has been and will continue to be a nationally recognized leader in this rapidly changing environment.

State of The Property MarketBy James Rozzi, CPCU, ASLIArea Senior Vice PresidentRPS San Francisco

Here we go again! The home stretch is upon us and like American Pharaoh, I feel like we are headed for The Triple Crown. Despite adverse and very competitive market conditions the year has been another great one. We have grown our office here in San Francisco and added on some new personnel that will assist as we continue to build into the future. RPS nationally is both above budget and showing steady year over year growth, which is an exceptional result given the 15% to 20% average rate decreases we are seeing this year in the property arena.

It is easy to look at the last nine months of the year and get frustrated. At times, I am sure we all felt like a hamster on a wheel but I would encourage everyone to stay focused on a “glass is half full” mentality and look to the last three months of the year with excitement and enthusiasm about the momentum we want to create heading into 2016. This is my favorite time of year because it allows us to evaluate how the year has progressed and to see how close we are to achieving our goals. If you are on track to hit the goals you set forth for 2015, then by all means, congratulations! If it looks like you may pull up short, don’t get discouraged, stay focused, and find solutions that will bring you closer to achieving the goals you wanted to hit.

I hope you all have a strong finish to the year and enjoy some R&R around the upcoming holidays.

State of the Market

There is not a whole lot to say about the market that I haven’t said already. Rates continued to slide 10% to 20% over the first three quarters of the year and we expect that trend to continue as we close the books on 2015. Capacity continues to be in abundance and while attending the NAPSLO conference in September, we learned about additional capital that will be entering the market by the end of the year and into 2016. It continues to be a buyers market and anyone telling you otherwise is either lying to you or has been living under a rock for the last 2+ years.

As we wrap up the last quarter, my expectation is that CAT activity in the Gulf Coast will be non existent given the high surface water temperatures that are noted in the Pacific and are characteristic of an impending El Nino. We could use the rain here in California and I am personally hoping for lots but most industry professionals would also say we could use a few named storms to remind people that the exposure is real and the catastrophic nature of the damage it could cause is possible.

In addition to lower rates, we have seen buyers benefit from improved terms and conditions in their policies. There is a resurgence of multi year policies, some of which may or may not be tied to loss ratio requirements. We are seeing lower deductibles in CAT zones, both in the Gulf Coast and in California. There are several CA EQ writers offering 2% or flat deductibles on newer risks in all CA EQ zones. On the Eastern Seaboard we have seen deductibles as low as 2% in Tri County on the “right” risk and in some cases, we have seen minimum and maximum deductibles pop up. As an insurance buyer, I would more or less tell you that the “world is your oyster” and now is probably the best market you will see to strengthen longstanding relationships with your carrier partners and brokers as well as put coverage and structure in place that will lower the fixed costs insurance placed on your business.

This market is just another cycle but it will be prolonged compared to other market swings because of outside capital that continues to flood our business. I have said it before and I will say it again, with the absence of any material catastrophic activity on any coast, the current cycle will be here for a while. I wouldn’t look to next year and say that we are at the bottom and buy into the idea that further rate relief is not a possibility. With the presence of outside and alternative capital in our industry, the insurance world and the capacity that exists has become a bit commodity driven. It is true that every carrier uses CAT modeling and actuarial data to establish base rates but this doesn’t mean that shareholders and budgets don’t also drive business decisions to deviate from those base rates and write a new piece of business or retain a renewal. Some accounts feel like a “free for all” and clients are enjoying the savings as they continue to go with lower cost providers in their programs.

The rate relief is here to stay and as we look towards 2016 I think we need to be prepared for more of the same. I am sure we will all agree that if you have a client who has seen double digit reductions two or three years in a row then that client may not see rate relief at the same levels they saw previously but the rate relief will still be there. My own opinion is that rates will be down 5% to 10% almost universally next year. This will of course be dependent on individual account claims experience as well as growth or reductions in CAT exposure. Much like 2015, I would imagine that markets who don’t want to recognize continued rate relief will find themselves with a lower renewal retention through the first half of next year and my suggestion would be to stop worrying about the market cycle and find more creative ways to operate within it.

Hab Corner

Normally I would say that Hab business is the one segment of the market that is a bit independent from broader market conditions and while this is true, it seems that even the Hab world has finally begun to see some relief. There are more carriers targeting this business at the end of 2015 than there were at the beginning and each day a new program seems to pop up out of the woodwork. Some of these programs are better than others so I tend to encourage clients and buyers to go with the tried and tested markets who have not floated in and out of the space like so many others these last few years. If your client is steering toward one of these new programs, markets, or shared limits facilities I would encourage them to do their homework and make sure they haven’t just purchased one of those “too good to be true” deals that ends up severely limiting their coverage or not having enough limit to pay all claims after a major market event.

