Tag Archives: advertising

Ads Can’t Buy You Happy Customers

It seems like you can’t watch television for 10 minutes these days without hearing a sneaky gecko, a suit-clad man named Mayhem or Progressive’s Flo pushing insurance.

Insurance ads like GEICO’s bring some humor to your between-show times, and they’re definitely better than those psoriasis medication ads. But what’s not so funny is that policyholders are spending billions to broadcast those messages across the airwaves. Now, with auto insurance premiums rising faster than they have in nearly 13 years, more drivers are asking why they’re paying for insurers to outspend every other American industry on ads by nearly 8%.

In my opinion, it’s a fair question — especially considering that there are better ways to earn satisfied policyholders.

Ads Don’t Make Happy Customers

In 2014, S&P Global (formerly SNL Financial) analyzed auto insurance advertising spending and found that GEICO led the pack, spending almost $1.2 billion annually, closely followed by Allstate at more than $937 million. Those figures keep climbing, but do they translate to better service?

The Consumer Federation of America broke down the ratio of advertising to premiums and found that GEICO spent 6% of its budget on ads in 2013, while Allstate spent 5.7%. Interestingly, Allstate’s recent earnings report showed its net income fell by almost $1.2 billion from the first quarter of 2015 to the first quarter of 2016. GEICO, not to be outdone, had one of its worst years on record in 2015.

When it comes to customer satisfaction, though, the big spenders aren’t winning. When Reviews.com weighed the nation’s largest auto insurance companies for dependability, financial standing, reliability and customer focus, it was Amica and State Farm that came out on top.

What do Amica and State Farm have in common? They’re both policyholder-owned. So while investor pressures have put stockholder-owned GEICO and Allstate on top for ad spending, they’re not pleasing customers like mutually owned Amica and State Farm.

See also: How to Redesign Customer Experience

There are plenty of differences between mutual companies and investor-owned insurance companies, of course, but a big one is how they spend profits. While policyholder-owned insurers also purchase ads to tempt new customers, they — unlike stockholder-owned insurers — return a chunk of their profits to members in the form of dividends or reduced premiums.

Cut Ads, Not Service

Mutual companies have shown that it’s possible to contain — even to reduce — costs while still satisfying customers. After all, when was the last time you saw an Amica ad on television?

The first — and perhaps most important — step to keeping rates low is to reduce customers’ exposure to risk. Our company recently tightened its underwriting guidelines to contain claims and allow policyholders to benefit from the cost savings. It’s a difficult decision that can hinder sales, but it’s the best way to keep costs low for everyone.

Next, find ways to get your name out there that benefit existing policyholders. In lieu of ads, we conduct programs called brand energizers that reward the affinity groups we serve. Nurse’s Night Out, for example, treats our life-saving policyholders to an evening of fun, while our Work Hard/Play Hard sweepstakes are a great way to build word of mouth while rewarding customers who are first responders.

Reward programs are just one way to build your brand without ads. We’ve developed a team of field marketing managers, our brand ambassadors, who make appearances at schools, educational events and other local groups to explain the benefits of our policies. This model costs much less than a national television ad campaign while building our reputation in the communities we serve.

Hiring captive agents, too, is a good way to structure teams in a way that boosts service, not costs. Our account consultants are rewarded for bringing in new accounts, as well as for their retention efforts, and they’re not tied to particular clients. This creates incentives to provide world-class service to every potential client they encounter.

See also: Spending on Agents Beats Spending on Ads

Don’t forget the value of a strong retention program, which captive agents can help with. Happy customers are loyal customers, and the cost of retaining a customer is much lower than earning a new one. According to Bain, a mere 5% increase in customer retention could garner your company as much as a 95% profit increase. A focus on retention also builds brand champions who are willing to tell others about their experience. Wouldn’t you rather hear a neighbor’s recommendation than a gecko’s sales pitch?

Lastly, build a strong surplus to protect yourself against unexpected losses. If a tornado strikes, you’re only as strong as your reserves. Invest in this surplus so you can weather disasters without raising policyholders’ rates in their time of need.

When I started working in the industry, I rarely saw an insurance ad on television. I’m now sick of them, and I know customers are, too. To keep policyholders happy without dropping billions on ads, try it the old-fashioned way: Cultivate strong relationships and even stronger reserves, focus on retaining customers and build a team of brand advocates.

