It's a necessary coverage that isn't as obvious as it should be.
Oftentimes, it takes a contractual obligation before technology companies get serious about a policy.
However, the reality is they are open to just as much risk as any other "traditional" field that regularly buys professional insurance.
A lot of times there's a lack of information or unfamiliarity with claims to see real value.
Manny Cho, RPS Executive VP, and Jacob Ingerslev, Head of Global Cyber Risk at The Hartford, talk about everything your clients should know to want the coverage.
Joey Giangola: Manny Cho and Jacob Ingerslev. How are you guys doing today?
Jacob Ingerslev: Great.
Manny Cho: Doing well. Thanks.
Joey Giangola: Well, before we get anything too serious, I got to know this first, is there anything in your life that you feel is just, you need to go a little extra custom and you need something a little specific that doesn't really come off the shelf where you want to tailor it, really get that extra mile. Is there anything that stands out to you guys that really makes a big difference?
Jacob Ingerslev: I think that's how I feel about everything I buy in life. I like to have options. That's really... whether that's at the grocery store or you're buying a car.
Joey Giangola: All right. What about you, Manny?
Manny Cho: For me, since I need some special measurements in case we ever go back to wearing suits again, that's the one piece that I like to have tailored. As I get more experienced, I just need some special care when it comes to fitting well in a suit.
Joey Giangola: It cannot be underestimated what a well-fitting suit does to both the person wearing it and the people seeing it. I can't emphasize it. It feels like one of those things that, oh, you got to get your suits tailored, but it is very nice. One thing that I want to do to move that over to the insurance side of things and talk about products that do maybe need a lecture customization that aren't as standard as you might find in certain industries that that might need a little more attention specifically around the technology space. Jacob, what do you see around there? Why is there such a need, a little extra special caretaking for certain industries like that to where the risk might be a little different?
Jacob Ingerslev: Yeah. Well, I think particularly with something like technology and cyber for example, it's a fast moving area. We constantly see new technology taken over what was a manual process. It's taken over our lives in many ways. Insurance coverage has to keep up with that and that's particularly true for cyber as a risk as well, which goes hand in hand with tech coverage. There's this misconception out there that unfortunately that your standard insurance coverages will cover some of these risks, your general liability, your property insurance, and that's often not true. So it's important to be educated on specialist products like tech E&0 and cyber for that reason.
Joey Giangola: Yeah. Manny, from the agent side of things, where do you think that awareness sits in terms of them knowing, you said that gap in terms of what they might be looking to go to sell on the day-to-day basis versus looking for something a little more specific? Do you think that the awareness level was there or how further they need to go to really fully understand that?
Manny Cho: I think most retail agents are aware of the need for professional liability or tech E&O and now, I don't know who is not aware about cyber, but most would be aware that the policy exists. I think it's really on the client side where you have to do the convincing, especially around tech E&O. Historically we've seen that most buyers should buy as soon as they have a product that's in the market being beta tested or being tested in the market, but most don't buy until they have to because of a contractual reason. So, it's a very interesting dynamic where once we see the risk, usually they're two, three, maybe four years into their life cycle and they need to buy because someone told them they have to now. It's a very strange field. It's not like a lawyer or an accountant where as soon as they hang up a shingle, they know that they better buy professional, same with a doctor or a dentist. So it's a little different field for tech E&O.
Joey Giangola: Yeah. That's interesting. You said when the mandate comes in Jacob, does that fit what you guys see on the care side in terms of... or the better question is, what can be done to maybe further adoption or penetrate that understanding from the client side of things to maybe understand and maybe seek out this coverage before somebody forces it upon them? Is there anything that you guys have seen to help push that along?
Jacob Ingerslev: I think traditionally the contractual requirements have been a big part of the need to have coverage and then it hasn't really happened until you are faced with that contractual demand. The cyber aspect of the coverage though is happening automatically through the media. It's hard not to turn on a TV and not hear about ransomware or open industry publications. Ransomware is everywhere now. So I think we're seeing some help from that angle. I think the tech E&O aspect of the risk, I think we continue to do a lot to educate through LinkedIn and other sources and marketing to make sure that people are aware that this is not something that's covered in your traditional insurance products, but there's a way to go. But we continue to push ahead.
