Tag Archives: ecommerce

India’s Coming of Age in Digital

Walmart’s acquisition of Flipkart demonstrates both Indian e-commerce’s coming of age and a repetition of history.

U.S. giants will spend billions in India because they see huge opportunities, and this will produce a short-term boon for Indian consumers. When the dust settles, though, prices will rise and consumer choices will become more limited than they had been. Foreign companies will mine data and manipulate consumer preferences. They will have once again colonized India’s retail industry.

Protectionism for physical goods and services is usually a bad thing, as it limits the incentive to innovate and evolve, stifling a country’s competitiveness and productivity. India’s protected domestic companies became lethargic, offered substandard products and services at high prices, and hobbled India’s economy.

In a digital economy, though, things are very different. The value resides in the ideas, which spread instantaneously via the internet. Entrepreneurs in one country can easily learn of the innovations and business models of another country and duplicate them.

As core technologies advance, they become faster, smaller and cheaper — and accessible to everyone, everywhere. Startups constantly emerge, putting established players out of business. So, speed and execution are key to business survival and competitiveness.

Valuable competition and innovation can arise from within the domestic economy itself, without having to invite foreign companies to the table.

Technology-based industries, such as retail, electronics and distribution, that require large capital investments handicap the small players, because money provides an unfair advantage to the larger ones.

See also: Copy and Steal: the Silicon Valley Way  

The latter can use capital to put emerging competitors out of business — or to acquire them. It is what U.S. technology giants do as a matter of course.

Amazon, for example, has been losing money, or earning razor-thin margins, for more than two decades. But because it was gaining market share and killing off its brick-and-mortar competition, investors rewarded it with a high stock price.

With this inflated capitalization, Amazon raised money at below-market interest rates and used it to increase its market share. It also acquired dozens of competitors — just as it tried to do with Flipkart.

Having become the dominant player in the U.S. e-commerce industry, Amazon has its eye on India. A company that it left in the dust, Walmart, is desperate not to also lose the Indian market. Both are doing whatever they must to own Indian retail and then split the spoils between them.

That is why controls are desperately needed on this kind of capital dumping. And such controls won’t reduce competition or throttle innovation. As they did in China, they will stimulate competition and, through that, innovation.

Chinese technology companies are now among the most valuable and innovative in the world. In addition to having a valuation that rivals Facebook’s, Tencent’s WeChat e-commerce platform is far more advanced than any rival in the West.

Baidu is building highly advanced artificial intelligence (AI) technologies as well as self-driving cars. And DJI (Dà-Jia ng Innovations) has become a global leader in drone technologies. Had China not imposed controls, these companies may not have survived at all.

It is probably too late to save Indian e-commerce from modern-day East India Company-style colonization. But there are many other industries in which Indian startups can still lead the world.

See also: Too Much Tech Is Ruining Lives

With the exponentially accelerating advances occurring in technologies such as sensors, AI, robotics, medicine and 3D printing, practically every industry is about to be disrupted, and there are opportunities for Indian entrepreneurs to create solutions that benefit India and the rest of the world.

India urgently needs to wake up and protect its entrepreneurs from foreign-capital dumping. And it needs to provide incentives for Indian — and foreign — companies to invest in its startups, just as China did for its own.

6 Lessons in Trust From Retailers

When it comes to digital transformation, the insurance industry lags woefully behind other industries, and it is not just a question of technology. Even as the industry advances technologically, developing digital capabilities that rival other industries–from chatbots to IoT–selling insurance direct to consumers (DTC) has proved a difficult code to crack. Even Geico, the darling of online auto insurance sales, still closes the majority of its new policies on the phone, via an agent.

The retail ecommerce industry on the other hand has proven to us that there are very few things consumers are not willing to purchase on the internet. From buying groceries to booking airline tickets, consumers are comfortable conducting all kinds of transactions online, from the very simple to the most complex. Every day, millions of people even do their banking online. So what is the deal with insurance?

At Cake & Arrow, we have conducted hours upon hours of primary research in the insurance industry, talking to hundreds of consumers, carriers, agents and brokers in an effort to help our insurance clients answer this question and, in turn design better products and experiences. Throughout this process, we have learned a lot about how customers think and feel about insurance, perhaps our most lasting insight being a lesson about trust. The main reason consumers don’t want to buy insurance online directly through a carrier? They don’t trust insurance companies. This is why, even in the golden age of digital commerce, consumers continue to opt to purchase insurance through brokers and agents.

On the surface, fixing this problem may seem simple. All carriers need to do is to gain the trust of their customers, right? Easier said than done. While earning trust may seem like a simple enough idea, it is an issue most carriers don’t even know how to begin to tackle.

