Garrett Koehn is president of the Northwestern US for commercial insurance wholesaler CRC, based in San Francisco. His areas of expertise include technology-related professional liability, intellectual property and D&O insurance. In addition to brokering operations, he has held underwriting authority from leading insurance markets for most of his career–including Lloyd’s, AIG, ASPEN, Principia and others.
Koehn authored his first cyber-related coverages in 1995, working with leading Silicon Valley startups and insurance carriers to develop products that did not previously exist.
I think foreign currency risk this year is huge. The USD is gaining value at a meaningful pace, which will have an impact on exports, debt, investments, etc.
Second, the rapid speed of innovation is attacking areas of commerce that are seemingly unable to adjust their operating models. We saw these threats hit industries like retail and publishing over the last two decades. Now this disruption is moving into nearly every business sector (transportation, finance, things, restaurants, etc.)
Third, (and this starts to move in the direction of insurance) social media-brand management is a significant burden for executives. The speed and distance at which information moves is unlike anything in history. Failing to address this is a big mistake.
Fourth, cyber threats (very insurable) are a significant threat for most companies, yet few companies have spent appropriate time on the analysis of their risks and potential costs.
A meaningful increase in cyber liability seems likely. If the daily run of media reports isn’t enough to convince you, I’ve always liked following investment money in the private sector to reflect on what might be next. In 2010, there were 133 cyber security investments totaling $941 million, according to CB Insights. Last year, there were 269 deals with $2.3 billion invested in the venture capital space. The trend appears to be following the exposure. People’s perceptions are also changing. Most companies now expect that they will have their computer systems breached next year, the 2015 Cyberthreat Defense Report shows.
Beyond the growth in numbers, the complexity of a cyber-breach involves other nuances and not very well understood expenses. Solving for the breach is expensive and hugely time sensitive. There is a cost associated with any necessary remedy (for example, purchasing identity-theft protection for consumers). There can be intangible costs associated with stolen trade secrets. There are legal costs that can come in three forms: legal expenses in managing the incident, legal expenses from litigation such as a consumer class action, and lastly, potential board-level litigation in the form of a directors and officers suit. There are potential regulatory requirements (and associated costs). Let’s also not forget about reputational risk and the costs associated with the proper management of an executive’s brand, perhaps through a PR firm. In the end, the costs are turning out to be much greater than companies seemed to expect.
I believe that there is a combination in this area. It is highly dynamic in all regards at this time. Additionally, it is difficult to understand what is next as technology continues to evolve–think of hacked security systems, self-driving cars, utilities, etc.
In the case of cyber insurance, I think we are doing what we can. This might not be saying much, but there are some insurance companies that are good at predicting what potential losses might look like, at least, for data breach. Most will admit, though, that there is not a great deal of data, enough history or an understanding of the future.
The unknown unknown. We can insure with some success areas that we understand (other than trade secrets–a topic for another day!) We cannot protect against events we don’t foresee or perhaps a magnitude previously unseen.