NAVIGATOR

THE

Spring 2017

Ransomware is Stalking Your Clients By Dean GoodwinMarketing ManagerRPS Technology & Cyber

What is Ransomware?Ransomware is a type of malicious software and the

most recent nefarious technique used to turn infiltrated, compromised computers into cash for criminals. The software holds business computers hostage while the attacker demands that a ransom be paid to regain control of their data. This online criminal tactic is on the rise. In fact, just in the last month, our office has responded to 12 ransomware claims from clients including cities, public school systems, law firms, medical offices and financial firms.

Currently, there are two main types of ransomware: “Lockscreen” and “Encryption.” Lockscreen shows a full-screen message and prevents your client from moving past the screen to access their PC or files. Encryption ransomware changes the files and encrypts them so employees are unable to open them. Both require the user to pay “ransom,” usually in the form of Bitcoin, to gain back control.

Ransomware can get on a PC from nearly any source that any other malware (including viruses) can come from. These include:

• Visiting unsafe, suspicious, or fake websites.• Opening emails and email attachments from unknown

people, or an email that your clients weren’t expecting. • Clicking on malicious or bad links in emails, Facebook,

Twitter, and other social media posts, instant messenger chats, like Skype.

It can be very difficult to restore a PC or server after a ransomware attack – especially if it’s infected by encryption ransomware.

The best protection against ransomware is to be safe on the Internet and with emails and online chat:

• Employees should never click on a link on a webpage, in an email, or in a chat message unless they absolutely trust the page or sender.

• If there is any uncertainty – don’t click it!• Often fake emails and webpages have bad spelling, or

just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).

How can my clients defend themselves against ransomware?

• Make sure they are updating their software. Use anti-virus software and keep it up-to-date. Set the operating system, web browser, and security software to update automatically on employees’ computers. Mobile devices may have to be updated manually. If their software is out-of-date, it’s easier for criminals to sneak bad stuff onto a device.

• Think twice before clicking on links or downloading attachments and apps. According to security experts, 91% of ransomware is downloaded through phishing emails. Your clients can also get ransomware from visiting a compromised site or through malicious online ads.

• Back up important files. Your clients should make it part of their routine to back up files and mobile devices often. When completed, they should log out of the cloud and segregate external hard drives so hackers can’t encrypt and lock their back-ups, too.

• Transfer risk via Cyber Liability Coverage. The cost for coverage is more affordable than your clients may realize and ransomware costs can be covered under these policies.

What if my client is the victim of ransomware?• Contact the Cyber Liability carrier. Most carriers offer

24-Hour “Breach Coaches” as a first point of contact for your clients. These Coaches will walk your client through the necessary steps to bring their computers and servers back online. Every situation is unique and clients should be advised not to try and restore their operating system themselves.

• Contact law enforcement. Report all ransomware attacks to the Internet Crime Complaint Center or an FBI field office. Include any contact information (like the criminal’s email address) or payment information (like a Bitcoin wallet number). This may help with investigations.

Should they pay the ransom?Law enforcement doesn’t recommend paying the ransom,

although the FBI has stated that this may be the only course of action in some cases. It’s ultimately up to your client, based on sound legal and technical advice, to determine whether the risks and costs of paying are worth the possibility of getting their files back. Malware criminals, out of concern that people will not “trust” them and stop paying, are doing a better job of making sure victims can get their files back. There are, however, no guarantees with this approach. In fact, agreeing to pay signals to criminals that their victim hasn’t backed up their files. Knowing this, they may increase the ransom price — and may delete or deny access to files anyway. Even if files are returned, your client may be a target for future scams. Again, regular offsite backups that are not connected to the network are the best defense.

The threat landscape is changing at a rapid rate, and your clients are working on computers and files rich with personally identifiable information about customers and employees. Fortunately, insurance solutions are expanding as well and there are many different Cyber Liability options to meet your clients’ unique needs.