In general, Hab clients with good loss performance are seeing 10%+ rate reductions in just about every geographic region. In some cases, clients who have come off adverse loss experience with a few clean years on their record will see larger than 10% rate decreases and improved terms. Clients who continue to have unfortunate loss experience are seeing flat renewals to slight increases depending on the severity and frequency of their claims activity. In this competitive environment, every account needs to be marketed and no stone should be left unturned. There are a lot of options out there for buyers and the options

increase when clients are willing to be more creative with deductibles.

We will be heading to London in early October to renew our exclusive Hab facility and I am pleased to tell you that it continues to be a success and a value added on our more preferred Hab risks. Our facility has grown steadily and seen almost 100% year over year growth with the number of risks we have in the facility. The sweet spot for our program continues to be accounts with TIVs in the $250M to $1B+ range and average primary premiums of $500k+ with clients who are willing to take a $100k AOP deductible or higher. Please feel free to reach out to any of our RPS property offices to get more information on this program and how we can help you win business in this space.

Hit List

1. Renewed a $3B Municipal Schedule in the PNW at a 10% Rate Reduction. Coverage was placed on a Two Year Term without any loss ratio requirement and premium was paid in two installments.

2. Bound a $156M Wood Frame COC at a NON CAT rate of just over $0.25 including Flood but excluding EQ all with one carrier.

3. Renewed a $100M Single Location Hotel in Zone B with DIC limits for CA EQ up to $25M at a 10% Rate Reduction.

4. Bound a $60M Loss Limit on a $100M Schedule of apartments at a 40% rate reduction with a single carrier.

5. Bound a $200M schedule of Texas apartments with heavy losses at a $100k AOP deductible. Several coverage enhancements were added including no limitation on roof age and wiring. This was a new piece of business that consolidated several policies all into one layered and shared program.

Group Self Insurance: A Cost-Effective Workers Comp SolutionBy Erin FreyMarketing CoordinatorRPS Monument

California and all its wonders come with quite a price tag. Workers Compensation insurance in particular is a notoriously expensive proposition - California currently holds the dubious honor of being the most expensive state in the country for comp coverage according to the Department of Consumer and Business Services.

There are three principle factors driving the high costs, according to the Workers Compensation Insurance Rating Bureau:

• The state has the highest frequency of permanent disability claims in the country.

• Medical costs are among the highest in the nation.• Loss adjustment expenses are higher in California

than elsewhere.

Expensive or not, California, like most states, requires employers to carry Workers Compensation coverage. An appealing, often cost-saving alternative to traditional insurance is group self insurance, which is RPS Monument’s specialty. A leader in California alternative Workers Compensation plans, we provide administration for one-quarter of all self-insured groups in the state.

Self-insured group programs keep costs down because the covered employers have a long-term interest in controlling and avoiding injuries. Each member plays two roles: a participant in the plan and a participant in the plan’s governance. Members make contributions, which fund losses and program expenses. After claims are closed and expenses paid, the surplus funds, including investment income, are returned to the members. In California, self-insured groups are not regulated by the Department of Insurance, but by the Department of Industrial Relations’ Office of Self-Insurance Plans.

Know the ScoreBy Mary KiddFleet Transportation Brokerage Manager RPS Lexington

Now that football season is finally here “what’s the score” might be heard around your living room and mine. But for the trucking industry and those who provide their insurance products it’s a whole different ballgame.

The Federal Motor Carrier Safety Administration was established to prevent commercial motor vehicle fatalities and injuries. The process of analyzing safety scores and data has evolved over time and today there is an online platform of data for the millions of motor carrier and passenger carriers in the U.S. In December 2010 Compliance, Safety & Accountability (CSA) was born.

RPS Monument Currently Offers Five Self-Insured Group Programs

• Cornerstone Comp, Inc. – for faith-based schools and their associated churches

• Elite Golf Club Program, Inc. – for private golf and country clubs

• GuardianComp, Inc. – for non-profit continuing care retirement communities

• Quality Comp, Inc. – for non-profit social services organizations

• Victory Comp, Inc. – for non-profit social/rehabilitation services organizations

These group programs typically save clients 15-20% versus guaranteed-cost Workers Compensation policies. The programs have a lower cost structure than carriers with no premium tax, CIGA and reduced fees - 75 cents of a client’s dollar goes to losses and loss costs. Because of aggressive claims oversight, indemnity claims in our programs cost less than half of the statewide average.

