Litigation risks are a genuine and increasing threat to a number of professional occupations, particularly in the current turbulent climate, yet little has been done to provide specialist coverage to those outside the traditional market.  Tim Jones, professional indemnity specialist, commented, “The PI market generally refers to the ‘non-traditional’ professions as ‘miscellaneous’ and this reflects onto the type of cover that has been offered to them. Previously the market tended to take a generic stance to all requests for PI cover from ‘non-traditional’ professions and offered a basic ‘one size fits all’ approach.” 

The broad ‘miscellaneous’ heading applied to most professional services outside of the traditional market is misleading given the wide variation of professions who require PI cover, ranging from HR consultants to bookkeepers and polygraph operators.  Chubb Insurance has seen a growing demand in this sector and has now launched a new specialist professional indemnity cover to cater for this market. 

“When we examined our book of PI business we realised that there is a growing number of professional service providers in a variety of industry sectors who need a PI policy that is in tune with their particular business risks,” added Mr Jones.  “Our specialist approach, experience and newly designed policy allows us to adapt to suit a wide range of professional service providers and their specific risks, which we believe offers a much better solution in terms of both underwriting and client coverage.”

“With the difficult financial climate that we have been facing, Christmas shoppers are going to be looking for a good deal, and this will drive more and more people to try different retail channels in the hunt for the best value.  Retailers must adopt to this new environment, ensuring they go beyond the old goal of providing quality products at good prices, the pressure is now on for retailers to ensure the best customer experience possible, no matter what channel they choose.”

A potential pitfall for retailers this Christmas is in effective supply chain management, which can be more challenging with the variety of channels available to consumers to place their orders; any disruption along the supply chain could be hugely costly to the retailer.  Many major retailers have sophisticated technology in place to help manage this but it is important for supply chain managers to consider all the risks not only facing the retailer itself, but also every supplier and distributer within the chain. 

Jan Auerbach believes that collaboration and co-operation are key to effective risk management. “It is imperative that supply chain risk managers work with every single organisation within their supply chain to ensure that risk management is imbedded in processes every step of the way and that there are shared values and business continuity plans.”

Supply chain managers should not feel left out in the cold as there is support available in managing supply chain risks.  Insurance suppliers and brokers can conduct business interruption reviews with the client to encourage a joined-up insurance perspective on all the components and risks within the supply chain, identifying the interdependencies within it, resilience levels and risk exposures.  Risk control measures and business continuity plans can be developed and, where appropriate, insurance protection can provide that extra piece of mind.

There is also a big mix of companies within the life science industry segment. Companies tend to range from small start-ups that require funding for many years before making any revenue, through to service organisations that take on a significant level of bodily injury exposure through their work.  Life sciences policies need to be broad and flexible enough to cater for the different dynamics of the sector. Partnering up with an insurance broker who can help the company to identify their specialist risks is crucial.  As is choosing an insurer that will offer advice around risk management ‘good practice’ and one that understands the risks and needs of companies in this burgeoning sector – as breadth and flexibility of coverage is key.

As diverse as the companies within the life science sector are, there are a number of common areas of difficulty that they face and these include:

Clinical trials: Unsurprisingly companies conducting clinical trials on humans are required to provide the research subjects with comprehensive insurance to cover them against bodily injury. General product liability cover is not suitable for this purpose, and insurance cover must be specifically tailored to the trials being conducted. Trials are also often conducted in a number of countries, each with their own local regulations and coverage requirements.  So it is often not possible to have a ‘one size fits all’ policy.  Instead, it is essential that your insurer has both the knowledge of the of specific issues surrounding the clinical trial, as well as an understanding of the local requirements, and the expertise and contacts to ensure that the appropriate cover is placed in a timely manner. As any delay to a trial due to lack of insurance cover can add significant cost to the trial sponsor.