In my experience, when you want to learn to do something well, the best thing to do is to emulate an expert. In the case of consumer trust, it’s the retail e-commerce industry that has, over the past two decades, mastered the art of consumer trust. Each and every day, millions of transactions happen online, and most consumers don’t think twice about ordering their groceries, electronics, clothing, books and everything in between over the internet. This hasn’t always been the case! Gaining the trust of consumers has been a hard-won battle, and those who have done it well (Amazon) are ruling the industry. If imitation is the highest form of flattery, what lessons can the insurance industry learn from the retail industry that can help them foster trust with consumers and drive a truly digital offering?

1. Establish consistent workflows.

The retail industry has the benefit of a consistent process across products, stores and platforms. For the most part, everyone basically understands the standard steps in a checkout flow. Select your product, fill in your shipping and billing information and purchase. And while there are of course optimizations that can be made to make an experience better, in general, consumers know exactly what to expect when purchasing a product online.

The same cannot be said for insurance. Unlike a book or an item of clothing, insurance is not a static product sitting in a warehouse with a price tag. Insurance products are complex. Coverage and prices are variable based upon any number of risk factors, and complex underwriting rules and changing regulations can make it difficult for consumers to understand what exactly they are buying and how it is priced.

This leads to confusion in the process of quoting and buying insurance and to a lack of standardized practices across the board. From a user experience (UX) and design perspective, one of the first steps the industry can take toward gaining consumer trust is to simplify and standardize the quoting process so that consumers know what to expect when buying insurance online and understand each step of the process.

And while underwriting rules and regulations will need to be streamlined to establish an effective industry standard, insurance companies can start by being more transparent with users about what to expect in the quoting process, including informing users about how their personal information is being used. This will help customers better understand the quoting process, feel more comfortable dispensing with personal information and give them general confidence in the process by establishing clear expectations.

See also: Top 10 Insurtech Trends for 2018  

2. Invest in quality visual design.

Over the past two decades, we’ve seen retail ecommerce design evolve, following a general trend toward customer-centricity. Flash sites, cluttered home pages and flashy fonts have given way to clean, simple designs that streamline the shopping process, communicate the brand and are organized around customer needs, interests and behaviors.

The insurance industry needs to follow a similar path, leveraging user-validated design to create trust with customers. A modern, usable, well-designed website is a signal of legitimacy. It tells customers that a real company is behind a product, and this company cares enough about its customers to invest in the experience.

A strong visual design that implements best practices removes that cloud of doubt in the mind of a customer and builds confidence and pride in the end product. In the same way that a strong brand is a promise of quality, a great visual design is an early demonstration that a carrier cares enough about a customer to invest in a quality digital experience that will translate into a quality product.

3. Implement a killer content strategy.

Content strategy is just for news sites, magazines and blogs, right? Wrong. Content is an important piece of the sales process. For our retail clients, we have learned that crafting and executing a killer content strategy is critical to helping customers learn about a product, understand occasions for using products and gain insight into the actual value of a product. Effective education about products and services demonstrates a company’s willingness to keep its customers informed. And the more a customer feels he understands what a company does and what its products are about, the more he will trust it.

While we often see short marketing messages on insurance carriers’ sites, few insurance companies invest in content on their website to help explain to their customers the value of a product or the differences between products, and to educate them on when and where to use the product so they feel empowered when making purchasing decisions. Educational and informative recommendations will help insurance companies establish a rapport with consumers as a trusted adviser. Companies must even be willing to tell customers when a product isn’t right for them and demonstrate that they care about more than a sale, but about helping their customers make informed decisions that benefit them. A killer content strategy will help insurance companies do this effectively.

4. Enable the right level of customization.

The best retail experiences allow for just the right amount of customization. When buying clothing online, for instance, we can choose colors and sizes and have a choice of different delivery options. Subscription services like Trunk Club allow shoppers to input information about personal style preferences, including color and pattern preferences, set price points and decide on frequency to receive a custom selection of clothing recommendations when, where and however often they desire. This kind of customization breeds customer loyalty and, like a good content strategy, can help customers being to think of a company as a trusted adviser with their best interests in mind.

Insurance companies should explore enabling similar types of customization. While easy packages are just that–easy–they don’t drive stickiness with customers. Giving customers the ability to modify and tweak plans according to their unique needs and circumstances will drive a connection between a customer and a product. In the same way that these types of customizations breed loyalty in retail e-commerce customers, giving customers more control over choosing the kind of coverage they need at a price they can afford is a powerful way of building loyalty and competing with other carriers on something other than price.

And while enabling customization is important, it is really critical that companies don’t take things too far, allowing customers too much customization and, in the process, sacrificing the experience. In speaking recently with a carrier, I learned of a story of customization gone wrong. The carrier’s data showed that customers who were able to customize a package were more likely to purchase a policy. Emboldened by this piece of data, they created a new quoting page that allowed customers to customize every aspect of their policy. Lacking the qualitative info on how and why people were more likely to convert when customization was enabled and without user testing on the new custom design, they missed some essential information. Allowing their customers to customize everything about their policy made the experience overwhelming, and conversions ended up falling off significantly.