Joey Giangola: Manny, is there one conversation around where the market is that currently that the agents could come armed with to their clients today to say, "Hey, listen, this is what's going on. This is why it's important." What would you say to them to give them that ammunition to maybe come to that conversation with a better chance to not have a contractual requirement to actually close the business?
Manny Cho: The discussion we usually have around E&O is it's a protection of your assets. If you're a startup and say you only have seed round funding, you need to spend that money on IT and marketing and product development. If you get a claim in for failure to perform, it could go away, but you also could spend a hundred, 200,000 in defense costs just to make it go away. You could run into some cyber event where you're spending 40, 50, 100,000 dollars to start your network or to protect yourself against a ransomware demand and then all the fallout that happens afterwards. So it really is, like everything in insurance, it's a proactive measure and a risk management measure to manage valuable resources, which in most cases for smaller firms is their capital and their cash. So it's a great trade-off, million dollar limit especially in the program that we have with Hartford today, the cost is nominal to really protect yourself against a very critical event.
Jacob Ingerslev: Yeah. Claims are certainly the most important lessons learned with respect to wanting to buy a coverage. That's what we see after contractual requests for insurance coverage. When people have had an incident, they understand the value of the insurance coverage.
Joey Giangola: That's exactly where I wanted to go. Is there anything specifically that stands out from a claims perspective, Jacob, that really provides that motivation or you find happening more often than not that maybe agents could use as a good example of just say, "Hey, listen, these things are happening more and more frequently." Or whatever the case is.
Jacob Ingerslev: Starting with the tech E&O and media coverage that's embedded into the product, specialist council certainly adds value. The average attorney may not have the expertise of specialism to respond or deal with a breach of contract claim or an intellectual property infringement claim. So I think there is value added to that angle from a claim perspective, where we worked with a specialist claim counsel that have a tremendous experience in this area. The cyber particularly, that's where you really see the value added coming through. Fortunately, most companies that get hit with a cyber attack hasn't happened to them before, but that also means they don't really know necessarily what to do if their entire network's infected and they can't even open the email. This is where the policy really comes through in terms of the incident response services that come with a policy.
So typically cyber coverage has incident response providers associated with the policy. Breach coaches, those are the lawyers that help companies understand their obligations when it comes to a privacy event. There are many different complicated pieces of regulation to keep up to speed with and the average company probably isn't going to have that expertise in-house so that's important. If we take ransomware as an example, it's a whole process where your network gets infected. You then get presented with an extortion demand. Usually that can be negotiated. A lot of companies may not know that, but incident response providers handle that negotiation. They have a lot of experience doing these negotiations from all of the incidents that they've handled. So they know maybe exactly where you can go to based on the impact to the network in each case.
The more practical side of it is most demands are paid in cryptocurrency. I don't have, I sold mine at least, I don't have cryptocurrency in my wallet currently and I think that's probably true at least for small business on average that they don't have cryptocurrency in an account that they can readily use for extortion payments if they're required to do so. That's really the key to cyber claims handling is having all of those resources available with a cyber policy or tech E&O policy that has cyber coverage.
Joey Giangola: Manny, I don't know if you maybe have some thoughts off the top of your head, but is there an example to where a company had to rely on those services and the reality that they were met with that again, we hear about all this stuff, claims response, all of this hand-holding during the process, but is there something that really stood out to them in terms of how valuable it ended up being during that situation?
Manny Cho: Yeah, I would just say the services are so valuable that even with the rise in premiums and some of the coverage changes that we're seeing for some industry classes, we have insureds that are asking to buy a minimal level of policy just so they can have access to the resources that are provided. The breach coach is invaluable. It's like being in an NFL team. You're either going to go to the rookie to start the Superbowl, or you're going to go to the vet that's been there six times and knows the playbook very well. They're very experienced, they know how to handle things, and they have at the ready a number of resources to help mitigate the loss. The biggest thing that you need in these events is to mitigate the loss. Where we've seen a lot more value and a lot more interesting claims work is in the remediation side on the back end. That's really the newest phase where you're restoring the data or figuring out where the loss occurred.
The breach coach is also really good working with the forensics teams and determining if any data was impacted and actually stolen because then that triggers the privacy regulations and the requirements for notification. So the breach coach they're also attorneys so they know what states you would have to make a notification then in what period of time and how quickly. So everything works really well together and then the last phase is on the business income side. The business income negotiations are very similar to a property claim that had a fire loss and you're negotiating BI, but the resources that are available, the use of outside consultants to help you figure out what your true BI loss is.
