Upload File

computer insurance: part iii — consequential loss

  • Home
  • Documents
  • Computer insurance: Part III — Consequential loss
3
JULY - AUGUST THE COMPUTER LAW AND SECURITY REPORT insurers have been involved in producing the indemnity limits required. As there are only a limited number of insurers writing this class of business, high indemnity limits may no longer be available, or are only achievable by utilising international and reinsurance markets as well as the UK facilities. The problems of agreeing a common wording, however, can mean that cover is reduced to the lowest common denominator. A wording acceptable to the primary insurer may not be acceptable to one of the excess layer insurers and the cover may have to be restricted throughout the whole indemnity limit to achieve equanimity. Virtually all professional indemnity policies have carried a small degree of self insurance: usually a small excess (deductible in American terminology) which the Insured could elect to increase in return for premium savings. However, whereas in the soft market the mandatory excess could have been £500, insurers are now calling for far higher figures, requiring the Insured to bear a significant proportion of the risk, thus providing a real incentive to improve his professional standards. This co-insurance could take the form of an excess of between £5,000 and £50,000 for small practices; up to ten times those amounts for large companies. Alternatively, it could take the form of a self-insured percentage: usually between 10% and 20% of every claim. It may also be necessary for the Insured to take a higher excess than the minimum imposed by the insurer so as to release capacity for a higher limit at the upper end. Finally, premiums: to renew existing indemnity limits, not necessarily with the same breadth of cover, professional indemnity premiums are more than doubling generally, with increases of up to 1000% for certain professions. Because of the laws of supply and demand there can be significantly greater overall premium increases for high indemnity limits. Companies that bought high limits when they were cheap are having to rethink, and return to the lower limits of earlier years. Conclusion The manufacturers' equivalent of professional indemnity insurance, product guarantee cover, has been only spasmodically available for many years, partly because whenever an insurance company tries to underwrite the risk it loses money, and partly because it is felt by some that insurance against the quasi-commercial risk of not fulfilling your salesman's promises or your customer's expectations is not a risk for which insurance cover should be available. If the current trend in the professional indemnity market continues there may be some professions that have the same problem with their professional indemnity covers. But having professional indemnity insurance is a requirement of many professional bodies, or imposed as a requirement on the part of some companies. At the end of the day the only solution is to reverse the upward trend in claims. Whilst part of the problem, the advance in consumerism, is outside the Insured's control, there is still much that can be done. Higher standards - quality control for the professions ARE achievable. I will return to this subject in a future article. David Davies - - o 0 o - COMPUTER INSURANCE: PART III - CONSEQUENTIAL LOSS In the eyes of most of the insurance industry the computer is just a valuable asset. Examine a typical computer policy and you will find that a large proportion of the cover concerns the repair or replacement costs of the computer itself. Other aspects of cover (of which more later) are almost thrown in as nominal extensions. To achieve a more realistic view of the consequential loss risk it is necessary to take a different view: to think not of the computer but of the computing function, and of the risk of interruption to that function. The computing function is not dependent upon the hardware alone: it's component parts are: • The computer hardware • The building in which the computer is located • The environment (air conditioning, temperature and humidity regulation) • Electricity • The network of telecommunications lines and modems between the computer and it's terminals The software that is needed to run the critical systems The data that is accessed by the computer for its critical functions The operators, programmers and other key computer personnel Destruction or corruption of any of the elements listed above could result in interruption to the computing function. The consequences of that interruption will vary from inconvenience to massive profit loss, possibly leading to insolvency. With this in mind I will examine the ways in which companies insure their computer consequential loss risk. Specified events The first critical aspect of any insurance policy is the specified events, or perils, that will trigger the cover. The second critical aspect is often overlooked: that the policy also specifies, and will only respond to, certain defined consequences. Thus a fire policy does not cover all the consequences of fire, but only the cost of repairing or replacing the damaged property. There is no cover for the secondary consequences, the results of that damage or destruction: for example, the lost production, and thus lost profit, that may follow the destruction of production machinery. This cover is provided by a second policy, usually referred to as loss of profits, or consequential loss. Most companies have a consequential loss policy covering all of their business activities. The specified perils are usually those that are traditionally thought of as being capable of causing massive disruption - fire, lightning, aircraft and explosion. (Usually known as the catastrophe perils). More perils than this are usually insured against for loss or damage policies. The theory is that a non-catastrophe peril may produce significant repair or replacement costs but it could not be serious enough to affect the companies ongoing business activities. The secondary consequences covered are usually confined to lost profit, or revenue, incurred during a specified indemnity period. This period, usually between 12 and 24 months, must be sufficient not only for the replacement of the damaged property, but also for the time required for total recovery: to catch up on the backlog, regain lost customers, etc. The Insured is allowed, indeed required, to incur extra costs to minimise his profit loss, for example by hiring temporary premises, provided the amount spent is less than the amount saved within the indemnity period. To paraphrase Mr. Micawber, "Annual costs incurred £999, annual profit saved £1000, result happiness. Annual costs incurred £1001, annual profit saved £1000, result misery." I will discuss this "economic limit" further later on. 10