I tell this story as a reminder to companies that testing and validating every design decision with users is critical–and one of the reasons the e-commerce industry has been so successful at digital.

5. Play around with promotions.

Promotions are one of the most reliable and time-honored means of staying competitive for retailers. Promotions can make or break a business. Free shipping on big orders, Black Friday sales and BOGO (buy-one-get-one) offers are all commonplace in the retail e-commerce industry, and are incredibly effective at creating consumer loyalty and trust.

While, in the insurance industry, it is nearly impossible to offer dynamic pricing or let customers actually play with coverages to get a fully custom price due to regulations, discounting isn’t something to be overlooked. Bundling is a real thing, and customers are more likely to purchase a policy if they see a real deal–and understand its benefits.

For example, I’ve seen many insurers combine rental insurance with auto insurance at a discounted price. When customers see deals like this, they oftentimes don’t understand the full benefits of the deal. For example, they may not know that rental insurance protects not only their property but also against liability and, considering the coverage, is incredibly affordable. Developing a robust content strategy to better inform customers about deals and the benefits of coverage will not only increase sales and stickiness, but help customers begin to truly appreciate the value their insurance company is bringing to their lives.

6. Leverage user-generated content.

When shopping online and in store, we have come to rely on ratings and reviews to help us evaluate products and make purchasing decisions. User-generated content, such as Instagram posts of real customers wearing clothing or jewelry, can help us see how a dress might fit a certain body type or how a piece of jewelry looks in context. This level of transparency sends customers a clear message that as a company you have nothing to hide–further inspiring trust.

See also: Sharing Economy: The Concept of Trust  

Just like in retail, user-generated content can be integrated into your content strategy and can do the work of educating customers about your products–explaining the difference between certain coverage offers, for example, or why as a carrier you stand out from other companies offering similar products.

Real content generated by other customers helps customers understand how a certain policy works–what the service is like, what the claims process is like, what kinds of scenarios are covered. It can be scary to leave your company and offering open to negative user feedback, but, if you are doing your job, it will end up being more useful than it is harmful.

Insurance companies still face many hurdles to getting consumers to trust them and to earning the kind of rapport with customers that the retail industry has established over the years. Anything short of a truly standardized process across all carriers and products will continue to cause confusion and suspicion among customers. But there is nothing stopping insurance carriers from taking strategic steps toward customer-centricity, emulating more mature industries like retail e-commerce that have done it well.

This article first appeared on the Cake & Arrow website, here.

Here Comes Robotic Process Automation

Robotic Process Automation (RPA) is very much today’s buzz phrase. If you are to believe the press, everyone is afraid robots will take all our jobs—even the popular media is reporting on the “Rise of Robots.” (Daily Mail estimated robots will take over five million jobs by 2020, and the Financial Times also threw AI into the mix.) McKinsey says 25% of jobs are likely to go because of this new technology. The War of the Worlds begins!

See Also: Of Robots, Self-Driving Cars and Insurance

But robots/automation have been part of every stage of industrialization, evolution and revolution. From horses to motor vehicles and auto assembly lines, from bank agents to ATMs, from manual work to macros—there are so many things we have done that automate and ultimately save time by doing things in a more efficient way. In every one of these scenarios, we have moved to new jobs and created new categories. Today is no different. In fact, there are many jobs that didn’t exist 10 years ago. This from David Hamman:

Regarding robotics, a quick summary from me would include:

What it means for insurance (and most other industries)

  • Reduced error rate from human processing
  • Improved process speed (today you can still only run at the pace of the slowest machine)
  • Increased speed—robots don’t take coffee, lunch or holiday breaks, so there’s a lot less to deal with

Why it works:

  • Allows the focus to be on the customer, while the robot does all the “swivel chair integration” (updating lots of systems with the same stuff)

Don’t forget:

  • Ultimately, you are adding more layers to the ecosystem/architecture. This may give you great full-time equivalent (FTE) improvements, productivity gains and reduced error rates, but long-term strategy should be to switch stuff off and reduce run cost.
  • If the underlying systems change, do you need to change your robot configuration?
  • The “happy path” is always easiest to map. It’s when that path doesn’t work that things starts to get more difficult.
  • If your remaining FTE are only dealing with exceptions, they likely need to be more skilled and experienced. They also need to be able to pick up in the middle of process quickly to understand the exception and complete the task or set the robot on its way again.
  • Automate only the right process. Not everything will be a good candidate, just because you could automate it.
  • Don’t mistake “rules” with RPA for human judgment’ I don’t think we are quite there yet, but, with AI, we are learning. It won’t be long.

Of course, we just launched the first Robot-Run Insurance Agency, which moves from robotics to robo advice—a whole new world indeed.