These are all services that if an insured were to try and figure out themselves, A, they would pay a rate that's probably triple or four times what they're going to get using the insurance carrier rate, but they wouldn't even know where to start to get credible resources and information. So the policy provides a lot of invaluable services at the time of claim, but even before there's a lot of things that the policy does that really could help them if they took advantage of it.
Joey Giangola: I'm not sure which one of you want to jump on this. So feel free to fight over whoever gets to answer this question, but talking about the changing coverage what's going on there in terms of what adjustments are seeing, and maybe more importantly what I'm interested in is what limits are people may be buying or what limits should they be buying? Are we seeing agents properly quoting this stuff to handle the company's risk, or are we just not seeing the adequate coverage being placed, or are they having a hard time getting it? All of that stuff is on the table. What are we seeing around that?
Jacob Ingerslev: Manny, feel free to go first here.
Manny Cho: Thanks, I appreciate it. So, we're definitely seeing I think the history of cyber, my colleague Steve Robinson has done a couple of white papers around this, but he calls this the teenage years around cyber. We had a number of years of almost static growth in the industry. Then we hockey sticked and we saw dramatic growth. As new entrants came into the market, we really expanded coverage into some areas with very little, if any underwriting. Sorry to the audience that believes in this, but system failure is just a ridiculous coverage to put on a cyber policy. It has nothing to do with an attack. It's just, "Oh, something goes wrong on your system we're going to pay for it." Nobody covers that. So I think there's definitely a trend. I think that carriers as a whole are looking at what coverages they're providing, but even with all the stuff that was thrown in as bells and whistles, the predominant loss was coming in ransomware, funds transfer fraud, really the traditional mechanisms, the traditional coverages. We are seeing carriers implement more underwriting and some underwriting discipline to what they're looking at.
There's more stringent requirements around controls that insureds need to have. So now it's just not accept everyone. It's except a very select group of insureds, especially in some higher risk areas. I think it's definitely going to be more of a trend as the year ends and as 2022 creates some new challenges or some new way that the bad actors are trying to get in. The carriers are going to have to react because at the end of the day, they have to be profitable in this line of business to continue. So as a broker, we look at all those situations and then in terms of limits, a number of insureds would, in the past, would love to buy as much as they could in the market, but as much as they could, could be very restrictive now going forward based on your class of business, your controls in place, and the size of risk and really the appetite that underwriters might have to put up capacity.
In the past, a lot of carriers were willing to put up 10 million limits. Now, one to three, trying to get a three is a stretch. So we can't build towers as easily as we could before. It's just more limited and a little more difficult to get to the same level of coverage even that you had last year. So it's an evolving market. We use some in-house information that we have proprietary to us about limits purchase and in different segments. We have partnered with some other vendors to help us along that line as well, to help give guidance, but really it's just limits purchase is a tool that we give to insureds to look at around peer analysis. But at the end of the day, it really is up to them in their internal business continuity planning to understand what the potential risks would be and how much they really should value. So, very similar to other lines of business. On the traditional property side, you should know how much you could lose if something goes down and that's the limit you should look to purchase.
Jacob Ingerslev: Just to comment on Manny's response. From a carrier perspective, we see certainly an increase in demand because of this attraction of limits available in the market. Certainly seeing a lot more excess submissions coming in and obviously we know the reason why the situation, this is what it is, is there's been a huge increase in ransomware losses particularly. so the profit margins in the market have shrunk quite a bit and as a result, carriers in some cases pulling back on limits. There's also generally a continuous increased demand for tech coverage because technology is a pretty fast growing industry. So it's on average going faster than what we've seen other more traditional industries, particularly with all the lockdown we've been going through, technology's become even more important and dependency on it has become even more significant. So, there is more demand, but also the terms and conditions of the market are driving up that demand and awareness of cyber risk overall as well.
Joey Giangola: So Jacob, I want to break it down a little bit in terms of the different segments that qualify under the technology branch of this thing and there's really only just a little over a handful of them. If you're an agent out there looking to target one of those or maybe two of those, from your perspective, maybe the better question is, where's maybe there more adoption or is there more open-mindedness to this coverage in those different areas and where should agents really be focusing their time is the ultimate question.
