Cyber Crime Costing the Global Economy Nearly £300bn
Date Published 20/08/2016
Cyber crime is costing the global economy nearly £300bn a year and shows no signs of reducing. The recent spate of Cyber attacks, including Talk Talk and British Gas, only serve to highlight the current climate. You would be mistaken in thinking that this is an area of crime restricted to the large Companies and conglomerates. It is a very real and increasing threat and is affecting greater numbers of SME’s, as criminals target what they perceive to be a more relaxed approach to IT security measures in smaller business concerns.
Cyber crime is wide-reaching and can affect the fraudulent taking of funds, as well as the misappropriation of both customer and staff data. A growing reliance on business technology is enabling crime to be committed in increasingly subtle ways, which can go undetected for long periods of time. Any crime, which is computer or information technology dependent, falls into the definition of Cyber crime and insurers are having to provide increasingly sophisticated cover to ensure businesses are protected. This exposure has largely been ignored by most UK businesses until the last 6 months, despite it being something which, with good planning and appropriate IT security monitoring and controls in place, can be managed but is unlikely to every be eliminated. It is essential that businesses ensure that a ‘Crime Policy’ forms part of its’ risk management process and mitigate the impact of a cyber crime attack.
Cybercriminals often penetrate a company’s computer and email systems, and for a year or more watch and plan their attack. Then they strike.
Theft via on-line banking is on the rise and Crime insurers are having to deal with more and more claims. A recent claim paid involved two members of staff in a Company’s Finance Department had password protected responsibility for the on-line electronic fund transfers from the company’s bank accounts. One morning, an attempt to make a payment to the company’s suppliers is greeted with an error message. The staff contact the bank’s technical support and are informed that the bank is unable to make payment, as the company accounts are showing almost zero balances. An urgent investigation was launched and it transpired that earlier that day an individual had hacked the on-line system and emptied the company accounts. The monies were transferred to off-shore bank accounts with the amounts being quickly removed and deposited elsewhere. The money was unrecoverable from the bank.
There are many more examples of this nature and as you may appreciate, it is a wide and complex area for insurers to tackle, let alone most businesses. However, the good news is that within the insurance industry, there is recognition that this area of risk protection has to be developed to deal with this emerging Crime exposure. It is also imperative that businesses look seriously at Crime and Cyber cover, before it’s too late.
Black Friday Sales Bring Higher Risks of Chargeback Fraud Across Europe
Date Published: 12/11/2015
Global Risk Technologies warns online merchants of increased risks of fraudulent chargebacks on Black Friday. Online sales are expected to increase by 18% across Europe for 2015. High online sales will mask fraudulent charges and chargebacks. With increasing numbers of fraudulent chargebacks and out of the norm shopping behaviors on Black Friday, finding and stopping this fraud becomes very difficult. Monica Eaton-Cardone, CIO and co-founder of Global Risk Technologies provides this advice to help eliminate fraud on Black Friday:
Following these steps will help reduce potential threats of fraud. If you are interested in finding out more about cyber cover to make sure your company is covered in the event of a hack, please contact us.
EU Rules Threaten Britain’s £10bn Maritime Industry
Date Published 09/11/2015
Britain’s maritime industry spoke out on Europe in regard to growing concern among its business leaders about expansion of EU powers and membership. All of these concerns were addressed in a report by the UK Chamber of Shipping which includes companies such as P&O, Stena, Maersk and CMA CGM.
Guy Platten, chief executive officer of the chamber said: “Access to the single market has helped to drive growth in trade with our closest neighbours. The loss of tariffs and increased competition in the supply chain has boosted custom, driven down costs and allowed the conditions for job creation, economic and social progress.”
He also added: “But the attitude of the European Commission appears to be ‘regulate where possible’ and not ‘regulate where necessary’ – which has created a sense of ‘mission creep’ resulting in a centralisation of power in Brussels.”
Maritime leaders are now reaching out to David Cameron, the Prime Minister, and the public and alerting them as to what they see as are dangers of a vote to stay in the EU without Britain first winning significant concessions on Brussels’ regulatory powers.
The maritime sector currently employs 240,000 UK workers.
After Global Scrutiny, VW Blames a few ‘Rogue Engineers’
Date Published: 09/10/2015
Michael Horn, Chief Executive of VW repeatedly stated before a US Congressional Committee that he was unaware of any ‘defeat devices’ installed in their vehicles until a few days before a meeting with environmental regulators early in September. >> Click here to view Director
He committed to a full investigation and reiterated that the manipulation was not a decision made by corporate but something done by software engineers. German prosecutors have launched an investigation to determine who is responsible for the fraudulent act searching for files and storage devices that may contain data that points to those involved and how the manipulation was carried out.