Program members receive comprehensive benefits including a three year initial commitment allowing for loss-rated underwriting, industry specific risk management and loss control services, customized claims management, and a California-centric claims litigation strategy. We handle day-to-day management and ensures that the programs are established and maintained in accordance with all applicable regulations.

Our group programs benefit retailers as well as employers. Commissions paid range from 8-12% of annual contributions, and RPS Monument is not required to accept Broker of Record letters (due to oversight by the Department of Industrial Relations rather than the Department of Insurance). There is a three to five year commitment, depending on the program, and loss control services and claims oversight are included. Our programs are an additional option for difficult to place risks, as an alternative to the plan-of-last-resort State Fund.

Workers Compensation coverage in California has always been pricey, and that won’t be changing anytime soon. RPS Monument aims to help by cutting through the excess to bring its members financially stable programs and customized service at steady, competitive rates.

Within the CSA operation model, the Safety Measurement System (SMS) quantifies the on-road safety performance of carriers in 7 “BASIC” categories. BASIC stands for Behavioral Analysis and Safety Improvement Categories. The 7 categories are Unsafe Driving, Hours of Service, Driver Fitness, Controlled Substances/Alcohol, Vehicle Maintenance, Hazardous Materials and Crash Indicator. Violations in these categories are weighted based on severity of the violation and when the violation occurred. Each of these categories has a threshold score. If the motor carriers total score in any category reaches the threshold score or above, it’s considered an “alert”. These violations are gathered from roadside inspections from the last 24 months, crash reports and investigation results. This system is used to identify motor carriers with safety performance problems to prioritize them for interventions, warning letters or investigations.

The SMS scores are only one part of the vast amount of information available online through the FMCSA’s various websites and subscriptions services that combine all the data from FMCSA onto one online platform like CabAdvantage.com. But what does this information mean to the retail insurance agent and their customer who runs a trucking company? And what does it mean to the potential insurance companies who may underwrite that account for a potential quote for new business or for renewal?

The first thing to remember is that almost all of this information is public, viewable by anyone with internet access. If you have customers in the trucking business you should start by going online to safersys.org and then to Company Snapshot. From there you can link to SMS Results to view your customer’s scores. Most insurance companies are looking at this same information as an underwriting tool. High scores may result in higher insurance premiums or even declinations.

BASIC Scores

You can help your customer by making sure they are reviewing and understanding their own scores on a regular basis. The majority of the scores are the result of driver behavior on the road. You can go directly to the SMS information pages to

KNOW THE SCORE Mary Kidd Fleet Transportation Brokerage Manager RPS Lexington

Now that football season is finally here “what’s the score” might be heard around your living room or mine. But for the trucking industry and those who provide their insurance products it’s a whole different ballgame.

The Federal Motor Carrier Safety Administration was established to prevent commercial motor vehicle fatalities and injuries. The process of analyzing safety scores and data has evolved over time and today there is an online platform of data for the millions of motor carrier and passenger carriers in the US. In December 2010 CSA (Compliance, Safety, Accountability) was born.

Within the CSA operation model, the SMS (Safety Measurement System) quantifies the on-road safety performance of carriers in 7 “BASIC” categories. BASIC stands for Behavioral Analysis and Safety Improvement Categories. The 7 categories are Unsafe Driving, Hours of Service, Driver Fitness, Controlled Substances/Alcohol, Vehicle Maintenance, Hazardous Materials and Crash indicator. Violations in these categories are weighted based on severity of the violation and when the violation occurred. Each of these categories has a threshold score. If the motor carriers total score in any category reaches the threshold score or above it’s considered an “alert”. These violations are gathered from roadside inspections from the last 24 months, crash reports and investigation results. This system is used to identify motor carriers with safety performance problems to prioritize them for interventions, warning letters or investigations.

The SMS scores are only one part of the vast amount of information available online through the FMCSA’s various websites and subscriptions services that combine all the data from FMCSA onto one online platform like CabAdvantage.com. But what does this information mean to the retail insurance agent and their customer who runs a trucking company? And what does it mean to the potential insurance companies who may underwrite that account for a potential quote for new business or for renewal?

