E-coverage: A coverage whose time came, went and is back again

Rough Notes, Jul 2002

INSURANCE MARKET UPDATE

There's never a dull moment," says Don Harris, technology risk broker with Swett & Crawford, Woodland Hills, California, a division of Aon. Don started marketing e-risk coverage in Silicon Valley a little more than three years ago. "Ninety-nine percent of the companies I worked with were technology companies. I worked directly with the CFOs or presidents. Most were start-up dot-com companies that were flush with capital. They were out there purchasing insurance coverages because they had money. Network coverage was seen as very important. There was a big boom writing that coverage."

Then came the "dot-crash." Many of those companies disappeared and others felt the pinch on capital. The policies were canceled or weren't renewed.

In today's economic conditions and the hard insurance market, there are very few companies who are buying insurance just because they have lots of extra money. However, e-coverage is beginning to see a resurgence in demand that will take time to develop-but that is seen by many as inevitable.

"It reminds me of EPLI when it first came out," says John Trask of Barney & Barney in San Diego. "The need for coverage was clear, but it wasn't clear whether losses would be picked up by other coverages. Court decisions and policy clarifications served to bring the issue into focus, however, and the demand for coverage picked up. I would guess that five years from now, resistance toward the purchase of e-risk policies probably will disappear and it will become a standard coverage for most companies."

Right now, however, Trask says, it is a "very sophisticated sale. Most clients who purchase are more sophisticated and understand the risks. But it is a difficult sale. We don't have any actual claims experience to show people. The only thing we can use to show the risk are examples of what has happened to others."

He continues that the sales problem is further exacerbated by the fact that "applications are very complicated and involve a lot of people within the company. They need to research their whole system and try and break it down. The real key right now is to get companies to start talking about this and begin to recognize the risk of loss."

Jill Tellez, director of the network risk group in the Chicago office of Aon Financial Services Group, points out that "before a company is going to buy or is even ready to buy, they need to quantify the risk and how it relates to their overall risk profile. A needs assessment involves finance, human resources, legal, IT, security, sales and marketing and operations. It's not just the risk manager or the CFO and it's not a quick-buying decision."

Florence Burstein, network risk consultant in the Aon Denver office, adds that "the ultimate goal is not necessarily the purchase of e-risk insurance, but to determine the best way to transfer or retain the risk and how best to mitigate it." Jill adds that "clients may have different appetites for risk and also may be able to work around a problem. Some companies can be down for 12 hours without a problem; others would be in serious trouble."

Florence adds that there is beginning to be increasing pressure on companies to purchase coverage stemming from a variety of factors, including the fact that "there is more clarity on exclusions in traditional policies that make it clear that viruses and other e-risks aren't covered." Jill adds that some companies "are demanding that vendors have this coverage. However, we're not yet seeing security standards delineated in contracts with vendors."

Jill continues that this is "a limited marketplace right now. The primary issue is that there is not any real clear loss of claims data so you can't make the cost/benefit quantification. Another issue is that we can't get the terms and conditions we would like. For example, many policies contain a 12-hour waiting period on business interruption and that just isn't practical for some technology companies."

Another problem, says Florence, is that "there is no concrete case law. In some similar cases, different states have ruled differently. Some of these cases are on appeal. There are definitely some cases that are pending that may help clarify the legal aspects; but right now there is a very large gap between litigation and how rapidly technology is changing. It will take years to sort out."

Jill points out that, in most cases, "this is a team sell. We often work as a team to help assess the risk, bringing in people with backgrounds in the law, technology and risk management. We try to model our team using the same disciplines that will be involved at the client. That's very important. You'll be talking with many different people at the client and you need to have someone who understands their concerns. I don't have to understand encryption, for example, but somebody on the team better."

John Trask agrees that knowledge about all aspects of technology is essential. "You have to have a resource that can answer a client's questions." That can either come from inside your agency or from a wholesaler that specializes in the coverage, he adds, noting that he uses Swett & Crawford as a resource.