(Actual email received – I never ordered an iPhone)

Cyber Insurance: A Guide for RetailersBy Timothy ReillyeBusiness Optimization Manager RPS eCommerce

A Pervasive ThreatWith cyber breaches more prevalent than ever, whether it’s

Sony, Yahoo, a community college, or your local bakery, it is abundantly clear that cyber threats affect us all.

In the ever-evolving world of digitalization and the expanding reach of the internet, the risk of a cyber breach is higher than ever. According to Symantec, there are 25 connected devices per 100 people in the United States. In 2016, there were over 6.4 billion connected devices, and by 2020 this number is expected to rise to 20.8 billion.

As I sat at home considering the risks our clients face on a daily basis, I looked around my apartment and within seconds identified four separate devices that would be considered exposures: my laptop, my smart TV, my Google

Home, and my iPhone. Comparing my personal exposures with the number of exposures and entry points our clients face on a daily basis is alarming. For example, in the healthcare industry, hackers may have the ability to tap into a wide variety of medical devices. According to Homeland Security “approximately 300,000 Americans receive implantable medical devices each year such as cardiac pacemakers, defibrillators, cochlear implants, neuro-stimulators and insulin pumps,” and all of these devices are vulnerable to a hack.

Moreover, according to PricewaterhouseCoopers (PwC), 79% of banking CEOs, 71% of insurance CEOs, and 61% of business leaders across other industries see cyber attacks as the number one threat to growth, ranking higher than common threats like shifts in consumer behavior, the speed of technological change, and supply chain disruption.

State of the Market

Nothing is predictable. The Cyber insurance market is experiencing double-digit growth year over year, with about $3.25 billion in gross written premium in 2016, a number that PwC projects could reach $7.5 billion by 2020. That

said, it is a constantly moving target. Cyber insurance has been around for less than 20 years, which by insurance standards makes it relatively new. Therefore, the process is far from standardized. Insurance carriers are trying to become as innovative as possible to keep up with the evolving cyber world, which is why it’s important to work with an educated broker and underwriter to make sure the coverage you are providing meets your clients’ needs.

The most important thing underwriters are looking for are the type of loss control mechanisms your client has in place. Bob Barker, Chief Strategy Officer at Cybernance Corporation, categorizes underwriting cyber risks using 3 Ps: Perimeters, People, and Partners. When referencing Perimeter controls, underwriters are essentially looking at the type of technology the client uses to protect a network itself. While this is an important aspect of underwriting the risk, implementing controls for the People and Partners presents a much more challenging task.

“In the majority of the cyber breaches, the employee or Partner in the employee supply chain has been the root cause of the breach,” says Barker.

This is the moving target I alluded to earlier. Every company and organization is different in terms of internal loss controls, making Cyber a hard coverage to standardize. As new loss controls and Perimeter controls are implemented, new breach tactics are devised, making it hard for risk managers to keep up. The Norse attack map (http://map.norsecorp.com) is an invaluable resource, showing the number of attempted attacks going out daily to networks around the world. This is a great reference tool to show potential clients when explaining why Cyber coverage is essential.

What All This MeansEveryone is at risk. According to Symantec, consumers

account for 57% of ransomware attacks and businesses come in around 43%. The services sector is the most targeted area for breaches followed by manufacturing, finance, insurance, real estate and public administration.

When selecting Cyber coverage for your client, there are a number of important things to consider:

• How much coverage your client needs (using a tool like a data breach calculator is a great way to determine the appropriate level of coverage)

• How the coverage applies to both first and third-parties• Does the policy cover social engineering as well as

attacks on the network?• Does the policy cover non-malicious actions taken by an

employee?• Does the policy have retroactive coverage for prior

breaches that may be unknown at the time?

The type of breach response vendors and legal counsel available These are just some of the considerations when choosing the appropriate policy for your client.

The Cyber market looks like it will be on a steady rise for the foreseeable future, and my best piece of advice is to continue to educate yourself on emerging developments for this line. Advisen’s 2016 Survey of Cyber Insurance Market Trends found that 70% of producers and underwriters stated that their biggest obstacle with Cyber insurance stems from a lack of fully understanding exposures, followed by a lack of understanding the coverages. Hence, it is critical to work with a knowledgeable broker and underwriter when placing Cyber coverage for your clients.