Third party liability: There are a large number of companies that provide critical support services for biotech and medical device companies. For example, contract research organisations are often used to plan and run clinical trials and contract manufacturing organisations may be contracted to make pharmaceuticals. These organisations are carrying out high-risk processes, and the services they provide can have far-reaching financial implications for their business and their clients’ business should errors occur.  Losses can include the economic loss linked to breach of duty in the planning, organisation and conduct of clinical trials, or in the evaluation and analysis of the results.
Business interruption: Most companies in this sector usually operate at a loss for significant period of time before their product reaches market.  In the case of most medicines and vaccines it can be over ten years before they reach the market. While most business interruption policies focus on the loss of profit or revenue to the business they don’t include this long-term development business interruption. This means that highly specialised insurance policy wording is required to cover the on-going research and development costs of life sciences’ businesses, especially biotechs and medical device companies.

There are also some very specific costs involved in these companies’ work, such as committed costs to third parties for work that can’t be completed immediately, and losses from their failure to meet milestones that would inject much needed cash into the business.  All of these aspects need to be factored in to a life science insurance programme.
 
Particular perils: Given the highly sensitive environment in which life sciences companies operate, even the smallest incident – like a fire in a waste paper bin – could have a harmful impact on their company.  Whether this means the contamination of  a clean room or the spoilage of biological material, these incidents have the potential to damage the company’s revenues. Although the material value is limited, the company may have invested hundreds of thousands of pounds developing it. Policy wordings that cater for this, and claims professionals that understand this, are essential if the company is to get back up and running quickly or at all.

Directors’ & officers’ liability: A key aspect of the life science sector is the constant ebb and flow of acquisitions. Life sciences insurance has to be responsive to this acquisition trail, without overburdening the company. Similarly, fundraising is critical in the industry, and insurance is also required to cover fundraising rounds and IPOs.  In addition many life science related companies are not large conglomerates, and the directors of the company will need to ensure that they have adequate D&O liability cover in place to provide them with the appropriate financial support should they have to defend themselves against any liability claims.

In short the life sciences sector is a risky business – and it is not an area of insurance that generalist insurers want to get involved in.  If a life science company is to have adequate financial protection which will respond in a timely manner, it is essential that that companies employ specialist brokers and insurers, and that they actively engage with them.  If companies work hand in hand with their brokers and insurers they can get the right cover, risk management advice, and insurance-focused expertise that will keep the company a float even in the event of a financial loss.

Photo: Social media can pose potential risks to a company's reputation

Social networking in its various guises has taken the world by storm. According to the Internet World stats website in just 60 seconds 695,000 status updates, 79,364 wall posts and 510,040 comments are published on Mark Zuckerberg’s social networking site Facebook. In the same time 98,000 tweets will have been tweeted on Twitter.

However company policies and even legislation have not kept up with the social media explosion. In recent weeks the legal system has had to face up to the risks that social media can pose. When Twitter users made the enforcement of a series of super injunctions a near impossibility, the regulation issue was brought to the fore. And just last week in the first case of its kind, Joanne Fraill was sentenced to eight months for contempt of court after contacting a defendant on Facebook while she served as a juror. Ms Fraill learnt the hard way just how much can be lost if there is uncertainty around policies and legalities surrounding social media use.

Whilst more and more companies begin embracing social media Ken Goldstein, worldwide media manager for Chubb Insurance warns that companies must consider the possible pitfalls and prepare for them.

“Companies really ought to be taking a step back before taking one forward when it comes to the world of social media. It pays to be prepared and to create a policy outlining exactly what is expected of employees when it comes to social media, and what is not.”

A lack of a clear policy could not only see employees unwittingly falling breach of company rules, such as anecdotal cases of the employees who have been fired for posting insulting comments about their employers, but it may also see companies reputations accidentally tarnished, which can also have financial repercussions.

Mr Goldstein added, “Without a clear policy, employees may unknowingly post inappropriate content that could lead to their dismissal. Social media can act as unedited channels for employees representing an organisation, and that’s a risk to any company’s reputation. The only way to save face when it comes to Facebook is to be prepared and offer as much guidance as possible.”

