Tag Archives: internet

The Metrics Of The Matrix: Making Sure Your Cyber-Risks Are Covered

We live in a world that is almost entirely dependent upon digital technology. Internet sales and marketing, and even the simple efficiency of how information flows, can be a critical indicator of a company's success. Along with it comes an increased risk of hackers, disruption of service, theft of intellectual property, loss or theft of financial data, or worse, the theft of a customer's confidential information. Throw in a global economy that increases international exposure, and you have a recipe for disaster. While most large corporations have sophisticated network security measures in place, small to mid-size businesses cannot afford them, or are not even aware of the potential security risks. But if you consider information to be an asset, and the means with which it is gathered and used as a measure of your company's performance, the need to protect it becomes abundantly clear.

As early as the year 2000, underwriters at Lloyds of London predicted that e-commerce1 would “emerge as the single biggest insurance risk of the 21st century.”2 They were dead on. Between 2009 and 2011, the cost of data breaches rose from $6.8 million to $7.7 million — a blistering 9%.3 As one commentator noted, the cost and number of data breaches was so high that 2011 was christened “the year of the cyber-attack.”4 Indeed, the risk was seen as so severe that the SEC released disclosure guidelines for publicly traded companies recommending the disclosure of “the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.”5 According to the SEC, “disclosure” includes a “[d]escription of the relevant insurance coverage.”6 Although the number of cyber-attacks decreased slightly in 2012, this should not be taken as a sign that the threat of an attack is any less likely; it just means that some companies are responding to attacks more quickly, or implementing stronger security measures on the front end.

While the threat of a cyber-attack may conjure up the image of an overzealous computer geek with the mad-cap idea of ruling the world from his mother's basement, or a network of head-to-toe-in-black cyber-villains, a competitor seeking market dominance may be an equally likely culprit. A cyber-attack can take many forms. Most commonly, a company suffers a data breach, where “hackers, [ ] current or former employees, or others steal or otherwise gain access to personally identifiable information.”7 However, there are also “phishing” and “pfarming” schemes where the culprit poses as a legitimate user to steal or redirect internet traffic, or transmit a virus. Another form of attack is known as a “denial of service” incident, designed to temporarily or indefinitely block public access to a particular website or server. This involves “saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.”8 These attacks “usually lead to a server overload.”9 The most serious attacks “are comparable to 'tak[ing] an ax to a piece of hardware,” which requires a complete “replacement or reinstallation of hardware.”10 A company targeted by a cyber-attack can suffer a loss of informational assets and a significant interruption in operations, not to mention a damaged reputation.

The theft of intellectual property may or may not come as a result of a direct cyber-attack. Rather, a rogue company may steal your ideas, your website design, your domain names and meta-tags, or they may simply advertise and sell knock-off products. Chances are, if they are not using the internet for this purpose, they got your information from the business you transact online. As if this were not enough, there is the potential liability you face if confidential information is exposed, or you inadvertently infringe upon the intellectual property of a competing business. Customers and even shareholders affected by a data breach “commonly initiate expensive and very public litigation.”11 Likewise, the pursuit of patent and trademark infringement claims has skyrocketed in recent years, and the cost of defending these claims has symbiotically followed suit. Interestingly, the protection of the intellectual property itself seems to be a concern that is almost secondary to the economic warfare that is often waged by the aggressor.

In a world where technology barely keeps up with technology, how can you effectively protect your business against the threat of a cyber-attack, and potential cyber-liability? If you own a website, engage in direct or indirect internet sales, use clouding, linking, framing, solicit business via electronic communication, conduct financial transactions on the internet, exchange information via the internet, or store information through an internet server, your company is at risk. Managing these hazards can be tricky. As seen by the recent attacks on eBay, Amazon, Yahoo, and Google, even companies that have defined internet usage are not immune. No matter how big or small you are it is absolutely imperative that you implement internal security controls to prevent and/or respond quickly to an attack. Simple measures such as encrypting data, regularly changing passcodes, conducting routine virus scans, and limiting the number of employees who have access to confidential information can go a long way. However, insuring against these risks should be your primary objective because a cyber-attack can literally destroy your business overnight.