Maybe you — and all of America — can then get back to watching your show in peace.

6 Tips on Recruiting Analytical Talent

The well-trailed difficulties in recruiting data scientists or other analytical roles, followed by the equivalent challenge in retaining them long enough to recoup your investment, have been likened to “talent wars.”

There are hotspots around the UK, but it seems all areas to some extent share this experience. London is perhaps the most challenging place to retain your talent. In my own experience, it has been easier to recruit in South Wales and Bristol (the latter being particularly good for having a pool of analytical talent), while much harder in Bournemouth and Edinburgh, for example. Several factors can improve your odds, including how you advertise, whether or not you use an agency and especially how clearly you explain the role.

Here are six tips:

Role description

Providing clarity on the role and what you expect from candidates is harder than it sounds in this sector. So many terms that you might use (like “analysis,” “insight,” “intelligence,” “data,” “modeling,” “reports,” “presentation,” etc) are open to interpretation, and some very poorly skilled candidates use this language to describe what they can do. For this reason, I recommend avoiding technical jargon as much as possible (apart from specifying any exact software in which you require expertise). Seek to describe the role in terms of the outputs you require the person to be capable of delivering. For example, do you want a candidate who can produce analytical reports or someone who can influence marketing leaders and present information that is sufficiently persuasive to change strategy or guide design of a new campaign or product.

Advertising and Agencies

Advertising your role is another conundrum for the would-be hiring manager. Given the high fees charged by some recruitment agencies, for little visible effort, it’s not surprising to see the growth of companies investing in their own recruitment portals and greater use of LinkedIn by recruiting managers. The latter approach has the advantage, for well-connected professionals, of both tapping into their existing networks and approaching those who both understand the language they use and may be best placed to know analysts ready for a move. However, the novelty factor has now worn off, and with so many recruitment consultants also bombarding LinkedIn users it is harder and harder to get your message across.

I would certainly encourage use of your own company advertising (to tap into fans of your brand) and LinkedIn as a first step. However, despite all the charlatans in the industry, I have still seen real benefit from specialist agencies that genuinely know this market. Having recruited analysts for more than a decade now, I’ve found these informed specialist recruitment agencies few and far between and those I trust to be even rarer. However, among this rare breed, I am happy to recommend MBN recruitment. The firm always understood my brief and provided viable appropriate candidates as well as pragmatic advice on salary and approach to wooing the undecided.

Motivating and Retaining

As all insight leaders will be only too well aware, even though finding the right analytical talent in the first place is challenging, it can be even harder to keep them motivated, engaged and ultimately retain them long enough to see their potential realized and value added to the business. Every journey starts with a single step, as the Chinese proverb goes, and it is really important to start well. For anyone who has not yet read it, taking the approach recommended in “The First 90 Days” can be a recipe for any new hire (especially at a more senior level) to hit the ground running and make the right first impression.

On-Boarding Coaching

I’m also conscious that leaders of insight teams are even harder to find, so many organizations are needing to appoint, to the growing number of these roles, candidates with strong generic competencies but little or no experience of customer insight. Coaching at Work magazine recently published an article on on-boarding coaching and its growing popularity. Laughlin Consultancy can see a need for trained executive coaches with a background in customer insight leadership to help support this population to be as effective as possible through their first 90 days and so are providing that service.

Performance Management

Continuing motivation and engagement of analysts could be a blog post topic (if not a book) in its own right, but for now suffice to say that there is a natural tendency for this population to be more cynical. Marshall Goldsmith described most performance management systems as an occupational hazard at best, and there is a need to flex the company policy to better work for these skilled people. I was struck when reading “Punished by Rewards” as to the importance of not relying on bonuses or internal recognition systems to bribe them to work hard or give a high score in the next engagement survey – rather being genuinely interested in the work that they do and reclaiming the essential importance and nobility of that craft. For performance reviews, I would also recommend taking the approach recommended by Nancy Kline.

Competencies and Career Paths

One final recommendation, to achieve motivated and retained capable analysts, is to invest in a clear career path for them. People, especially analytical people, want to understand clearly how their skills match up to the ideals for each role and potential routes for their development if they can improve and “up-skill.” I have seen skilled analysts become very motivated by simply having clearly documented competencies for different technical roles and seniority within them. When you add to this clarity as to potential career routes through that matrix, it can lead to conversations and planning that result in those analysts staying for many years not just months.

