BOSTON — Preparing for the unthinkable requires a lot thought.
Risk management professionals on Monday cautioned audiences of the myriad pitfalls in planning for catastrophes during the Risk & Insurance Management Society’s annual conference at the Boston Convention and Exhibition Center. Corporations were counseled to make sure they have the right coverage, insurers were advised to defend their rights and business owners were told they may be just one hack away from losing everything.
Edward Colechia, a senior vice president for Marsh’s claims practice in Boston, outlined the anatomy of a catastrophic general liability loss and offered guidance on how to best cope with the inevitable. Preparation is key, he said. Before any risk is accepted, the insurer should make a site visit to assess the situation on the ground.
Colechia said an on-site visit to one of Marsh’s clients in the Midwest might have averted a $200 million claim that still left the insured with a $50 million coverage gap. Six people died when a deck collapsed. Colechia said the claims adjuster found that the wooden deck was riddled with mushrooms.
The risk manager must conduct loss runs to assess the full extent of the potential loss, Colechia said. He or she should also have a list with the phone numbers of everyone involved in the “insurance tower.” Ensure that the language in each policy is aligned so that when the limit on the primary policy is exhausted coverage under an excess policy, for example, kicks in, he said.
“Communicate. Communicate. Communicate,” Colechia said. “That means internal as well as external.”
Insurers that have accepted a risk need to make sure they properly reserve their rights in case a claim is excluded under the terms of the policy, said attorney Barry M. Miller,an administrative partner with Mazanec, Raski & Ryder in Lexington, Kentucky.
Miller said a reservation of rights letter should be sent to a claimant as soon as a defense of the claim begins, or soon after. He said such a letter must clearly explain any coverage limits and how they apply to the facts of the claim. Insurers that don’t explain limits or exclusions risk a court holding that they are estopped from raising those terms in defense of the claim.
Miller said it should be kept in mind that in some states, insurers are allowed to demand reimbursement of any money spent defending a claim that was not covered. But the right to that reimbursement must be reserved, he said.
Miller said reservation of rights letters should be specific, not boilerplate. Simply restating the limits and exclusions in a policy won’t do. He said the letter must explain how the policy language pertains to the facts at hand.
The exclusions mentioned by Miller could be a disaster if the claim involving a cyber attack. Stategies for coping with that particular peril was the topic of another presentation from attorney Joshua Gold of Anderson Kill in New York and Lance Ewing, executive vice president of global risk management and client services for Cotton Holdings Inc. Their presentation was titled “Cyber Coverage for Things that Go Boom.”
Gold said cyber risks “keep morphing.” In the early days, the privacy of data was the major concern. Policies where written to protect insureds from potential class action lawsuits caused by data breaches.
Covering the risk of bodily injury was not a concern for the cyber insurer or insured. But thanks the Internet of Things, bodily injury is a very real risk from certain cyber crimes. Concerns about criminal mischief prompted California lawmakers to require security on every device connected to the internet, he said.
Cyber criminals can threaten the very existence of companies. Gold said a medical practice in Minnesota shut down after it was hacked. The physicians spent days manually calling patients to cancel appointments, he said.
Even when the risk of cyber attack are well known, organizations don’t always manage the risk well.
Ewing said cyber is becoming an increasingly important risk for directors and officers’ coverage. He said shareholder lawsuits closely follow any data breaches suffered by pubic companies. Meanwhile, “the Securities and Exchange Commission has not made it a secret that they are going after any company that hasn’t been diligent about cybersecurity.”
Public companies are required to disclose in proxy statements any risks that threaten earnings. He said cyber risk has moved up toward the top of the listed disclosures in many of those proxy statements.
Ewing said directors need to pay close attention to their organization’s insurance coverage. He said some policies require the insured to follow specific security practices in order to obtain coverage.
“It is drastically, direly important to work with a broker who has experience in cyber coverage,” Ewing said.
The RIMS conference concludes on Wednesday.
Was this article valuable?
Here are more articles you may enjoy.