Vendor networks complicate business interruption analysisPosted On: May. 1, 2019 12:00 AM CST
Underwriting cyber-related contingent business interruption coverage is a challenge, sources say.
“Underwriters are having a hard time getting their arms around the risk,” because many policyholders do not know what the risk is, said Max Perkins, Atlanta-based senior vice president for global cyber and technology, global professional and financial risks with Lockton Cos. LLC.
“The interconnectiveness of the supply chain makes it very difficult” to underwrite, said Eric Cernak, Windsor, Connecticut-based president of cyber at Hanover Insurance Group Inc.
And as entities in the supply chain get further away from the policyholder, it “becomes murky at best from an underwriting standpoint,” so even if the business can be underwritten, “it’s a very challenging discussion to have with an insured,” Mr. Cernak said.
One of the challenges of writing the coverage is cyber insurers “don’t usually get the same amount of underwriting information a property underwriter would get,” said Shiraz Saeed, New York-based cyber risk national practice leader at Starr Insurance Cos.
“What we underwrite to is our insured’s diligence in vetting their own suppliers and vendors and supply chains,” said Brad Gow, Purchase, New York-based cyber product leader for Sompo International Holdings Ltd.
“There are data analytics tools that allow companies in real time to get a material view of the security of their vendor networks,” he said. “Their ability to do that changes the game to some extent. It’s something we look for when we have an applicant that’s looking for contingent business interruption coverage.”
Lisa Jones, Radnor, Pennsylvania-based senior business continuity analyst for Avantor Inc., which manufactures and distributes products and services to life sciences professionals and advanced technology industries, for instance, said, “We do deep audits and assessments of how (vendors) protect our data and how they protect our information.”