When a new company moves to secure funding and formalize operations, insurance is often an afterthought. But with a bit of effort, emerging companies can obtain strong insurance protection, maximize their existing coverage, and make themselves more attractive to future investors and other partners. Emerging companies should focus in particular on commercial general liability, data privacy and cyber liability, errors and omissions liability, directors’ and officers’ liability (D&O) and, depending on the number of employees, fiduciary liability and employment practices liability policies. An effective risk management strategy will also depend on strong external support from insurance brokers and counsel.
In the article 5 Insurance Tips for Emerging Companies published by Risk Management, I discuss five best practices for getting started on an insurance program.
In the ACC Docket article, Cybersecurity and Data Breaches: How In-House Counsel Can Engage the Board, my fellow partner Carly Alameda and her co-author Olga Mack of ClearSlide correctly observe that cyber insurance may cover costs a company incurs as a result of a data security breach.
I’d emphasize that boards should carefully review proposed policies before they buy one to ensure that they obtain the desired coverage. Cyber insurance policies are not written on standard forms. Policy language and the scope of coverage offered by different insurers can vary, sometimes widely.
I’d suggest that boards first gain an understanding of their own risk profile and then seek to tailor the cyber insurance to address their particular risks. For example, not all cyber insurance policies will cover the insured if the data security breach was caused by an intrusion into a third-party vendor’s system, even though the insured is ultimately responsible for providing notice to consumers and may face lawsuits by consumers, banks and others. Companies that rely on third-party vendors to collect or store PII should make sure that any policy they buy covers losses due to an intrusion into third-parties’ systems.
and David Smith
David Smith and I have recently been writing and speaking about cyber risks and cyber insurance for the wine industry. While many of the high-profile data security breaches in the news involve large public companies, all businesses that accept credit cards for payment and/or have personally identifiable information from employees or customers are at risk of a data security breach. This is the case even if the collection or storage of such information is handled by a third-party vendor. Businesses should carefully consider their cyber risks and whether cyber insurance could help them manage those risks. We’d like to share an article we recently wrote on protecting your wine business against data security breaches and other cyber risks: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks.
and David Smith
On December 16, 2015, the California Department of Motor Vehicles (CA DMV) issued draft regulations for the deployment (not just testing) of autonomous vehicles. When adopted, they may be the first such regulations in the country. The National Highway Transportation Safety Administration (NHTSA) is moving ahead with testing of self-driving technologies in anticipation of setting safety standards. Meanwhile, Google and virtually every major car manufacturer has stepped on the innovation gas pedal to develop self-driving technologies. Will regulators be ready when the cars are? How will the regulation of autonomous vehicles impact the liability landscape and, in turn, how that liability will be insured?
NHTSA researches and regulates vehicle design and safety. It has been testing crash avoidance technologies as they have emerged, such as automatic braking and lane change warning systems. NHTSA is also aggressively testing and promoting vehicle-to-vehicle (V2V) technologies, because it believes that V2V communication is critical to enhancing safe driving, even before cars become fully automated. In August 2014, it issued a notice of proposed rule-making in anticipation of requiring V2V technology in new cars. Those rules will also address privacy and cyber security issues, and now Congress has proposed rules to address the security of car information and communication systems. NHTSA’s research priorities include perhaps the most critical issues created by incremental changes – driver-vehicle interaction. How well will drivers pay attention as incremental technologies take over some aspects of driving (such as advanced adaptive cruise control of the kind Tesla recently installed on its Model S)? Can drivers react quickly and calmly enough to take over in the event automated systems fail? The research appears driven by NHTSA’s conviction that autonomous cars will successfully reduce the number and severity of crashes, eliminate congested highways, and reduce fuel consumption and noxious emissions.
In its May 2013 Preliminary Statement on the subject, NHTSA confirmed its intention to establish autonomous car design and safety standards. At the same time, it agreed that individual states were better suited to regulate driver licensing, and the conditions for deployment of cars on state roads. In an April 2015 letter to the CA DMV Director, anticipating California’s draft regulations, NHTSA emphasized its work on safety standards, apparently hoping to preempt any effort by California to try to invade its jurisdiction. Certainly, few want to see 50 sets of rules governing technology that would kill the market for these cars before it could develop.
and David Smith
Companies’ awareness of “cyber” risks has increased significantly because of large and highly publicized data security breaches, such as Target and Home Depot. Companies are starting to more proactively manage the risk of data security breaches by strengthening their IT defenses and, in many cases, buying cyber insurance. However, many do not realize that data security breaches are just the tip of the cyber-risk iceberg. Because nearly our entire economic system depends on electronic devices, machinery and infrastructure that is connected to the internet (i.e., the “Internet of Things”), the potential exists for much larger scale hacking attacks that could control, damage, destroy or shut down many of the systems on which we rely to conduct business. Some of this risk is covered by cyber insurance, but much of it is not. Proactive and effective “Enterprise Risk Management” will be vital to companies seeking to protect themselves against these growing risks. Businesses should carefully review their unique risk profiles, indemnity contracts and insurance policies (including their non-cyber “traditional” policies) to identify and mitigate their exposures.
We have all heard of the large scale attacks on Target, Home Depot and more recently, Ashley Madison. The news generated by these cyber attacks has contributed to the public’s increasing awareness of the large volumes and types of personal information that companies are holding about their customers. To protect themselves against some of the losses that such data security breaches may cause, many companies have prudently responded by buying “cyber insurance.”
