Tag Archives: digital

3 Problems Solved by Going Digital

Much has been written about the promise of digital technology to change insurance. But what does this mean in practical terms? Can digital technology reshape traditional patterns of engagement between insurers and their customers that have existed for decades (or centuries)? Can technology create a value proposition that avoids a zero sum game and benefits both insureds and insurers simultaneously?

This post identifies three major opportunity areas for insurance and describes what one insurer, Tokio Marine & Nichido Fire Insurance, has delivered to make the transition to a digital insurance platform.

Consumer expectations are increasingly being conditioned by the best practices found on sites such as Amazon, PayPal and eBay. Compared with these experiences, the traditional insurance process presents insurers with a number of challenges. Three problematic areas are:

  • Buying is periodic: In the majority of sales, insurance is purchased infrequently. In some lines of business, such as life insurance, it may only be bought once (and used only once!). In personal lines, annual or semiannual renewals are automated, and a customer may never speak with an agent or a representative of an insurer. This lack of contact limits the opportunity for a distributor or an insurance company to establish a significant relationship with a customer and personalize the buying experience.
  • Risk is poorly managed: Sales may be periodic, but risks are continuous. Business conditions and lifestyles change over time, and specific products, limits and coverages should be introduced at strategic times to respond appropriately. Changes in conditions – when a contractor offers a new type of construction, or a commuter in a dense metro area begins working from home and parks his automobile – need to be identified immediately and responded to appropriately. In an ideal insurance scenario, risks are managed on a continuous basis. However, in the current model, active risk management is a high-touch, high-cost service. Low premiums on products such as small business insurance provide little incentive for agents to service the risk management needs of customers appropriately. As a result, too often, insureds unintentionally self-insure. Many a claim submission includes the comment, “I have insurance; I thought I [or my business] was covered!”
  • Payment, not avoidance, is the focus: The best loss is the one that is avoided altogether. However, the core of most traditional insurance products is to compensate an insured financially for a loss caused by a covered peril. This results in an emphasis on paying claims, not avoiding losses. While insurers are very familiar with the typical causes of loss, their customers generally are not aware of how their day-to-day behavior affects their loss exposure. Consumers and business owners do not typically evaluate their behaviors, lifestyles, operations or choices in light of loss potential and, thus, participate in behaviors that expose them to loss. For example, individuals choose to post vacation pictures on public forums such as Facebook, which increases their exposure to theft at their vacant home.

Tokio Marine & Nichido Fire Insurance (TMNF) began addressing the periodic sales challenge in 2010 by moving to a more continuous delivery platform. Offering personal lines insurance in the Japanese market, the company found that its traditional products did not allow it to sell to clients on a frequent basis. To change this dynamic, the company combined new technology with updated insurance products to fundamentally change the traditional process of customer engagement. The company developed a series of one-time, short-term insurance solutions that addressed targeted needs such as travel, skiing and one-day automobile insurance. The company partnered with a leading telecommunication provider, NTTdocomo, to sell these on mobile telephones. The buying experience requires very little customer input of information (because the phone company has most of the required demographic information), and payment for the policy is part on the next phone bill.  Over time, the product set has expanded into health coverages and now takes advantage of continuous health tracking technology. These make wellness recommendations to users on a daily basis and has helped TMNF make the transition from a periodic insurance provider to an active participant in its customers’ lives.

Leading insurers are beginning to discover how to innovate with technology and product to change traditional trade-offs and deliver higher-value solutions to their customers. In subsequent posts, some solutions to the challenges of suboptimal risk management and loss avoidance will be detailed.

A 2015 To-Do List for Digital Transformation

The new year already feels well under way. The pressure is on to accelerate progress and increase business impact on all things digital. You’ve locked down the budget, and goals are in place. Now it’s time to reset the results meter and build momentum.

If one of your goals is to make digital matter more to employees, customers and shareholders, and you want to shake that feeling of being left out or left behind by the torrid pace of technological change, consider taking on these eight “to-do’s.”