For now, there is plenty to dance about and plenty of opportunity and ways how this can be used to drive significant benefit and opportunity.

What’s your take? Where do you see these best used, and why? Where can we see the positive side of this in terms of exciting new jobs and better experience for employees, agents and customers?

Can Amazon Dominate in Insurance, Too?

In January 2013, LIMRA reported that 90% of industry executives it had surveyed believe that insurance companies will continue to form strategic alliances with “non-traditional organizations” to expand distribution. The example cited was MetLife’s trial alliance with 200 Wal-Mart stores. Then Accenture’s “Customer-Driven Innovation Survey” found that more than two-thirds of customers would consider purchasing home, auto and life insurance from businesses other than insurers—23% were open to purchasing from online service providers like Amazon or Google (which acquired auto insurance aggregator BeatThatQuote.com way back in 2011 in the UK).Amazon has proven leadership as an e-commerce distributor, while Google is seen primarily as an information organization, so I would like to elaborate exclusively on the compelling reasons for insurers and Amazon to create a distribution model to match ever-evolving customer demands.

Customer demands

Every information source and every analyst report on insurance in the recent past points to changes in customer’s preferences. Generation X, Generation Y and Millennials prefer doing business with companies that provide:

  • Convenience of on-demand buying and self-service, predominantly through digital channels such as web and mobile.
  • Personalization of product and service delivery, including helping the customer choose the right product.
  • Building trust through transparency in pricing, simplified products and clear articulation of benefits.

So, insurers must innovate in personalizing products, providing transparency in the value of products and services and demonstrating excellence in on-demand distribution. Innovation must also touch “moments of truth” such as claims and policy changes. It is also critical that the distribution lifecycle should be an iterative process to consistently review the value of benefits and help customers fine tune the products and services they purchase.

Insurers are lagging

Insurers have been consistently lagging in product innovation and trying to catch up through distribution. In P&C, all the personal product lines are commoditized. In life insurance, term-based products are commoditized. It is true some product personalization has been in the market for some time, such as pay-as-you-driving with telematics in auto insurance (led by Progressive, which saw a boost in profitability). Yet personalization has not reached its potential because of multiple inhibiting factors both internal (lack of aggregated information on risk, etc.) and external (privacy concern, etc.). The lack of product innovation shifts the responsibility of differentiation to distribution.

Manufacturing and retail have been pioneers in showing how boring commodity products can be differentiated through aspects of distribution such as packaging and channel selection.  A recent example is Coca Cola, which has been managing differentiation based on targeted customer segment and channel (Wal-Mart vs. Walgreens vs. Costco, etc.) and has moved one step closer to the customer by signing a 10-year agreement with Green Mountain Coffee Roasters to bring vending machines into kitchens.

In the past, insurance has learned from retail about channels. GEICO, which was known for selling online, has set up brick-and-mortar agency centers by responding to the fact that customers want to shop online but buy from agents. Allstate, where agents lead distribution, not only built online sales support but went one step further, acquiring Esurance to become a multi-channel insurer.

Now, with retail defining and moving toward omni-channel selling, through what is known as “device-independent e-commerce,” it is time for insurers to piggyback on Amazon, which is on the leading-edge of the emerging distribution model.

Amazon ready to sell insurance

Currently, Amazon merely sells books on insurance, has a limited selection of extended warranties for electronics and provides sponsored links for insurers. But to start selling insurance much more seriously would be easy for Amazon. It could expand its extended warranties and offer valuable personal property (VPP) insurance, as it sells the products that are insurable under VPP. It would also be logical for Amazon to extend and be an aggregator for auto, renters, homeowners and life insurance.

The critical question is: “Will customers want to buy from Amazon when there are other aggregators available?” For customers, having reusable information reduces effort, so VPP insurance would be a natural for Amazon. It gets more complex (and interesting) when analyzing the success factors involved in selling complex products such as auto, renters, homeowners and life insurance.

Few insurers can share data and process across products. Still fewer can share across channels. Aggregators are set up as silos. But Amazon’s shopping cart can provide ease of buying, plus reusability of data across channels (web and mobile) and products. The shopping cart actually can resolve the commodity dilemma of insurers through bundling. It can take the customers’ experience to the next level.

Amazon’s analytics-driven capabilities, such as detailed product features and comparisons (price to value of benefits), product reviews, questions and answers, “customers who bought this also bought,” “customers who viewed this also viewed” and offers for the week can be customized for insurance to offer suitable product advice to customers. Insurers do not have such an integrated view because of internal challenges in the effective use of data.

Amazon’s comparisons on features and pricing could improve transparency for customers. The reviews, Q&A and “similar customers” features would provide advice. “Weekly offers” would help customers continually review and tweak their insurance coverage. Hence, Amazon could become the channel of choice for all consumer insurance needs.

