If you cater to clients who run large businesses, you know that they face increasingly varied risks every day from such as terrorism; service interruption; supply chain disruption; reputational risk; political instability; and challenges to intellectual property rights.
While conventional insurance will cover aspects of a number of such problems, there are others that are not so straightforward: reputational risk, for instance, for a company who cannot deliver, or perhaps a company loses a court case to determine ownership of intellectual property, necessitating a work-around or even abandonment of a complete product line.
How can a company cope with such contingencies? Perhaps with a little help from London-based Lockton Companies LLP, which recently announced that it has developed a set of new risk tools to help companies cope with the “uninsurable.”
Emily Freeman, executive director, technology and global privacy practice at Lockton, said that coverage is designed around the eventualities a company fears: “You define what keeps you up at night.” While previously a business might have had to opt for multiple specialized policies to cover what it could of such specialized risks, or take its own steps to mitigate losses if coverage could not be bought, Lockton’s enterprise disruption contingency insurance provides individualized coverage against risks that might haunt a company’s board or CEO in the wee hours.
A typical business that might use such coverage would be one with at least $100 million in revenues. Says Freeman, “There’s no minimum revenue, but it starts to get much more meaningful in the middle range and up.” There’s no upper end, either, she says, although coverage is “not designed to solve the problems of the Fortune 50.”
What would such insurance cover? Contingency, operational and reputational risk, and their effects on EBITDA income and expenses—loss of business income and the incurring of extra expense that stems from losses outside traditional physical damages.
The application process and underwriting is somewhat different from that for conventional policies. It can take months, says Freeman, who points out that a company applying for coverage is “actually telling underwriters a concept of what [it’s] trying to cover.” Underwriters then ask for information about the company based on that concept, which is so detailed and individualized that they will actually sign confidentiality agreements to be made privy to it.
“It’s designed, bespoke, and customized around individual client needs,” she says. There’s “conceptual vetting, putting something in front of the underwriters that’s meaningful; then there’s the information phase, when the underwriters investigate.” From there the wording has to be designed, customized and fine-tuned; then limits must be determined for coverage. Finally, she says, the company applying for coverage must get a decision from its board that “the spend for this makes sense.”
A company is not restricted to insuring a single risk or type of risk; it can bundle those issues that cause the most worry. Freeman explains, “You can combine unrelated things and insure them together—such as possible bad publicity about allegations about an executive, combined with supply chain problems and data breach problems. There’s no issue with looking at multiple triggers that are not related to each other.”
Is such coverage timely? One only needs to look at the headlines. To cite an example in which enterprise disruption contingency insurance would be both useful and appropriate, consider Sony.
An April hacking attack disabled Sony’s PlayStation website and caused Netflix customers who download movies through their PlayStations to be unable to use the service. Should Netflix decide to no longer offer movies through PlayStations, that would be a clear instance in which such a policy could pay off.
Another aspect of Sony’s data breach was the compromise of personal information, including credit card information and passwords. That’s bound to give more than Netflix pause. Says Freeman, “If you had a massive data breach, there’s [already] insurance to deal with data subjects whose data is at risk, but we’re talking the flip side—adverse media attention to the data breach and customers who don’t want to be part of it any more. [This covers] brand restoration activities, as well as the downturn in business. Some things operate very much in the minds of the public,” she points out. “One is security of personal data.”