It is not yet clear whether the software is allowed in Europe.
Climate Change Impact: Bank of England Governor calls on insurers to help prepare for climate change
Date Published: 11/10/2015
After several years of low environmental claims for large national disasters, Mark Carney, the Bank of England Governor, calls on insurers to “help counteract the financial shocks…triggered by climate change.” Many industry firms have said they do not think that the “quiet spell” will last.
“While the insurance industry is well placed to adapt to a changing climate in the short-term, their response could pose wider issues for society, including whether to nationalise risk,” Mark said. He also mentioned that there is still time to do something but the window of opportunity is shrinking and suggested that there should be discussions of an industry-led Climate Disclosure Task Force, where carbon-intensive companies could tell the world how much pollution they were producing.
“Since the 1980s the number of registered weather-related loss events has tripled; and inflation-adjusted insurance losses from these events have increased from an annual average of around $10bn in the 1980s to around $50bn over the past decade.”
Read the full story from the Telegraph: http://www.telegraph.co.uk/finance/newsbysector/banksandfinance/insurance/11899845/Bank-of-England-governor-Mark-Carney-calls-on-insurers-to-help-prepare-for-climate-change.html
Smart Ships Vulnerable to Cyber Attacks
Date Published: 10/09/2015
Many of the world’s leading shipowners and port operators are undertaking a rapid digitalisation of their businesses in the pursuit of greater operational efficiency, profitability and growth.
The increased use of computerised systems for everything from navigation to container inspection has enhanced the safety of mariners and vessels at sea, and improved the efficiency of our ports. But the industry migration towards ‘smart’ ships, systems consolidation and global connectivity has also multiplied the potential impact of – and criminal rewards for – cyber attacks.
Because the present systems were designed for the needs of the 20th century rather than the threats of the 21st century, maritime companies are vulnerable to attacks. Global maritime logistics is highly integrated so it is possible to become a victim without having been the target: any assumptions of low-probability risk will always be flawed because of this high level of integration and the wide reliance on transitory labour that raises the probability of insider threats.
Warnings from the cyber-security community are on the rise, despite relatively infrequent evidence of breaches. For commercial and reputational reasons, most victims shun the spotlight and are largely not required to report attacks.
Other than for cyber-breaches in the US of financially regulated data and ‘personally identifiable information’, there is no mandatory reporting. It was hoped that mandatory reporting would become law in the European Union during the present fiscal year, but gaining consensus is proving a tortuous process, with implementation at least two years behind what was anticipated.
So, like rogue icebergs, the scale of the threat remains unseen. But the vulnerability of some of the systems being adopted has been exposed.
For example, merchant shipping is in the midst of a wholesale adoption of various e-navigation and integrated automatic identification systems (AIS) to supplement marine radar, the main method of vessel detection, positioning and collision avoidance.
The International Maritime Organization (IMO), through International Convention for the Safety of Life at Sea (SOLAS), has made mandatory the adoption of AIS for vessels above a specific size; ensuring the resiliency of AIS against cyber attacks, however, is not part of that requirement.
Shipping is also embracing GPS and electronic chart display and information systems that are often integrated with a company’s AIS.
Both AIS and GPS have been proven vulnerable to hacking. Moreover, the devices reportedly used to identify the security gaps in these systems cost less than US$2,000, making them available to the full range cyber-criminals from nation-state actors and organised crime to hacktivists and talented teenagers.
Gaining access to these systems could give criminals the ability to disable one or multiple ships transiting strategically important waterways such as the Panama Canal, greatly impacting world trade.
Ports are using similar integrated systems and software to track and manage the transit, handling and release of cargo, as well as terminal operations. In one recent event, the vulnerability of container-release codes was exploited to steal cargo at the port of Antwerp.
It is not inconceivable entire container ports could be shut down. A recent study found that cyber-related disruptions at Long Beach or Los Angeles could impact 20% of the maritime transportation system in the US, removing about US$1bn a day from its economy for the duration of the attack.
While potentially pervasive, the cyber-challenges faced by the maritime sector are not insurmountable. On an industry level, we could start by ensuring that all verification processes that attest to the integrity of industrial control systems include an assessment of cyber-resilience. At present, most do not.
Secondly, mandatory reporting of all cyber breaches would go a long towards establishing the scale of the problem and the current capabilities, techniques and targets of the many cyber-threat actors, information that can be used to design risk-based cyber-defences.
On the corporate level, the responsibility for creating a cyber-resilient company must quickly transition from those manning the industry’s IT rooms to those in the C-Suites. Those senior executives then need to ask themselves: Which digital assets really matter to my company’s business (i.e., data, applications, the infrastructure that supports those applications and the third-party service providers who provide the IT infrastructure and applications)?
