<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1602061480087256&amp;ev=PageView&amp;noscript=1">

R&R Insurance Blog

How to Survive a Cyber Attack/Data Breach

Posted by Carla Borda

Mon, Sep 12, 2016 @ 12:01 PM

RRI-Survive-Attack.gifIt is every IT manager, CISO, CFO and CEO’s worst nightmare. The FBI has notified you that a cyber attack of unknown origin and scope has been identified as occurring in your network; An employee advises that a mobile device that contains personally identifiable information is missing; a ransomware note suddenly appears on a desktop computer indicating that your system has been encrypted by outside actors demanding payment in bitcoin; an employee was tricked via a phishing email into sending a spreadsheet containing W-2 information on your employees to an outside source.

These are just a few of the real life examples of cyber attacks and data breaches that companies have faced. Experts agree that cyber security will always be defensive in nature and how a company responds to the situation can mean life or death to a business.

How prepared are you to respond ? Do you even know what constitutes a “data breach” and if the situation you are experiencing meets the definition and triggers a response? Under what circumstances are you required to notify individuals, vendors, business associates, and regulators? Do you have contractual relationships that require the other party to be notified and if so, under what circumstances is notification required?

It is crucial for all businesses to have a Breach Response Plan that is well thought out, flexible enough to adapt to various scenarios, and tested. The first step in the plan is the ability to determine if the circumstances trigger your response plan. How do you determine, for example, if the data breach encompasses unauthorized access or unauthorized acquisition of personally identifiable information? Are you familiar with the various laws in the jurisdictions that the affected individuals reside to be able to determine your next steps? Within the United States there are 47 different breach laws. In addition, each country has their own set of laws that must be followed. Regulatory bodies such as HIPAA, FTC, PCI, have different requirements as well. How do you plan on conducting an investigation and who are the participants, internally and externally?

At what point does law enforcement need to be notified? Or should law enforcement be notified? If law enforcement takes control of your system or confiscates your computers, what impact does that have on your operations? But without their assistance how can the attack be stopped?

One thing however is clear, without a plan the response will be PANIC! Decisions will need to be made quickly and under pressure. Similar to the fire drills and tornado drills that we all experienced in school, preparation is key.
The first step is to identify stakeholders. This is not an IT only issue. Develop a CIRT – Computer Incident Response Team. Determine what positions need to be included on the team not the individuals. Before the plan is implemented individuals may have changed or left the company.

Establish a command center/war room where the team can convene. Remember, every minute that it takes to respond costs you money.

What is your communication plan both internally and externally? It is important that your employees be trained that they are not to communication anything that they “think” they know. Until the facts are determined communication channels need to be controlled.

It is likely that an outside forensic IT investigation firm will need to be engaged in order to determine what has happened, how it happened, and what is the status. What firm will you engage and what is the cost?

Do you have legal counsel that is prepared to respond ? Are they experts in this area of the law and familiar with the various statutory and jurisdictional requirements? What is the scope of your engagement with the firm and their fee? Will they be in a position to be your liaison with law enforcement and regulators? Will these attorneys be able to prepare notification letters?

Included with notification are the costs of paper, postage, call center, website management, etc. Are you prepared to make these arrangements and absorb these expenses?

When it comes to communication, maintaining your reputation with your customers, vendors, employees and the public will be crucial. Will you be engaging with a Public relations firm to manage these communications? How will the media be managed when reporters request information?

How will the communication with regulators be handled. Various bodies have the authority to fine and penalize a business.

Do you have experience in negotiating with cyber extortionists? Will you be in a position to decide to pay or not pay a ransom demand? How familiar are you with bitcoin?

According to a recent survey by 451 Research, 30% of businesses indicated that they have a breach response plan and only 25% have cyber insurance. However, various studies indicate that the cost of a data breach ranges from $160 to $360 per record, depending on the industry and specifics of the breach.