Upload: david-davies

Post on 21-Jun-2016

212 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Computer insurance: Part III — Consequential loss

JULY - AUGUST THE COMPUTER LAW AND SECURITY REPORT

insurers have been involved in producing the indemnity limits required. As there are only a limited number of insurers writing this class of business, high indemnity limits may no longer be available, or are only achievable by utilising international and reinsurance markets as well as the UK facilities. The problems of agreeing a common wording, however, can mean that cover is reduced to the lowest common denominator. A wording acceptable to the primary insurer may not be acceptable to one of the excess layer insurers and the cover may have to be restricted throughout the whole indemnity limit to achieve equanimity. Virtually all professional indemnity policies have carried a small degree of self insurance: usually a small excess (deductible in American terminology) which the Insured could elect to increase in return for premium savings. However, whereas in the soft market the mandatory excess could have been £500, insurers are now calling for far higher figures, requiring the Insured to bear a significant proportion of the risk, thus providing a real incentive to improve his professional standards. This co-insurance could take the form of an excess of between £5,000 and £50,000 for small practices; up to ten times those amounts for large companies. Alternatively, it could take the form of a self-insured percentage: usually between 10% and 20% of every claim. It may also be necessary for the Insured to take a higher excess than the minimum imposed by the insurer so as to release capacity for a higher limit at the upper end. Finally, premiums: to renew existing indemnity limits, not necessarily with the same breadth of cover, professional indemnity premiums are more than doubling generally, with increases of up to 1000% for certain professions. Because of the laws of supply and demand there can be significantly greater overall premium increases for high indemnity limits. Companies that bought high limits when they were cheap are having to rethink, and return to the lower limits of earlier years.

Conclusion The manufacturers' equivalent of professional indemnity insurance, product guarantee cover, has been only spasmodically available for many years, partly because whenever an insurance company tries to underwrite the risk it loses money, and partly because it is felt by some that insurance against the quasi-commercial risk of not fulfilling your salesman's promises or your customer's expectations is not a risk for which insurance cover should be available. If the current trend in the professional indemnity market continues there may be some professions that have the same problem with their professional indemnity covers. But having professional indemnity insurance is a requirement of many professional bodies, or imposed as a requirement on the part of some companies. At the end of the day the only solution is to reverse the upward trend in claims. Whilst part of the problem, the advance in consumerism, is outside the Insured's control, there is still much that can be done. Higher standards - quality control for the professions ARE achievable. I will return to this subject in a future article.

David Davies

- - o 0 o -

C O M P U T E R I N S U R A N C E : P A R T III - C O N S E Q U E N T I A L L O S S

In the eyes of most of the insurance industry the computer is just a valuable asset. Examine a typical computer policy and you will find that a large proportion of the cover concerns

the repair or replacement costs of the computer itself. Other aspects of cover (of which more later) are almost thrown in as nominal extensions. To achieve a more realistic view of the consequential loss risk it is necessary to take a different view: to think not of the computer but of the computing function, and of the risk of interruption to that function. The computing function is not dependent upon the hardware alone: it's component parts are:

• The computer hardware

• The building in which the computer is located

• The environment (air conditioning, temperature and humidity regulation)

• Electricity

• The network of telecommunications lines and modems between the computer and it's terminals

• The software that is needed to run the critical systems

• The data that is accessed by the computer for its critical functions

• The operators, programmers and other key computer personnel

Destruction or corruption of any of the elements listed above could result in interruption to the computing function. The consequences of that interruption will vary from inconvenience to massive profit loss, possibly leading to insolvency. With this in mind I will examine the ways in which companies insure their computer consequential loss risk.