Sacred relationship, and not the competition, is the way to go

While Amazon could become consumers’ “trusted advisor,” Amazon also provides a jump start to insurance companies that want to build on the ready availability of its technology infrastructure, reducing their investment and time to market. Amazon might cooperate with innovative insurers to be an aggregator because that would provide immediate and direct profits from its platform.

Amazon would also generate synergies among its various product lines—for instance, when someone starts buying baby products, Amazon might offer life insurance. For existing homeowners policyholders, it could offer products, such as power generators, to help them get prepared and avoid loss during natural disasters such as hurricanes and ice storms. The customer’s engagement with Amazon would increase, leading to greater share of wallet through cross-selling and up-selling opportunities.

So, an insurer that provides coverage through Amazon would be creating a win-win-win—for Amazon, for customers and, of course, for itself.

The Metrics Of The Matrix: Making Sure Your Cyber-Risks Are Covered

We live in a world that is almost entirely dependent upon digital technology. Internet sales and marketing, and even the simple efficiency of how information flows, can be a critical indicator of a company's success. Along with it comes an increased risk of hackers, disruption of service, theft of intellectual property, loss or theft of financial data, or worse, the theft of a customer's confidential information. Throw in a global economy that increases international exposure, and you have a recipe for disaster. While most large corporations have sophisticated network security measures in place, small to mid-size businesses cannot afford them, or are not even aware of the potential security risks. But if you consider information to be an asset, and the means with which it is gathered and used as a measure of your company's performance, the need to protect it becomes abundantly clear.

As early as the year 2000, underwriters at Lloyds of London predicted that e-commerce1 would “emerge as the single biggest insurance risk of the 21st century.”2 They were dead on. Between 2009 and 2011, the cost of data breaches rose from $6.8 million to $7.7 million — a blistering 9%.3 As one commentator noted, the cost and number of data breaches was so high that 2011 was christened “the year of the cyber-attack.”4 Indeed, the risk was seen as so severe that the SEC released disclosure guidelines for publicly traded companies recommending the disclosure of “the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.”5 According to the SEC, “disclosure” includes a “[d]escription of the relevant insurance coverage.”6 Although the number of cyber-attacks decreased slightly in 2012, this should not be taken as a sign that the threat of an attack is any less likely; it just means that some companies are responding to attacks more quickly, or implementing stronger security measures on the front end.

While the threat of a cyber-attack may conjure up the image of an overzealous computer geek with the mad-cap idea of ruling the world from his mother's basement, or a network of head-to-toe-in-black cyber-villains, a competitor seeking market dominance may be an equally likely culprit. A cyber-attack can take many forms. Most commonly, a company suffers a data breach, where “hackers, [ ] current or former employees, or others steal or otherwise gain access to personally identifiable information.”7 However, there are also “phishing” and “pfarming” schemes where the culprit poses as a legitimate user to steal or redirect internet traffic, or transmit a virus. Another form of attack is known as a “denial of service” incident, designed to temporarily or indefinitely block public access to a particular website or server. This involves “saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.”8 These attacks “usually lead to a server overload.”9 The most serious attacks “are comparable to 'tak[ing] an ax to a piece of hardware,” which requires a complete “replacement or reinstallation of hardware.”10 A company targeted by a cyber-attack can suffer a loss of informational assets and a significant interruption in operations, not to mention a damaged reputation.

The theft of intellectual property may or may not come as a result of a direct cyber-attack. Rather, a rogue company may steal your ideas, your website design, your domain names and meta-tags, or they may simply advertise and sell knock-off products. Chances are, if they are not using the internet for this purpose, they got your information from the business you transact online. As if this were not enough, there is the potential liability you face if confidential information is exposed, or you inadvertently infringe upon the intellectual property of a competing business. Customers and even shareholders affected by a data breach “commonly initiate expensive and very public litigation.”11 Likewise, the pursuit of patent and trademark infringement claims has skyrocketed in recent years, and the cost of defending these claims has symbiotically followed suit. Interestingly, the protection of the intellectual property itself seems to be a concern that is almost secondary to the economic warfare that is often waged by the aggressor.

In a world where technology barely keeps up with technology, how can you effectively protect your business against the threat of a cyber-attack, and potential cyber-liability? If you own a website, engage in direct or indirect internet sales, use clouding, linking, framing, solicit business via electronic communication, conduct financial transactions on the internet, exchange information via the internet, or store information through an internet server, your company is at risk. Managing these hazards can be tricky. As seen by the recent attacks on eBay, Amazon, Yahoo, and Google, even companies that have defined internet usage are not immune. No matter how big or small you are it is absolutely imperative that you implement internal security controls to prevent and/or respond quickly to an attack. Simple measures such as encrypting data, regularly changing passcodes, conducting routine virus scans, and limiting the number of employees who have access to confidential information can go a long way. However, insuring against these risks should be your primary objective because a cyber-attack can literally destroy your business overnight.