To drill down to the operation-critical issues, digital assets need to be assessed through three lenses:
1. In what ways do they affect my financial stability?
2. In what ways do they affect my ability to comply with my regulatory compliance obligations?
3. How could they reflect the reputation, trust and existential issues in my business?
Using those lenses will help companies to understand what security should look like for access to those assets, how to restrict access to your computer systems, how to configure any security devices, and how to apply security controls.
It will be a lot of work, but an effective cyber-defence strategy is now intrinsically tied to the protection of profit and operational resilience.
Written by: Peter Armstrong, Willis FINEX, WillisWire
Cyber Risks in New Construction Technology
Date Published: 10/9/2015, WillisWire
One of the most disconcerting realities is that while the risks to cyber security will undoubtedly increase as we leverage new construction technology, the fact is that much of our current generation of technology already represent significant vulnerabilities.
Moreover these vulnerabilities ought to be reflected in our quantification of total exposure but rarely are.
If you consider a typical construction site, pretty much every machine has a control unit of some kind, a pressure sensor, a flow meter a temperature sensor. Many of this field equipment is aggregated and controlled by a supervisory control and data acquisition (SCADA) system. In a building information modeling (BIM) environment, the SCADA system takes its rules and configurations from BIM. All of the data points from the equipment—from the pump running at 3000 rpm to the flow meter when you are pouring the slab—send their data to a part of a computer system called a static data pool. All these values are analysed by the SCADA system, so on the day the pump runs at 2500 revs, an alarm goes off before the pump bearing disintegrates.
These static data pools are highly vulnerable to interference so we might pour the slab light, we might let the pump explode on site or the temperature in a mixing tank get too high and so on.
This static data pool also provides a route into the BIM data and system so the core data at Level 1 and 2 projects could be potentially be compromised.
IMPLICATIONS OF THESE VULNERABILITIES
How smart have we been in viewing the implications of these existing vulnerabilities? Risks where we already have defined trigger events but clearly not quantified the exposure to include the enablement, acceleration or amplification of the risk that cyber vulnerabilities represent? – not very, in truth. As our resident white-hat hacker said recently, “3D and 4D BIM, autonomous vehicles and machines – yeeha!”
Perhaps the most dire of all the risks emerging from technological advancements in construction is cyber-related security. As web-based and interconnected tools become the new norm in construction, so will the threat of cyber-attack.
According to a 2014 study by HP, 70% of Internet of Things (IoT) devices are vulnerable to security attacks. Just recently, Proofpoint, Inc., a leading security-as-a-service provider, uncovered what may be the first proven Internet of Things (IoT)-based cyber-attack involving conventional household “smart” appliances. Here a smart fridge launched several hundred thousand spam emails (so-called spam floods as part of a denial of service attack). Given this, it is not unreasonable to assume that something very similar could happen in the construction environment with its smart buildings and related technology.
Nearly all of the aforementioned technological advances present increased susceptibility to cyber related risk. And to make things worse, often times the IT risk management is isolated from the balance of company risk management.
Moreover, an attack could come from nearly anywhere:
– The very small sub-contractor that can’t afford the additional security
-The prime contractor who won’t support the specialist sub-contractor by providing hosting of the BIM environment for them
-The 3rd party supplier who doesn’t vet their personnel properly
-The CEO who opens the spear phish e-mail
One only has to recall the Target data whose original intrusion was traced back to a third-party HVAC vendor, to know that the construction community is not immune to such threat. This breach will end up costing Target hundreds of millions of dollars.
But financial loss is not the only potential consequence of cyber-attack in construction. Proprietary advantage can suffer as years of R&D and related investment could be comprised if someone steals or such information is leaked.
Furthermore, drones are connected to electronic communication systems and therefore vulnerable to attack by hacking. That could possibly result in a drone’s diversion from its intended flight path for purposes of theft and in most extreme cases terrorism.
Original Source: WillisWire
Tianjin Port Blast to Cost up to $3 Billion
Date Published: 09/09/2015
According to IHS Maritime, 360, the port’s insurance broker released details relating to the costs of damage and losses of the blast amounting between $1 and $3 billion. A spokesman for the reinsurance broker said : “Property damage claims will form the major part of overall insured loss, which includes property and content losses at and near the blast site, arising from mostly commercial property policies, as well as thousands of vehicles in the area.”
The broker’s spokesperson also stated, “Business interruption loss forms a large part of the uncertainty surrounding the ultimate loss for the insurance industry in this incident. On the marine cargo side, it will take time for claims arising from damaged shipping containers to be reported and inspected by insurance companies. Besides property, motor, and marine cargo losses, to a lesser extent some liability, personal accident and life claims will arise from the incident.”
