As an industry, we are delighted when we perform well and the world applauds the work we do. This can be rescuing individuals and businesses affected by natural perils and supporting companies to recover from a paralysing cyber-attack. But according to the US Federal Emergency Management Agency (FEMA), more than 40% of businesses never reopen after a disaster. For those that do, only 29% are still operating after two years. So, while insurance provides value at the point of claim, there is little doubt we could be even more useful in supporting businesses and communities to prosper if we could help companies avoid these challenging situations in the first place.
With this top of mind, Liberty Specialty Markets (LSM) has introduced a new service called Claims+. It is aimed at brokers and their clients and supports our ethos that prevention is better than cure, and that companies should get value from the insurance they purchase every year, not just when they make a claim.
It’s a concept that works for businesses that have the appetite to work with us on all aspects of risk management before a claim arises. It’s equally relevant for those interested not just in transferring risk, but gaining access to experts who can provide wording review, and insight at any point in the life of the policy.
A key component of our new Claims+ service is scenario planning. This is when we organise workshops to test how clients would respond in a particular set of circumstances and importantly, learn through our experience with similar claims. Depending on the client and sector, we will convene a panel of loss adjusters, data analysts, claims specialists and legal experts. During the workshop we work through a scenario with the client, risk manager and broker. As the scenario unfolds we can ensure that all parties are aligned on how the policy may respond. If changes are needed to the wording, they can be made and agreed in the room. We also use the scenarios to assess how well processes work, and discuss crisis management and response strategies.
Two scenarios have proved particularly powerful in our work with our financial institutions clients: the dawn raid and the data breach. We also offer terror scenario planning workshops to our property and casualty clients.
The dawn raid
Regulatory authorities in the UK have the power to conduct surprise onsite inspections called ‘dawn raids’. As the name implies they are often conducted at dawn and are designed to capture as much potential evidence as possible. Arrests can also be made.
Raids are carried out under a warrant and usually in the presence of police officers. They can take place at business or individuals’ premises or both. They can be carried out by a wide range of bodies – the police, the Financial Conduct Authority (FCA), HMRC, the Environment Agency, the Competition and Markets Authority or Border Force. The use of this tactic is increasing; the number of dawn raids conducted by the FCA has almost doubled over the past year. It can be an extremely stressful experience for the company’s employees. It is therefore in a client’s best interest to know what to expect and how best to handle the situation.
In many cases, the raid is simply the opening tactic in a much longer investigation. After a business has been raided they can typically face a barrage of follow-up issues, ranging from: what action to take in regard to operations and individuals, whether to comment publicly on the investigation, and what strategy to adopt with the authorities.
By running scenarios, we aim to help our clients understand the risks inherent in dawn raids and work with them to discuss an effective strategy.
Data breaches are happening more frequently.
Around a third (32%) of businesses report having cyber security breaches or attacks in the last 12 months according to a research report from the Department of Digital, Culture, Media & Sport. The most common types of attacks are:
- phishing attacks (identified by 80% of businesses)
- attacks by others impersonating an organisation in emails or online (28%)
- viruses, spyware or malware, including ransomware attacks (27%)
Reflecting the changing methods that are being deployed in cyber-attacks, we work with clients to look at scenarios. For example, a company receives calls from various individuals indicating they have received a suspicious email from a senior manager at the firm – who, on closer inspection, has entered their remote access log in and password in response to a phishing email sent a few days before. Here, we don’t just look at the immediate impact on the business and customers, but also look at where our customers could embrace best data protection practices to minimise the risk of recurrence.
Finally, and sadly in the wake of all too many recent attacks across the world, we help companies think through the implications of a terror attack on the company or near their business premises.
Traditionally businesses might have taken out insurance to cover them against the potential for damage to be caused to premises, people or equipment by a terror attack. Fewer have thought about the implications of an attack in which no physical damage occurs. This can happen when business premises are locked down during the police investigation in the aftermath of a terror attack. Some business premises in Salisbury, England, were shut down for months in the wake of the chemical weapons attack on the Skripals. Businesses in London’s Borough Market were prevented from trading for ten days after the 2017 London Bridge attack by Islamic extremists. And most recently businesses were again affected by the London Bridge attack in November 2019.
Another evolving area that some businesses have not considered is their potential liability exposures. Business owners and managers have a duty of care to their employees, to customers and to others that interact with their business. Customers expect that staff will know how best to help them take cover or escape from a building; employees need to know what the procedures are and how to action them in order to keep themselves and others safe.
When we are running a scenario, we can test how well prepared the business is to mount an instant response that protects the lives of employees and customers and how well placed it would be to continue trading should access to premises be denied. Understanding the changing nature of stakeholder expectations, the changing liability landscape and the varied options in terms of insurance cover is essential if companies are to plan an effective response capable of dealing with all aspects of a potential terror threat – before or after the event.
Reconstructing the insurance value chain
The Claims+ service is an example of how we are changing our approach to managing our relationships with clients and anticipating their complex claims. By providing the understanding and establishing the relationship at the beginning of the journey, we envisage that the claims settlement should be as smooth as possible with no surprises. The combination of consultancy, technology, risk management and traditional risk transfer demonstrates how we have stopped thinking about insurance in terms of the traditional roles of underwriting, business development and claims. Instead we are thinking about what the client wants to see.
This new approach works by unpicking the insurance value chain and putting it back together in a way that delivers for our clients, irrespective of whether they may need to make a claim. By doing this, we can increase the value of LSM’s products and improve the client experience at the same time. That’s why we created Claims+.
Over the course of the series of communications looking at our claims approach we will be discussing Claims Liaison Managers, Advance CAT Response, Data & Performance analytics and Fast-Track.