I hope those tips are helpful to you. Please do share what has worked for you, too.

5 Steps for Covering Data Breaches

Target’s $19 million settlement with MasterCard[1] underscores very significant sources of potential exposure that often follow a data breach that involves payment cards. Retailers and other organizations that accept those cards are likely to face—in addition to a slew of claims from consumers and investors— claims from financial institutions that seek to recover losses associated with issuing replacement credit and debit cards, among other losses. The financial institution card issuers typically allege, among other things, negligence, breach of data-protection statutes and non-compliance with Payment Card Industry Data Security Standards (PCI DSS). Likewise, as Target’s recent settlement illustrates, organizations can expect to face claims from the payment brands, such as MasterCard, VISA and Discover, seeking substantial fines, penalties and assessments for purported PCI DSS non-compliance.

These potential sources of liability can eclipse others. While consumer lawsuits often get dismissed for lack of Article III standing,[2] for example, or may settle for relatively modest amounts,[3] the Target financial institution litigation survived a motion to dismiss[4] and involved a relatively high settlement amount as compared with the consumer litigation settlement. So did TJZ’s prior $24 million settlement with card issuers.[5] The current settlement involves only MasterCard,[6] moreover, and the Target financial institution litigation will proceed with any issuer of MasterCard-branded cards that declines to partake of the $19 million settlement offer. The amended class action in the Target cases alleges that the financial institutions’ losses “could eventually exceed $18 billion.”[7]

Organizations should be aware that these significant potential sources of data breach and payment brand liability may be covered by insurance, including commercial general liability insurance (CGL), which most companies have in place, and specialty cybersecurity/data privacy insurance.

Here are five steps for securing coverage for data breach and PCI DSS-related liability:

Step 1:            Look to CGL Coverage

                        Coverage A: “Property Damage” Coverage

Payment card issuers typically seek damages because of the necessity to replace cards and, often, also specifically allege damages because of the loss of use of those payment cards, including lost interest, transaction fees and the like. By way of illustration, the amended class action complaint in the Target litigation alleges:

The financial institutions that issued the debit and credit cards involved in Target’s data breach have suffered substantial losses as a result of Target’s failure to adequately protect its sensitive payment data. This includes sums associated with notifying customers of the data breach, reissuing debit and credit cards, reimbursing customers for fraudulent transactions, monitoring customer accounts to prevent fraudulent charges, addressing customer confusion and complaints, changing or canceling accounts and facing the decrease or suspension of their customers’ use of affected cards during the busiest shopping season of the year.[8]

The litigation further alleges that “plaintiffs and the FI [financial institution] class also lost interest and transaction fees (including interchange fees) as a result of decreased, or ceased, card usage in the wake of the Target data breach.”[9]

These allegations fall squarely within the standard-form definition of covered “property” damage under CGL Coverage A. Under Coverage A, the insurer commits to “pay those sums that the insured becomes legally obligated to pay as damages because of … ‘property damage’… caused by an ‘occurrence’”[10] that “occurs during the policy period.”[11] The insurer also has “the right and duty to defend the insured against any … civil proceeding in which damages because of … ‘property damage’ … are alleged.”[12]

Importantly, the key term “property damage” is defined to include not just “physical injury to tangible property” but also “loss of use of tangible property that is not physically injured.” The key definition in the current standard-form CGL insurance policy states as follows:

  1. “Property damage” means:
  2. Physical injury to tangible property, including all resulting loss of use of that property. All such loss of use shall be deemed to occur at the time of the physical injury that caused it; or
  3. Loss of use of tangible property that is not physically injured. All such loss of use shall be deemed to occur at the time of the “occurrence” that caused it.

For the purposes of this insurance, electronic data is not tangible property.