Originally published by Port Technology International: http://www.porttechnology.org/news/tianjin_blast_to_cost_3bn
Rolls-Royce Wins “Beluga” Jets Bid
Date Published: 23/09/2015
Rolls Royce won the £500 bid for engines on Airbus’s five, new “Beluga” cargo jets. These new jets will carry a third more cargo than the current A330 aircraft, which they are now decreasing production on.
Bertrand George, an Airbus vice-president, said: “We look forward to the Trent 700 powering this important development in our air transport strategy. The engine has an excellent record on the A330 and is ideally suited to our requirements for this aircraft.”
Simon Carlisle, Rolls-Royce executive vice-president, added: “We welcome this decision to select an engine that is the clear market leader on the A330 and offers outstanding performance in terms of fuel burn, reliability, emissions and noise.”
Originally published on The Telegraph: http://www.telegraph.co.uk/finance/newsbysector/industry/engineering/11855806/Rolls-Royce-lands-whale-of-a-deal-to-power-Airbuss-Beluga.html
Rare Sighting of Antonov An-124
Date Published: 01/09/2015
The Ukrainian cargo plan was on its way from Dubai with a flight plan to Iraq to deliver fire trucks. Spectators gathered at the Altrincham’s Runway Visitor Park to get a good look at the Antonov An-124, monster plane.
Originally published on Manchester Evening News: http://www.manchestereveningnews.co.uk/news/greater-manchester-news/monster-cargo-plane-descends-manchester-9971160
Freightcover is the on-line solution from a&b insurance brokers to the secure purchase of specialist cargo insurance for the general cargo market. Cover can be purchased in a matter of seconds and all policy documentation is issued to you by email immediately. To get started, simply go to freightcover.com
Date Published: 18/09/2015
“In the future drones will allow us to carry any cargo safely, taking congestion off the roads. Driverless cars will also change the way we design cities. We won’t need as many motorways…” says Norman Foster, of Foster and Partners.
Read more about what the famous architect has to here: http://www.architectsjournal.co.uk/news/foster-driverless-cars-and-drones-will-change-our-cities/8689094.article
Myths Around Cyber Liability Cover
Date Published: 25/08/2015
Cyber liability is becoming increasingly popular. However, there are still a lot of misconceptions surrounding it.
Many SMEs believe that cyber insurance is just for companies who sell products over the internet. Not only e-commerce companies and those undertaking transactions over the internet face cyber risks. Risks are faced by any and all companies that collect and store personal and corporate sensitive data, or are reliant on computer and telephone networks and/ or data for their daily operations.
Whilst not all SMEs operate in sectors where notifications of a data breach are reported on an obligatory basis, this does not mean that cyber insurance is not needed. Even if legally you do not need to notify victims of a data breach, it is recommended by many privacy regulators to do so as part of best practice processes. In addition notifying victims can avoid or mitigate any reputational harm.
Some companies believe that if they spend vast amounts of money on IT security, then they are not at risk. Both financially and ideologically motivated hackers can be very persistent in penetrating a computer network and no system is 100% secure. Computer networks are only able to complete the functions which they are programmed to do; it is often the humans who prove to be the weakest link
Computer networks are the heart of almost all companies. Any kind of failure of these systems could halt day-to-day operations and cost companies a significant amount in lost revenue. System interruption can not only result from computer attacks/virus transmission, but also from operational and administrative errors.
Information required by underwriters, for cyber insurance, is usually limited to a simple proposal form. In some cases a telephone call may be necessary to expand on complex cases.
If you’d like to discuss your cyber liability options with a member of our staff, please contact us.
Unmanned Aircraft Flying Above
Date Published: 25/08/2015
Unmanned aircraft may sound like they belong in a scene from some science fiction movie set, but they are already out there enabling jobs to be done more safely and at lower cost, ranging from agricultural monitoring, to wildfire surveillance and infrastructure maintenance.
In the UK, a House of Lords committee has recommended that a register of these unmanned aircraft, widely known as “drones” be created, which will initially target commercial operations. Other recommendations include whether or not to allow the use of geo-fencing (flight based upon GPS coordinates), clearer guidance for law enforcement and guidance on what levels of insurance users should purchase.
Insurers are also looking at the use of drones for their own purposes. In the US, insurers State Farm and AIG have received clearance from the Federal Aviation Administration to use drones for underwriting and claims application purposes.
The use of flying robotics is predicted to significantly increase over the next 10 years. By 2020 the use of drones could become common practice for almost 40% of businesses, according to corporate risk managers surveyed earlier this year by Munich Re.*
A multitude of liability issues will need to be addressed as a result. The risk managers surveyed by Munich Re highlighted various concerns, including invasion of privacy (69%), inadequate insurance (12%), personal injury (11%) and property damage (8%).