  1. Expand your personal presence on social media. As a C-level executive, you carry the flag for your brand and for your company’s reputation. Your authentic and routine presence on social media will have high return on investment (ROI). Being part of the conversation has moved beyond “cool” or “nice-to-have.” It’s a must-do as part of your personal engagement with internal and external audiences. Your personal participation will also help you to internalize the profound impact the medium is having on everyone’s lives.
  2. Put mobile first. Feel you may be lagging on web-based development? The good news is you have the opportunity to leapfrog straight to a mobile-first user experience as you execute your digital road map. Invest in responsive design technology to align all screens to a consistent experience. Mobile devices are fast-becoming the “main screen” for an expanding range of purchases, transactions, inquiries and information sharing. If you don’t believe that, observe your own behavior, and you will surely be convinced.
  3. Recognize and reward team behaviors that foster innovation. It’s easy to pay lip service to the need for openness, diversity, transparency, creativity, exploration and collaboration and to be able to see failure as learning… all characteristics of an innovation culture. While you may not be able to project the bottom-line impact with anything approaching actuarial precision, increased digital effectiveness will be one of the payoffs of implementing a real plan that recognizes and rewards the people in your organization who live these attributes.
  4. Modernize your key metrics. The metrics that have worked really well to measure traditional financial drivers of traditional businesses may fall short in exposing the full impacts of digital. Dedicate the right analytics talent to set up a rigorous but flexible test-and-control framework that allows you to read accurately the cause-and-effect relationships of each digital enhancement.  This is not about perfection; seek sufficient precision to reveal when it makes sense to scale your digital experiments, and to inform business cases for further investments.
  5. Discourage “cutting and pasting” digital solutions from the physical world. Your organization has been at digital long enough to know that picking up what worked in the physical world and dropping it online does not even qualify these days as “version 1.0” status. The unique properties of digital experiences and the different results they generate will only be within your reach when products, service delivery, sales and other core processes are re-imagined for digital, not brought to market as re-casts of potentially obsolete approaches.
  6. Align your executives’ goals and incentives to drive digital performance. We’ve moved well beyond a world where digital is the domain of IT, the marketing department or a digital head or any other functional or business silo. Digital is everywhere in your company and requires cross-everyone support to implement. Single points of accountability are powerful to get results. But the more significant the changes digital brings to your business, the more important it will be to create “skin in the game” across your team. Digital execution at the required speed will depend more and more on full team alignment to make it happen.
  7. If you don’t have a social media command center, this is the year to commit to having one. More and more Fortune 500 companies are implementing command centers. This enterprise-level capability aggregates information from listening, publishing, engagement, analytics and routing tools to enable a comprehensive view and appropriate action on defined topics through a holistic social media lens. This is essential to affect a brand’s social media presence and understand and manage reputation, customer and broader feedback in a borderless public square. Step one is to have a well-articulated social media strategy so that your team can deliver a pragmatic and action-oriented capability, not a “shiny toy” reflecting the latest fad.
  8. Leverage open sourcing. Expense pressure won’t abate, including the pressure to manage staffing levels. But it takes talented people to get things done. Expand your talent pool without adding headcount to include people potentially any place in the world willing and able to contribute ideas and answers to business challenges. Companies like Procter & Gamble and IBM pioneered global open-sourcing and co-creation initiatives years ago and have made them integral to how they conduct business. Your approach can be as small as a time-bound contest where you award a prize to graduate students for the best approach to formulating a new model, or a weekend hack-a-thon sponsored by your brand where you can engage outside developers to build apps for your business.

Insurance in a Digital World: The Time Is Now

From market instability to catastrophic losses from natural disasters, insurance companies face many conflicting challenges. But the toughest challenge facing the insurance sector now is the adoption of digital technology.

Digital is transforming consumer behavior and driving insurance executives to reassess their business models. Our 2013 global survey of more than 100 insurance companies explores digital readiness, leadership strength and future strategies. With many insurers on the sidelines of the digital shift, it’s time to make the digital agenda a higher priority and tackle the challenges ahead.

Insurers view digital as a key priority, but are lagging far behind

While the majority of insurers believe in the importance of digitalization to deliver the customer experience, many express concern that they will be left behind as shorter-term corporate priorities lie elsewhere.

79% say they are “not setting the baseline” for digital or are “still learning.”

57% have operating models that do not faciliate digital.

89% don’t consider past interactions when recommending products or services to online customers.

Key findings from the survey

1. Insurers acknowledge their current low levels of digital maturity and the need to take action. Almost 80% of respondents do not see themselves as digital leaders, and are instead trailing the spectrum in customer engagement, analytics and adoption of mobile and social media. The majority believe instead that they “only play the digital game” or are “still learning to use digital capabilities for a competitive advantage.”