In this definition, “electronic data” means information, facts or programs stored as or on, created or used on or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROMs, tapes, drives, cells, data processing devices or any other media that are used with electronically controlled equipment.[13]

Although the current definition states that “electronic data is not tangible property,” to the extent this standard-form language may be present in the specific policy at issue (coverage terms should not be assumed; rather the specific policy language at issue should always be carefully reviewed),[14] the limitation is largely, perhaps entirely, irrelevant in this context because card issuer complaints, like the amended class action complaint in the Target litigation, typically allege damages because of the need to replace physical, tangible payment cards.[15] The complaints further often expressly allege that the issuers have suffered damages because of a decrease or cessation in the card usage.

These types of allegations are squarely within the “property damage” coverage offered by CGL Coverage A, and courts have properly upheld coverage in privacy-related cases where allegations of loss of use of property are present.[16]

            Coverage B: “Personal and Advertising Injury” Coverage

There is significant potential coverage for data breach-related liability, including card issuer litigation, under CGL Coverage B. Under Coverage B, the insurer commits to “pay those sums that the insured becomes legally obligated to pay as damages because of ‘personal and advertising injury,’”[17] which is “caused by an offense arising out of [the insured’s] business … during the policy period.”[18] Similar to Coverage A, the policy further states that the insurer “will have the right and duty to defend the insured against any … civil proceeding in which damages because of … ‘personal and advertising injury’ to which this insurance applies are alleged.”[19]

The key term “personal and advertising injury” is defined to include a list of specifically enumerated offenses, which include “oral or written publication, in any manner, of material that violates a person’s right of privacy.”[20]

Considering this key language, courts have upheld coverage under CGL Coverage B for claims arising out of data breaches and for a wide variety of other claims alleging violations of privacy rights.[21] It warrants mention that, although the trial court in the Sony PlayStation data breach litigation recently ruled against coverage, the trial court’s decision — which turned on the court’s finding that, essentially, Coverage B is triggered only by purposeful actions by the insured (Sony) and not by the actions of the third parties who hacked into its network — that decision is currently on appeal to the New York Appellate Division and may soon be reversed. Nowhere in the insuring agreement or its key definition does the CGL policy require any action by the insured. As the coverage’s name “Commercial General Liability” indicates, the coverage does not require intentional action by the insured, as argued by the insurers in the Sony case, but rather is triggered by the insured’s liability, i.e., the insurer commits to pay sums that the insured “becomes legally obligated to pay” that “arise out of” the covered “offenses.” The broad insuring language, moreover, extends to the insured’s liability for publication “in any manner,” i.e., via a hacking attack or otherwise. The cases cited by the insurer in the Sony case are factually inapposite and interpret entirely different policy language. Indeed, Sony’s insurer, Zurich, itself acknowledged in 2009 that CGL policies may provide coverage for data breaches via hacking, which by definition involves third-party actions.[22]

Organizations also should be aware that the Insurance Services Office (ISO), the insurance industry organization responsible for drafting standard-form CGL language, recently promulgated a series of data breach exclusionary endorsements.[23] ISO acknowledged that there currently is data breach coverage for hacking activities under CGL policies. In particular, ISO stated that the new exclusions may be a “reduction in personal and advertising injury coverage”—the implication being that there is coverage in the absence of the new exclusions.

At the time the ISO CGL and CLU policies were developed, certain hacking activities or data breaches were not prevalent and, therefore, coverages related to the access to or disclosure of personal or confidential information and associated with such events were not necessarily contemplated under the policy. As the exposures to data breaches increased over time, stand-alone policies started to become available in the marketplace to provide certain coverage with respect to data breach and access to or disclosure of confidential or personal information.

To the extent that any access or disclosure of confidential or personal information results in an oral or written publication that violates a person’s right of privacy, this revision may be considered a reduction in personal and advertising injury coverage.[24]

Other than the trial court’s decision in the Sony case, no decision has held that an insured must itself publish information to obtain CGL Coverage B coverage, and a number of decisions have appropriately upheld coverage for liability that the insured has resulting from third-party publications.[25]

The bottom line: There may be very significant coverage under CGL policies, including for data breaches that result in the disclosure of personally identifiable information and other claims alleging violation of a right to privacy, including claims brought by card issuers.