But few realize that data security breaches are just the tip of the cyber-risk iceberg. While the storage of personal information on the internet has grown exponentially, so has the connectivity of pretty much all the electronic consumer products, corporate computing infrastructures and industrial machinery on which our economy relies. The enormous number of devices and machines that are connected to the internet do not just give hackers additional ways of gaining access to computer systems and the data they store – the Target hackers accessed the point-of-sale terminals via the company’s HVAC system. Hackers now have the ability to cause widespread physical and economic harm by shutting down or damaging critical systems.
Last week, I co-moderated a panel discussion at the Bar Association of San Francisco entitled “Insurance Issues In The Sharing Economy.” We had a lively and informative panel discussion between Kate Sampson, Managing Director at Marsh Risk & Insurance Services (and former VP of Insurance Solutions at Lyft), Chris Shultz of the California Department of Insurance, and Dan Wade of United Policyholders, a consumer advocacy group.
We started off distinguishing between, and defining, the “App-Based Economy” and the “Sharing/Collaborative Economy.” The former refers to any app-based purchasing platform, while the latter refers more specifically to the concept of private individuals offering to share a private space/asset with another person for compensation. And despite the proliferation of these types of companies, what they do is not without precedent. As Chris Shultz pointed out, “people have always delivered goods and products for cash, the ability to do it more broadly is what’s new.”
From an insurance perspective, how “disruptive” sharing economy companies are depends to a large extent on how heavily-regulated their insurance requirements are. For example, there are no specific regulatory requirements for home-sharing, and insurance products already exist (landlord liability policies or endorsements). The same is true of delivery services: pizza delivery guys have been an institution for decades.
But the same is not true for “ride-sharing” companies, which provide prearranged transportation services for compensation using an online-enabled application or platform to connect drivers using their personal vehicles with passengers. The space in which these companies operate has very heavily-regulated insurance requirements.
I enjoyed co-authoring the article Does Your Commercial Crime Policy Cover Loss From an Imposter's Fraud? with John M. Orr of Integro. Policyholders should take a close look at their crime insurance policies to see whether they'd have coverage if an imposter fraudulently caused an employee to transfer company funds.
This is the second post in our series regarding coverage issues affecting emerging companies. This post addresses the insurance application process. The application is a critical part of the process because insurance companies use it to assess whether they want to take on the risk, and if so how much premium to charge. The carrier can attempt to rescind an insurance policy if there was a material (but not necessarily intentional) misstatement or omission of fact in the application. Rescission of an insurance policy means it is as if the policy was never issued and the policyholder simply gets a refund of the premium paid and the carrier walks away.
First, it is critical to understand that an insurance application is not a form that can be completed by anybody in your organization. For many policies, the application will be attached and actually become part of the policy when it is issued. When a claim is made, the application will be one of the first places the carrier looks to see whether the insured is entitled to coverage or vulnerable to a rescission claim.
by David Smith
and Dennis Cusack
On November 6, 2015, Toyota announced that it plans to invest $1 billion in a Silicon Valley research center for artificial intelligence. On November 10, Volkswagen said it had hired away from Apple its lead expert on self-driving cars. (Yes, Apple too has a secret car project.) While analysts’ views differ on when, most agree that it is only a matter of time before fully autonomous vehicles become mainstream.
The US Department of Transportation called recent innovations by car manufacturers a “revolution in safety.” Historically, automakers (strongly encouraged by insurers) have focused on engineering vehicles to enhance occupant protection in the event of a crash. That’s why automobiles today have a range of airbags – front, rear, side and even curtains – as well as a long list of safety enhancements, including structural reinforcements to the passenger compartments and advanced safety belts.
Today, vehicle safety has expanded into technologies that help prevent or mitigate crashes. Vehicles can automatically brake to avoid or minimize accidents, self correct steering if the driver wanders out of his or her lane, and can parallel park better than many humans. They do this by means of a variety of sensors, connected to a central computer running sophisticated software. By use of sensors and cameras, today’s modern car can “see” round corners, keep a steady (and safe) distance from the vehicle in front, and anticipate and prevent a crash. All of these technologies, though, still require an attentive driver with hands on the wheel.
High Fire Season Followed by El Niño Sets California Policyholders On Collision Course With Property Insurers
Regular readers of the SFGate website saw two familiar headlines on September 10, 2015. The first – “Northern California wildfire explodes in size” (last accessed September 28, 2015) – would not have been unusual on any summer day in California, particularly in the last four years as an historic drought has ravaged the Western United States. Wildfires, always a feature of the dry season in the West, have increased in size and intensity as the yearly average precipitation levels continue to fall.
The second – “El Niño Odds Rise Again, Tracking to Be a Blockbuster” – was more unusual, and almost certainly more welcome to local readers. The El Niño weather phenomenon, which refers to a band of abnormally warm water in the central equatorial Pacific, is generally associated with large storms in the United States, and the West Coast in particular. News of the impending 2015-2016 El Niño has raised hopes that heavy rains will replenish water supplies that have been devastated by four-plus years of meager rainfall. But this year’s El Niño may have more damaging effects, especially in areas impacted by fire.
When heavy rains follow wildfire, the results can be deadly. According to the U.S. Geological Survey, after a wildfire “even modest rainstorms can produce dangerous flash floods and debris flows.” Multiple fire-related factors can contribute to mudslides. The most obvious is the tendency of wildfires to damage vegetation and root systems, which hold soil in place and provide barriers to mudslides and flooding. Hillsides denuded of vegetation are far more susceptible to mudslides during a storm.
The interplay of fire and weather has crucial implications in the context of first party property insurance, where causation determines coverage. Most property policies exclude damage caused by earth movement and water damage and, as a result, policyholders who suffer damage from mudslides are almost guaranteed to have their claims denied. But policyholders, particularly in western states, should not be afraid to push back on a denial if the mudslide occurs in an area previously damaged by fire.