2. Companies have high digital ambitions – but are they grounded in reality? While insurers aspire to future digital leadership, they haven’t made the significant improvements necessary to realize their ambitious digital objectives. By their own admission, more than two-thirds of insurers have delivered some easy quick wins, but only 10% cite transformational changes to digital capabilities.

3. Insurers are holding themselves back. Internal factors — legacy technology, slow pace of delivery and cultural constraints — are hindering digital progress. Focusing on key enablers such as culture and innovation will release significant future value and enable companies to better grasp digital business opportunities as they arise.

4. It’s all about retention through improved customer experience. The two biggest drivers of digital strategies are “enriching the customer experience” and “regaining more direct control of the customer relationship.” While the cost of acquisition continues to rise, retaining existing customers is an increasing necessity and should be a critical and measurable benefit of any improvement in the customer experience, digitally enabled or otherwise.

5. Distributors are digital customers, too. Insurers cite intermediary and agent channel strength or resistance as one of the top three inhibitors in implementing a digital strategy. Sharing the benefits of investment in digital and communicating a clear mutual value proposition to deliver a better customer experience will help to minimize channel conflict.

6. Analytics are critical to digital success. Segmentation, customer data analytics and predictive modeling emerged as the digital skill set most in demand, followed closely by technology and marketing capabilities. Analytics capabilities are a prerequisite for extracting maximum value from digital investment.

7. Insurers need to embrace the mobile and social media wave. With mobile and tablet use growing exponentially, neglecting mobile is turning one’s back on the future. Similarly, insurers could be taking social media more seriously, recognizing its value as a relatively inexpensive marketing tool and a means to engage with and influence skeptical, digitally-savvy younger consumers.

How insurers should respond

Adapting to a new digital landscape presents many difficulties for insurers as they face challenges in introducing new channels to market while simultaneously remodeling traditional ones.

While no single solution can seamlessly integrate digital into a business, there are elements intrinsic to all effective digital strategies. Insurers need a vision that focuses on the basics:

  • Framing the investment argument for digital
  • Building the analytics infrastructure
  • Embedding a culture of innovation into the organization

A robust digital strategy begins with a plan and a sound understanding of the practical realities of implementation. Each of the elements – corporate strategies, customer expectations, target operating models and enabling frameworks – will shape each other as digital capabilities develop.

Related Resources
Download the full study
Review an illustrative summary of the survey
View the on-demand webcast
Read the press release

Authors

Graham Handy collaborated with Shaun Crawford in writing this article and in preparing the deeper study based on the survey. Shaun Crawford leads Ernst & Young's Global Insurance Industry across all services; audit, consulting, tax and corporate finance. Although based in London, he spends the majority of his time traveling across the Americas and Asia.

The Metrics Of The Matrix: Making Sure Your Cyber-Risks Are Covered

We live in a world that is almost entirely dependent upon digital technology. Internet sales and marketing, and even the simple efficiency of how information flows, can be a critical indicator of a company's success. Along with it comes an increased risk of hackers, disruption of service, theft of intellectual property, loss or theft of financial data, or worse, the theft of a customer's confidential information. Throw in a global economy that increases international exposure, and you have a recipe for disaster. While most large corporations have sophisticated network security measures in place, small to mid-size businesses cannot afford them, or are not even aware of the potential security risks. But if you consider information to be an asset, and the means with which it is gathered and used as a measure of your company's performance, the need to protect it becomes abundantly clear.

As early as the year 2000, underwriters at Lloyds of London predicted that e-commerce1 would “emerge as the single biggest insurance risk of the 21st century.”2 They were dead on. Between 2009 and 2011, the cost of data breaches rose from $6.8 million to $7.7 million — a blistering 9%.3 As one commentator noted, the cost and number of data breaches was so high that 2011 was christened “the year of the cyber-attack.”4 Indeed, the risk was seen as so severe that the SEC released disclosure guidelines for publicly traded companies recommending the disclosure of “the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.”5 According to the SEC, “disclosure” includes a “[d]escription of the relevant insurance coverage.”6 Although the number of cyber-attacks decreased slightly in 2012, this should not be taken as a sign that the threat of an attack is any less likely; it just means that some companies are responding to attacks more quickly, or implementing stronger security measures on the front end.