Mr Goldstein offers the following social media tips to companies:

• Designate a social media guru with appropriate experience and knowledge to pre-screen content.
• Protect the corporate username and password to help ensure disgruntled employees can’t post on behalf of the company.
• Don’t relax your writing rules. Even though a tweet isn’t an official memo or email, your company can still get sued.
• Update all contracts to allow the posting of content (i.e., from a speech, conference call, white paper, webinar) in new media.
• Ask before you click: Is this information relevant to the corporate message and business practice?
• Consider whether a tweet or post is potentially insulting, offensive or defamatory. Lean on the side of caution.
• Act fast to take down infringing or offensive material.

Photo: Bristol's "Biggest Bike Ride" was cancelled due to a van accident on the A4 Portway

Following the cancellation of Bristol’s “Biggest Bike Ride” this past weekend, Chubb Insurance’s UK and Ireland Entertainment and Manager, Frankie Hernandez, warns organizers of large events to anticipate the risk of this happening. “It is crucial that people are effectively protected from the severe financial losses that can be incurred by event cancellation.”

Unfortunately, many people were left disappointed and frustrated when the aforementioned charity bike ride was canceled due to a closure on the A4 Portway. The closure was caused by a car accident that took place before the race began early Sunday morning. This was the first ever cancellation in the event’s eighteen year history. Regrettably, the bike ride will not be rescheduled for a later date.

According to reports, there was fear that the rainy weather combined with spilled diesel and broken glass along the road where the accident took place could be potentially dangerous to the 5500-plus cyclists registered for the bike ride.

Since the signs directing the various routes were still in place, a number of cyclists disregarded the event’s cancellation and decided to ride the course anyway, despite the risk involved.

Canceling an event as large as this will undoubtedly bring about significant financial costs. In cases like this one, Chubb’s broad cancellation policy form can provide wider coverage than perhaps other traditional cancellation insurers. Hernandez advises, “In order to safeguard the vast amount of time, effort and money that is required to organize events like Bristol’s ‘Biggest Bike Ride, it is paramount you have a robust insurance policy in place.”

Photo: Data security breaches are becoming more of an issue in today's business world

In recent weeks we have witnessed some of the biggest data security breaches in history. With millions of people around the world’s personal and financial details leaked, companies’ reputations hurt, business functioning halted and share values weakened, what does this mean for business leaders?

Paul Skinner, Senior ICT Underwriting Specialist at Chubb Insurance believes that recent events should serve as a stark wake up call to all business leaders:

“It is clear that many businesses are still not facing up to data security issues despite the major risks they pose to their business. Recent data leaks have hit the headlines because of the huge scale of the breaches, the major brands involved and the repercussions of the incidents on business functioning, but smaller scale breaches that can still have a major impact on the business involved are happening far more frequently.  Hopefully the recent headlines will be enough to spur business leaders into action to protect their own companies from data loss and cyber threats.”

When a data breach occurs the ramifications can spread far beyond the incident itself.  Incidents such as computer hacking, viruses or even simple human errors such as losing a memory stick containing confidential information, all have the potential of considerably disrupting business functions, which in turn can have a knock on effect on other key stakeholders who rely on those functions.  Not only can any disruption in itself affect bottom line profits, but large scale data breaches can harm a company’s reputation resulting in loss of customers which in turn will harm profits and the company’s future.

“In today’s business world there are few, if any, companies which do not rely on information technology and this of course opens up the modern business world to many security risks.  Many of these exposures can be minimised by simply having appropriate security procedures in place yet many businesses still have their heads in the sand and are either not taking appropriate safety precautions or are operating under the false assumption that their existing insurance policies will cover digital risks,” Mr Skinner added. “Ultimately, businesses need to be covering their tracks in two ways; firstly, by investing in relevant security controls; and secondly, by ensuring they have adequate financial protection.”