To address the needs of this expanding industry, several insurers have developed coverage solutions specifically designed for the exposure faced by remotely piloted, semi-autonomous, and fully autonomous aircraft.
Coverage can include either ongoing usage or can be tailored to individual coverage for specific events. Typical coverage often includes similar elements as can be seen in a traditional aviation policy, such as:
-Personal and bodily injury to operators and third parties
-Third party property damage
Additional, more bespoke cover, can include:
-Cover for operating at high risk locations such as over water and indoors
-Loss or damage to the drone and associated equipment
-Cover for war and allied perils risks
-Cover for operators still in training
Before considering using drones for your business it is also important to remember the guidelines for businesses from the Commercial Aviation Authority. You must request official permission from the authority if you plan to:
-Fly the drone on a commercial basis
-Fly a camera fitted drone within congested areas or close to people or properties that are not under your control
As drones become more popular, even if you are not planning on using them in your business it is also important to reassess any business interruption insurance cover that your business may hold. Flights into Manchester Airport were recently suspended when a drone was spotted in the area. As drone technology is still relatively new, it is important to check your cover is up to date and that you will be covered should a rogue drone cause trouble for your business.
Sources: “Drone use could soon become common practice for 40% of businesses, according to corporate risk managers surveyed by Munich Re” press release 13th May 2015*
Reinstatement, Does It Always Make Sense?
Date Published: 25/08/2015
In most situations this would be perfectly suitable, but if there is a better way of reconstructing or repairing the building at no extra cost, then should this be considered? Is it appropriate for insurers to insist on like-for-like replacement, especially where there is an opportunity to reduce future risk?
Some insurers adopt a common sense approach offering the best possible outcomes for real estate customers; making sensible changes at very little additional expense. For example, placing electrical sockets higher up the wall so flooding won’t damage the electrical system a second time, improving fire systems in older buildings e.g. better sprinkler systems, and using different materials suited for the Energy Act 2013.
Commercial Insurance policies may include adaptation clauses i.e. a clause in the policy that allows changes to the building to be made during reconstruction. These clauses provide cover above normal minimum regulatory levels, giving extra flexibility that clients may need in order to achieve greener buildings, more efficient working conditions or to protect themselves from future incidents.
A major loss can be devastating, but reinstatement can present opportunities. With new methods and materials constantly emerging these can significantly reduce the risks associated with flooding and fire especially.
New building methods can also enhance sustainability and energy efficiency. In recent years there has been a variety of legislation introduced to address these topics. Some local authorities can insist that clients install expensive sustainability elements, such as solar panels, in a reconstruction project where nothing existed previously.
Brokers and customers can therefore be rest assured that, in the event of a major loss, their insurer will not only strive to repair any damage caused, but, where possible, put customers in the best possible position for the future.
IPT Increase Effective November 2015
Date Published: 17/08/2015
IPT applies to all insurance policies, whether personal or commercial. With effect from November 2015, any new policy, renewal of an existing policy or mid-term adjustment to a policy will invoke an IPT charge of 9.5% instead of the current 6%.
If you would like any more information in relation to this, please contact us.
New Container Weight Requirements Effective July 2016
Date Published: 01/07/2015
Shippers should be prepared for new container weight requirements approved by the United Nations and its International Maritime Organization last year . “One year from today, global containerized maritime commerce will need to comply with new international regulations that require every packed container to have a verified container weight as a condition for vessel loading,” the World Shipping Council said in a statement on June, 30. “All parties should use the next 12 months to plan for the efficient and effective implementation of this requirement,” they added.
Although there was pushback by Asian and European shipper groups due to extra costs and inadequate infrastructure in developing countries, recent international incidents provided proof that enforcing container weight is much needed.
Panama Canal to Open New Locks in April 2016
Expect increases in tolls when the new locks open at the Panama Canal in April next year. Although this project is a year and a half behind the original schedule and $100 million over budget, administrators expect to fully recuperate from the loss time and additional expenses by gaining back much of the traffic lost to the Suez Canal. They plan to introduce loyalty programs for frequent users and charge less for ships that aren’t fully loaded. Administrators also point out that the round trip transit time from Asia to the U.S. East coast through the canal is 10 days shorter, which translates to a lot of saved fuel, crew costs, capital and less emissions.
Investigation Shows Shifting Cargo to be the Cause of the Boeing 747 Freighter Crash
Date published: 15/07/205
The US National Transportation Safety Board (NTSB) investigative report reveals that shifting cargo was the cause of the National Airlines (NAL) April 2013 crash in Bagram Airbase, Afghanistan, killing all seven crew members. Five large military vehicles on board were “inadequately restrained” resulting in at least one vehicle moving rearward, crippling key hydraulic systems and damaging the horizontal stabilizer components, which rendered the airplane “uncontrollable.”
