The CHART Exchange April 2021 by The CHART Exchange

TABLE OF CONTENTS

6 Glenn W. Clark, CPCU, Publisher CHART Exchange Earliest Adopter

It’s April - And CHART Is With You All The Way!

Three Ways To Boost Business Resilience And Maintain Critical Infrastructure

Analysis: The Most Important Conversation

The Evolution of HR Audits

Backward Reasoning - Is Your Data Strategy Fit For The Future World of Insurance?

Interview With Pollution Insurance Expert Dave Quinn

Student Report: The Duality of Geolocation by Heaven Kadro

Looking For Opportunity In A Sea Of Change

Report: Selective Competition Prompts Students To Run Virtual Insurance Agencies

Strategies For Old, New And Projected Data

Lloyd’s Launches Futureset: A New Global Platform To Drive Societal Resilience To The World’s Largest Risks

Patrick Tiernan To Join Lloyd’s As Chief Of Markets

Special Report: The Anatomy Of A Supply Chain Attack

Rockwood Programs Provides New Insurance For Off-Duty Police Officers

SIAA Maintains Record Written Premium In 2020

Cover Image: The image is released free of copyrights under Creative Commons CC0 2.0 Generic Link

First American Announces Entry Into P&C Book Transfer Agreements Result Of Decision To Exit P&C Business

Time For Insurance Agencies To Attract Younger Generations

Lloyd’s Report Highlights Increasing Risk Of CyberAttack To Industrial Sector

SPECIAL REPORT P

age 31 - Dr. Amy Williams of BlueVoyant drills down through the anatomy of a fictional supply chain attack - highlighting the attack methods used by bad actors and providing insurance pros with the info they need to advise their clients on these exposures.

APRIL 2021 VOLUME 6 - ISSUE 1 Publisher: CHART Exchange Glenn W. Clark, CPCU Membership Services Kate Boyle Advertising: Kate Boyle Managing Editor: Kate Boyle Contributing Editor: Frank Huver Layout, Design & Circulation: Ron Manera AdMax Corp., Inc.

CHART Exchange

STUDENT REPORT P

age 17 - Heaven Kadro, a Junior at Hunter College reports on the Duality of Geolocation as she examines the risks and benefits of location services offered in smart phone apps and mobile devices. A quick and valuable read!

PREFER TO READ IN PDF FORMAT? DOWNLOAD THE PDF VERSION HERE

ADVERTISING IN THE CHART EXCHANGE MAKES SENSE: CALL KATE: 302.765.6056

info@chart-exchange.com 3001 Philadelphia Pike Claymont, Delaware 19703 www.chart-exchange.com 302-765-6001 Last Issue:

OUR TEAM IS THERE FROM THE START TO THE FINISH NSM Insurance Group Comprehensive Insurance Coverage for: Social Services I Addiction Treatment I Professional Liability Staffing Firms I Workers' Compensation I Collectible Vehicles Coastal Condo Associations I Breweries and Wineries Sports and Wellness I Specialty Aviation

888-235-3525 www.nsminc.com

NEVER MISS AN ISSUE OF CHART EXCHANGE

SUBSCRIBE NOW

SUBSCRIBE TO CONTINUE TO RECEIVE THE CHART EXCHANGE

MESSAGE FROM THE EARLIEST ADOPTER

IT’S APRIL AND CHART IS WITH YOU ALL THE WAY! CHART is with you all the way. Our involvement with the client does not end with the development of a program proposal. CHART possesses internal brokerage capabilities – meaning we now have the resources needed to support clients through all phases of the program business life cycle.“

6 APRIL 2021

elcome to April! Springtime is often associated with renewal and re-birth. This perspective takes on added meaning in 2021, as the world begins to emerge from under the shadow of the COVID-19 pandemic. CHART has undergone a bit of a metamorphosis ourselves. We have transitioned away from the “collegial” business model embraced by many other insurance industry associations in favor of a strategy that focuses our resources on assisting those specialist agencies seeking to establish a relationship with the world’s oldest and most recognized insurance brand – Lloyd’s of London.