Construction Insurance: A Closer Look at Regional Challenges, Opportunities & TrendsCo-Authors: Tim BassBrokerRPS Chicago

Obstacles, opportunities, and patterns in the construction industry vary heavily from region to region, and carriers in each area have unique insights and concerns. Here’s a look at the current state of Construction insurance in New York, Colorado, and the Southeast.

New York New York has always been and continues to be one

of the toughest markets in the country for construction. The marketplace for General Liability risks in the state is shrinking—coverage is becoming more expensive to purchase, claims settlements and legal costs have increased dramatically, and carriers are leaving the market at a breakneck pace. The need for increased risk management and safety measures for property owners, general contractors and subcontractors and the associated costs are at an all-time high, making it very difficult to secure viable and meaningful General Liability coverage in New

York. Only a handful of Excess and Surplus carriers are willing to offer the proper coverages needed to continue working in the state.

Over the past five-plus years, many carriers writing contracting business in New York sustained serious claims with high frequency and severity. Some were willing to write accounts based on submissions from applicants promising to take necessary precautions to prevent claims, such as using contracts with their general contractors/subcontractors that had proper risk transfer wording already in place and vetting their subs’ insurance to ensure its sufficiency. There was rarely any follow-up on the implementation of these measures, resulting in the aforementioned claims.

New York’s tough laws also affect the marketplace. The state’s Labor and Scaffold Laws impose an absolute duty upon owners and general contractors to provide safe working environments for laborers who work at elevation, mandating proper protections to prevent gravity-related injuries. Even if a worker was advised to use the proper safety protections available on multiple occasions yet defied instructions and injured himself, property owners and general contractors would still be at risk of a claim.

“Despite occasional efforts in Albany by developers and contractors to eliminate or modify New York Labor Law Statues…these regulations apparently are here to stay,” says one underwriter. “There is a very limited market in New York willing to include full contractual liability for the smaller to medium size trade contractor. These companies are utilizing tailored restrictive forms and very high rates to remain a factor in the market.”

Most of the carriers willing to accept New York construction risks have stringent underwriting guidelines, reviewing both contracts for proper contractual risk transfer language as well as Certificates of Insurance from subcontractors to verify that necessary procedures are in place prior to offering coverage. Shortly after policy inception, carriers are also doing in-depth Loss Control surveys and, if they find inadequacies, issuing Direct Notice of Cancellation to mitigate their potential for claims.

As another underwriter puts it, “We are all searching for better clients who share our concerns and who are actively working towards making their operation superior with respect to site safety measures and quality of product.”

Colorado Across the country from New York is another market with

its own challenges, Colorado. The state’s Construction Defect Action Reform Act (CDARA) was created in 2001 to regulate claims and litigation in regards to construction defects. Lawmakers hoped this would curb frivolous lawsuits and limit the liability of construction professionals, broadly

Antoinette SacchiVice PresidentRPS Cowles & Connell

Bill WilkinsonNational Casualty PresidentRPS Atlanta

defined by CDARA as virtually anyone in the construction process, from the architect and contractor to the building supply vendor and inspector. In 2010, an amendment broadened the definition of “occurrence,” stating that any work resulting in property damage is considered an occurrence unless it was “intended and expected.”

That 2010 change in the occurrence definition altered how insurers looked at writing business in the state, with many pulling out completely. There have been unsuccessful attempts at the state level, most recently in 2015 and 2016, to amend these construction defect laws. There have also been local ordinances passed in a number of cities (Denver, Lakewood, Aurora and others) to help spur growth and building, but some carriers and builders are wary of how those ordinances would hold up since they are not state law.

Due to this, developers have been holding off on many projects, mainly due to concerns that the potential for class action construction defect (CD) litigation was too high. The last strong real estate market in Denver saw the majority of condo projects have significant CD claims, and one media outlet even described CD suit potential as “inevitable.”