Step 2:           Look to “Cyber” Coverage

Organizations are increasingly purchasing so-called “cyber” insurance, and a major component of the coverage offered under most “cyber” insurance policies is coverage for the spectrum of issues that an organization typically confronts in the wake of a data breach incident. This usually includes, not only defense and indemnity coverage in connection with consumer litigation and regulatory investigation, but also defense and indemnity coverage in connection with card issuer litigation. By way of example, one specimen policy insuring agreement states that the insurer will “pay … all loss” that the “insured is legally obligated to pay resulting from a claim alleging a security failure or a privacy event.” The key term “privacy event” includes “any failure to protect confidential information,” a term that is broadly defined to include “information from which an individual may be uniquely and reliably identified or contacted, including, without limitation, an individual’s name, address, telephone number, Social Security number, account relationships, account numbers, account balances, account histories and passwords.” “Loss” includes “compensatory damages, judgments, settlements, pre-judgment and post-judgment interest and defense costs.” Litigation brought by card issuers is squarely within the coverage afforded by the insuring agreement and its key definitions.

Importantly, a number of “cyber” insurance policies also expressly cover PCI DSS-related liability. By way of example, the specimen policy quoted above expressly defines covered “loss” to include “amounts payable in connection with a PCI-DSS Assessment,” which is defined as follows:

“PCI-DSS assessment” means any written demand received by an insured from a payment card association (e.g., MasterCard, Visa, American Express) or bank processing payment card transactions (i.e., an “acquiring bank”) for a monetary assessment (including a contractual fine or penalty) in connection with an insured’s non-compliance with PCI Data Security Standards that resulted in a security failure or privacy event.

This can be a very important coverage, given that, as the recent Target settlement illustrates, organizations face substantial liability arising out of the card brand and association claims for fines, penalties and assessments for purported non-compliance with PCI DSS. The payment card brands routinely claim that an organization was not PCI DSS-compliant and that the PCI forensic investigator assigned to investigate compliance routinely determines that the organization was not compliant at the time of a breach. As the payment industry has stated, “no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach.”[26]

The bottom line: “Cyber” insurance policies may provide broad, solid coverage for the costs and expenses that organizations may incur in connection with card-issuer litigation and payment brand claims alleging PCI non-compliance.

Step 3:            Look to Other Potential Coverage

It is important not to overlook other types of insurance policies that may respond to cover various types of exposure flowing from a breach. For example, there may be coverage under directors’ and officers’ (D&O) policies, professional liability or errors and omissions (E&O) policies and commercial crime policies. After a data breach, companies are advised to provide prompt notice under all potentially implicated policies, excepting in particular circumstances that may justify refraining to do so, and to carefully evaluate all potentially applicable coverages.

Step 4:            Don’t Take “No” For an Answer

Unfortunately, even where there is a legitimate claim for coverage under the policy language and applicable law, an insurer may deny a claim. Indeed, insurers can be expected to argue, as Sony’s insurers argued, that data breaches are not covered under CGL insurance policies. Nevertheless, insureds that refuse to take “no” for an answer may be able to secure valuable coverage.

If, for example, an insurer reflexively raises the “electronic data” exclusion in response to a claim under CGL Coverage A, which purports to exclude, under the standard form, “[d]amages arising out of the loss of, loss of use of, damage to, corruption of, inability to access or inability to manipulate electronic data,”[27] insureds are encouraged to point out that the damages alleged by card issuers for replacing physical cards and for lost interest and transaction fees, etc., resulting from loss of use of those cards, are clearly outside the purview of the exclusion. Likewise, if an insurer raises the standard “Recording And Distribution Of Material Or Information In Violation Of Law” exclusion, insureds are encouraged to point out that the exclusion has been narrowly interpreted, does not address common-law claims and has been held inapplicable where the law at issue fashions relief for common law rights.[28]

Importantly, exclusions and other limitations to coverage are construed narrowly against the insurer and in favor of coverage under well-established rules of insurance policy interpretation,[29] and the burden is on the insurer to demonstrate an exclusion’s applicability.[30]

Step 5:            Maximize Cover Across the Entire Insurance Portfolio

Various types of insurance policies may be triggered by a data breach, and the various triggered policies may carry different insurance limits, deductibles, retentions and other self-insurance features, together with various different and potentially conflicting provisions addressing, for example, other insurance, erosion of self-insurance and stacking of limits. For this reason, in addition to considering the scope of substantive coverage under an insured’s different policies, it is important to carefully consider the best strategy for pursing coverage in a manner that will maximize the potentially available coverage across the insured’s entire insurance portfolio. By way of example, if there is potentially overlapping CGL and “cyber” insurance coverage, remember that defense costs often do not erode CGL policy limits, and structure the coverage strategy accordingly.