While the threat of a cyber-attack may conjure up the image of an overzealous computer geek with the mad-cap idea of ruling the world from his mother's basement, or a network of head-to-toe-in-black cyber-villains, a competitor seeking market dominance may be an equally likely culprit. A cyber-attack can take many forms. Most commonly, a company suffers a data breach, where “hackers, [ ] current or former employees, or others steal or otherwise gain access to personally identifiable information.”7 However, there are also “phishing” and “pfarming” schemes where the culprit poses as a legitimate user to steal or redirect internet traffic, or transmit a virus. Another form of attack is known as a “denial of service” incident, designed to temporarily or indefinitely block public access to a particular website or server. This involves “saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.”8 These attacks “usually lead to a server overload.”9 The most serious attacks “are comparable to 'tak[ing] an ax to a piece of hardware,” which requires a complete “replacement or reinstallation of hardware.”10 A company targeted by a cyber-attack can suffer a loss of informational assets and a significant interruption in operations, not to mention a damaged reputation.

The theft of intellectual property may or may not come as a result of a direct cyber-attack. Rather, a rogue company may steal your ideas, your website design, your domain names and meta-tags, or they may simply advertise and sell knock-off products. Chances are, if they are not using the internet for this purpose, they got your information from the business you transact online. As if this were not enough, there is the potential liability you face if confidential information is exposed, or you inadvertently infringe upon the intellectual property of a competing business. Customers and even shareholders affected by a data breach “commonly initiate expensive and very public litigation.”11 Likewise, the pursuit of patent and trademark infringement claims has skyrocketed in recent years, and the cost of defending these claims has symbiotically followed suit. Interestingly, the protection of the intellectual property itself seems to be a concern that is almost secondary to the economic warfare that is often waged by the aggressor.

In a world where technology barely keeps up with technology, how can you effectively protect your business against the threat of a cyber-attack, and potential cyber-liability? If you own a website, engage in direct or indirect internet sales, use clouding, linking, framing, solicit business via electronic communication, conduct financial transactions on the internet, exchange information via the internet, or store information through an internet server, your company is at risk. Managing these hazards can be tricky. As seen by the recent attacks on eBay, Amazon, Yahoo, and Google, even companies that have defined internet usage are not immune. No matter how big or small you are it is absolutely imperative that you implement internal security controls to prevent and/or respond quickly to an attack. Simple measures such as encrypting data, regularly changing passcodes, conducting routine virus scans, and limiting the number of employees who have access to confidential information can go a long way. However, insuring against these risks should be your primary objective because a cyber-attack can literally destroy your business overnight.

So, how does your company measure up? Let's take a little test. Assuming you are a “brick and mortar” business is your company:

  • Insured under a Property policy?
  • Insured under a Comprehensive General Liability policy?
  • Insured under a Director's & Officer's liability policy?
  • Insured under a specialty lines policy the expressly insures first and third party Cyber-hazards?

If you answered “no” to the last question, your company is at risk. The traditional products that insure small to medium sized businesses are unfortunately inadequate to cover even the known cyber-hazards, much less the ones that are surely on the horizon as e-commerce continues to grow and change, and new markets emerge. For instance, as it pertains to the loss you may suffer as a result of a data breach, while a standard property policy covers “physical loss or damage to covered property,” the term “covered property” does not include intangible assets like data. More recent property forms either exclude coverage for data breaches outright, or subject the loss of electronic data to a minimal sub-limit of liability.

Likewise, the coverage typically afforded under a CGL policy for liability claims resulting from an unauthorized intrusion is insufficient. CGL policies provide relatively broad liability coverage, but only for certain defined risks. The policies are “menu” driven, and are endorsed to include or exclude particular coverages or risks, such as employee liability, inland marine or commercial crime. Cyber-liability may or may not inadvertently come within the coverage terms of a particular endorsement, but the standardized forms are definitely not geared towards insuring these risks.