Specified events The first critical aspect of any insurance policy is the specified events, or perils, that will trigger the cover. The second critical aspect is often overlooked: that the policy also specifies, and will only respond to, certain defined consequences. Thus a fire policy does not cover all the consequences of fire, but only the cost of repairing or replacing the damaged property. There is no cover for the secondary consequences, the results of that damage or destruction: for example, the lost production, and thus lost profit, that may follow the destruction of production machinery. This cover is provided by a second policy, usually referred to as loss of profits, or consequential loss. Most companies have a consequential loss policy covering all of their business activities. The specified perils are usually those that are traditionally thought of as being capable of causing massive disruption - fire, lightning, aircraft and explosion. (Usually known as the catastrophe perils). More perils than this are usually insured against for loss or damage policies. The theory is that a non-catastrophe peril may produce significant repair or replacement costs but it could not be serious enough to affect the companies ongoing business activities. The secondary consequences covered are usually confined to lost profit, or revenue, incurred during a specified indemnity period. This period, usually between 12 and 24 months, must be sufficient not only for the replacement of the damaged property, but also for the time required for total recovery: to catch up on the backlog, regain lost customers, etc. The Insured is allowed, indeed required, to incur extra costs to minimise his profit loss, for example by hiring temporary premises, provided the amount spent is less than the amount saved within the indemnity period. To paraphrase Mr. Micawber, "Annual costs incurred £999, annual profit saved £1000, result happiness. Annual costs incurred £1001, annual profit saved £1000, result misery." I will discuss this "economic limit" further later on.

10

Page 2: Computer insurance: Part III — Consequential loss

THE COMPUTER LAW SECURITY REPORT 2 CLSR

Whereas heavy production machinery was indeed sensitive only to catastrophe perils, the computing function is sensitive to a far wider range of events that may affect any of it's component parts. It is for this reason that most companies supplement their general damage and consequential loss covers with a specific computer policy that has it's own cover for both damage and consequential losses.

The computer policy Most computer policies can be divided into three sections: accidental damage to computer equipment, loss or corruption of data, and consequential loss. This article is concerned with that third section alone. (the first two aspects have been covered in the first two articles in this series) The perils covered by most modern computer policies are:

• The consequences of any incident covered by the material damage section of the policy. The wording of the material damage section on matters such as breakdown, where contingent cover only is usually provided, is therefore far more critical for the consequential loss cover which 'follows' it than for the material damage cover itself.

• Damage to or breakdown of air conditioning plant, This cover, relevant in installations that are temperature sensitive, may be provided by including air conditioning plant in their equipment schedule of the material damage cover (in which case resulting downtime will be included in the consequential loss cover which follows it). Alternatively, it may be omitted from the material damage section, but losses consequent upon damage to or breakdown of air conditioning plant can be included as a specific peril under the consequential loss cover. • Failure of public electricity supplies. This part of the policy is usually one in which insurers tie themselves in double and even triple negatives. All policies exclude deliberate acts by the supply company; some wordings then exclude from the exclusion acts to safeguard the system or preserve human life. In other words, cover applies to all incidents of accidental failure, and any deliberate acts for the reasons stated. Whilst this wider wording is desirable it would be even more desirable if it were expressed in simpler terms. Whereas most aspects of the consequential loss policy are normally subject to a time excess of between 24 and 72 hours the cover for failure of electricity is usually subject to a lower excess of between 2 and 6 hours in recognition of the speed with which such services are usually restored.

• Failure of external land lines. Again, the deliberate acts/double negative syndrome applies. Check carefully whose land lines are referred to: some policies specify British Telecom, which would exclude any part of the system operated by Mercury and, in future, others. Other policies still refer to the Post Office! A timeless wording is probably a system operated by any supplier licensed by Government. Even this wording would not include overseas or subterranean land lines, or indeed satellite links. If such cover is needed it must be specially negotiated.

