If the future could be predicted with 100% accuracy, individuals and organizations could plan precisely how to avoid or address their exposure to loss. The fact is that unpredictable events can thwart predictions of performance thus preventing individuals and organizations from accomplishing planned and expected results. The threat of loss encourages consideration of how to deal with its consequences. Risk management has become the discipline used to address this uncertainty.
Insurance is a component of risk management, not a substitute for it. In exchange for the payment of a “known loss” (the premium) insurance transfers the financial burden of loss exposures from the insured entity to the insurer. Transferring loss exposures by the purchase of insurance is the most frequently suggested method of handling risk. Unless organizations are successful in discovering the most efficient method of financing every identified loss exposure, they are jeopardizing their competitive position and perhaps even their future existence. Most small businesses and not for profit organizations cannot afford to employ a full time risk manager. In many cases an experienced insurance broker can perform a valuable service by initiating the risk management process consisting of five phases:
Risk Identification: What exposures to loss currently exist or may exist in the future?
Risk Analysis: What exposures exist to property, liability, net income, human resources?
Risk Control: Methods include: Avoidance, prevention, reduction, segregation, contractual transfer, and a coordinated combination of them.
Risk Financing: Acquisition of funds to pay for losses. This is risk retention versus risk transfer.
Risk Administration: Corporate planning, policy development, safety programs, contingency and catastrophe planning, as well as crisis management.
Risk management is an all-encompassing approach to handling risk by identifying, analyzing, controlling and financing risk. Effectively done, risk management offers a thorough and efficient approach to addressing the expense of potential loss to any organization. A comprehensive analysis of current insurance programs is essential to this process. The following are examples of policies that should be reviewed for accuracy of information, adequate limits, appropriate deductibles, insured parties, applicable exclusions, etc.:
- Commercial General Liability
- Business Interruption
- Commercial Auto
- Errors & Omissions
- Professional Liability
- Workers Compensation
- Employment Practices Liability
- Directors & Officers Liability
- Cyber Liability & Network Security
It is important to note that each policy covers a different element of risk. There is no redundancy from one type of policy to another. Throughout the insurance industry, risks that are covered by one type of policy are not covered by another unless provided as part of a comprehensive “package” policy.
Cyber Liability Insurance is very new to this list and continues to evolve as technology evolves with all of it complexities and nuances. Considering that insurance is based on actuarial science and the theory of large numbers, insurance underwriters are having a particularly difficult time getting their arms around the nature of the risk and the ultimate costs associated with a cyber breach. While we are all aware of a few highly visible and well-publicized breaches (SONY, Target, Anthem Health…) the fact is that the vast majority of breaches are not reported for a variety of reasons.
Learn more about cybersecurity insurance and protecting your personal and small business interests at the National Cybersecurity Institute.