Cyber insurance can play an important role in this entire process. I say CAN because the scope of coverage, risk management services, and breach response vary greatly and significantly among the 60+ carriers that offer “cyber” insurance. The insurance is not an alternative to having a robust response plan but can complement and provide outside resources and vendor relationships. It is important to choose an insurance partner that can help you not only identify your risks and exposures, will provide you with a vital partnership in assessing and responding to situations as they arise.

Topics: Cyber Liability

Are you overpaying to be under insured?  Survey says: Yes

Posted by Brandy Enger

Mon, Sep 12, 2016 @ 11:34 AM

Garbage-of-cash.jpgAs a financially successful individual, you have proven yourself to be money savvy – saving when you can and investing wisely.  But are you spending your hard-earned wealth wisely when it comes to insurance?  


In 2012, ACE Private Risk Services [now Chubb®] conducted a survey of more than 600 independent insurance brokers and asked if their clients were over or underinsured with their previous mass-carrier insurance for 21 types of coverage.  The results showed that a non-personalized insurer does not appear to be doing their due diligence when it comes to their client’s financial security.

According to the survey, 63% of independent insurance agents were able to insure a new client properly and keep the annual premium at no more than 5% above the mass-carrier price.  In half the cases, it was less.  

But what were the top areas where clients were overpaying? 

  • Having deductibles that were too low
  • Failing to earn package discounts
  • Not getting premium credits for alarm systems and other loss prevention devices
This is why I continually ask my clients to consider how much they could pay for a loss without significantly affecting their lifestyle, and then provide an estimate on the premium savings they could achieve.  In most cases, the savings can be substantial.

And what about underinsuring?  Coverage for umbrella liability, valuable collections, uninsured/underinsured liability, and rebuilding a damaged home remained the most likely underinsured risks, with a shocking 92% being underinsured in the category of umbrella liability.  This is especially frightening when you consider that in 2008, $29 million was awarded to the family of a four-year-old boy who suffered a debilitating spinal cord injury while riding as a passenger in a vehicle  involved in a head-on collision.

I have personally run into situations that mirror the results of this survey.  I often meet with individuals who are underinsured or incorrectly insured with their current insurance carrier.  Many insurance carriers in the mainstream market simply cannot provide the types of coverage that an affluent individual needs.  These individuals often own assets that could be covered more effectively and for less premium if they were with the proper carrier.

This is why I’m so proud to be an Independent Insurance Agent.  My goal is to consider your holistic lifestyle when recommending insurance coverage – I like to call it a rebalancing of your insurance program.  Because of the multiple facets that comprise your lifestyle, there are more variables available for adjusting coverage in order to keep you properly insured and not paying too much. And since we represent multiple markets, I am confident that one of our luxury insurance carrier partners will be the perfect fit for you and your needs.

10 Questions:  Are You Overpaying to be Underinsured?

Topics: Personal Insurance

Business Owners Beware: Network Attacks are not Covered by Standard Business Interruption/Income Insurance Policies

Posted by Carla Borda

Fri, Sep 09, 2016 @ 03:53 PM

RRI-Network-Security.gifWhat happens to your business in the aftermath of a disaster? That depends, in part, of the definition of disaster.

Most businesses are familiar with Business Interruption/Income Insurance. The first Business Interruption policy was issued by London Underwriters in 1939 and is designed to put the insured company back into the same financial position that which it would have enjoyed had the disaster not occurred. However, according to the American Insurance Association , the coverage is only triggered in three limited circumstances:

  • There is physical damage to the premises of such magnitude that the business must suspend its operations
  • There is physical damage to other property caused by a loss that would be covered under the company’s insurance policy, and that damage totally or partially prevents customers or employees from gaining access to the business
  • The government shuts down an area due to property damage caused by a peril covered by the company’s insurance policy that prevents customers or employees from gaining access to the premises

So what happens in the event of a cyber attack? Unfortunately, a Network attack is not considered a disaster and is not covered by the standard Business Interruption/Income insurance policy.
What constitutes a network attack? Consider the following:

  • The intentional and unauthorized gaining of access to or use of the insured’s network (computer hardware, software, firmware, electronic data stored on or within the network, connected by two or more computers including networks accessible through the internet, intranet, extranets, virtual private networks)
  • Receipt of targeted malicious code from an external source
  • A targeted denial of service attack

According to a report recently released by EMC Corporation for its Global Data Protection Index 2016, the average cost of a data loss and disruption is $913,958 per organization. In addition, the average costs of unplanned system downtime is $550,000 and the average length of downtime is 22 hours. Over 70% of study participants responded that they did not think that their organization would be able to fully recover their system or data.