Jacob Ingerslev: Yeah. Different carriers define technology in different ways. We've put it into these six buckets. Traditionally, the buyers of tech E&O coverage have been obviously the software providers and then after that the tech service providers. So traditionally there has been the IT consultants, but now with everything migrating to the cloud, those services have changed. So it's a broader spectrum of services that fall into that bucket. The newer aspects of tech, social media, on-demand services, they are probably among the faster growing, but there may be still not as open to either buying coverage or knowing that they have to buy coverage. So, we're not seeing as fast growth in those sectors yet.
One area that some carriers maybe not consider part of tech is the manufacturing piece. So electronics manufacturing, hardware manufacturing. That's something we've insured for a long time so that's part of our view of what is tech and that's been a consistently buying subsegment of tech as well. Then we have a reasonably big footprint in the tech E&O space as a carrier and telecom is another area that we've traditionally insured a lot of. So we sit across all those six buckets, but realistically software and services make up 70% at this point. Maybe that'll be a little bit more balanced as social media and on-demand services continue to grow pretty fast.
Joey Giangola: Manny, from our side of things, is there one area that stands out in terms of just usually provides maybe a little bit higher margins in terms of the efforts that it takes to get it through just the overall who you're doing business with. Is there any one of those areas that you would highlight as we've seen in terms of having better success with?
Manny Cho: We see submissions across the gamut, probably less on the manufacturing side because I think the traditional PNC direct carriers like Hartford they have a good pipeline into the retail agencies, and there's not a lot of markets that look at hardware E&O to begin with. So once you take out the direct carriers on our side, there's a handful of markets that can even consider it. So it's probably the most limited class, but we are definitely seeing more interest on the on-demand services, on the social media side. The new internet advertising is... these click through companies are definitely the other element that we're seeing a lot more and that straddles the line between MPL and tech based on the technology that they use.
We're seeing software services, a lot of outsource management come our way because they don't hit the traditional buckets for a lot of traditional carriers. So when it comes to the wholesale market, we usually don't get to see all the nice, pretty software pre-packaged stuff that Jacob and his team will see first, and then we tend to see things that are a little bit more in the shades of gray and tougher to put in the box.
Joey Giangola: I want you both to take a stab at this, but if you had to give one overarching highlight or thing to focus on when having this conversation with the clients of increasing success, whatever you want to call it. But the one thing that if you had to tell an agent, this is the thing that I would tell you to work into the process, what is that thing? Jacob, let's go ahead and start with you.
Jacob Ingerslev: It's hard to just isolate it to one particular thing. I think cyber is always going to be part of that conversation. I think that's increasingly why we're seeing, even if there hasn't been a huge demand in maybe the manufacturing aspect of tech, I think the cyber aspect of it is driving more demand now because they need cyber coverage, and since they can buy it with tech E&O and get those coverages together, you're seeing a little bit of an increase in demand. But I would say on the tech E&O side, it really depends on which segment this company is operating in. The exposure is very different by segment with technology, with software and services, you've got interruption risk more so. It used to be, we saw a lot of breach of contract claims from failed implementations or negligent misrepresentation. We promised more than we could deliver, and that's really transitioned into more of a interruption related risk as we see everything delivered through a cloud or internet delivery model.
So, that's more the key, but the end game is it's still breach of contract if you promise to have 99.97% uptime, and then moving into the manufacturing segment, it becomes more the traditional batch defects or individual component defect type of claim. You would see social media, more privacy driven claims relating to third party content put on the platform. There's a lot of complexity around the immunities provided to social media platforms. We see this in the news a lot with where are the boundaries? So, that's not easy to navigate and that's a good reason why you'd want to have your tech E&O coverage and privacy coverage together as well.
So it really depends, but consistently over all the years we've insured tech E&O, we're still seeing the same claims, the intellectual property infringement, the breach of contract claims, the failure to deliver claims. That's been consistent. What's had an uptick is obviously the cyber piece and cyber wasn't always a part of tech E&O. That's more of a recent development in the last three to five years. You now can get the same coverage you would get in the cyber policy embedded into your tech E&O policy, which is convenient.
Joey Giangola: Manny, what about you?
