Stop Buying Insurance by the Old Rules – “Best Practices” Aren’t Helping You Now
Changes in business are coming at lightning speed, making “best practices” obsolete. This is powerfully true in how you handle risk in your organization, directly impacting two basic things – money and operations.
So, let’s approach things with a “clean sheet of paper.”
The old way of buying business insurance looked something like this – reacting to specific claims by finding specific coverages and patching the gaps as they were spotted (often too late). Fast forward to today - now it’s a new game that requires new rules and new behaviors. To be informed buyers, organizations should understand how three pillars of risk management have changed.
1) Catastrophes impact everyone’s property coverage costs
The biggest cost drivers in property coverage are a growing range of catastrophes - flood, wind, earthquake, wildfire - along with domestic water damage (eg. water from a burst pipe). The financial impact is immediate and can be huge, ranging from an accidental fire at a manufacturing operation to an overflowing toilet one floor above an MRI machine. You may think that distant catastrophes don’t impact your premiums, but we’re all buying from the same pool of risk.
Insurance carriers are responding to cost increases by scrutinizing these exposures and reducing limits that they will pay. Disaster experiences are hitting carriers hard with both frequency and severity of claims. Their response? Rates are going up by double digit increases along with increased deductibles. This “perfect storm” is a lose/lose for the unprepared customer.
How should you respond? Have a strong, written and rehearsed disaster recovery plan. This is critical to risk resiliency. For example if you are in a flood prone area, having a Flood Incident Response Plan is critical to respond effectively to the disaster, reduce the flood damage and control your premium cost. Even if you’re not in a flood prone area, having a domestic water monitoring and response plan is good, basic, risk management.
Consider “right sizing” your limit profiles, deductibles and coverages. This means working with your advisors in the scrutiny of total insured values, business income/extra expense limits and business interruption worksheets. These steps align your insurance program with the actual exposures you feel are most critical. The next step? Transfer these risks. Work out the coverages that fit your new world.
This preparation work will help you present a compelling story to the underwriter about your risk reduction efforts.
2) Liability is growing for company leaders
Leaders must take the bad and the good together. The benefits of being an employer come with the risks of being on the hook for liability claims and class actions. The risks come in many forms, and claims are rising in frequency and cost – from regulatory issues that change frequently, consolidations/bankruptcy, harassment, discrimination claims or mass class actions. When you include the costs of litigation, distraction and negative marketplace perceptions, the overall costs are enormous. And it’s not just the large cost in money but also in your time. Lawsuits can drag on for years — exactly the opposite of what you need as you are building a sustainable organization.
The market of available insurers for large organization directors & officers liability insurance (D&O) and employee practices liability insurance (EPLI) has severely contracted recently, with many carriers cutting back on their offerings. As the availability of insurance providers shrink, the cost to buy their plans skyrocket. For those who are still in the market, rates are going up an average of 25 percent, and retentions can as much as double.
How should you respond? Implement risk reduction that you can document. Start with an education program for those covered, focused on guiding them to fair and consistent action. Board and administrative-level training on the emerging D&O and EPLI risk factors is critical and may be offered at no additional charge by your carrier. In-house counsel, human resources and risk management need to be aligned in how they address these emerging issues, how they document both policy and procedures and how they handle complaints. Ask your advisor if your carriers offer resources on this issue.
Your reaction should be to go “big picture” and fully comprehend the situation from all angles - your loss history, your financial condition and your current risks. (In depth COVID questionnaires are commonplace now.) Also, build in enough time for advisors and underwriters to do their jobs. In the new world, securing coverage takes longer. For example, if you are evaluating the management liability lines, make sure to build in enough time prior to the renewal to make a credible case with the underwriters. In today’s volatile markets, additional markets and fresh strategies may be needed to replace capacity crunches, which takes time to get a better result.
3) Cyber Liability has turned into an arms race
Most catastrophic risks are traditional and well defined, unlike cyber risk with its constantly evolving threat, shape-shifting and adapting to our defenses. The financial and operational impacts of getting it wrong can be massive. A ransomware attack demands one set of immediate responses. A data breach requires another. The loss of a laptop with personal health information requires yet another, and so on.
The insurance marketplace is responding quickly, with evolving policy language. Good news - there appears to still be tremendous interest and capacity in the insurance market to write new cyber coverage and increase limit availability. Bad news - the speed of change has created a disjointed marketplace with wide gaps between carriers on pricing, retention and limits.
How should you respond? Get ahead of the race; then run faster. Test your Incident Response Plan with the C-suite and IT administration every year. At a minimum, engage with your insurance consultant as well as a breach coach and IT forensics when testing your plans. Use third-party security reports to outline the exposures and controls in place. The weakest link in any cyber security protocol is always the people, so regular training and internal phishing campaigns elevate the awareness of these social engineering attack vectors.
Cyber has become an evolving coverage for most organizations, and the insurance industry’s response continues to evolve as well. This means constant change for limit profiles, coverage language and new additional coverages become available. Re-evaluate everything at each renewal. The whole policy should be matched up with the latest industry standards. With all the moving parts, a full evaluation is critical to keeping ahead in the cyber arms race. Further, as insurance carriers continue to deploy refined pre- and post- breach services, evaluate the usefulness of these services with each update. Times change, and so should your organization’s cyber response.
In summary, it’s time for a clean sheet of paper and a refresh of your critical thinking skills. Look at the big picture: check your insurance plan’s alignment with your future organization. Where are the gaps? Where are coverages that are no longer aligned with the organization’s risk profile? Oh, and don’t forget to build in additional time to let your insurance advisor educate underwriters and negotiate for the best coverage at the lowest cost.
Then, you’ll have moved from “best practices” to “next practices”, which will make all the difference.
This post is part of New World, New Strategy – a blog series to help your organization persist and thrive. Check out the other posts here:
The Real Cost of Pandemic Fatigue
Surviving in Open Enrollment Pandemic
Remote Employees: Cyber Nightmares or Warriors?
End the Fire Drill and Move Your Organization Forward
Stop Buying Insurance by the Old Rules – "Best Practices" Aren't Helping You Now
To Return or Not Return to Work?