Rather, CGL policies are split into two parts — Coverage Part A for Bodily Injury and Property Damage Liability, and Coverage Part B for Personal and Advertising Injury. The terms “bodily injury,” “property damage,” and “personal and advertising injury” are separately defined, and each coverage part is subject to its own specific set of exclusions. Under Coverage Part A, the term “property damage” is defined to mean “physical injury to tangible property” or “loss of use of tangible property” — and therein lies the rub. “Tangible property” is property that is capable of being handled, held or touched. See State Auto Property and Cas. Ins. Co. v. Midwest Computers & More,America Online, Inc. v. St. Paul Mercury Ins. Co., 347 F.3d 89 (4th Cir. 2003); Recall Total Information Management,12

Further, while lawsuits filed against a company whose client's financial information has been exposed typically includes claims for mental anguish. Mental anguish that is not consequential to physical harm or injury, or that does not manifest itself as physical injury is not “bodily injury” under a CGL policy. See e.g. Nance v. Phoenix Ins. Co., 118 Fed. Appx. 640, 642 (3d Cir. 2004) (Pennsylvania law) Jacobsen v. Farmers Union Mut. Ins. Co., 87 P.3d 995, 999 (2004); Tackett v. American Motorists Ins. Co., 213 W. Va. 524 (2003); Armstrong v. Federated Mut. Ins. Co., 785 N.E.2d 284, 292-93 (Ind. Ct. App. 2003); Farm Bureau Ins. Co. of Nebraska v. Martinsen, 659 N.W.2d 823, 827 (Neb. 2003); Galgano v. Metropolitan Property and Cas. Ins. Co., 838 A.2d 993, 999 (Conn. 2004); Smith v. Animal Urgent Care, Inc., 542 S.E.2d 827, 830-31 (W. Va. 2000); Costello v. Nationwide Mut. Ins. Co., 795 A.2d 151, 155 (Md. App. 2002); SCR Medical Transp. Services, Inc. v. Browne, 781 N.E.2d 564, 571 (Ill. App. 1st Dist. 2002); Allstate Ins. Co. v. Diamant, 518 N.E.2d 1154 (Mass. 1988).13 On your best day, it depends upon what jurisdiction you are in as to whether or not that coverage would apply to a cyber-liability claim.

Coverage for “personal and advertising injury” nowadays is almost a joke. Generally speaking, coverage for “personal and advertising injury” is intended to address liability claims for the infringement of intellectual property rights, or other types of personal injury torts (i.e. defamation and invasion of privacy claims). Under older versions of the CGL, the terms “personal injury” and “advertising injury” were separately defined. The term “Advertising injury” included the “[m]isappropriation of advertising ideas or style of doing business” and the infringement of a “copyright, title or slogan.” Now, the terms “personal and advertising injury” have been conflated, and are defined to mean:

  1. False, arrest, detention or imprisonment;
  2. Malicious prosecution;
  3. The wrongful eviction from, wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies, committed by or on behalf of its owner, landlord, or lessor;
  4. Oral or written publication of material that slanders or libels a person or organization or disparages a person's or organization's goods, products or services;
  5. Oral or written publication of material that violates a person's right of privacy;
  6. Copying, in your “advertisement,” a person's or organization's “advertising idea” or style of “advertisement”;
  7. Infringement of copyright, slogan or title of any literary or artistic work, in your “advertisement.”

As it pertains to a data breach, at least one Court has held that under the newer version of the CGL, theft of customer data is a “publication of material that violates a person's right of privacy.” See Norfold & Dedham Mut. Fire Ins. Co. v. Clearly Consultants, Inc., 81 Mass.App.Ct. 40 (Dec. 16, 2011). Other Courts, however, have disagreed, leaving an uncertain gap as to whether or not your policy would cover such an event. See Creative Host. Ventures, Inc. v. E.T. Ltd., Inc., 2011 U.S. App. 19990 (Sept. 30, 2011).

There is even more uncertainty with regard to intellectual property liability claims. Both older and newer versions of the CGL require that the offense occur in the course of the advertisement of your own goods, products or services. This would include internet-based sales and marketing, but not all forms of electronic commerce. The most current CGL forms in use, however, essentially gut coverage for intellectual property claims with the following exclusion:

This insurance does not apply to:

“Personal and advertising injury”:

(7) Arising out of any violation of any intellectual property rights such as copyright, patent, trademark, trade name, trade secret, service mark or other designation of origin or authenticity.

However, this exclusion does not apply to infringement, in your “advertisement,” of

(a) Copyright;

(b) Slogan, unless the slogan is also a trademark, trade name, service mark or other designation of origin or authenticity; or,

(c) Title of any literary or artistic work.