TABLE OF CONTENTS

Glenn W. Clark, CPCU Publisher & Earliest Adopter

Most entrepreneurs read about our new operating philosophy (CHART 2.0) and ask themselves the age-old question: “What’s in it for me and my business”? Let’s take a little time to do a deeper dive into the value proposition we offer. 1. Help us help you. This may sound like a quote from the movie Jerry Maguire, but it’s appropriate here. No one knows your agency’s area of specialization better than you. We ask potential clients to invest the time and effort needed to clearly articulate such information as the product(s) being sought, the unique demographics of the target audience, the competitive scene within the marketplace, etc. CHART 2.0 has developed a program

www.chart-exchange.com

questionnaire to help structure this process. Once this data is available, our team can get to work to find the markets with the most compatible risk appetites. 2. CHART is with you all the way. Our involvement with the client does not end with the development of a program proposal. CHART possesses internal brokerage capabilities – meaning we now have the resources needed to support clients through all phases of the program business life cycle. Our team can now collaborate on the development of submissions, secure necessary delegated underwriting authorities (tribunalization), handle placements, and facilitate new

growth via product expansion, cross-sell opportunities, etc. 3. Solving the need for instant gratification. There is a process involved in securing delegated underwriting authorities from London. Agencies looking to expedite the launch of new programs into the marketplace can avail themselves of CHART’s Incubation initiative. Under this arrangement, clients can be teamed with a firm already possessing the necessary authorities, state licenses, backoffice administrative capabilities, etc. to transact business on a national scale. Agreements made between the two parties prior to launch govern such issues as contract duration, duty

segregation, revenue sharing, and expiration ownership. This strategy inures to everyone’s benefit. 4. It’s good to have friends. CHART has a network of vendor partners with expertise in a variety of disciplines. We can tap this network to help clients address issues related to actuarial analysis, claims administration, systems development, marketing, legal support, and more. Want to learn more about how CHART 2.0 can help your agency? Check out our website at www.chart-exchange. com. Also feel free to reach out to us via e-mail at info@chart-exchange. com if you have any new program or product ideas you’d like to discuss.

Glenn W. Clark , CPCU CHART’S Earliest Adopter

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

Protect data, people, reputation and the bottom line with end-to-end cyber security solutions from Kroll. CY B E R R I S K A N D B R E AC H R E S P O N S E Incident Response

Deep & Dark Web Monitoring

Managed Detection and Response

Data Breach Notification Solutions

Cyber Risk Assessments

CISO and Data Protection Advisory

PFI / QSA Services for PCI

Table Top Exercises

kroll.com

NEWS - DUFF & PHELPS

THREE WAYS TO BOOST BUSINESS RESILIENCE AND MAINTAIN CRITICAL INFRASTRUCTURE By Todd Keil

of nefarious action from internal or external actors, unintentional human error or natural disaster.

he past few weeks have been eye opening for anyone concerned with emergency Most organizations establish general management. Events in emergency guidelines to deal with Florida and Texas have highlighted the events such as workplace violence, importance—and vulnerability—of fire, civil unrest water systems and weather Conduct a risk and other critical emergencies. But assessment to identify infrastructure as part of Kroll’s the infrastructure resources to business work performing you need to maintain full or continuity. In risk analyses limited continuity of operations short, we’ve and developing in the event of an incident. been reminded and testing Determine who provides critical that anything collaborative crisis infrastructure to your facilities. that affects management Form a relationship with those your facilities, plans, we’ve organizations. Ask about operations or identified several their emergency planning. people can put threats that If the answer is concerning, your business at businesses often decide how you can mitigate risk. overlook or a loss of power, heat, water underestimate. or wastewater if necessary— Water systems, Awareness of or even whether a change in natural gas these potential location is warranted. “ systems, electrical threats is the grids and other first step toward infrastructure components are plugging the gaps in your plan and integral to business operations—and protecting your business. increasingly vulnerable. If you are responsible for keeping a business, THINK LIKE A HACKER facility or utility running, your business Oldsmar, Florida, a small city of 15,000 continuity plan must take these systems in the Tampa Bay area, doesn’t seem into consideration. No operation is like a prime target for hackers. But on too small to be a potential target www.chart-exchange.com