So, how does your company measure up? Let's take a little test. Assuming you are a “brick and mortar” business is your company:

  • Insured under a Property policy?
  • Insured under a Comprehensive General Liability policy?
  • Insured under a Director's & Officer's liability policy?
  • Insured under a specialty lines policy the expressly insures first and third party Cyber-hazards?

If you answered “no” to the last question, your company is at risk. The traditional products that insure small to medium sized businesses are unfortunately inadequate to cover even the known cyber-hazards, much less the ones that are surely on the horizon as e-commerce continues to grow and change, and new markets emerge. For instance, as it pertains to the loss you may suffer as a result of a data breach, while a standard property policy covers “physical loss or damage to covered property,” the term “covered property” does not include intangible assets like data. More recent property forms either exclude coverage for data breaches outright, or subject the loss of electronic data to a minimal sub-limit of liability.

Likewise, the coverage typically afforded under a CGL policy for liability claims resulting from an unauthorized intrusion is insufficient. CGL policies provide relatively broad liability coverage, but only for certain defined risks. The policies are “menu” driven, and are endorsed to include or exclude particular coverages or risks, such as employee liability, inland marine or commercial crime. Cyber-liability may or may not inadvertently come within the coverage terms of a particular endorsement, but the standardized forms are definitely not geared towards insuring these risks.

Rather, CGL policies are split into two parts — Coverage Part A for Bodily Injury and Property Damage Liability, and Coverage Part B for Personal and Advertising Injury. The terms “bodily injury,” “property damage,” and “personal and advertising injury” are separately defined, and each coverage part is subject to its own specific set of exclusions. Under Coverage Part A, the term “property damage” is defined to mean “physical injury to tangible property” or “loss of use of tangible property” — and therein lies the rub. “Tangible property” is property that is capable of being handled, held or touched. See State Auto Property and Cas. Ins. Co. v. Midwest Computers & More,America Online, Inc. v. St. Paul Mercury Ins. Co., 347 F.3d 89 (4th Cir. 2003); Recall Total Information Management,12

Further, while lawsuits filed against a company whose client's financial information has been exposed typically includes claims for mental anguish. Mental anguish that is not consequential to physical harm or injury, or that does not manifest itself as physical injury is not “bodily injury” under a CGL policy. See e.g. Nance v. Phoenix Ins. Co., 118 Fed. Appx. 640, 642 (3d Cir. 2004) (Pennsylvania law) Jacobsen v. Farmers Union Mut. Ins. Co., 87 P.3d 995, 999 (2004); Tackett v. American Motorists Ins. Co., 213 W. Va. 524 (2003); Armstrong v. Federated Mut. Ins. Co., 785 N.E.2d 284, 292-93 (Ind. Ct. App. 2003); Farm Bureau Ins. Co. of Nebraska v. Martinsen, 659 N.W.2d 823, 827 (Neb. 2003); Galgano v. Metropolitan Property and Cas. Ins. Co., 838 A.2d 993, 999 (Conn. 2004); Smith v. Animal Urgent Care, Inc., 542 S.E.2d 827, 830-31 (W. Va. 2000); Costello v. Nationwide Mut. Ins. Co., 795 A.2d 151, 155 (Md. App. 2002); SCR Medical Transp. Services, Inc. v. Browne, 781 N.E.2d 564, 571 (Ill. App. 1st Dist. 2002); Allstate Ins. Co. v. Diamant, 518 N.E.2d 1154 (Mass. 1988).13 On your best day, it depends upon what jurisdiction you are in as to whether or not that coverage would apply to a cyber-liability claim.

Coverage for “personal and advertising injury” nowadays is almost a joke. Generally speaking, coverage for “personal and advertising injury” is intended to address liability claims for the infringement of intellectual property rights, or other types of personal injury torts (i.e. defamation and invasion of privacy claims). Under older versions of the CGL, the terms “personal injury” and “advertising injury” were separately defined. The term “Advertising injury” included the “[m]isappropriation of advertising ideas or style of doing business” and the infringement of a “copyright, title or slogan.” Now, the terms “personal and advertising injury” have been conflated, and are defined to mean:

  1. False, arrest, detention or imprisonment;
  2. Malicious prosecution;
  3. The wrongful eviction from, wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies, committed by or on behalf of its owner, landlord, or lessor;
  4. Oral or written publication of material that slanders or libels a person or organization or disparages a person's or organization's goods, products or services;
  5. Oral or written publication of material that violates a person's right of privacy;
  6. Copying, in your “advertisement,” a person's or organization's “advertising idea” or style of “advertisement”;
  7. Infringement of copyright, slogan or title of any literary or artistic work, in your “advertisement.”