For the past several years there has been push and pull between developers and the associations/attorneys representing home buyers to reach an agreement on how to reduce CD claim frequency while allowing the homeowners to bring suit if necessary for low quality defective work. After much debate, however, nothing significant has changed and in 2016 developers stopped holding off and broke ground on a handful of projects, with more expected in 2017.

While there are still a handful of E&S carriers considering projects and contractors in Colorado, the majority underwrite the business with stronger rates and possibly more restrictive terms than compared to the rest of the country. One underwriter notes, however, that claims must be starting to develop again because some markets have begun to pull back.

“There needs to be more focus on tight contracts and high quality peer review with documentation of quality work/processes,” he says. “We have written some good projects there and are still looking at those concrete condo deals selectively and with strong risk controls.”

The SoutheastThe Southeast region of the country has its own unique

challenges and trends when it comes to construction.Unlike New York and Colorado, the Southeast has a

plethora of carriers eager to write construction projects, resulting in an extremely competitive, challenging marketplace for carriers. The market has gone soft in recent months and pricing is continuously getting more aggressive.

“We have added a practice policy contractor’s enhancement and are currently working on a project policy enhancement in attempt to stay competitive,” says one underwriter. “There is definitely added pressure to provide comparable terms to what standard markets provide.”

Another adds, “It is very difficult for incumbent markets as there are several insurance carriers trying to gain market share that are significantly undercutting incumbent pricing, especially on the larger accounts $100K and above.”

Areas of significant growth in the region include Atlanta, south Florida, coastal South Carolina, and metropolitan Texas (Dallas and Houston in particular). Project trends in the Southeast include mixed-use and multi-family buildings, luxury apartments with conversion potential, repair/remodel jobs, expansion and redevelopment of hospitals, infrastructure/road improvement projects, sports/entertainment arenas, and residential projects (particularly wood frame apartments in Georgia).

The Southeast has its share of problem areas from an insurance perspective as well, including Florida (specifically south and central FL), South Carolina (specifically Horry County, Charleston, and Hilton Head Island), and Louisiana.

Carriers see future growth opportunities in areas such as non-building construction in the form of renewable energy; however, the increase in solar panel technology may ultimately hurt some of the traditional utility construction. From a practice perspective, some of the larger players are sticking to a select number of accounts but creating lots of opportunity for the lead position. Whether the incumbent decides to keep it or not comes down to the marketing results, of course, but the opportunities for practice programs are more than they have been in the past.

Growth opportunities aside, some carriers anticipate a slowdown in progress and another bubble burst in the coming years. Most major builders and construction media talk about growth being flat to +5% compared to the past few years of double digits.

Crossing the Bridge to Self-InsuranceBy Bob LombardArea PresidentRPS PSI

Crossing over from conventional coverage to a self-insured program seems like a great idea. We have all watched our neighboring communities, businesses and educational districts move to self-insurance; the idea of managing your risk and hopefully putting dollars back in your pocket sounds great. But how do you know you’re ready?

There are several items an insured should consider before making the move:

• How much risk can we take? • How will we fund for our losses? • Who will handle our claims? • What if we run out of money? • What are the advantages of being self-insured? • What happens if we have a catastrophic loss that affects

multiple lines of coverage?The transition to self-insurance involves several steps.

The first is to ask what level of self-insured retention (SIR) is appropriate. This requires a conversation with the finance department and advisors to determine how much a business or entity can afford to retain for each and every loss. The ultimate answer to the question of affordability

may come from hiring an actuary to analyze historical losses against exposures and premiums to determine the optimum retention. An actuary can also provide guidance on how much per year should be put away for all losses that may occur in a given period of time; an insured will need to start setting aside enough money to pay for their portion of each loss in what’s known as a loss fund. Ideally there are enough savings in your insurance premiums to offset that fund.