TABLE OF CONTENTS

February 5 of this year, an employee of Oldsmar’s water treatment plant foiled a potentially deadly attack when they noticed that their system was being controlled remotely. The employee quickly discovered that the attacker had increased lye in the water supply to more than 100 times the normal level. However, reports of the incident note that the employee almost dismissed the fact that their system was being controlled externally because supervisors often accessed computers remotely. The reason? The increase of remote work in response to COVID-19. Security experts have estimated that the Oldsmar cyberattack took all of 3 to 5 minutes. The New York Times reports that Russian hackers have been probing U.S. energy and electrical utilities for nearly a decade. And the rate of cyberattacks has only increased over the past year. No system is too small or too mundane to avoid the attention of hackers. In fact, it’s the little things that often offer cyber attackers a way into your business’ network. Supervisory control and data acquisition (SCADA) systems—the programmable logic See Boost Business Resilience Page 28 APRIL 2021

THERE’S A BETTER WAY TO CONNECT WITH LONDON …

CHART CAN GET YOU THERE FASTER! Most of us know about Lloyd’s of London. The market’s 332 year track record of innovation, technical expertise, and product diversity has cemented its reputation within the industry. Unfortunately, the vast majority of U.S.-based agencies with new program or product ideas are unsure of how to access the world’s oldest insurance brand. The CHART Exchange can help. We were established for the sole purpose of growing the U.S./London marketplace by serving as the conduit between domestic producers and Lloyd’s Risk Takers. Our vast network of Vendor Partners can provide the support needed to help develop your program proposal. Available services include Actuarial, Claims Administration, Marketing, Legal, and Systems. We can even assist in expediting the implementation of your new program through our unique “Incubator” facility. Interested in learning more? Visit our website at www.chart-exchange.com. We are also available via e-mail (info@chart-exchange.com) or by phone at the number below.

855-716-3660 The CHART Exchange 3001 Philadelphia Pike Claymont, DE 19703 www.chart-exchange.com • Fax: (302) 334-0325

ANALYSIS - INSURANCE BUSINESS

THE MOST IMPORTANT CONVERSATION Reprinted by permission from Insurance Business America

e talk all day, whether in-person or through email, text or chat. We’re inundated with conversation, rarely finding a moment of silence. Out of all of this communication, who do you think hears your voice the most? Is it your boss or employees? Maybe your partner or children? While these might seem like the obvious answers, the answer is actually you. For as much as we talk to others, we talk even more to ourselves. Sometimes the conversation is about what we’re doing – a technical task like filling out an application or putting together furniture. Other times it’s in regard to our ability to do something or a reflection of our confidence, such as “There’s no way I can do this,” or “I’ve got this; this is a piece of cake.” The list of what we tell ourselves is endless. It turns out that when we talk to ourselves, that conversation has a massive impact on our confidence and our ability to perform at work, at home and in whatever other ventures we pursue. Here’s an example. www.chart-exchange.com

Imagine you’re at work; you have a new client to call, and you’re trying to seal the deal on a new policy.

What we say to ourselves matters far greater than we often realize. It’s up to us to make sure the words coming out of our mouths, and those in our head, are giving us the best chance to succeed and live how we desire. The most important conversation you’ll ever have is the one you have with yourself.” You haven’t worked much with this person, so the rapport isn’t entirely there; plus, they don’t always seem to be the most pleasant. Nonetheless, the call must happen. Before you dial the number, you tell yourself, “This is a waste of my time; I hate calling them.” How do you think that phone call goes? My prediction: not that great. Now imagine the same scenario, TABLE OF CONTENTS

except this time before dialing, you tell yourself, “Let’s seal the deal! Talk slow and breathe. This is easy money!” How do you think that phone call goes? I’m thinking much better. Mind experts like Trevor Moawad and Michael Gervais preach this exact same thing when working with groups like the Navy SEALs and athletes such as the Seattle Seahawks’ Russell Wilson. According to Gervais, “Confidence comes from one place – and one place only – your self-talk. The cool thing is … we can train this.” What might your life look like if you change the conversation you’re having with yourself? To help propel you in this journey, here are a few steps to begin changing the conversation – and changing your results. Begin by building awareness. Pay attention to what you’re saying, both out loud and internally, when you’re working on something that challenges you. Write down the phrases you notice yourself saying most often. Ask yourself, is this helping my progress or hurting it?