How do you recoup data forensic expenses, costs to restore or replace digital assets, extra expenses, and the reduction in business income? Fortunately, insurance coverage can be obtained through a Cyber Insurance Policy. Unfortunately, coverage is not offered by all carriers, is frequently overlooked and not understood. This creates a significant risk to any business operations.

References:
American Insurance Association
EMC Corporation, Global Protection Index 2016
Allied World Insurance policy forms SRVS2 00002 and SRVS2 00052 00

Topics: Cyber Liability

Coinsurance Penalties | How to Avoid Any Unpleasant Surprises

Posted by Sandy Hein

Wed, Sep 07, 2016 @ 09:30 AM

iStock_76526599_LARGE.jpgCoinsurance is the percentage of property value that the policyholder is required to insure.

If one insures the property for less than that amount, the insurance company imposes a "coinsurance penalty" once a claim is filed.  The value is determined at the time of the loss. If the amount of insurance is found to be under the stated coinsurance percentage, then a penalty is applied reducing the claim payment.

Most business policies include a "coinsurance" clause, determining what percentage of its value the property must be insured for in order to be fully reimbursed for a loss.

Example: There is a building that one believes would cost $100,000 to replace and a coinsurance penalty in the policy of 80 percent. One insures the building for $80,000 thinking they have fulfilled the coinsurance clause. A fire loss causes $60,000 worth of damage so a claim is submitted. The insurance company subsequently determines that the replacement cost of the building is actually $150,000.

To determine how much to pay on the claim, the insurer divides the amount of insurance purchased ($80,000) by the amount that should have been purchased (80% of $150,000 or $120,000). The result (two-thirds, or $40,000) is the amount of the claim the insurer will pay.


If the building had been insured for at least $120,000, the insurer would have been reimbursed for the full amount of the loss.

 

Coinsurance can be tricky and could end up having a high cost if one under insures the property.

Reach out to one of R&R's Knowledge Brokers to ensure that you have the proper amount of coverage and to clarify any questions you may have on coinsurance.

 

 

Topics: Business Insurance, coinsurance, coinsurance penalty

R&R Insurance Services Welcomes Steve King as Risk Management Consultant

Posted by Molly Niklasch

Fri, Sep 02, 2016 @ 11:09 AM

Steve_King_directory.jpgWaukesha, WI – R&R Insurance Services, Inc. welcomes Steve King as Risk Management Consultant.

Steve has more than 30 years of experience in the insurance industry, including strategic planning, territorial management, underwriting and risk management. His greatest satisfaction is solving problems for clients. As a member of R&R’s Professional Service Division, Steve will be developing and implementing quantifiable risk service plans, and providing risk management stewardship and client advocacy with carriers.

 “Steve is incredibly passionate and brings a great deal of knowledge to R&R,” states Ken Riesch, President of R&R Insurance Services. “We look forward to adding his experience to our Professional Service team and are excited about the continued growth of R&R.”

Click to learn more about Steve.

R&R Insurance Services, Inc. has served the insurance needs of southeastern Wisconsin since 1975. Today, R&R is Wisconsin’s largest singly owned independent insurance agency offering businesses and individuals a full range of insurance products including property casualty, employee benefits, workers compensation, liability, life, dental and home/auto. R&R is also a shareholder with Assurex Global, a worldwide network of leading independent insurance agencies.

Topics: R&R Insurance, R&R Insurance Services, R&R Insurance News

Leasing a Personal Vehicle Back to a Business - Are You Covered?