Under this widely used form, there is no coverage for trademark or copyright infringement (or any other one of the enumerated torts), unless the infringement occurs during the course of your advertisement of a slogan, unless the slogan is “also a trademark, trade name, service mark or other designation of origin or authenticity.” The problem with this language is that whether a slogan is “also a trademark, trade name, service mark or other designation of origin or authenticity” is not dependent upon whether the mark is federally protected under the Lantham Act. Rather, the standards for determining whether a trade or service mark is eligible for protection are the same under the common law and the federal law. 15 U.S.C. § 1051 et. seq. Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763 (1992); Amazing Spaces, Inc. v. Metro Mini Storage, 608 F.3d 225 (5th Cir. 2010); Board of Supervisors for the Louisiana State University Agriculture and Mech. College v. Smack Apparel Co., 550 F.3d 465 (5th Cir. 2008); Genesee Brewing Co., Inc. v. Stroh Brewing Co., 124 F.3d 137 (2nd Cir. 1997); Laredo v. Union Nat'l Bank, Austin, 909 F.2d 839, 842 (5th Cir. 1990). It is difficult to imagine a set of circumstances where a slogan would not also be “a trademark, trade name, service mark or other designation of origin or authenticity” under the common law. Coverage is essentially illusory, or at best, ambiguous. On a good day, your insurer is going to contest whether it owes a duty to defend an intellectual property liability claim. Where does this leave you?

There may be limited coverage under your Director's & Officer's Liability policy, but the forms vary in the scope of coverage and there may not be coverage for the acts and omissions of regular employees. Further, the policy will likely only cover your liabilities to your shareholders, and those to whom you owe a fiduciary duty. Fortunately, there are newer products on the market that are specifically designed to cover cyber-related risks. In a 2005 press release, Insurance Services Organization (ISO) unveiled its E-Commerce Program to address cyber liability exposure. According to ISO, “[t]he menu-based policy comprises five separate agreements:

  • Website publishing liability provides coverage against Internet-related publishing perils, including libel against a person or organization, and copyright, trademark, and service mark infringement allegations arising out of content published by the policyholder on its website.
  • Network security liability covers the policyholder against claims for failing to maintain the security of a computer system resulting in unauthorized access and publication of personal information, such as credit card numbers or personal medical information.
  • Replacement or restoration of electronic data provides coverage for the cost of replacing or restoring electronic data lost or rendered inaccessible because of an e-commerce incident, such as a virus, malicious instruction or denial-of-service attack.
  • Cyber extortion provides coverage for extortion expenses incurred and ransom payments made because of an extortion threat. Extortion is defined as a threat to commit an e-commerce incident, disseminate the policyholder's proprietary information, reveal a weakness in its source code or publish personal information belonging to policyholders' clients.
  • Business income and extra expense provides coverage for loss of business income or extra expenses incurred as a result of an extortion threat or e-commerce incident.14

ACE, Hartford, Chubb, Chartis (AIG), Ironshore, Travelers, SafeOnline, CNA, and Zurich are among the insurers offering products specifically covering cyber-hazards.15 However, these companies may or may not have adopted the ISO forms, but may be using products that were internally developed. Still, most of the companies who have targeted this market are going to be competitive, offering coverage for a combination of network security liability, media liability, expense and damage from a violation of privacy tort, coverage for fines and regulatory expenses, loss electronic information (including the cost to recovery lost, corrupted or stolen data), cyber-extortion, and business interruption arising out of a majority of these events. Specific products also exist for liability claims arising out of patent, trademark and trade dress infringement claims, both to pay for the costs of defending those suits, or the cost to pursue a third party who infringes upon your company's intellectual assets.

By and large the cyber-liability policies currently on the market are offered on a claims-made, or claims-made and reported basis. Policies that contain first-party coverage for data breaches may contain fairly short notice requirements, as early response is critical to minimizing the loss and containing any resultant liability exposure. The only way to make sure that you are procuring the right coverage and the right amount of coverage is to (1) establish internal procedures to assess and routinely reassess your risks; (2) establish internal protocols for preventing and responding to cyber-related risks; (3) set goals and benchmarks to determine if your company is meeting expectations; (4) read the policies you currently have in effect to determine where your company stands; (5) if you determine additional coverage is necessary, read the policies carefully before you invest in premiums; and (6) evaluate your coverage on an annual basis. New insurance products are coming out about every 12-18 months. Many brokers keep specimen forms, and most are knowledgeable enough to ensure that the specific risks that you face are covered. And in today's technology-driven world, you cannot afford to leave these exposures uninsured, or underinsured. In today's world, addressing the potential risk exposures your company faces is not just a measure of your success, it may be determinative of your survival.