The first thing to remember is that almost all of this information is public information viewable by anyone with internet access. That means you and me and the claimants attorney in the event of an accident. If you have customers in the trucking business you should start by going online to www.safersys.org and then to Company Snapshot. From there you can link to SMS Results to view your customer’s scores. Most insurance companies are looking at this same information as an underwriting tool. High scores may result in higher insurance premiums or even declinations.

BASIC Scores

Source: CabAdvantage.com

better understand the BASIC scores by using this address: https://ai.fmcsa.dot.gov/SMs/

Driver behavior can have the biggest effect on SMS scores. If you or your customer find that their scores are in alert status or trending up then you should take action. Talk to the owner or safety director about the scores and encourage a proactive plan to reduce the violations causing the high scores. You can see all the violations that have occurred, when they occurred and where. Don’t wait until renewal time to take action because it takes time for old violations to fall off and to put some distance from the last violations.

A commonly seen alert is the BASIC score for Hours of Service. The Hours of Service rules have changed several times since CSA and SMS were implemented and this has caused confusion on the part of the drivers. This score is directly affected by failure to log/log properly and falsifying the information by trying to remember what they did yesterday and backfilling the log book. Many motor carriers find that eLogs have a great impact on the Hours of Service scores. An eLog is an electronic logging system that replaces the paper log book that drivers are required to manually complete. Some systems are as simple as a mobile app communicating wirelessly with a device in the truck. As with any new technology there are downsides. Some truckers associations and groups including Owner Operator Independent Drivers Association (OOIDA) have called on the FMCSA to not make eLogs mandatory. This issue has been under discussion for several years.

Driver incentives are also a popular way to affect a better outcome on scores. Some motor carriers offer bonuses for a certain time period or number of miles without a driver violation and put in place disciplinary actions for offenders. While the public cannot see which driver was cited for a violation online, only that a violation occurred, the motor carrier can subscribe to a program created by FMCSA called the Pre-Employment Screening Program (PSP). This subscription service is like a background check that provides safety violations in BASIC categories and crash information for an individual driver. The service is most commonly used when hiring a new driver but can be used for driver reviews. Like all background checks this service requires the motor carrier to obtain permission from the driver to run their PSP.

As an underwriter of fleet accounts, one of the most common and preventable violations I see is a seat belt violation. Seat belt violations are as heavily weighted as speeding 11-14 mph over the limit. Another common and preventable violation is cell phone use, which is prohibited while driving a commercial motor vehicle. Cell phone violations are weighted the same as speeding 15 mph or more over limit. Very simply, use your seatbelt and not your phone.

There are many more areas of data and analytics being collected by the FMCSA, such as number of crashes, number

of times the motor carrier was put out of service for a violation, an overall safety rating and more. Insurance companies review all of this information and all the other data for your customer and combine that with the other qualities of the account to arrive at a decision of whether to quote and at what price. Talk to your trucking customer and their safety director on a regular basis about their scores and review them frequently. If your customer has implemented strategies to reduce the scores it’s important to make your RPS underwriter aware of the changes that have been made even if they have not yet reached their goal. Knowing a program has been put in place to solve a score issue and seeing a downward trend in the score can help your underwriter and the company underwriter with a decision to quote an account.

When your Trucking customer has great scores you give them the option of having more markets available to quote, potentially better pricing, and a safer motor carrier. Help your customer understand why it’s important to Know The Score!

Golf & Country ClubsBy Tom WalkerArea Executive Vice PresidentRPS Bollinger Sports & Leisure

The private golf and country club industry continues to face many challenges, including an overall decline in membership, high fixed cost structure, years of prior overbuilding, aging membership, continually changing time demands amongst families, and competition from affordable semi-private, daily fee and public golf courses, just to name a few.

While industry consolidation has assisted the larger golf management companies in growing their market share of facilities and the overall golfing population, it has also forced the remaining private clubs into broadening their amenities in order to attract and appeal to new members. This expansion of services continues to create challenging exposures for our industry, and while the insurance marketplace for the smaller, daily fee and public golf courses remains robust, with many regional insurance carriers offering what would be considered “BOP” type products and pricing, the specialized niche of insuring the country’s larger, private clubs still remains fairly narrow with only a handful of national carriers participating along with a select few program managers, such as ours. While there have been many prominent carriers over the years that have attempted to gain entrance in this specialty, over time, they have had little success due to their inability to get to the premium scale that is necessary in order to outrun their losses.