Posted by Brian Bean

Thu, Sep 01, 2016 @ 12:44 PM

Bob is the owner of Giovin, Inc. He owns a car that is titled in his name only.  He also uses the car primarily for the business of Giovin, Inc.  Because of that, Bob had his insurance agent add the car to Giovin Inc.’s commercial automobile policy.  Bob even has a lease with Giovin that pays iStock_000010641551_Large.jpgBob for the use of that car.  This seems like a great deal for Bob, and in the real world, this scenario happens fairly often.

However, there is a serious coverage problem with this arrangement.  Bob may not be covered personally if there is an accident.  Here is an example of what might happen:   

Let’s say Bob is driving the car on business for Giovin Inc., when he rear ends another car, injuring the occupants.  The occupants file a lawsuit against both Bob, personally, and Giovin, Inc.

This is when Bob gets a nasty surprise.  A standard commercial automobile policy does not cover and defend Bob in this situation.  He will have to pay for his own defense in this lawsuit.  If there is a judgment or settlement, he will likely have to pay that personally as well.

This outcome could have been avoided if Bob had told Giovin’s insurance agent that he was the owner of the vehicle, not Giovin, Inc.    

This situation can be handled to make sure that Bob is covered under the policy.  There are different ways of doing that, and the first step is making your agent aware of who actually owns what vehicle.  To be sure, the insurance carrier’s underwriters will have some questions that will need to be answered.  

A good rule of thumb when it comes to commercial automobile policies:  If a vehicle is titled to someone other than the business named in the policy, you need to check with your agent to make sure that the actual owner is covered in case of an accident.      

Contact a Knowledge Broker at R&R Insurance for additional information.

Topics: Auto Accidents, Auto Insurance, auto policy

What to Ask When Looking to Insure Your Drone

Posted by the knowledge brokers

Wed, Aug 31, 2016 @ 01:00 PM

In the marketplace, drones are on the rise as a commercially used technology. When looking to insure them, there are questions that need to be answered when discussing coverage options.Drone-1.jpg

  1. Are all drones registered with the FAA?
  2. Are all operators certified to fly drones?
  3. Can the operator provide evidence of his/her certification?
  4. How will the drone be used?
  5. Where will it take off, land, and what is the flight path?
  6. Will flights take place around the public?
  7. Will the unnamed aerial vehicle remain within its operator’s line of sight?
  8. How high and how fast will it fly? (Right now drones are limited to an altitude of 400 feet and a speed of 100 mph)
  9. Is there a maintained log kept to show all flight activity?
  10. Will the drone collect data; including pictures, video, or sound?
  11. How will the data be used?
  12. What are the possibilities for unintended eavesdropping?
  13. Has the drone owner or operator had any drone related incidents that could lead to a claim?

These questions are based on an article found in Best’s Review, April 2016, article, Flight Risk, by Angela Adams.

For further information about drones and their rules and regulations, hazards, and coverage under commercial insurance, check out this article from the R&R blog.

Topics: commercial drones, Drones, insurance for drone

Three Ways to Help You Save Money on Life Insurance

Posted by Tom Driscoll

Tue, Aug 30, 2016 @ 03:01 PM

Safety_Net.jpgThere may be a silver lining to the economic crisis that Americans have lived through over the past few years:  We have become accustomed to spending less and saving more.  Even as the economy rebounds, many people continue to look for ways to keep their household budgets in check.   Luckily, spending less doesn’t have to mean doing with less, especially when it comes to life insurance coverage.  There are ways you can maintain your coverage, but pay less for it.

“Life insurance is a financial safety net for your loved ones, so it’s critical to maintain that coverage especially with the uncertainty that remains in the economy,” says Tom Driscoll with R&R Insurance.  “But keeping that coverage doesn’t have to be a financial burden.  There are ways to save money on your existing coverage, and I’ve got some tips to help you do just that.”