Photo: European regulators are looking for ways to stop cyber criminal activity

Over the past few months a number of high profile companies have been targeted by cyber criminals – both in Europe and the US.  The focus appears to be on acquiring client email addresses, personal data and passwords as these can often unlock access to credit card and banking details.

 The risks for the companies affected are hefty fines from regulators, potential law suits, client notification costs, expensive forensic IT audits, IT remedial fees, business interruption costs and significant brand reputation damage.  Any company that stores customer data online either on its own system or via an outsourced data centre, is at risk.

In addition to criminal activity there are also an alarming number of data loss cases resulting from ‘human error’ – such as unencrypted data left on laptops or memory sticks.

Regulators across Europe and in the US are actively considering how legislation can protect consumers, but it is clear that there will be no single, global ‘one size fits all’ solution. The result is a headache for companies trying to comply with or anticipate the law, and for regulators trying to advise on best practice and monitor compliance.

Tangled web

So how does the law stand?

From May, a new European ePrivacy Directive came into force which rules that websites and companies operating online must obtain individuals’ explicit consent to install cookies on their computers.  This directive was set up to try and protect individuals’ privacy and to limit the use of behavioural advertising, which gathers data on consumers’ shopping habits and remembers log-ins.  Every EU country is in charge of enacting these laws via national legislation, but interpretation and implementation is expected to vary across the EU. 

Since the beginning of year, there has also been a requirement for telecom companies and ISP providers to notify clients of a data breach.  Spain, Germany, Austria and Ireland have taken this directive one step further and widened the notification requirement to all ‘data controllers’ – third party suppliers of data storage or management.

Spain particularly complex

Under Spain’s ePrivacy laws, consumers also have a ‘right to be forgotten’ and there are concerns that this requirement may be replicated across Europe. Under Spanish law, individuals can request that all references to them are removed from the web. This creates an issue because it is often unclear where data is being stored or replicated.

In 2010, the Spanish state filed court orders against Google Spain on behalf of 93 individuals seeking to have information removed.  Google Spain is reportedly arguing that it has no official storage business in Spain, and that it is merely the go-between for clients and Google Inc, which is a US business with no subsidiaries in other countries, and as such only subject to laws governing the state of California. Google also argues that the original pages that mention the individuals do not belong to it.  As such, any legal cases should be brought against the original publishers of the information.  Earlier this year, the Spanish Data Protection Agency (AEPD), decided to pass on these cases to the European Court of Justice in case the decisions set a precedent in other EU countries – a development that will be watched with interest.

Viviane Reding, the Vice-President of the European Commission, is also reviewing the issue of data protection and safeguarding with a view to issuing recommendations later in the summer.  Initial reports suggest that she will suggest that the EU should follow US practice and require the implementation of client data breach notification laws for all companies- not just telecoms or ISP businesses – within the next three to five years. 

Planning for a breach

In the light of the developing legal landscape, companies which store personal data online, either on their own system or on a third party’s system, should be prepared to manage data loss.  In our view, companies should have a robust and well-practised incident response plan that is understood by all the key personnel in the company, and by any supplier of outsourced data services. 

It is also advisable to consult risk mitigation specialists to ensure best practice security techniques are implemented throughout the organization and to consider purchasing tailored, global insurance policies.  These policies should recognise the variances of international law, and that data breaches are not limited to electronic or Internet use only. Typical policies should offer insurance protection for data breach notification costs, IT forensics and legal fees, credit monitoring, data recovery, business interruption and other reasonable and necessary costs to minimise the impact following an actual or potential data breach.

Given the dynamic nature of data breaches, such policies should also include broad third party insuring agreements, recognising that different and possibly expanding liability standards may apply, especially in the US.

No easy solution

It is clear that international e-privacy laws are not in harmony.  Spain, in particular, appears to be emerging as a test case for how regulators will consider obligations in relation to enforced client notification, insistence on the right to be forgotten, and the legal problems that this causes.