When facing a data breach, companies should carefully consider the insurance coverage that may be available. Insurance is a valuable asset. Before a breach, companies should take the opportunity to carefully evaluate and address their risk profile, potential exposure, risk tolerance, sufficiency of their existing insurance coverage and the role of specialized cyber coverage. In considering that coverage, please note that there are many specialty “cyber” products on the market. Although many, if not most, of these policies purport to cover many of the same basic risks, including data breaches and other types of “cyber” and data privacy-related risk, the policies vary dramatically. It is important to carefully review policies for appropriate coverage prior to purchase and, in the event of a claim, to carefully review the scope of all potentially available coverage.

This article was first published in Law360.

 

[1] Target Strikes $19M Deal With MasterCard Over Data Breach, Law360 (April 15, 2015). The settlement is contingent upon at least 90% of the eligible MasterCard issuers accepting their alternative recovery offers by May 20.

[2] See, e.g., No Data Misuse? No Standing For Data Breach Plaintiffs, Law360 (April 24, 2014).

[3] Target Will Pay Consumers $10M To End Data Breach MDL, Law360, New York (March 19, 2015).

[4] See, e.g., Target Loses Bid to KO Banks’ Data Breach Litigation, Law360 (April 15, 2015).

[5] TJX Reaches $24M Deal With MasterCard Issuers, Law360 (April 2, 2008).

[6] The company is reported to be in similar negotiations with Visa.

[7] In re: Target Corporation Customer Data Security Breach Litigation, MDL No. 14-2522 (PAM/JJK) (D. Minn), at ¶ 87 (filed August 1, 2014).

[8] Id., ¶ 2 (emphasis added).

[9] Id., ¶ 86 (emphasis added).

[10] ISO Form CG 00 01 04 13 (2012), Section I, Coverage A, §1.a., §1.b.(1).

[11] Id., Section I, Coverage A, §1.b.(2).

[12] Id., Section I, Coverage A, §1.a.; Section V, §18.

[13] ISO Form CG 00 01 04 13 (2012), Section V, §17 (emphasis added).

[14] In the absence of such language, a number of courts have held that damaged or corrupted software or data is “tangible property” that can suffer “physical injury.” See, e.g., Retail Sys., Inc. v. CNA Ins. Co., 469 N.W.2d 735 (Minn. Ct. App. 1991); Centennial Ins. Co. v. Applied Health Care Sys., Inc., 710 F.2d 1288 (7th Cir. 1983) (California law); Computer Corner, Inc. v. Fireman’s Fund Ins. Co., No. CV97-10380 (2d Dist. Ct. N.M. May 24, 2000).

[15] See also Eyeblaster, Inc. v. Federal Ins. Co., 613 F.3d 797 (8th Cir. 2010).

[16] See, e.g., District of Illinois in Travelers Prop. Cas. Co. of America v DISH Network, LLC, 2014 WL 1217668 (C.D, Ill. Mar. 24, 2014); Columbia Cas. Co. v. HIAR Holding, L.L.C., 411 S.W.3d 258 (Mo. 2013).

[17] ISO Form CG 00 01 04 13 (2012), Section I, Coverage B, §1.a.

[18] Id., Section I, Coverage B, §1.b..

[19] Id.. Section I, Coverage B, §1.a.; Section V, §18.

[20] Id.. Section V, §14.e.

[21] See, e.g., Hartford Cas. Ins. Co. v. Corcino & Assocs,. 2013 WL 5687527 (C.D. Cal. Oct. 7, 2013).

[22] Zurich, Data security: A growing liability threat (2009), available at http://www.zurichna.com/NR/rdonlyres/23D619DB-AC59-42FF-9589-C0D6B160BE11/0/DOCold2DataSecurity082609.pdf (emphasis added).

[23] These new exclusions became effective in most states last May 2014. One of the exclusionary endorsements, titled “Exclusion – Access Or Disclosure Of Confidential Or Personal Information,” adds the following exclusion to the standard form policy:

This insurance does not apply to:

Access Or Disclosure Of Confidential Or Personal Information

“Personal and advertising injury” arising out of any access to or disclosure of any person’s or organization’s confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of non public information.