As it pertains to a data breach, at least one Court has held that under the newer version of the CGL, theft of customer data is a “publication of material that violates a person's right of privacy.” See Norfold & Dedham Mut. Fire Ins. Co. v. Clearly Consultants, Inc., 81 Mass.App.Ct. 40 (Dec. 16, 2011). Other Courts, however, have disagreed, leaving an uncertain gap as to whether or not your policy would cover such an event. See Creative Host. Ventures, Inc. v. E.T. Ltd., Inc., 2011 U.S. App. 19990 (Sept. 30, 2011).

There is even more uncertainty with regard to intellectual property liability claims. Both older and newer versions of the CGL require that the offense occur in the course of the advertisement of your own goods, products or services. This would include internet-based sales and marketing, but not all forms of electronic commerce. The most current CGL forms in use, however, essentially gut coverage for intellectual property claims with the following exclusion:

This insurance does not apply to:

“Personal and advertising injury”:

(7) Arising out of any violation of any intellectual property rights such as copyright, patent, trademark, trade name, trade secret, service mark or other designation of origin or authenticity.

However, this exclusion does not apply to infringement, in your “advertisement,” of

(a) Copyright;

(b) Slogan, unless the slogan is also a trademark, trade name, service mark or other designation of origin or authenticity; or,

(c) Title of any literary or artistic work.

Under this widely used form, there is no coverage for trademark or copyright infringement (or any other one of the enumerated torts), unless the infringement occurs during the course of your advertisement of a slogan, unless the slogan is “also a trademark, trade name, service mark or other designation of origin or authenticity.” The problem with this language is that whether a slogan is “also a trademark, trade name, service mark or other designation of origin or authenticity” is not dependent upon whether the mark is federally protected under the Lantham Act. Rather, the standards for determining whether a trade or service mark is eligible for protection are the same under the common law and the federal law. 15 U.S.C. § 1051 et. seq. Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763 (1992); Amazing Spaces, Inc. v. Metro Mini Storage, 608 F.3d 225 (5th Cir. 2010); Board of Supervisors for the Louisiana State University Agriculture and Mech. College v. Smack Apparel Co., 550 F.3d 465 (5th Cir. 2008); Genesee Brewing Co., Inc. v. Stroh Brewing Co., 124 F.3d 137 (2nd Cir. 1997); Laredo v. Union Nat'l Bank, Austin, 909 F.2d 839, 842 (5th Cir. 1990). It is difficult to imagine a set of circumstances where a slogan would not also be “a trademark, trade name, service mark or other designation of origin or authenticity” under the common law. Coverage is essentially illusory, or at best, ambiguous. On a good day, your insurer is going to contest whether it owes a duty to defend an intellectual property liability claim. Where does this leave you?

There may be limited coverage under your Director's & Officer's Liability policy, but the forms vary in the scope of coverage and there may not be coverage for the acts and omissions of regular employees. Further, the policy will likely only cover your liabilities to your shareholders, and those to whom you owe a fiduciary duty. Fortunately, there are newer products on the market that are specifically designed to cover cyber-related risks. In a 2005 press release, Insurance Services Organization (ISO) unveiled its E-Commerce Program to address cyber liability exposure. According to ISO, “[t]he menu-based policy comprises five separate agreements:

  • Website publishing liability provides coverage against Internet-related publishing perils, including libel against a person or organization, and copyright, trademark, and service mark infringement allegations arising out of content published by the policyholder on its website.
  • Network security liability covers the policyholder against claims for failing to maintain the security of a computer system resulting in unauthorized access and publication of personal information, such as credit card numbers or personal medical information.
  • Replacement or restoration of electronic data provides coverage for the cost of replacing or restoring electronic data lost or rendered inaccessible because of an e-commerce incident, such as a virus, malicious instruction or denial-of-service attack.
  • Cyber extortion provides coverage for extortion expenses incurred and ransom payments made because of an extortion threat. Extortion is defined as a threat to commit an e-commerce incident, disseminate the policyholder's proprietary information, reveal a weakness in its source code or publish personal information belonging to policyholders' clients.
  • Business income and extra expense provides coverage for loss of business income or extra expenses incurred as a result of an extortion threat or e-commerce incident.14

ACE, Hartford, Chubb, Chartis (AIG), Ironshore, Travelers, SafeOnline, CNA, and Zurich are among the insurers offering products specifically covering cyber-hazards.15 However, these companies may or may not have adopted the ISO forms, but may be using products that were internally developed. Still, most of the companies who have targeted this market are going to be competitive, offering coverage for a combination of network security liability, media liability, expense and damage from a violation of privacy tort, coverage for fines and regulatory expenses, loss electronic information (including the cost to recovery lost, corrupted or stolen data), cyber-extortion, and business interruption arising out of a majority of these events. Specific products also exist for liability claims arising out of patent, trademark and trade dress infringement claims, both to pay for the costs of defending those suits, or the cost to pursue a third party who infringes upon your company's intellectual assets.

