Skip Ribbon Commands
Skip to main content

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

 

 ‭(Hidden)‬ Catalog-Item Reuse

Are Your Public Entities Clients in Denial about Cyber?

Public entities are unique among commercial insurance exposures for a variety of reasons. But when it comes to cyber exposure, they're just like any other commercial risk: vulnerable.
Sponsored by

Earlier this summer, 20-year-old Michelle Carter was found guilty of involuntary manslaughter for sending bullying texts that led to her boyfriend’s suicide three years prior.

The verdict is a prime example of how technology continues to expand liability concerns for educational institutions, from traditional exposures like physical abuse and molestation to the unprecedented risks associated with harassment and bullying that happen via online and mobile platforms.

“Although the school was not implicated [in this case], industry observers worry that it is only a matter of time before plaintiffs’ attorneys look for deep pockets to mine in bullying cases,” explains Harry Tucker, executive vice president, national property practice leader, AmWINS Group, Inc.

Public entities are unique among commercial insurance exposures for a variety of reasons—they tend to have larger property schedules and concentrated locales, for example, and many prefer to use interlocal pools to obtain insurance. But when it comes to cyber exposure, public entities are just like any other commercial risk: vulnerable.

“The hot topic for the insurance industry as a whole is cyber,” Tucker says. “It’s an area where we see a lot of growth, and we’ll continue to do so in the future.”

Like many commercial lines, the public entities insurance space is currently characterized by extremely low prices. According to Tucker, pricing on catastrophe-driven public entities property accounts has ranged from flat to down 7%, “with many taking no savings in lieu of reduced deductibles or increasing limits. We believe rate reductions will remain in this range for CAT accounts throughout 2017.”

While pricing for non-CAT accounts has remained closer to flat, “many carriers have given 10-15% off rate for the last four years, and it seems that some are reaching a breaking point,” Tucker adds. “The non-CAT driven attritional losses in the marketplace have been difficult for many carriers, many of whom are simply not making money.”

“It is a very soft market,” agrees Mark McCrary, president of Glatfelter Public Practice, a division of Glatfelter Insurance Group. “As far as the rest of the year, I think we’ll see continued flatness to a slight downward trend. Those that have renewals are working very hard to keep them. To the extent that carriers can keep a risk out of the marketplace, they will.”

In such a soft market, your public entities clients are likely to shop around frequently to take advantage of steeply declining prices—which means you need to be able to offer them something that makes the business stick. Cyber insurance could be the value-add that opens that door.

“It’s under-discussed and it’s under-focused on,” McCrary says. “Public entities often think they’re immune from it or that they’re not going to get hit. I sat in a meeting with an insured, a very large school district, and listened to one of their IT people say, ‘Oh, we’ve got that covered’—meaning it’s not an issue and it’s not a problem. Well, it is an issue, and it is a problem.”

Whereas the necessity of cyber coverage is finally starting to set in for small businesses, awareness remains low among public entities in particular, McCrary observes. A business owner can suffer dearly from cyber extortion, intentional or unintentional disclosure of personally identifiable information (PII), or a computer virus—“it could destroy their livelihood,” he says. But an official who oversees a public entity may harbor the misconception that even if a cyberattack occurs, the public entity will “carry on as usual.”

“I don’t know that there’s the same level of ownership with a public entity as there is with a private business,” McCrary explains. “If public officials were the CFO of family-run ABC Trucking Company, they might have a different focus. We’ve come to learn in this day and age that no business—public entities included—is immune from cyber threats.”

From schools to utility providers to government organizations, every public entity has a wealth of PII on file. “Student records, tax data, online billing information—that’s all PII, and that’s the big red flag you’re supposed to protect,” McCrary says.

Whether it’s a standalone policy or an endorsement to the public entities policy, your clients “should have cyber coverage somehow, some way,” urges McCrary, who adds that privacy crisis management expense and extortion coverage are equally important.

And remember: “Public entity insurance is local,” McCrary says. “Everybody lives somewhere. Whether the municipal subdivision is a county, city, town, village, hamlet—for agents, it’s all a great marketplace. There’s no shortage of entities out there.”

Jacquelyn Connelly is IA senior editor.

13826
Tuesday, June 2, 2020
Public Entities