CG 21 08 05 14 (2013). See also Coming To A CGL Policy Near You: Data Breach Exclusions, Law360 (April 23, 2014).

[24] ISO Commercial Lines Forms Filing CL-2013-0DBFR, at pp. 3, 7-8 (emphasis added).

[25] See, e.g., Hartford Cas. Ins. Co. v. Corcino & Assocs,. 2013 WL 5687527 (C.D. Cal. Oct. 7, 2013).

[26] Visa: Post-breach criticism of PCI standard misplaced (March 20, 2009), available at http://www.computerworld.com.au/article/296278/visa_post-breach_criticism_pci_standard_misplaced/

[27] CG 00 01 04 13 (2012), Section I, Coverage A, §2.p.

[28] See, e.g., Hartford Cas. Ins. Co. v. Corcino & Assocs,. 2013 WL 5687527 (C.D. Cal. Oct. 7, 2013). For example, in the Corcino case, the court upheld coverage for statutory damages arising out hospital data breach that compromised the confidential medical records of nearly 20,000 patients, notwithstanding an express exclusion for “personal and advertising Injury …. [a]rising out of the violation of a person’s right to privacy created by any state or federal act.” Corcino and numerous other decisions underscore that, notwithstanding a growing prevalence of exclusions purporting to limit coverage for data breach and other privacy related claims, there may yet be valuable privacy and data breach coverage under “traditional” or “legacy” policies that should not be overlooked.

[29] See, e.g., 2 Couch on Insurance § 22:31 (“the rule is that, such terms are strictly construed against the insurer where they are of uncertain import or reasonably susceptible of a double construction, or negate coverage provided elsewhere in the policy”).

[30] See, e.g., 17A Couch on Insurance § 254:12 (“The insurer bears the burden of proving the applicability of policy exclusions and limitations or other types of affirmative defenses”).

From Marketing Myths to Truths

No insurance executive in touch with the marketplace would deny that traditional distribution is no longer a reliable way to deliver dependable sales and enduring customer relationships. The adviser-based model is under threat in most sector categories. Why? There are many reasons, but two at the top of the list are:

  1. Customers are changing – the Millennial generation shops and buys differently than their Boomer parents, and even Boomer habits and expectations are changing in the digital world.
  1. Technology has disrupted the distribution model, as it has disrupted everything else in its wake – the experiences, access, transparency, ability to compare and socialize at any moment from any location – dislodging practices that were deeply rooted for decades.

As a result, carriers are being forced to recast not only distribution itself, but also the entire ecosystem that enables distribution to do its job:

  • Product – must be simpler, understandable to the average person and offering a real benefit worth the price
  • Service – must be always available, accurate and helpful
  • Channels – must be consistent on all dimensions – as a client, I want to feel I am dealing with the same company wherever I go looking for you, whether online, on the phone or in person
  • Underwriting – must use data in ways that are respectful and pass the test of being reasonable in the client’s eyes

Perhaps most of all, insurers must put aside marketing myths and see marketing as more than an optional cost center that puts sponsorships in place, designs product brochures, supports trade show presence and runs advertising campaigns.

Marketing done right can become the function that unifies your business around the client, and fuels answers to these critical questions:

  • Whom do you really want to have as your customers?
  • What are their needs, both emotional and rational?
  • What are the ways you can meet those needs?
  • And how can you do so better than competition, within a good economic and risk structure?

The insurance industry seems to live by a series of unfortunate beliefs about what marketing is and what it is not. These marketing myths stand in the way of putting the huge potential of this function to work to meet your business goals.

To enable marketing to have the impact on your business that it can have, put these myths aside and empower a capable team to help drive growth.