Ultimately, there is no easy solution.  With the rapid growth of electronic commerce, including online trading, the use of social networking, and the potential cost savings of cloud computing and other outsourced data handling scenarios – the risks are continuing to grow.  Companies will need to act fast to manage the loss and work closely with insurers to ensure they have adequate risk mitigation and loss protection in place.

Photo: Westminster Abbey

Final preparations are underway as the Royal Wedding swiftly approaches. As the 29th April looms and the capital prepares to grind to a halt, with many planning celebrations, might Kate and Prince William be getting cold feet? Reports have appeared about various planned protests – will they stand in the way of the big day? What if there are unforeseen problems with Westminster Abbey? Or the Middleton’s have transport issues and can’t make it to the church on time?

As unlikely as it may seem for there to be any last minute hitches to William and Kate’s big day, Frankie Hernandez Entertainment Underwriter at Chubb Insurance knows all too well that you can ‘never say never’ when it comes to planning a major event:

“It is of course very unlikely that the Royal Wedding will be disrupted at this late stage. Huge amounts of effort and resources have gone into the best possible security and risk management and the day has been planned with extreme precision at every stage. However, there are always reasons why big events, even those of this stature, might get cancelled, from extreme bad weather to more random unpredicted events or even terrorism. Last minute cancellation is nearly always a possibility for large scale events no matter how much time and money has been invested in the organisation and planning.”

Cancelling any large scale event is unlikely to pass without significant financial costs. The Royal Wedding is reported to be the most expensive security event in history with estimates exceeding £20 million. This is without even considering the costs of hosting the actual event, estimates of which have been extremely varied, but with 1900 guests expected to be attending the ceremony, 650 at the lunchtime reception and 300 to the evening party, we can assume it is a tidy sum.

Mr Hernandez warns that anyone operating in the large scale events industry should ensure they minimise their risks and have adequate protection in place, “Whilst I’m sure that Prince William and Kate’s wedding will be hitch free, the potentially enormous impact of canceling an event such as this should be enough to make any event planner take stock. It is vital that people are adequately protected from the severe financial losses that can be incurred by event cancellation. Making sure you have a robust insurance policy in place is the best way to safeguard the vast amount of time, effort and money that is required in this industry.”

Photo: Neil McCarthy
UK & Ireland Regional Underwriting Manager, Chubb Specialty Insurance

Ken Clarke announced yesterday that the Bribery Act will become law on 1^st July 2011.  But what do businesses need to do to ensure that they are ready for this new legislation?

When the Bribery Act (the Act) comes into force in 2011, it will apply to all businesses with an operation in the UK. Companies are expected to take ‘appropriate procedures’ to prevent incidences of bribery occurring in any part of their operation, both in the UK and internationally. Many company directors do not think that this Act applies to their business, but not being prepared will be no defence if the Serious Fraud Office (SFO) decides to investigate.  

Below are some tips to ensure that your business is prepared for the Act.