See Most Important Conversation Pg 38 APRIL 2021

ANALYSIS - LAURDAN ASSOCIATES

THE EVOLUTION OF HR AUDITS By Ronald Adler

volution is a process of change. In recent years we have seen a significant change in the HR auditing process, in the value derived from HR auditing, and in the HR audit tools used. HR audits have evolved from a simple checklist of dos and don’ts or periodic affirmative action plans to a comprehensive, sustainable process that: 1) is an integral part of the organization’s internal controls, due diligence, and risk management; 2) is a fundamental activity of strategic and operational management; and 3) uses sophisticated auditing products and consulting services. Increasingly HR audits are conducted of HR rather than by HR. This white paper reviews

the changes in HR audits, discusses the external and internal forces affecting the process and use of HR audits, and provides information about the leading HR auditing process. OVERVIEW OF HR AUDITS The HR auditing process is — or should be — an independent, objective, and systematic evaluation that provides assurance that: 1) compliance and governance requirements are being met; 2) business and talent management objectives are being achieved; 3) human resource management risks are fully identified, assessed, and managed; and 4) the organization’s human capital adds value. Under this definition, HR audits are more than

an audit activity that solely collects and presents evidence of compliance. HR audits are increasingly expected to look behind and beyond the organization’s assertions of sound and proper HR management practices and to assess the assumptions being made, to benchmark the organization’s processes and practices, and to provide the necessary consultative services that help the organization achieve its business goals and objectives. EXTERNAL AND INTERNAL FORCES Numerous external forces and factors have had an impact on the demand

See Evolution of HR Audits Page 26

bout the author: Ronald Adler is the president-CEO of Laurdan Associates, Inc., a veteran owned, human resources management consulting. Ronald Adler is the president-CEO of Laurdan Associates, Inc., a veteran owned, human resources management consulting firm specializing in HR audits, employment practices liability risk management, HR metrics and benchmarking, strategic HR, and unemployment insurance cost management. Mr. Adler has more than 45 years of HR consulting experience working with U.S. and international firms, small businesses and non-profits, insurance companies and brokers, and employer organizations. Mr. Adler is the developer the Employment-Labor Law Audit™ (ELLA®), the nation’s leading HR auditing and employment practices liability risk assessment tool — now in the tenth edition. g firm specializing in HR audits, employment practices liability risk management, HR metrics and benchmarking, strategic HR, and unemployment insurance cost management. Mr. Adler has more than 45 years of HR consulting experience working with U.S. and international firms, small businesses and non-profits, insurance companies and brokers, and employer organizations.

12 APRIL 2021

TABLE OF CONTENTS

www.chart-exchange.com

ACTUARIAL SERVICES FOR LLOYD’S COVERHOLDERS LOSS RATIO PROJECTIONS CREATING AND UPDATING RATING MODELS PORTFOLIO OPTIMIZATION

Asad Khalil, FIA - Managing Director Mobile: +44(0)7399 025 851 Email: asad.khalil@perrenial.co.uk

www.perrenial.co.uk

ANALYSIS - MOTOSI CONSULTING

BACKWARD REASONING – IS YOUR DATA STRATEGY FIT FOR THE FUTURE WORLD OF INSURANCE?

By Paul Rich

’ve recently been re-reading and re-acquainting myself with the excellent books and short stories by Arthur Conan Doyle, written about one of our most famous literary sleuths, Sherlock Holmes. Each of the stories are fascinating and intriguing in their own very individual way as the inimitable and intellectual Sherlock Holmes and his trusty sidekick, Doctor Watson, grapple with the seemingly impossible, to come up with the highly probable and the more than likely. It really does make for fascinating reading and gives an incredible insight to the murky and

often macabre depths of the human mind but at the route of all the thinking in the stories, alongside logical thinking, is Sherlock Holmes’ ability to apply a forensic approach to backward reasoning and to work his way from the often-grisly crimes committed, back to the source of them and (in most cases) to the perpetrator of them. Reading these books has got me

thinking on how we in insurance very often miss a trick in the delivery of our propositions, wherever a company sits in the value chain but in particular in the area of Delegated Authority and Coverholder operations. If we look at the current climate for these types of operations, particularly