So, how does your company measure up? Let's take a little test. Assuming you are a “brick and mortar” business is your company:

  • Insured under a Property policy?
  • Insured under a Comprehensive General Liability policy?
  • Insured under a Director's & Officer's liability policy?
  • Insured under a specialty lines policy the expressly insures first and third party Cyber-hazards?

If you answered “no” to the last question, your company is at risk. The traditional products that insure small to medium sized businesses are unfortunately inadequate to cover even the known cyber-hazards, much less the ones that are surely on the horizon as e-commerce continues to grow and change, and new markets emerge. For instance, as it pertains to the loss you may suffer as a result of a data breach, while a standard property policy covers “physical loss or damage to covered property,” the term “covered property” does not include intangible assets like data. More recent property forms either exclude coverage for data breaches outright, or subject the loss of electronic data to a minimal sub-limit of liability.

Likewise, the coverage typically afforded under a CGL policy for liability claims resulting from an unauthorized intrusion is insufficient. CGL policies provide relatively broad liability coverage, but only for certain defined risks. The policies are “menu” driven, and are endorsed to include or exclude particular coverages or risks, such as employee liability, inland marine or commercial crime. Cyber-liability may or may not inadvertently come within the coverage terms of a particular endorsement, but the standardized forms are definitely not geared towards insuring these risks.

Rather, CGL policies are split into two parts — Coverage Part A for Bodily Injury and Property Damage Liability, and Coverage Part B for Personal and Advertising Injury. The terms “bodily injury,” “property damage,” and “personal and advertising injury” are separately defined, and each coverage part is subject to its own specific set of exclusions. Under Coverage Part A, the term “property damage” is defined to mean “physical injury to tangible property” or “loss of use of tangible property” — and therein lies the rub. “Tangible property” is property that is capable of being handled, held or touched. See State Auto Property and Cas. Ins. Co. v. Midwest Computers & More,America Online, Inc. v. St. Paul Mercury Ins. Co., 347 F.3d 89 (4th Cir. 2003); Recall Total Information Management,12

Further, while lawsuits filed against a company whose client's financial information has been exposed typically includes claims for mental anguish. Mental anguish that is not consequential to physical harm or injury, or that does not manifest itself as physical injury is not “bodily injury” under a CGL policy. See e.g. Nance v. Phoenix Ins. Co., 118 Fed. Appx. 640, 642 (3d Cir. 2004) (Pennsylvania law) Jacobsen v. Farmers Union Mut. Ins. Co., 87 P.3d 995, 999 (2004); Tackett v. American Motorists Ins. Co., 213 W. Va. 524 (2003); Armstrong v. Federated Mut. Ins. Co., 785 N.E.2d 284, 292-93 (Ind. Ct. App. 2003); Farm Bureau Ins. Co. of Nebraska v. Martinsen, 659 N.W.2d 823, 827 (Neb. 2003); Galgano v. Metropolitan Property and Cas. Ins. Co., 838 A.2d 993, 999 (Conn. 2004); Smith v. Animal Urgent Care, Inc., 542 S.E.2d 827, 830-31 (W. Va. 2000); Costello v. Nationwide Mut. Ins. Co., 795 A.2d 151, 155 (Md. App. 2002); SCR Medical Transp. Services, Inc. v. Browne, 781 N.E.2d 564, 571 (Ill. App. 1st Dist. 2002); Allstate Ins. Co. v. Diamant, 518 N.E.2d 1154 (Mass. 1988).13 On your best day, it depends upon what jurisdiction you are in as to whether or not that coverage would apply to a cyber-liability claim.

Coverage for “personal and advertising injury” nowadays is almost a joke. Generally speaking, coverage for “personal and advertising injury” is intended to address liability claims for the infringement of intellectual property rights, or other types of personal injury torts (i.e. defamation and invasion of privacy claims). Under older versions of the CGL, the terms “personal injury” and “advertising injury” were separately defined. The term “Advertising injury” included the “[m]isappropriation of advertising ideas or style of doing business” and the infringement of a “copyright, title or slogan.” Now, the terms “personal and advertising injury” have been conflated, and are defined to mean:

  1. False, arrest, detention or imprisonment;
  2. Malicious prosecution;
  3. The wrongful eviction from, wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies, committed by or on behalf of its owner, landlord, or lessor;
  4. Oral or written publication of material that slanders or libels a person or organization or disparages a person's or organization's goods, products or services;
  5. Oral or written publication of material that violates a person's right of privacy;
  6. Copying, in your “advertisement,” a person's or organization's “advertising idea” or style of “advertisement”;
  7. Infringement of copyright, slogan or title of any literary or artistic work, in your “advertisement.”