Manny Cho: Yeah. I would definitely mirror Jacob's comments. I think if you're looking to buy cyber and if you're a tech company, then you should just buy it together. The incremental... if you bought the policy separately, you would pay a lot more just for a standalone. The ability to bundle the two together and really consolidate limits. If you don't feel you have a big E&O exposure, well, it's almost like you're getting it thrown in for a couple hundred or maybe a couple thousand dollars, not a big deal. You got to buy cyber anyway, add your E&0. It really is a fail safe. Once again, for me, I look at it as a protection of assets. Your precious asset is your capital and you're going to spend a very, very small amount to protect that capital moving forward, and it's a good investment that most companies should look to make.
Joey Giangola: All right gentlemen, I got three more questions for both of you. We're going to have some fun and bring it on home. The first one, what's one thing you hope you never forget?
Jacob Ingerslev: One thing I hope I never forget, other than my name, I think the next one is my girlfriend's name.
Joey Giangola: Fair.
Jacob Ingerslev: All right, Manny. How about you?
Manny Cho: Obviously you never forget your family, but I'll say in a broad sense how to be grateful. There's a lot of things in this industry and absolutely over the past couple of years, we've probably taken for granted, and we've definitely learned to be very grateful about all the things we have and the people around us. So never forget to be grateful.
Joey Giangola: All right, Jacob, then how about one thing that you still have yet to learn.
Jacob Ingerslev: There are many things and I think focusing on the topic here, cyber and tech keeps you learning because it's not static. It keeps changing and that's what's really challenging about it, but what's also really exciting about it and that's why we ask as insurance carriers and Manny and you guys as brokers, we have to keep ahead of the game and offer innovative solutions, offer value added services around those coverage solutions because it's not enough with coverage when it comes to cyber. You have to help the customer all the way and I think preventative services is becoming that new innovation. It's not something that's happened in the last six months. It's been on the way for years, but now I think there's more appreciation than ever for those services.
Joey Giangola: Manny, what about you?
Manny Cho: My answer is going to be a lot less simple, but I agree with Jacob. There's a lot to learn in this field for sure, but I'll just keep it simple and personal. I'm Korean. I've never really learned Korean so that's the one thing that I have yet to still learn. I'm trying to go off some apps, not working well right now.
Joey Giangola: Interesting. All right.
Jacob Ingerslev: I always wonder about those apps. What is it they promise? Learn language in X number of days. I'm not sure about it.
Manny Cho: Yeah. I'm well past that X number of days.
Joey Giangola: All right, gentlemen. Last question to both of you and Jacob, if I were to hand you a magic wand of sorts to reshape, change, alter, speed up, really any part of insurance, what does is that thing, where's it going, and what is it doing?
Jacob Ingerslev: Well, I think we're already doing it. It's making the procurement of insurance easy first and foremost and that's the RPS platform as an example. It is just going through a few steps to get insurance because let's face it, if you're a business, that's not your main focus. You're focused on driving growth and revenue and insurance is some necessary evil that you don't want to have to deal with. It's an administrative burden. So if that can be made really easy through the agent helping a particular policy holder going on to a platform, answering a few questions, and validating those questions with the policy holder before binding them, I think we've made some people's lives a little bit easier and that's ultimately, I think, the goal of insurance is provide good coverage, good services around that coverage, but let's make the process easy. It doesn't have to be that difficult, especially for small business.
Manny Cho: So in many ways I agree with Jacob. It'd be nice to have things more efficient. So from a speed perspective, I think even from five years ago when we really came out with the newest version of our portal to where we are today, the technology is incredibly different. The use of APIs. I think that is going to continue to drive the industry, but in many ways, I also wish we could slow down a little bit because I think just the ability to... because we're getting so much in so fast, so easily, really the ability to slow down and look at risk and evaluate and even to have conversations with your underwriters and with your clients. I really think that is the opportunities are shrinking and diminishing and becoming few and far between. So on one hand, I'm happy about how we're speeding things up from a efficiency perspective, but I wish we could slow things down so we could rekindle the social side.
Joey Giangola: Jacob, Manny, this has been fantastic. I'm going to leave it right there.
Manny Cho: Awesome.
Jacob Ingerslev: Thanks Joey.
Manny Cho: Thank you.