September is Life Insurance Awareness Month, the perfect time to review your life insurance needs with an insurance professional.  If you already have coverage, you may be able to cut costs based on the following says Driscoll:
  1. You’re healthier.  If you have quit smoking, lost a substantial amount of weight or made significant improvements to your health, let your insurance company know.  You may be able to qualify for a lower rate on your coverage.
  2. Rates are near historic lows.  Life insurance rates remain near historic lows.  In fact, the cost of basic term life insurance has fallen by nearly 50 percent over the past decade.  So, if your family’s budget is tight and your health status hasn’t changed much since the last time you purchased coverage, you may want to apply for a new policy.  If you do, make sure not to drop your current coverage until the new policy is in force.
  3. Circumstances have changed.  It is smart to review your policy every year to make sure it’s adequate and up to date.  If the kids are out of the house, your mortgage is paid down, you’ve gotten divorced or family members no longer need your  financial support, your need for life insurance coverage may have decreased.  A smaller face amount policy will likely save you money.

“If people depend on you financially, life insurance is an absolute must,” says Driscoll.  “But no one should pay more than they have to.”

Interested in a free review of your current life insurance policy?  Contact us.

About Life Insurance Awareness Month

Held each September, Life Insurance Awareness Month is an industry-wide effort that is coordinated by the nonprofit LIFE Foundation.  The campaign was created in response to growing concern about the large number of Americans who lack adequate life Insurance protection.  Roughly 70 million adult Americans have no life insurance, and most of those who do have far less coverage than more financial experts recommend.  For more information on life insurance, visit LIFE’s website at www.lifehappens.org.

Topics: Life Insurance

Start Protecting the Future of Your Business Now

Posted by Pat Driscoll

Fri, Aug 26, 2016 @ 11:58 AM

iStock_82857389_LARGE.jpgMany high net worth business owners are going to be impacted by the Federal Estate Tax – a rate that is higher than the highest Income Tax Rate. It’s a 40% tax on any assets exceeding the Unified Credit level. The IRS has two “Trump Cards” to play that can push you into that tax bracket.

Personal or corporate-owned life insurance can unintentionally bump the values of their estates at the worst possible time – death. The second and potentially even more damaging trigger is pegging the value of their business. They may be operating with the notion that Book Value will be the accepted method used by the IRS. It typically is not. Some combination of Book Value and Capitalization of Earnings is a far more likely method.

Imagine what would happen if your business suddenly had to continue without you, a partner or key employee. The death, disability or retirement of a key executive causes a number of problems which can be addressed with proper planning.

Through R&R, you can make sure that you are covered in case the unexpected happens. Please contact Tom or Pat Driscoll to get more information on R&R's business valuation services and more.  

Topics: estate planning, business valuation

Don't Forget the Importance of Data Breach Coverage

Posted by Kimberly Strand

Wed, Aug 24, 2016 @ 01:09 PM

More than ever in this day in age, we hear about major retailers having a breach of customers' personal information. By the time you realize one happened to your business, its often too late. Therefore, it is best to be aware and protected just in case. Do you know if your business covered for a Data Compromise?

iStock_48001872_LARGE_data_breach.jpgWhat is a Data Compromise?
  • A breach of a company’s network, in which customer information is stored, processed,  transmitted, etc. 

What do I need to do to make sure my business is covered?

  • Be sure to talk to your insurance agent about Data Breach Coverage today! When purchasing Data Breach Coverage you will want to make sure Response Expense AND Defense & Liability Coverage is included.

Response Expense can help provide service to help your business comply with state laws requiring notification, credit monitoring, and identity restoration.  Some items you want to confirm are included in your insurance provider’s response expense are as follows:         

  • Provides coverage for notification to customers who may have been affected by a data breach
  • Provides 12 months of credit monitoring after data breach
  • Forensic IT Review coverage to cover costs associated with hiring a third party computer expert to help determine the extent and origin of the data breach
  • Legal review to pay for costs of professional advise
  • Public relations coverage to pay services needed to retain goodwill with your customers

Defense and Liability Coverage will cover defense and settlement costs in the event a customer/s bring suit against your company.

 

If you have any questions about your current coverage or want to learn more about setting up a policy, contact a Knowledge Broker.

Topics: Cyber Liability, data breach