As it pertains to a data breach, at least one Court has held that under the newer version of the CGL, theft of customer data is a “publication of material that violates a person's right of privacy.” See Norfold & Dedham Mut. Fire Ins. Co. v. Clearly Consultants, Inc., 81 Mass.App.Ct. 40 (Dec. 16, 2011). Other Courts, however, have disagreed, leaving an uncertain gap as to whether or not your policy would cover such an event. See Creative Host. Ventures, Inc. v. E.T. Ltd., Inc., 2011 U.S. App. 19990 (Sept. 30, 2011).

There is even more uncertainty with regard to intellectual property liability claims. Both older and newer versions of the CGL require that the offense occur in the course of the advertisement of your own goods, products or services. This would include internet-based sales and marketing, but not all forms of electronic commerce. The most current CGL forms in use, however, essentially gut coverage for intellectual property claims with the following exclusion:

This insurance does not apply to:

“Personal and advertising injury”:

(7) Arising out of any violation of any intellectual property rights such as copyright, patent, trademark, trade name, trade secret, service mark or other designation of origin or authenticity.

However, this exclusion does not apply to infringement, in your “advertisement,” of

(a) Copyright;

(b) Slogan, unless the slogan is also a trademark, trade name, service mark or other designation of origin or authenticity; or,

(c) Title of any literary or artistic work.

Under this widely used form, there is no coverage for trademark or copyright infringement (or any other one of the enumerated torts), unless the infringement occurs during the course of your advertisement of a slogan, unless the slogan is “also a trademark, trade name, service mark or other designation of origin or authenticity.” The problem with this language is that whether a slogan is “also a trademark, trade name, service mark or other designation of origin or authenticity” is not dependent upon whether the mark is federally protected under the Lantham Act. Rather, the standards for determining whether a trade or service mark is eligible for protection are the same under the common law and the federal law. 15 U.S.C. § 1051 et. seq. Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763 (1992); Amazing Spaces, Inc. v. Metro Mini Storage, 608 F.3d 225 (5th Cir. 2010); Board of Supervisors for the Louisiana State University Agriculture and Mech. College v. Smack Apparel Co., 550 F.3d 465 (5th Cir. 2008); Genesee Brewing Co., Inc. v. Stroh Brewing Co., 124 F.3d 137 (2nd Cir. 1997); Laredo v. Union Nat'l Bank, Austin, 909 F.2d 839, 842 (5th Cir. 1990). It is difficult to imagine a set of circumstances where a slogan would not also be “a trademark, trade name, service mark or other designation of origin or authenticity” under the common law. Coverage is essentially illusory, or at best, ambiguous. On a good day, your insurer is going to contest whether it owes a duty to defend an intellectual property liability claim. Where does this leave you?

There may be limited coverage under your Director's & Officer's Liability policy, but the forms vary in the scope of coverage and there may not be coverage for the acts and omissions of regular employees. Further, the policy will likely only cover your liabilities to your shareholders, and those to whom you owe a fiduciary duty. Fortunately, there are newer products on the market that are specifically designed to cover cyber-related risks. In a 2005 press release, Insurance Services Organization (ISO) unveiled its E-Commerce Program to address cyber liability exposure. According to ISO, “[t]he menu-based policy comprises five separate agreements:

  • Website publishing liability provides coverage against Internet-related publishing perils, including libel against a person or organization, and copyright, trademark, and service mark infringement allegations arising out of content published by the policyholder on its website.
  • Network security liability covers the policyholder against claims for failing to maintain the security of a computer system resulting in unauthorized access and publication of personal information, such as credit card numbers or personal medical information.
  • Replacement or restoration of electronic data provides coverage for the cost of replacing or restoring electronic data lost or rendered inaccessible because of an e-commerce incident, such as a virus, malicious instruction or denial-of-service attack.
  • Cyber extortion provides coverage for extortion expenses incurred and ransom payments made because of an extortion threat. Extortion is defined as a threat to commit an e-commerce incident, disseminate the policyholder's proprietary information, reveal a weakness in its source code or publish personal information belonging to policyholders' clients.
  • Business income and extra expense provides coverage for loss of business income or extra expenses incurred as a result of an extortion threat or e-commerce incident.14

ACE, Hartford, Chubb, Chartis (AIG), Ironshore, Travelers, SafeOnline, CNA, and Zurich are among the insurers offering products specifically covering cyber-hazards.15 However, these companies may or may not have adopted the ISO forms, but may be using products that were internally developed. Still, most of the companies who have targeted this market are going to be competitive, offering coverage for a combination of network security liability, media liability, expense and damage from a violation of privacy tort, coverage for fines and regulatory expenses, loss electronic information (including the cost to recovery lost, corrupted or stolen data), cyber-extortion, and business interruption arising out of a majority of these events. Specific products also exist for liability claims arising out of patent, trademark and trade dress infringement claims, both to pay for the costs of defending those suits, or the cost to pursue a third party who infringes upon your company's intellectual assets.

By and large the cyber-liability policies currently on the market are offered on a claims-made, or claims-made and reported basis. Policies that contain first-party coverage for data breaches may contain fairly short notice requirements, as early response is critical to minimizing the loss and containing any resultant liability exposure. The only way to make sure that you are procuring the right coverage and the right amount of coverage is to (1) establish internal procedures to assess and routinely reassess your risks; (2) establish internal protocols for preventing and responding to cyber-related risks; (3) set goals and benchmarks to determine if your company is meeting expectations; (4) read the policies you currently have in effect to determine where your company stands; (5) if you determine additional coverage is necessary, read the policies carefully before you invest in premiums; and (6) evaluate your coverage on an annual basis. New insurance products are coming out about every 12-18 months. Many brokers keep specimen forms, and most are knowledgeable enough to ensure that the specific risks that you face are covered. And in today's technology-driven world, you cannot afford to leave these exposures uninsured, or underinsured. In today's world, addressing the potential risk exposures your company faces is not just a measure of your success, it may be determinative of your survival.

1“E-commerce” or e-comm is defined as “the buying and selling of products or services over electronic systems such as the Internet and other computer networks.” Wikipedia, The Free Encyclopedia, Wikimedia Foundation, Inc., Dec. 12, 2004, Web. September 15, 2012, < http://en.wikipedia.org/wiki/Ecommerce>. E-commerce “draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems.” Id. E-commerce can be divided into: E-tailing or 'virtual store-fronts' on Web sites with online catalogs, sometimes gathered into a 'virtual mall'; the gathering and use of demographic data through Web contacts; Electronic Data Interchange (EDI), the business-to-business exchange of data; e-mail and fax and their use as media for reaching prospects and established customers; Business-to-business buying and selling; and, the security of business transactions. Id.

2 David R. Cohen & Roberta D. Anderson, Insurance Coverage for “Cyber-Losses”, 35 Tort & Ins. L.J. 891 (2000), citing Reuters Eng. News. Serv., May 9, 2000.

3 2010 Annual Study: U.S. Cost of a Data Breach 13 (March 2011); available at <http://www/symantec.com/content/en/us/abuot/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf>.

4 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012), citing Garry Byers, Rapid Cyber Attack Response: Three Days Make All the Difference, Digital Forensic Investigator News (Sept. 28, 2011), available at <http://dfinenews.com/article/rapid-cyber-attack-response-three-days-make-all-difference>.

5 U.S. Securities and Exchange Commission Division of Corporate Finance, CF Disclosure Guidance: Topic No. 2 — Cybersecurity, (Oct. 13, 2011). Topic No. 2 states that: “In determining whether risk factor disclosure is required, we expect registrants to evaluate their cybersecurity risks and take into account all available relevant information, including prior cyber incidents and the severity and frequency of those incidents. As part of this evaluation, registrants should consider the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption. In evaluating whether risk factor disclosure should be provided, registrants should also consider the adequacy of preventative actions taken to reduce cybersecurity risks in the context of the industry in which they operate and risks to that security, including threatened attacks of which they are aware.”