Our program typically targets risks that generate an account premium of $50,000 or more excluding Workers Compensation. Entrusted with broadened underwriting and binding authority with our risk

partner, AIG-Lexington Programs, our team of experienced underwriters handles multiple lines of business including Property, Liability, Inland Marine, Auto, Garage keepers, Pollution, Directors & Officers, Employment Practices including Third Party coverage, Fiduciary, Crime, Umbrella and Excess Umbrella, along with RPS-Cyber products to round out our portfolio. All lines are written on admitted paper within the AIG family of companies, with the exception of Florida property, which is non-admitted with Lexington. Typical risks would include both Golf and Country Clubs, where, at a minimum, the main clubhouse building has a sprinkler system or central station heat/smoke detection system in place and has had updates to their core systems including plumbing, heating, electric and roof.

With a larger concentration of clubs being located in coastal areas, the availability and cost of property coverage, while fairly flat at the moment, tends to be an ongoing challenge. This, coupled with the necessity of clubs to cover their entire physical plant, including the golf course playing surfaces (tee to green) and its infrastructure, along with improvements and betterments, leads to ever larger insurable values. As mentioned previously, with club’s expanding their amenities, typical exposures now include many of the following; elaborate swimming facilities including multiple pools, diving and sliding boards, playgrounds, exercise and wellness facilities, spa treatments, yoga and pilates studios, summer camps and daycare services, off premises excursions, ice skating, cross country skiing, trap and skeet shooting, boating, and others. These exposures, coupled with fine arts collections, large restaurant and catering facilities serving food and alcohol to both members and guests, overnight accommodations for members and guests, application of chemicals to the courses and ponds, golf carts driving over rolling terrain, errant golf balls pinging off of houses and cars, etc., makes for some challenging exposures.

Cyber Liability – Not Just for the Big GuysBy Dillon BehrProducerRPS Executive Lines

“I am convinced that there are only two types of companies: those that have been hacked and those that will be.” - Robert S. Mueller, III - Director, FBI

It seems every day we read about a new company being hacked and clients’ personal information released. After more than a decade in the military, government and commercial security industry, I keep my cyber security pretty tight, yet my personally identifiable information (PII) has still been compromised in the Target®, Home Depot®, and the federal government’s Office of Personnel Management (OPM) breaches. One might think that by now there is nothing left to steal. On the contrary, foreign governments, international crime organizations, hacktivists, rogue and for-hire hackers, and even the “script kiddie” next door all want your clients’ information.

The companies listed above are all large, household names, but the fact remains that companies of all shapes and sizes are targeted by hackers. If Anthem, Home Depot,

and Ashley Madison each have millions of dollars to spend on their information technology (IT) security, and they still can’t get it right, then the smaller companies stand almost no chance of preventing a determined attacker from getting to the information they want.

Sound a bit gloom and doom? It is. Fortunately, a well-designed cyber liability and breach response insurance policy can help your clients weather the storm should they become a victim (or a Target®). This article is designed to give you some ammunition for selling to those small-to-medium sized companies that just don’t think they are going to be attacked. Here are some of the questions I hear quite regularly:

Why Would They Attack Me? Consider this: a company does not have to actually be

targeted in order to be breached. Acunetix (and many others like it) is a freely available commercial software tool that allows any ill-intentioned hacker to remotely scan computer networks for vulnerabilities. It wasn’t designed for that. It was designed to help a company scan its own networks and look for vulnerabilities so it could patch them. But the bad guys got ahold of it and it is used to identify vulnerable businesses, all day every day. The software will tell an attacker where targets of opportunities are, and which specific vulnerabilities they have. He can then remotely attack that network without

even knowing or caring who it belongs to. According to the Symantec 2014 Internet Security Threat

Report, small businesses accounted for 30% of targeted spear-phishing attacks in 2013. Verizon reported that approximately 40% of all data breaches occur among companies with fewer than 100 employees. Even more alarming is the fact that 60% of these companies are out of business within six months. That last statistic should be enough to convince anyone with a business and a computer to purchase a policy.

How Would They Attack Me, And How Would I Be Covered?What follows is a variety of attacks that can be launched

at your clients’ networks. You do not need to understand the technical aspects of these attacks as well as I do, but you should be able to explain to your clients why they need specific coverages, and have examples of what might trigger them. The relevant coverage areas are noted in bold.