The carrier can provide protection for the loss fund through an Aggregate Excess policy. This policy begins to pay once the loss fund has been exhausted. The loss fund and protection can be combined for multiple lines of coverage. Limiting your out-of-pocket to the single highest retention in the event of a multiple line loss can also be included in your program. This loss fund feature allows an insured to budget an ultimate pay-out for a given year, providing peace of mind when making the leap to self-insurance.

Procuring Excess insurance for the catastrophic events may also be necessary. It might be called self-insurance, but is your client prepared to pay the full amount of a loss in the event of a large claim? Excess carriers can provide multiple lines of coverage with limits that will match or exceed the current first dollar program. Placement typically starts with the Casualty lines and then can be expanded to include Property and Workers’ Compensation coverages.

Claims will happen, and when they do, they need to be managed before they are out of control. Remember, it is the insured’s dollar paying the first portion—or all—of each claim. It is no longer up to the insurer to pay the claim less a deductible. Claims can be handled in-house or by a Third Party Administrator. The Excess insurer approves how claims are handled and may make suggestions as to how they are processed. The Excess carrier will also actively monitor how the claims are handled and expect activity to be reported following pre-established reporting and auditing criteria. Once the claim value crosses a certain threshold, additional reporting to the carrier is necessary; carrier involvement will depend upon the severity of the claim itself.

Self-insurance works very well for medium to larger risks such as public entities, scholastic, religious and commercial business. The road to self-insurance does require a few transitional steps, but once there, the process tends to work smoothly. You will open the door to a whole new set of interested Excess carriers for your client, help them gain control over their risk management program, participate in the claims handling and decision-making process and create a financial incentive to actively participate in their risk management program. All of this helps maintain a stable and predictable insurance program for your clients today and into the future.

State of the Property Market: 1st Quarter 2017By James Rozzi, CPCU, ASLIArea Executive Vice PresidentRPS San Francisco

Is it already April? For some of us, spring is here and the year is rolling along as we expected. For others, the cold of winter has yet to let go and maybe the year has been a little frustrating or is not meeting the expectations we set at the end of last year. For me, the year has been a mix of both. I have spent the first few months thinking about the market, the rate environment that carriers preach about daily to me, and the status of the global economy. Some of these thoughts are easier to put on paper than others, but while I spent some time thinking about these things I began reminiscing about the start of my insurance career with Lexington Insurance Company in Boston.

I started that job right after Hurricane Katrina took a severe toll on New Orleans. At that point in time, wind capacity was very hard to come by and was very expensive. It was what people referred to as a “hard market,” and as a brand new underwriter, I remember my boss directing me to field phone calls from my brokers and advise them that “today’s rate for Named Wind coverage and capacity was two hundred and fifty thousand per million of coverage.” I immediately thought that this underwriting gig I had landed was easy and that those brokers I was talking to had it tough. Taking one million of risk for two hundred and fifty thousand of income seemed like a good trade and as a college kid with no money I found myself licking my chops on a daily basis and thinking about how lucky I was to have landed this job.

Since Katrina, I now think the exact opposite; underwriters certainly drew the short straw. We have not seen a hard market since Katrina and rates have continued to decline.

There is an ever-increasing surplus of capacity in the property market and that is making for a very difficult trading environment. I have begun to agree with some analysts in that a hard market may not show up again for a very long time or at all. If you believe this to be true, the moral of that story would be to start getting comfortable with the fact that the market will be very competitive for years to come and winning will be about creativity and forward-thinking solutions in an age-old business. We don’t need to reinvent the wheel, but we can certainly make it better and more efficient. As long as we do that, I firmly believe that market conditions are irrelevant. There is no need to worry about them because it boils down to operating competitively within them.

Market UpdateI took a business trip to London in early 2017 and it was

a great time to be at the birthplace of insurance. It really shed some light on the direction the year is headed—or so I thought. What the trip highlighted was that 2016 was a tough year for the underwriting community. The expression “death by a thousand cuts” comes to mind; 2016 was truly a year of frequency claims and events that, on a cumulative basis, ended up having a significant impact on underwriting profitability.