6 Id.

7 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012).

8 Wikipedia, The Free Encyclopedia, Wikimedia Foundation, Inc., Dec. 12, 2004, Web. September 14, 2012, <http://en.wikipedia.org/wiki/Denial_of_service_attacks>.

9 Id. “In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.”

10 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012)(citing Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID= 211201088 (May 19, 2008).

11 Scott Gods & Jennifer Smith, Insurance Coverage for Cyber Risks: Coverage Under CGL and “Cyber” Policies, ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar (March 1-3, 2012).

12 In State Auto Property & Casualty Co. v. Midwest Computers, the Court addressed whether data lost by Mid-West after it serviced computer equipment purchased by one of its customers was “tangible property” within the meaning of a CGL policy issued by State Auto to Midwest. Id. at 1115. Holding that it was not, the Court reasoned that the term intangible referred to property that was “[c]apable of being perceived esp. by the sense of touch: PALPABLE[;] … capable of being precisely identified or realized by the mind [;] … capable of being appraised at an actual or approximate value (assets).

13 But see Voicestream Wireless Corp. v. Federal Ins. Co., 112 Fed. Appx. 553, 555-56 (9th Cir. 2004) (Washington law). Williamson v. Historic Hurstville Ass'n, 556 So. 2d 103, 107 (La. Ct. App. 4th Cir. 1990); Loewenthal v. Security Ins. Co. of Hartford, 436 A.2d 493, 499 (Md. App. 1981).

14 http://www.iso.com/Press-Releases/2005/ISO-INTRODUCES-CYBER-RISK-PROGRAM-TO-HELP-COVER-$7-TRILLION-E-COMMERCE-MARKET.html.

15 David T. Chase & Todd L. Nunn, Insurance Coverage for Cyber risks and Losses, Stay Informed, April 27, 2011, available at http://www.klgates.com/insurance-coverage-for-cyber-risks-and-losses-04-27-2011.

Flo Won't Handle Your File: Claims in the Social Media Age

Viral phenomena on the Internet more frequently concern “Cats that Look like Hitler” or racy photos of Prince Harry cavorting in Las Vegas.

Insurance claims rarely go viral on social media, but that changed recently with a controversial underinsured motorist claim involving Progressive Insurance Company. You can find background on the case here.

The sad facts here are straightforward. Progressive Insurance Company policyholder Katie Fisher died in a 2010 automobile crash in Maryland. Allegedly, the other driver ran a red light, though there was a dispute as to who had the green light and the right-of-way. The driver that struck Katie’s vehicle was under-insured. The good news: Katie had bought underinsured motorist coverage (UIM).

The bad news: to collect, Katie’s family had to sue the other driver for negligence to force Progressive to pay. However, when the family sued the other driver, Progressive’s attorneys associated with the other driver’s attorneys to defend the liability claim. As a result, the deceased’s brother went viral in social media rounds, complaining that Progressive used premium dollars to defend his sister’s killer in court. That makes for an arresting headline.

This claim illustrates the importance of an insurance company being attuned to social media and having a social media policy. Of course, here Progressive did not stick its head in the sand. It did not ignore the social media buzz surrounding its handling of the case. Apparently, it responded but responded in a way perceived as tone-deaf.

Progressive In A Lose-Lose Situation?
Maybe Progressive Insurance Company was in a no-win situation. If it ignored the social media banter about its stance, consumers would accuse it of insensitivity. It entered the dialogue to justify its actions. In so doing, people accused it of being tone-deaf to consumer sensitivities. I don’t know what response Progressive could have launched on social media that would have satisfied its critics.

This vignette underscores how little people understand what they buy when purchasing underinsured motorist coverage. Buying underinsured motorist coverage essentially risks putting you at odds with your own insurance company. In such a claim, your own insurance company is incentivized to show that you in fact were at fault for the accident and/or that your injuries were not the result of the negligence of an underinsured driver. People assume that the insurance company to whom they paid their premiums will always be on their side. Typically, this is the case. Typically, this is the alignment of interests.