“The crew took on an important mission to support American forces abroad and lost their lives not to enemy fire, but to an accident,’’ said NTSB chairman Christopher A. Hart, adding: “We cannot change what happened, but in fully investigating this accident, we hope to find ways to prevent such an accident from happening again.”
The Trucking Employment Crisis Continues
As many truck drivers are retiring, companies to fill their void with school leavers entering the workforce. The Managing Director of MAN Truck & Bus UK, Simon Elliot, believes the industry needs to find solutions to improve their poor image amongst youngsters as well as work closely with the Government and “shake-up” HGV training.
In a recent MAN study of 1,000 young people, only 3.4% were advised to follow a career in road transport/logistics. As many as 88% said they were never introduced to the idea of driving a truck as a career by a career counsellor, however 25% said they would consider it.
A report, Barriers to Youth Employment in the Freight Transport Sector, issued by the all-party Parliamentary group for freight transport claims there are deep-rooted obstacles that cause great difficulties in attracting 16 to 24 year-olds into the logistics industry.
Original Source: http://www.exportandfreight.com/?p=436
Decrease Work-Related Injuries
Date Published: 01/07/2015
The obesity epidemic in the United States is spreading worldwide with unfortunate results. Add 15 years and 35 pounds (13.6 kgs) to a worker whose job duties require lifting, agility, balance or physical exertion and you vastly increase their risk of work-related injury. Many employers are investing in risk prevention strategies and workplace wellness strategies, but are not bringing them together. Safety and risk management professionals need to recognize how far workplace wellness solutions have come over those last 15 years. As the wellness industry matures, we are witnessing the deployment of incentive programs that sustain change, and the integration of new technologies that get results. Employers are leveraging the science and art of health behaviour changes and seeing participation wellness programs increase, and health outcomes improve. Consider implementing workplace wellness programs in addition to injury prevention programs to ensure a greater decrease in work-place injuries.
A Brief Summary of the Insurance Contract Act
Date Published: 01/07/2015
The Insurance Act of 2015 was finalised on 12th February 2015 and major changes to insurance policies will come into effect August 2016. This is one of the most significant changes to insurance conducted in England and Wales since 1906.
One significant addition is the duty to make a “fair presentation of the risk” to the insurers. This requires the insured to disclose information in a reasonably clear manner. However, the insured does not have to disclose what the Insurer “knows,” “ought to know” and “presumed to know.” If the insured breaches this requirement, it does not automatically entitle the insurer to void the policy. For any action to be taken, the Insurer would have to prove that it would not have entered into the contract, charged more, or establish different terms had a “fair presentation of the risk” been supplied by the insured.
The A&B Insurance Brokers’ staff is participating in specialised, educational training to be prepared for the changes and answer any questions you may have.
Date Published: 01/07/2015
Case Study 1: Dust was created at a construction site over a long period of time and aggravated a neighbour’s asthma. It also caused discolouration of windows and internal furnishings. The construction company was ordered to pay remediation and compensation to the neighbour. The total cost amounted to £30,000.
Case Study 2: A construction company had two discharge points, utilising ponds to filter solids of out the site before entering a river. After the pumping operation failed to discharge through their water treatment system, the water entering the stream became polluted and turned orange. A nearby fishery also turned orange. Although there was no substantial fish killed, the habitat of the fish were affected resulting in a compensation of £100,000.
Dubai International Freighter Traffic Decrease
Date Published: 18/06/2015
Air Cargo tonnage at Dubai International continues to decline after freighter traffic was transferred to Al Maktoum last year. There’s was an overall 4.7% decrease from January to April compared to the same period in 2014, while Al Maktoum has seen record increases.
$300M Container Fund
Date Published: 16/06/2015
Mitsubishi introduces the MC Seamax Shipping Opportunities Fund to generate income through buying and leasing container vessels. Investors from North America, Europe and Japan have committed $300 million to the fund. With more than 45,000 TEUs capacity offered to the world’s leading liner companies, the private equity fund will be managed between MC Asset Management Holdings and Seamax Parners.
New Rules from IACS
Date Published: 11/06/2015
New Unified Requirements (UR) were announced at IMO on June 11, 2015, two years after the break-up of the container ship, MOL Comfort. New safety precautions address the bi-axial stresses and the whipping effect on container ships.