Looking back, we had massive hail storms in Texas (again!), flooding in Louisiana (twice!), fires in Canada, Hurricane Matthew, and a handful of other events that pushed carrier loss ratios north of 100% and made for a tough year. It ended up being one of the top five loss years

in P&C history, and yet the needle did not swing back to hard market conditions. I left London with the feeling that underwriters had finally hit a point where it would no longer make sense to write business at margins that barely exist. In our conversations there, we were told to expect a flat rate environment as we moved forward throughout 2017 and that we may have reached the bottom of the soft market trough.

In practice, the proverbial floor of the soft market has not been reached and underwriting behavior with new capacity players is as aggressive as ever. There is certainly a consensus in the market that double-digit rate reductions will be harder to achieve and many carriers are trying to hold deals as close to flat as possible. Each deal is still being viewed on its own merits and the average rate reduction in Q1 was approximately 7.5% to 10% down. The good news for the underwriting community is that if you look at this same period last year, the average rate reduction was closer to 15%. So while the market is simmering down, the floor has not been reached. I am not sure 2017 will mark the year when clients no longer expect to see meaningful savings on their books.

Many carriers who write primary business are shifting their appetites a bit, pushing to either increase their line on an account they like where margin levels are still healthy, or taking the opposite approach and scaling back due to the lack of margin that exists on a particular account. Simultaneously, we have found that the carriers in waiting are eager to fill capacity gaps on accounts they’ve targeted but could not leverage due to incumbent markets

maintaining the support and necessary pricing to retain the risk. As a result, carriers who are trying to hold the line are likely replaced with new capacity. It is important to note that the rate reduction level is definitely smaller in the primary layers, creating even more pressure in the excess buffer layers. If the average reduction on the primary is 5% to 7.5% down, then the average on the excess would be 10%-plus in order for brokers to reach the overall reduction levels they want for their clients.

When you break it all down, there are three things to note about the market and our expectation is that these items will guide the course of the year:

• The global economy and broader market conditions will remain at a level that will make institutional investment in the insurance marketplace very attractive

• There will continue to be a surplus of capacity • Rates will be down 5% to 10% for just about every asset

class with the exception of wood frame multi-family

In summary, we should treat each deal as new business and continuing to achieve the best results will require a lot of deals to be restructured or rehung. We expect pressure on terms to continue and it will be pressure on price, deductibles, multi-year programs, etc. I have said it before and will say it again: complacency in this market is everyone’s enemy. Since it looks like the hard market I started my career in may not exist again, we all need to get comfortable operating at a high level in a market that will not have the ups and downs that we previously saw.

Hab CornerI mentioned previously that wood frame garden style

apartments are one of the only asset classes where high single digit and low double digit rate reductions do not exist. Hab business has always moved independently of the market because it continues to be an area where carriers struggle to find a balance between terms, rate, and profitability. The amount of carriers in this space changes year to year and month to month but for the stable providers, there is a long history of good accounts and bad accounts that ultimately erode the profits of stable portfolios of hab business.

Many of the events of 2016 took their toll on various hab programs and large individual hab accounts. As a result, the market for hab is more or less flat and we have noticed that in many cases, underwriters are not being aggressive in this space. Some markets are mandating increases on all accounts and in some geographies the retention ratios are quite high even with the increases, because the market was suppressed the past few years. As 2017 progresses and

market conditions deteriorate in other asset classes, I expect there will be some carriers that chase large-premium hab accounts as their portfolios come under pressure to make budget. This will result in a more competitive environment in the hab space. In the meantime, rates have been flat to down 5% for best-in-class accounts and hab schedules with losses have seen increases of 5% all the way up to 20%. I expect hab to remain relatively flat on an overall basis and would encourage constant communication with insureds to set realistic expectations for their renewals.

Risk Placement Services—YOUR wholesaler of choice!

Contact your local RPS office today for more information about our products and services. 2850 Golf Road • Rolling Meadows, IL 60008866.595.8413 Contact_Us@RPSins.comRPSins.com