In underinsured motorist coverage and claims, however, “typical” doesn’t necessarily apply. Here, interests are aligned differently. Just because you pay your insurance company for the coverage doesn’t mean that — in a claim involving an underinsured adverse driver — your insurance company is going to act all soft and fuzzy.

Of course, insurance companies would not effectively market and sell underinsured motorist coverage if they made this reality explicit and spotlighted it in the sales process. People don’t think it through. Nobody really believes deep down they will be hurt due to the fault of an underinsured driver. If they pay for the coverage, perhaps they pay for it begrudgingly at best.

Policyholder Ignorance About Underinsured Motorist Coverage
So, those who say “Shame on Progressive” for its stance adverse to its own policyholder could add, “Shame on the policyholder” for not realizing the dynamics in underinsured motorist claims. Of course, it sounds callous to be lecturing a family on the dynamics of claims-handling when they have lost their daughter in a fatal car accident.

Further, there was a reasonable question of fact as to who had the right-of-way. Should Progressive and its adjusters have ignored evidence that the deceased may have been at fault in order to pay the claim? It’s difficult to fault Progressive’s adjusters here, as tempting as it may be to do so. There was a legitimate dispute as to who had the right-of-way and who ran the red light. Was Progressive wrong for exercising its legal right to seek a judicial determination of liability?

Personally, I don’t think so.

Nevertheless, insurance companies now face not just bad faith risks over how their claim department handles or mishandles an automobile loss. They also face reputational risks if disgruntled consumers take to Twitter, Facebook, blogs, Tumblr, etc. to air their gripes.

Internet Megaphones
The Internet and social media provides a bully pulpit and cyberspace megaphone for anyone who has a beef, whether that complaint is justified or specious. On the other hand, since everyone now has an electronic megaphone via the Internet, World Wide Web and social media, the cacophony of complaints can create a “white noise” effect that makes any one complaint difficult to stand out. This complaint did stand out, though, and got widespread media play.

While it is tempting to say “No comment” or “We won’t try our case in the media,” insurance companies — like other businesses — cannot take an ostrich approach and stick their heads in the proverbial sand.

The takeaways and lessons from this go beyond Progressive Insurance Company. Katie Fisher’s case illustrates that in the 21st century:

  • insurance companies must have social media policies,
  • they must monitor social media, and
  • they must be able to articulate a concise yet compelling message to an often skeptical audience.

It’s not enough to handle the claim conscientiously.

It’s not enough to handle it in accord with the policy conditions.

It’s not enough to comply with state insurance department regulations.

It’s not enough to believe that you acted in good faith.

If you have an under-insured motorist claim, you must realize that your adjuster will not be perky Flo from the TV commercials.

Insurers Need Social Media Strategy
This case study also spotlights the need for insurance companies to have a refined social media strategy. That goes beyond grappling with questions like, “Should we be on Facebook or Twitter?” or, “Should we have a blog?”

Sorry — those questions are so 2010. That no longer cuts it as a coherent social media strategy.

It’s no longer enough to have a digital footprint in the social media world. The content of what companies put out on social media is vital, scrutinized, and should promote their brand. Content is king.

Moreover, insurance companies must have institutionalized disciplines to monitor what is being said about them on social media so they can respond quickly and persuasively. The consumer conversation about your service and policies is going on — with you or without you. It is best that it goes on with you. It’s best that you have an opportunity to be aware of customer service firestorms brewing so that you have the opportunity to squelch them, address them and nip them in the bud.

You may have to justify your steps in the court of public opinion through social media or suffer the consequences of a public relations black eye if you hunker down and go incommunicado.

As this case study shows, adjusters are sometimes damned if they do and damned if they don’t.

Pay the claim in the face of conflicting evidence, and be second-guessed for poor decision-making by higher-ups. Contest the claim and align yourself with the other driver’s insurance company, and you get criticized in the court of public opinion for callousness.

No one promised adjusters a rose garden and they certainly don’t get to operate in one in the age of viral posts and social media!