Marketing Myths Marketing Truths
“Brand” and “advertising” are synonymous. Brand defines what your company stands for and connects people in ways that help them see you as relevant in their lives … leading to purchase and loyalty. Everything you do is a manifestation of your brand, whether or not you advertise.
Marketing is a cost center. Marketing is an investment. Marketing is a leader in creating profitable and persistent revenue growth, by helping to identify the right customers, gather their needs and provide direction to the organization on how to fulfill those needs.
Marketing people are creative types, not business people. Yes, as in every business function, creativity is demanded. But marketing today is a technology-driven function and drives P&L, so a close partnership between internal tech professionals and external providers is a must.
Product builds, distribution sells, marketing supports. Insurance is an experience business. It’s not just about policy bells and whistles, it’s about the end-to-end experience of engaging with your brand from pre-sale to post-sale to continuing servicing and claims. This means internal silos must be eradicated and collaboration must be a defining attribute of your culture, or your customer will feel the negative effects of self-imposed internal barriers.
Marketing decisions are made on gut. Marketing is a data-driven discipline, requiring a special mix of talent and skills to get the right data and use it to create customer experiences that will drive business results.

6 Trends Signaling Major Opportunity

Last year, I decided to pursue a career transition as a full-time occupation. I’ve been out in the market for the past six months, assessing business opportunities as I network with executives in financial services, healthcare, media and retail, as well as with VCs, private equity investors and advisers.

What’s been great is that invariably any role in any organization, however broad, will be framed by the priorities that drive the business, which may be using a short-range lens defined by the annual plan, or one that doesn’t offer much of a peripheral view.  Transition-as-occupation offers full permission to set the aperture and depth of field for insight-gathering and exploration.

What has also been remarkable is not only the generosity of many people at the top of their respective fields to share perspectives, but also how I’ve been able to help others by playing the role of connector among people who may not normally meet up with each other, but who are excited to understand how others are addressing common questions in a complex and changing environment.

Here are six connected trends on the collective mind of the leaders with whom I’ve met. They represent a snapshot of what I am hearing. Within them are opportunities to be realized across this industry:

  • Customer-centricity – is it talk or walk? C-suiters certainly verbalize that “customer-centricity” matters, but few teams demonstrate that empathizing with the customer is bedrock for viable, win/win relationships, growth and profit improvement. The phrase has as many definitions as (or more than) the number of people defining it. Most significantly, the connection to concrete, quantifiable business priorities is generally missing. For those who get beyond the buzzwords, there is tremendous tangible value, even disruptive opportunity, in being a customer-focused player in this sector.
  • Old norms don’t work…digital and innovation are essential. Businesses are faced with redesigning processes, structures and metrics, recruiting more agile learners who are also able to deliver and overcoming legacy infrastructure to adopt new technologies. This level of change in the way businesses operate is not for the faint-hearted. The companies that take on these real implementation requirements will gain ground.
  • Yes, technology truly is changing everything. Even with greater efficiency, there is no growth without compelling offerings that meet big market needs. For companies engineered to serve baby boomers, serving the millennial generation requires profound change, not just a digital coat of paint. The implications go way beyond having a social media presence, cool apps and clever advertising. The millennial generation is inheriting a different world, re-shaped in good and bad ways by prior generations.  The starting point for progress is to be truly insight-led, and not presume you know what people want and need.
  • The marketing bar is being raised. This discipline has been disrupted, and more is being demanded. Traditionally viewed as “support” people, marketers are now being held to results that require a different seat at the table, a different talent profile, processes and resources and an entirely new set of connections with colleagues and external partners. Begin by redefining relationships, especially with product, IT and sales internally, and with the advertising and media agencies as key outside partners.
  • Two tales are playing out within financial services. Legacy institutions remain heavily focused on regulation, compliance, expense reduction and cyber security…while fin tech is hot, with capital flowing into payments, wealth management, consumer lending and related start-ups pursuing market disruption and reshaping the industry. Start-ups are doing great things in this sector and will keep incumbents on their toes, as well as representing potential acquisition opportunities as a strategy to modernize. Alignment around a clear strategy and a collaborative culture are at the foundation of leading change vs. playing defense.
  • Healthcare disruption is creating opportunities, but the pace is slow. Payers and providers are aiming to address Affordable Care Act and other government, employer and consumer-driven impacts.  Using electronic medical records, controlling employer healthcare expenses and enabling patient accountability for medical care decisions are just three of many big and complex challenges. The road to change will be long and slow given the sheer complexity and fragmentation of healthcare delivery. As in financial services, new entrants are leading innovation with solutions that address elements of the ecosystem. As in financial services, there is room for incumbents to realize opportunity with the right strategic and cultural conditions.