1“E-commerce” or e-comm is defined as “the buying and selling of products or services over electronic systems such as the Internet and other computer networks.” Wikipedia, The Free Encyclopedia, Wikimedia Foundation, Inc., Dec. 12, 2004, Web. September 15, 2012, < http://en.wikipedia.org/wiki/Ecommerce>. E-commerce “draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems.” Id. E-commerce can be divided into: E-tailing or 'virtual store-fronts' on Web sites with online catalogs, sometimes gathered into a 'virtual mall'; the gathering and use of demographic data through Web contacts; Electronic Data Interchange (EDI), the business-to-business exchange of data; e-mail and fax and their use as media for reaching prospects and established customers; Business-to-business buying and selling; and, the security of business transactions. Id.

2 David R. Cohen & Roberta D. Anderson, Insurance Coverage for “Cyber-Losses”, 35 Tort & Ins. L.J. 891 (2000), citing Reuters Eng. News. Serv., May 9, 2000.

3 2010 Annual Study: U.S. Cost of a Data Breach 13 (March 2011); available at <http://www/symantec.com/content/en/us/abuot/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf>.

4 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012), citing Garry Byers, Rapid Cyber Attack Response: Three Days Make All the Difference, Digital Forensic Investigator News (Sept. 28, 2011), available at <http://dfinenews.com/article/rapid-cyber-attack-response-three-days-make-all-difference>.

5 U.S. Securities and Exchange Commission Division of Corporate Finance, CF Disclosure Guidance: Topic No. 2 — Cybersecurity, (Oct. 13, 2011). Topic No. 2 states that: “In determining whether risk factor disclosure is required, we expect registrants to evaluate their cybersecurity risks and take into account all available relevant information, including prior cyber incidents and the severity and frequency of those incidents. As part of this evaluation, registrants should consider the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption. In evaluating whether risk factor disclosure should be provided, registrants should also consider the adequacy of preventative actions taken to reduce cybersecurity risks in the context of the industry in which they operate and risks to that security, including threatened attacks of which they are aware.”

6 Id.

7 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012).

8 Wikipedia, The Free Encyclopedia, Wikimedia Foundation, Inc., Dec. 12, 2004, Web. September 14, 2012, <http://en.wikipedia.org/wiki/Denial_of_service_attacks>.

9 Id. “In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.”

10 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012)(citing Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID= 211201088 (May 19, 2008).

11 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012).

12 In State Auto Property & Casualty Co. v. Midwest Computers, the Court addressed whether data lost by Mid-West after it serviced computer equipment purchased by one of its customers was “tangible property” within the meaning of a CGL policy issued by State Auto to Midwest. Id. at 1115. Holding that it was not, the Court reasoned that the term intangible referred to property that was “[c]apable of being perceived esp. by the sense of touch: PALPABLE[;] … capable of being precisely identified or realized by the mind [;] … capable of being appraised at an actual or approximate value (assets).

13 But see Voicestream Wireless Corp. v. Federal Ins. Co., 112 Fed. Appx. 553, 555-56 (9th Cir. 2004) (Washington law). Williamson v. Historic Hurstville Ass'n, 556 So. 2d 103, 107 (La. Ct. App. 4th Cir. 1990); Loewenthal v. Security Ins. Co. of Hartford, 436 A.2d 493, 499 (Md. App. 1981).

14 http://www.iso.com/Press-Releases/2005/ISO-INTRODUCES-CYBER-RISK-PROGRAM-TO-HELP-COVER-$7-TRILLION-E-COMMERCE-MARKET.html.

15 David T. Chase & Todd L. Nunn, Insurance Coverage for Cyber risks and Losses, Stay Informed, April 27, 2011, available at http://www.klgates.com/insurance-coverage-for-cyber-risks-and-losses-04-27-2011.