Phishing, Whaling, and Spear Phishing: digital forms of social engineering to deceive individuals into providing sensitive information. Phishing emails are often laden with malicious links and attached documents that can run unknown scripts that can turn the host computer into a slave for the attacker, or worse, give them a deep entry point into the organization’s network. Despite the best efforts of the mandatory 1-hour a year automated training course, a recent study by the security firm PhishMe found that 23% of recipients open phishing emails and 11% open attachments. Phishing attacks that result in corruption, deletion of or damage to electronic data to the insured can be covered under the security breach response coverage, while damages to a third-party can be covered by the security liability coverage as a “Security Wrongful Act”.

Malware: software that compromises the operation of a system by performing an unauthorized function or process. An invasive malware attack can be devastating to your client. Data can be deleted, corrupted, changed, or just rendered inaccessible. To clean up this mess it may be necessary to bring in outside expertise. These cyber security experts will conduct digital forensics, identify the malware and point of entry, provide mitigation services, and hopefully restore the network to its pre-infected state. These security experts can become quite costly. Security breach response coverage provides pre-negotiated rates with trusted security firms, and digital asset restoration coverage helps cover the cost of getting your clients’ digital assets back to their pre-loss state.

Insider: a person or group of persons within an organization who pose a potential risk through violating security policies. An insider attack can be crushing for an organization. Insiders may have privileged access to private information that the organization has an obligation to safeguard. A malicious insider can steal and release that data, or even leave a bit of code designed to encrypt or delete the information if fired from

his job. Physical Theft/Loss: 15.3% of all attacks come from this

category. Many think the term “Cyber” implies coverage only for incidents that involve electronic hacking or online activities, when in fact it can and should be much broader, covering private data and communications in many different formats— paper, digital or otherwise. Even having your briefcase stolen from your car could activate a solid policy.

Denial of Service (DoS and DDoS): an attack that prevents or impairs the authorized use of information system resources or services. I have seen this in action. Earlier this year there was a group that was sending a high volume of data to targets, hoping to overload networks and effectively block the targeted company from conducting business as usual. This group concurrently sent an email to the company stating that the attack will continue unless they pay the attackers 70 BitCoin ($16,000 USD). In another attack, instead of blocking business networks, the attackers encrypted the workstations of employees, rendering them useless unless the victim organization payed a BitCoin ransom by a specified deadline. These attacks are known as cyber extortion, and can leave the business open to business interruption.

How Much Would A Breach Really Cost Anyway?The Ponemon Institute has estimated that the average cost

per electronic record lost is $201 without insurance. That cost can be reduced to as low as $20-$24 with a good cyber policy because the insured now has access to a 24-hour breach response firm and pre-negotiated rates for forensics, remediation, legal, and notification firms. Handling a cyber breach is not a do-it-yourself project.

Another element that many people do not consider when calculating the costs of a data breach is the potential for lost income while the business is recovering from an attack. For instance, cyber extortion coverage will cover the costs of preventing encryption of data or a DDoS attack, while business interruption coverage can help the organization recoup the cost of lost business if the attack is successful and keeps the company from conducting its daily business for an extended period of time.

Isn’t This Covered By My BOP Or GL Plan?In short, NO. Some General Liability, Commercial Crime

and D&O policies do contain limited data breach and privacy claims language, but these forms are not intended to respond to the attacks outlined above. Carriers are going to great lengths to include exclusions that make clear their intentions of not covering these threats. Additionally, even in the rare instances coverage does exist, these policies lack the expert resources and critical first-party coverages that help mitigate the financial, operational and reputational damages a data

Risk Placement Services—YOUR wholesaler of choice!

Contact your local RPS office today for more information about our products and services. Two Pierce Place • Itasca, IL 60143866.595.8413 Contact_Us@RPSins.comRPSins.com

breach can inflict on an organization.Your clients trust you to help them prepare for worst case

scenarios, for the risks that they cannot mitigate themselves. There is no such thing as a 100% secure network and no industry is immune to security failures. Don’t let your client get away with “that won’t happen to me because I’m too small”. Your clients need broad coverage and they need it now, but it might take a bit of convincing for them to realize that they can be affected just like the big guys – in fact, smaller companies need this coverage more because they don’t have the balance sheet to sustain the costs associated with a breach. The cyber insurance industry is just now starting to really take off, and

you need to understand the threats in order to sell it effectively.About RPS CyberWith regard to the purchase of insurance, at RPS we understand that the complexity and length of the application process was a significant impediment to the procurement of cyber insurance. RPS has built a platform at RPSCyber.com that will allow a retail broker to procure a bindable quote for their clients under $100M in revenue within 60 seconds. The policy comes with full first and third party limits as well as access to an industry leading breach response team. To learn more please visit RPSins.com/cyber.