BUSINESS INTERUPTION VALUES
Date Published: 27/04/2015
Author: Dan Frio, Willis Risk & Analytics, WillisWire
When faced with a catastrophic event—whether a natural catastrophe such as a hurricane or earthquake or a human-caused catastrophe such as an act of terrorism—having accurate business interruption values greatly improves the post-loss recovery process.
Accurate values can be critical to making informed decisions pertaining to the appropriate levels of coverage required and in identifying where a company should apply its resources in disaster recovery and business continuity planning. Further, organisations that consider redundancies and interdependencies in their calculations will be able to better convey their reasoning for values that might not conform to those that insurers typically expect. Ultimately, this will make for a more manageable renewal process.
Accurate business interruption values will also assist in refining the accuracy of CAT models by allowing for these models to be made more client-specific and/or industry-specific.
Calculating business interruption values and determining the amount of coverage required often leads to a great deal of confusion, misunderstandings and uncertainty. As such, we have provided some best practices when discussing the appropriate amount of coverage to be purchased annually.
BEST PRACTICES IN BUSINESS INTERRUPTION COVERAGE
We would suggest that, at a minimum, the following recommendations are considered:
• Consider the services of an expert to assist in preparing the business interruption values.
• Understand the reason(s) why the insurer requests a business interruption worksheet and how inaccurate values or insufficiently documented values could impact the process by increasing premiums and/or delaying the binding process.
• Review the profit and loss statement that supports the business interruption worksheet submitted as well as the profit and loss statement for the business that would be expected to have the most substantial impact if affected.
• Perform a cursory review of worksheet(s) to assess the reasonableness of values as compared to the gross profit/gross earnings.
• Discuss material differences between the overall gross profit/gross earnings and the value submitted on business interruption worksheet. All differences should be reconciled and explanations should be provided for material differences. Use a structured approach, beginning with the client’s business interruption exposures based on original source documents (i.e. profit & loss statements) through the revisions including considerations for business continuity plans, disaster recovery plans, consultations with financial and operational personnel (i.e. redundancies, interdependencies, available inventory, potential bottlenecks). And concluding with accurate and supported business interruption worksheets.
The above suggestions should not be considered all-inclusive and not all suggestions will be relevant to each individual organisation. However, a structured approach will allow for a better understanding of the business interruption values.
Managing Digital Risks in the Retail World
Date Published: 21/05/2015
Author: Kelvyn Sampson, Willis UK Retail, WillisWire
It has also led to improved technology and efficiency both in-store and operationally. However, as more retailers increase their IT capital expenditure, many now see this as a strategic-level risk that could cause major disruption, significant financial loss and lasting reputational damage.
DIGITAL DEPENDENCE Digital technology advances have resulted in retailers becoming increasingly dependent on the internet and IT systems for everyday operations, including point of sale, stock management, supply chain and marketing. This means they are now at the mercy of the digital solutions they use, with retailers of all sizes and in all sub-sectors at risk.
PERCEPTION V’S. REALITY There is a perception that IT failure and cyber crime is confined to a retailer’s ecommerce website or the loss of data such as customers’ credit card details. The reality is that without its IT systems a retail business could cease to sell for weeks, resulting in lost revenue and potentially high costs of hiring external expertise to fix technical problems.
Another common misconception is that most cyber incidents occur as a result of external hackers. In fact, according to the Ponemon Institute’s 2014 Cost of Data Breach study, it is a combination of
Often businesses will not know they have experienced a cyber breach until an external source notifies them, resulting in slow response times. The assumption that responsibility for managing and understanding digital risks lies solely with IT departments is rapidly changing. There is growing recognition that everyone in an organisation should be accountable for cyber security, but despite this few staff tend to be trained on information security and many boards still lack a comprehensive understanding of it.
WHAT ARE THE RISKS? One of the major risks a retailer faces is from the number and variety of business partners it works with. It is not enough for retailers to simply implement physical, technical and organisational security measures within their own businesses as the IT perimeter for cyber risk extends further than this. They must also focus on cyber security within the supply-chain and with service providers as interconnectivity between companies can pose a real threat.
FLAWED DIGITAL STRATEGY Retailers unsurprisingly tend to focus on the threat posed by unforeseen events, such as a hack or service downtime. However, with online trading contributing a higher proportion than ever of most retailers’ income, a badly executed strategy such as a poorly received website revamp, can have a material effect on a company resulting in a drop in sales and, in extreme circumstances, a fall in share price.
LOSS OR THEFT OF CONFIDENTIAL BUSINESS INFORMATION/TRADE SECRETS Retailers handle a lot of confidential and commercially sensitive information, both their own and that of business partners. If such information is lost or stolen it could be useful to competitors as well as fraudsters, for example; details of suppliers, pricing strategies, current financial position, advertising and marketing campaigns, and any other information that is not publicly available.