• Denial of access following damage in the vicinity of the premises. This could be very relevant if, for example, the computer is in multi-occupation premises and a fire elsewhere in the building results in part or all of the building being closed because the fire has rendered it structurally unsafe.

Shortcomings of computer policies It will be seen that the modern computer policy provides cover for many of the key components of the computing function. However, as I pointed out in the previous article, loss or

corruption of data and software is rarely covered for consequential losses, merely for the cost of re-inputting data. However, the shortcomings of the computer policy become really apparent when the other aspect of the wording is examined: the limited consequences for which cover is provided. There can be three major consequences of computer downtime; in ascending order of severity: • Increased costs incurred to prevent or minimise the disruption • Lost interest and/or additional interest charges incurred because of cash flow disruption following delayed billings or bankings • Loss of revenue or turnover, hence loss of profit.

The majority of companies have no adequate disaster recovery plans, and could realistically therefore expect to resume some critical computing functions after a minimum of ten weeks from the disaster. However, analysis of the same companies criticality period, that is the point in time at which the absence of the computing function begins to hit key trading activities, and hence profit, usually reveals something between four and ten days. With a period that short the range of events that could cause downtime in excess of the critical period is extremely wide, including accidental and malicious damage to hardware, breakdown, loss of data and software and loss of telecommunications links. Examine the same companies insurance policies and the result is usually the same: loss of revenue or profits cover is confined to the traditional catastrophe perils (fire lightning etc) covered by a general profits policy, and the computer policy covers the wider range of computer sensitive perils, but for increased costs of working only. This reflects a situation that held true some years ago, when batch processing could easily be diverted to the bureau or the neighbouring company, but that has been totally invalidated by real time access, full capacity working and the links of the telecommunications network. Unfortunately few computer users and insurance advisors have reconsidered the position from the point of today's reality: insurers continue to offer, and computer users continue to accept, policies that were designed for a totally different technology to the one in use today.

The right cover Until recently I would have recommended that the computer policy should cover loss of profits, for a first loss sum insured that has been calculated in conjunction with the disaster recovery plan. It may also be necessary to insure uneconomic costs, ie costs that are greater than the short or medium term profit loss that they avoid. Again, the disaster recovery plan will help in the calculation of the sum to be insured. Even the best disaster plans can fail, for example because another subscriber has invoked the standby contract before you, in which case the profit loss could be far higher than anticipated. There will therefore be two elements for rating purposes; the inevitable costs and loss of profit that will occur even if the recovery plan progresses smoothly, and the contingent profit loss (usually a far greater figure) that will apply if the recovery plan fails. The premium rate charged for the second, contingent cover, should be a small fraction of the first: at most, 10%. However, whereas most insurers will give premium concessions for fire extinguishers that no one knows how to use, few will give reductions for the use of a standby centre, or other committed recovery means. My ideal cover assumes that the Insured has also played his part and prepared a realistic disaster recovery plan. If this

11

Page 3: Computer insurance: Part III — Consequential loss

JULY - AUGUST THE COMPUTER LAW AND SECURITY REPORT

is not the case it becomes almost impossible to arrange consequential loss cover correctly because the financial impact cannot be calculated. To what extent will manual or temporary computer fall-back be possible, and to what extent will the company's activities still be affected? What will this mean in terms of short term profit loss? What increased costs are likely? How will cash flow be affected? Will additional overdraft facilities be required, and if so is it likely that they will be provided? Will there be any long term customer and market share loss? Can they be regained? How? Over what time scale? What will be the long term impact on profits? Will long term expenditure be required to buy back customers? If resources are switched from non critical activities, such as R & D, what will be the long term consequences. With answers to none of these questions (answers, not optimistic assumptions) the only safe course of action would be to insure the companies full anticipated profit with a fairly long indemnity period. This course of action may be heavy on premium, but it may still be cheaper than proper disaster

planning. However, it cannot be considered to be a valid alternative: it is essential at least to project the disaster scenario and establish whether the consequences are acceptable. It may well be that throwing insurance money after the disaster cannot produce a satisfactory recovery. If a cash flow crisis pushes the Insured into insolvency the policy will not pay in any event. You will see that I have qualified my view of the correct solution: the computer is becoming so bound up with the company's activities, perhaps controlling production machinery or even industrial robots, that it no longer makes sense to separate its insurance by a separate computer cover. The answer for the future will, I believe, be to extend the general consequential loss cover to include the computer sensitive perils outlined above, and to rate the cover accordingly. With most insurers still in the punch card, batch processing era as far as their cover is concerned, this ideal may be a long way off.