1. Undertake a full risk assessment of your company’s business, especially if it has any international business or contacts, and think about any potential exposures linked to the Act.  If necessary, commission a risk consultant to undertake a formal risk review of your business.
2. The Act is very broad and outlaws ‘facilitation payments’, so all policies and procedures should be reviewed to make sure they comply with the Act.  In addition, the Act relies heavily on ‘whistle blowing’ so you need to make sure that your company culture encourages and protects employees and contacts who report suspicious activity.
3. Establish and embed a zero tolerance culture to bribery at the top of the organisation.  If your company’s board does not actively support the anti-bribery procedures, they risk becoming a dusty manual on the shelf. This will not impress the SFO.  Anti-bribery compliance will need to become a regular board agenda item.
4. Put effective compliance processes in place. If you operate in emerging markets you should consider employing a compliance officer, who has access to the Board, and the Board’s full support.
5. Train all your staff, associates, agents and associated third parties on any new anti-bribery policies and procedures, endorsing a zero tolerance stance to corruption.  Records should be kept on the training undertaken and the attendees. All new recruits should be trained as part of their induction programme.
6. Examine your corporate relationships with any agents or third parties. The Act makes it an offence to bribe any foreign public official, including ‘door opening’ and ‘facilitation’ payments, which up until now may not have been deemed illegal and, in certain countries, may be regarded as standard business practice. All your agents, and associated companies must be made aware of your company’s anti-corruption policies and you should document all meetings and conversations on the topic.  Check that your company’s anti-bribery policies and code of conduct are clearly set out in any contractual agreements that you have with agents and other third parties.
7. Create a bribery reporting mechanism, and make sure that all staff are aware of what to do, and how it will be handled, should they suspect illicit activities.
8. If you suspect any corruption has taken place, you must immediately instigate a full investigation, which is undertaken by properly trained personnel.  They should provide a written report.  If the report determines that illegal activity has been undertaken then disciplinary action must be taken immediately.
9. Check that your Directors and Officers’ (D&O) liability insurance will provide effective cover for the directors of the company, and that it does not exclude legal costs associated with claims arising from the Act. Although bribery is a corporate crime, if the company is charged under the Act, then the Directors are likely to be charged for failing in their corporate governance duties.  D&O cover will help cover the costs associated with providing a legal defence (although it will obviously not cover any fines if the directors are found guilty).
10. Consider this as part any expansion or merger or acquisition plans, as any associated companies’ anti-bribery policies and procedures will need to be reviewed.

Neil McCarthy, UK & Ireland Region Underwriting Manager, Chubb Specialty Insurance

Photo: Too few firms have identified the dangers of employees plugging iPods, USB sticks, digital cameras & mobile phones into their computers.

A new global study on the security of information economies from McAfee and Science Applications International Corporation (SAIC) has revealed that despite the major impact that data breaches have had to businesses, many have still failed to take steps to protect themselves.

The global survey conducted with over a 1000 senior IT decision makers found that a quarter of organisations have had a merger or acquisition or a new product launch stopped or slowed by a data breach, or a credible threat of one.  Despite this major disruption to business function, only half of organisations that experienced a data breach took steps to remediate and protect their systems from future breaches.

Paul Skinner, UK & Ireland Senior ICT Underwriting Specialist at Chubb Insurance, feels that the findings from the study reflect his experience that many businesses are still not facing up to data security risks despite the major risk to their business:

“In today’s business world there are few, if any, companies which do not rely on information technology.  Cyber risks come in all forms, from computer hacking, to viruses and cyber terrorism. Business functions have the potential of being considerably disrupted and bottom line profits affected as a result. Many risks can be minimised by simply having appropriate security procedures in place yet many businesses still have their heads in the sand and are either not taking appropriate safety precautions or incorrectly think they have appropriate protection in place.”

The study also highlighted the range of risks facing companies in terms of data security.  The nature of cyber attacks has become much more sophisticated in recent years, with cybercriminals shifting from targeting personal information to the more valuable, and potentially highly damaging, corporate intellectual capital, such as trade secrets and source codes.   Emerging technologies, such as iPads and iPhones are proving to be one of the biggest risks facing businesses with 62 percent of those surveyed identifying securing mobile devices as a challenge.

Mr Skinner warns that these growing exposures to technological risks are not being properly managed as many businesses are operating under the false assumption that their existing insurance policies will cover digital risks.

“The deployment of appropriate security controls rarely keeps pace with the most advanced, emerging technologies.  Far too few firms have identified the dangers of innumerable employees plugging iPods, USB sticks, digital cameras and mobile phones into their computers. Issues like this require specialist consideration, and specialist insurance. Ultimately, businesses need to be covering their tracks in two ways; firstly, by investing in relevant IT security controls; and secondly, by ensuring they have adequate financial protection.”