FAILIURE OF INTERCONNECTED SYSTEMS Computer based services are interdependent both within and outside an organisation. The failure of one organisation’s computer system can have a dramatic knock-on effect on all those with which it is connected. The same is true of cloud service providers and webhosting companies whose services many retailers are dependent upon. Examples of such issues include till or chip and pin machine failure, automated stock management system glitch, website issues all of which can impact on sales.
LOSS OR THEFT OF PERSONAL DATA Retailers collect, maintain, transmit or store private information including potentially large amounts of consumer and employee data, as well as a significant amount of credit card information. This personal and confidential data may be shared between individual organisations and their supply chains, increasing the number of touch points and therefore the potential risk of a data breach.
IP INFRINGEMENT IP infringement for retailers can include violation of design, copyright, trademark, domain name and copycat websites.
SUPPLY CHAIN Retailers often have complex and diverse global supply chains, covering areas as varied as stock supply and credit card payments, making due diligence difficult and costly. There may also be differences in the quality of suppliers’ cyber security and a weak link in the supply chain can leave retailers vulnerable to a costly cyber attack.
CYBER EXTORTION Cyber extortion has become far more common in the retail sector, partly as a result of the low cost and easy availability of hacking tools which are simple for even the most technically challenged criminal to use. Denial of service (DoS) attacks can block access to essential systems and online trading platforms, leaving retailers unable to trade and at the mercy of cyber criminals.
FRAUD Fraud is a particular issue for retailers thanks to their relatively high profile and online ubiquity. Retail is also one of the industries particularly prone to payment card skimming, with fraudsters using stolen details from individuals’ credit cards to make purchases. This type of activity is increasingly happening online where a physical card is not required to make a purchase and appropriate checks are more difficult to carry out – the cost of such fraud can be significant for a retailer.
WHAT ARE THE IMPACTS? The impact of any digital incident, especially if not handled correctly, can be catastrophic in terms of reputational damage and financial loss. Some of the more obvious impacts on the balance sheet include: theft of cash; the inability to trade and associated costs of downtime; costs to repair or reinstate systems and operations; ransom payments to hackers (denial of service attacks); and regulatory fines for data breach of customer information.
There are also some less apparent costs associated with digital incidents which may include: opportunity costs following the loss of vital business and client information; non-delivery of stock or other essential supplies; and possible legal costs associated with defending issues such as IP infringement. Other even more intangible, but no less important, consequences should also be considered as these ultimately have a financial impact. Brand and consumer trust, for example, is an incredibly important part of being a successful online retailer and can be severely damaged following an incident. A retailer’s reputation can take years to build and, in the age of social media, hours to destroy. A significant loss of customer data or similar breach can mean that consumers lose confidence in a retailer, taking their business to a more trusted site. Damage can be exacerbated if an incident is poorly handled from a PR perspective.
SUMMARY Although investment in cyber security will not prevent against all eventualities – due to constantly evolving forms of malware and the impending threat of human error – managing digital risks effectively can significantly reduce the impact of cyber incidents.
Claims – Made and Rejected
Date Published: 11/05/15
Author: Andrew Doherty, Willis Finex, WillisWire
Multiple recent court decisions have favoured insurance companies in directors & officers (D&O) liability cases that hinged on the issue of the timely reporting of claims under claims-made-and-reported policies.
These rulings have held that matters not reported in a timely manner (even when a series of consecutive claims-made-and-reported policies existed) does not trigger coverage.
In these cases, there appears to have been D&O coverage in place on an uninterrupted basis throughout the period when the claims were first made against the insureds, and in one case that continuous coverage appears to have been in place with the same insurer. Further, these do not appear to be cases where the insured bought D&O insurance for the first time when trouble was brewing (the ‘burning building’ scenario that insurers fear).
JUST THE FACTS So, what happened? It’s actually quite simple. The insurer held up the four corners of the insurance contract(s) in question, looked at the reporting obligations, said they were not met, and the courts agreed.
Nope, it all hinged on just the facts. These otherwise potentially covered claims (some assumptions are being made here) were not reported in a timely fashion—end of discussion! Well, actually, more discussion was likely had about the costs expended to challenge and sue the D&O carriers in order to ultimately arrive at these decisions. Ouch – talk about salt in the wound!
THE DEFINITION OF “CLAIM”” So, what’s the take-away? Insurance buyers have to know:
If that doesn’t happen, the battle for coverage will be an uphill one right from the beginning. And, keep in mind, this issue applies to any claims-made-and-reported policies: D&O, employment practices liability (EPL), fiduciary liability, employed lawyers, as well as most E&O and cyber liability policies.
You don’t want to lose the fight before you even get into the arena!