David Davies

SECURITY FOCUS

MICRO SECURE: A GUIDE TO COMPUTER SECURITY PART Ih RECOVERY AND CONTROL

Recovery and restart procedures The basic principles of recovery procedures for PC's are similar to those of mainframes. The same precautions need to be taken, the same rules need to be applied. Consequently, there is a need to educate users and to raise the level of security awareness. A lack of appreciation of the need for recovery procedures is noticeable at the present time, and there are many examples of PC users having to restart their work because they have no recovery procedure. Often users have spent a considerable amount of time and effort before losing their working data or software. One of the first things to be established is a disk management procedure. This must include a disk registration and numbering procedure, as well as recording what the disk was used for, when it was used and when it will be available for re-use. Next, a routine procedure must be implemented to ensure that backup copies of disks are taken. At least one copy should be made, preferably two. A copy must then be placed in a secure location, away from the original. This process will enable recovery to be effected from the backup copy should the original be corrupt. It is also advisable to duplicate the backup copy before using it.

Backup: Both the original and backup copy of disks must be kept in a secure place. This does not mean leaving the disks in a container on a desk or shelf! It means placing the disks in a Iockable container and locking it in a fireproof safe. If this is not practical, secure the container in a Iockable filing cabinet, cupboard, or desk drawer. In all cases, the control of who has access to the safe, and/or the disk container must be clearly identified and the rules documented. It is also advisable to delegate responsibility for monitoring

the disk management to a senior manager. The final phase in a recovery programme is to document and follow the procedures needed to ensure that backup copies are taken at a defined time, or after an important event. As an example, if a long program (long in terms of statements) is being keyed in, it is advisable to take a copy of the program at one or more points during the process of entering the instructions, rather than at the end. This means that if anything goes wrong the restart can be made from the last copy taken, and there would be no need to re-key all the statements. It is worth noting that the manufacturer's recommendations as to percent fill of a disk should be taken as the maximum amount of data to be held. It may be more convenient to structure the use of a disk in order to limit the number of statements held on it, or so that only one chapter of a report is recorded when the PC is used for word processing. These points must be considered for each individual disk or input data type. Restart procedures must be defined for each application. These restarts may simply require re-keying of data or may require the use of the backup copy of a disk. In either case, the choice of restart must be evaluated at the time it is required, but the availability of backup copies offers a larger choice of alternatives, and may even save a lot of time. In today's rapidly changing world, it is imperative that users maintain an awareness of whether equipment is becoming obsolescent and determine how easy it will be to replace the PC. To ensure quick recovery, spare leads and other parts should be readily available. There could also be a case for keeping a backup power supply. Each PC user must evaluate his own requirements. Some users may find that other users with similar equipment could assist with their recovery. For example the printing of a disk might be urgently required and it may be necessary to contact another user. Again each PC user must evaluate his own needs but the organisation may want there requirements to be consolidated.

12


NOTICE OF CONDUCT OF NEGOTIATEDto the Vendee, whether in Contract, or otherwise, for any indirect or consequential loss or damage, loss of use, loss of production, or loss of profits

Loss insurance brokers motor trade

PALM BEACH 2019 INSURANCE REQUIREMENTS · Barrett-Jackson is not responsible for damage or any consequential loss from accident, fire, theft, and other such causes to Exhibitor’s

Property-Liability Insurance Loss Reserve Ranges … Insurance Loss Reserve Ranges Based on Economic Value 1. Introduction Traditional loss reserving approaches in the property-casualty

Help! I don't understand the service charge accounts ... · understand the service charge accounts ... for any loss or consequential loss ... accounting” because he was the first

100322 DPDHL Carbon Accounting and Controlling EN … · financial loss, loss of profits, loss of business or any indirect or consequential loss), ... 100322_DPDHL Carbon Accounting