By and large the cyber-liability policies currently on the market are offered on a claims-made, or claims-made and reported basis. Policies that contain first-party coverage for data breaches may contain fairly short notice requirements, as early response is critical to minimizing the loss and containing any resultant liability exposure. The only way to make sure that you are procuring the right coverage and the right amount of coverage is to (1) establish internal procedures to assess and routinely reassess your risks; (2) establish internal protocols for preventing and responding to cyber-related risks; (3) set goals and benchmarks to determine if your company is meeting expectations; (4) read the policies you currently have in effect to determine where your company stands; (5) if you determine additional coverage is necessary, read the policies carefully before you invest in premiums; and (6) evaluate your coverage on an annual basis. New insurance products are coming out about every 12-18 months. Many brokers keep specimen forms, and most are knowledgeable enough to ensure that the specific risks that you face are covered. And in today's technology-driven world, you cannot afford to leave these exposures uninsured, or underinsured. In today's world, addressing the potential risk exposures your company faces is not just a measure of your success, it may be determinative of your survival.

1“E-commerce” or e-comm is defined as “the buying and selling of products or services over electronic systems such as the Internet and other computer networks.” Wikipedia, The Free Encyclopedia, Wikimedia Foundation, Inc., Dec. 12, 2004, Web. September 15, 2012, < http://en.wikipedia.org/wiki/Ecommerce>. E-commerce “draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems.” Id. E-commerce can be divided into: E-tailing or 'virtual store-fronts' on Web sites with online catalogs, sometimes gathered into a 'virtual mall'; the gathering and use of demographic data through Web contacts; Electronic Data Interchange (EDI), the business-to-business exchange of data; e-mail and fax and their use as media for reaching prospects and established customers; Business-to-business buying and selling; and, the security of business transactions. Id.

2 David R. Cohen & Roberta D. Anderson, Insurance Coverage for “Cyber-Losses”, 35 Tort & Ins. L.J. 891 (2000), citing Reuters Eng. News. Serv., May 9, 2000.

3 2010 Annual Study: U.S. Cost of a Data Breach 13 (March 2011); available at <http://www/symantec.com/content/en/us/abuot/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf>.

4 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012), citing Garry Byers, Rapid Cyber Attack Response: Three Days Make All the Difference, Digital Forensic Investigator News (Sept. 28, 2011), available at <http://dfinenews.com/article/rapid-cyber-attack-response-three-days-make-all-difference>.

5 U.S. Securities and Exchange Commission Division of Corporate Finance, CF Disclosure Guidance: Topic No. 2 — Cybersecurity, (Oct. 13, 2011). Topic No. 2 states that: “In determining whether risk factor disclosure is required, we expect registrants to evaluate their cybersecurity risks and take into account all available relevant information, including prior cyber incidents and the severity and frequency of those incidents. As part of this evaluation, registrants should consider the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption. In evaluating whether risk factor disclosure should be provided, registrants should also consider the adequacy of preventative actions taken to reduce cybersecurity risks in the context of the industry in which they operate and risks to that security, including threatened attacks of which they are aware.”

6 Id.

7 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012).

8 Wikipedia, The Free Encyclopedia, Wikimedia Foundation, Inc., Dec. 12, 2004, Web. September 14, 2012, <http://en.wikipedia.org/wiki/Denial_of_service_attacks>.

9 Id. “In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.”

10 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012)(citing Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID= 211201088 (May 19, 2008).

11 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012).

12 In State Auto Property & Casualty Co. v. Midwest Computers, the Court addressed whether data lost by Mid-West after it serviced computer equipment purchased by one of its customers was “tangible property” within the meaning of a CGL policy issued by State Auto to Midwest. Id. at 1115. Holding that it was not, the Court reasoned that the term intangible referred to property that was “[c]apable of being perceived esp. by the sense of touch: PALPABLE[;] … capable of being precisely identified or realized by the mind [;] … capable of being appraised at an actual or approximate value (assets).

13 But see Voicestream Wireless Corp. v. Federal Ins. Co., 112 Fed. Appx. 553, 555-56 (9th Cir. 2004) (Washington law). Williamson v. Historic Hurstville Ass'n, 556 So. 2d 103, 107 (La. Ct. App. 4th Cir. 1990); Loewenthal v. Security Ins. Co. of Hartford, 436 A.2d 493, 499 (Md. App. 1981).

14 http://www.iso.com/Press-Releases/2005/ISO-INTRODUCES-CYBER-RISK-PROGRAM-TO-HELP-COVER-$7-TRILLION-E-COMMERCE-MARKET.html.

15 David T. Chase & Todd L. Nunn, Insurance Coverage for Cyber risks and Losses, Stay Informed, April 27, 2011, available at http://www.klgates.com/insurance-coverage-for-cyber-risks-and-losses-04-27-2011.