Mortgage Insurance Loss Forecasting

C HAPTER 13 I CLAIMS FOR LOSS OF STOCK AND LOSS …s3.amazonaws.com/zanran_storage/icai.org/Content... · there is also a consequential loss because, for sometime, the business is

INSURANCE AND LOSS PREVENTION GUIDE - Maryland PTA · Maryland PTA Insurance and Loss Prevention Guide 3 OVERVIEW OF INSURANCE COMPREHENSIVE GENERAL LIABILITY Maryland PTA provides

Fire Insurance - Jaipur National Universityjnujprdistance.com/assets/lms/LMS JNU/MBA/MBA - Risk and... · 2019-07-28 · Introduction to Fire Insurance ... 8.5.1 Consequential Loss

BILD...direct, indirect, consequential damage, and loss of profits. T he manufacturer, or its representatives, assumes no responsibility for consequential da-m age, and loss of profits

THE INSURANCE LOSS ADJUSTERS AND ECONOMIC GROWTH IN ... · create an increased awareness and participation in insurance business. Keywords: Insurance, Loss adjusters, Insurance claims,

Cargo insurance - uio.no · PDF fileCargo insurance 07.03.2016 Marine insurance 5 Insurance Loss ... – Inherent nature of goods and ordinary loss in ... Nigeria. The pirates stole

Insurance Catastrophe Loss ReviewInsurance Catastrophe ... · Insurance Catastrophe Loss ReviewInsurance Catastrophe Loss Review ... Platform Will Be Significant and One of the Largest

Loss of Hire Insurance 2009

Fire Consequential Loss Insurance Proposal Form Borang ... · PDF fileF: Declaration Of Proposer / Pengakuan Pencadang 3 that I/we shall remain under a continuous duty to inform the

Insurance and Loss Prevention Guidedownloads.capta.org/Leaders/Insurance/Insurance+and+Loss...Insurance and Loss Prevention Guide Effective through 1/5/19 Nonprofits InsuranceA lliance

LBIA Guide to Business Interruption Insurance and Claims · LBIA guide to business interruption insurance and claims Contents: Page No. Preface 3 UK Practice 4 ... Consequential loss

ENVIRONMENTAL RISK EVALUATION REPORT ... · - indirect or consequential loss (including loss of business, profit, reputation or goodwill). The Agency does not intend to exclude any

Stochastic Loss Reserving-General Insurance

Consequential Loss,Fire

CLAIMS FOR CONSEQUENTIAL PECUNIARY LOSS Richard Douglas SC John C Faulkner

INSURANCE CLAIMS FOR LOSS OF STOCK AND LOSS OF PROFIT · an enterprise also gets itself insured against consequential loss of profit due to decreased turnover, increased expenses

Business protection. Supporting resilient business plans.reference.scottishwidows.co.uk/docs/48964.pdf5 14 Public liability None of these 18% 26% Consequential loss e.g. loss of profit

THINK Executive White Paper Series...loss of profits, loss of business or any indirect or consequential loss), however it arises, resulting from the use of or inability to use

Trust Accounting Guide - Queensland Law Society · damage or loss (including loss of profits, loss of revenue, indirect and consequential loss) ... Trust Accounting Guide – Version

Accounting for insurance claims. Type of claims 1. claims for loss of assets including stock 2. claims for loss of profits or consequential loss

DEVELOPMENTS IN THE LAW RELATING TO ‘CONSEQUENTIAL LOSS’ Anthony Jucha 30 March 2010

dlf the crist · 2020. 11. 23. · including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or pro ts arising

Insurance Industry Perspectives Tackling Loss & Damage from Climate Change Insurance Industry Perspectives Tackling Loss & Damage from Climate Change

Insurance and Loss Prevention Guide - Maryland PTAmdpta.org/wp-content/uploads/2019/02/2018-FINAL-Loss-Prevention-Guide-MD.pdfMaryland PTA 2018 – Insurance and Loss Prevention Guide

Job Loss, Consumption and Unemployment Insurance

Insurance Policy against Loss and Damage issued pursuant ...€¦ · Insurance Policy against Loss and Damage issued pursuant to the Regulation of Unified Motor Vehicle Insurance

Insurance Statement Of No Loss Form

Life Insurance Chapter 40. Why Life Insurance? Life Insurance protects survivors against the financial loss associated with death. Loss of income for