See Data Strategy Page 36

bout the author: Paul Rich has an in-depth understanding of global (re)insurance markets, particularly the Lloyd’s and London Market. MOTOSI Consulting works with clients including Brokers, Managing Agents, and Coverholders in the Company and Lloyd’s markets to assist in the delivery of operational best practice and outcome excellence, always striving to improve business processes and delivering efficiencies utilising a blend of forward, pragmatic and focused thinking and where appropriate ‘best in breed’ tech, aiming to drive costs down and margins up. With extensive strategic engagement experience and being commercially adept at managing multitiered, complex business relationships and operating models; delivery is focused, strategic and measurable.

14 APRIL 2021

TABLE OF CONTENTS

www.chart-exchange.com

INTERVIEW - PL COMMUNICATIONS

AN INTERVIEW WITH POLLUTION INSURANCE EXPERT DAVE QUINN The Sales Opportunity for Agents

n this interview, NAESIP CEO Dave Quinn discusses how agents can add pollution insurance to their book of business to a wide range of clients. Do you think most agents recognize the sales opportunity for pollution insurance? NAESIP specializes in pollution insurance, and part of our process is to educate agents about the sales opportunity pollution insurance offers. Most general liability policies today have an absolute pollution exclusion. But, many non-environmental businesses have a pollution risk that often is not covered properly. It may be an auto

garage, wastewater facility, hotel, or manufacturer – a whole range of businesses that P&C agents target. As an example, an auto garage owner may think they don’t have a pollution risk. But, if they have above-ground storage tanks that leak, hydraulic fluids from lifts, or a waste stream from products like antifreeze, they do. We encourage agents to think about the consequences of the pollution exclusion. If the account has a pollution loss, what could happen? In most cases it is denied. Of course, the insured is going to ask the agent, why wasn’t this covered? From the point of

view of the agent, they want to protect their insured as well as avoid an E&O issue. If there is a pollution event that is not covered, you should have a paper trail to document that pollution insurance was offered and refused by the client. There is a tendency to think of pollution as only for environmental businesses. More than 60 percent of our insured are non-environmental businesses – country clubs, marinas, contractors, office building owners, and more.

See Dave Quinn Interview Page 51

ave Quinn has 30+ years specializing in environmental and general commercial insurance business. Quinn is the President of the National Alliance of Environmental Specialists Insurance Program (NAESIP) and is Executive Director of the American Society of Environmental Professionals which promotes safety, education, loss control, and networking opportunities for the environmental industry.

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

NEWS Merger & Acquisition Services

serving the insurance industry

Merger & Acquisition Services is a

SPECIALIST ADVISORY AND FINANCIAL SERVICES FIRM firm specifically to participants within the insurance industry. Our mission is to provide

CONCIERGE-LEVEL SERVICES AND EXPERTISE

PROUD SPONSOR OF

SOLELY FOCUSED ON THE INSURANCE INDUSTRY. This allows our advisors to obtain critical industry knowledge and subsequently, provide clients with sound advice.

M&A Services has closed

MORE THAN 100 TRANSACTIONS IN 10 YEARS and has earned continuous placement within the "Top 5 Financial Advisors in Insurance Underwriting" according to SNL Financial. Investment banking services and securities transactions are provided through and completed by Merger & Acquisition Capital Services, LLC., a broker-dealer registered with the U.S. Securities and Exchange Commission and member of FINRA and SIPC.

OUR SERVICES Agency M&A Transactions Carrier M&A Transactions Agency Financing Capital Raising Strategic Advisory Valuation Services Program Business Renewal Rights Fronting

info@maservices.com http://maservices.com

NEW YORK, NY - ATLANTA, GA - MYSTIC, CT - CAYMAN ISLANDS

within the insurance industry by assisting firms with their corporate development and acquisition/divestiture objectives. M&A Services is

STUDENT REPORT THE DUALITY OF GEOLOCATION By Heaven Kadro

survey by Pew Research Center conducted in 2019 showed that 96% of Americans have a smartphone, and three quarters of U.S. adults own laptops or computers. In January 2021 DataReportal reported that globally about 5.22 billion people have smartphones. Furthermore, due to the Covid-19 pandemic students and workers were forced to work remotely, increasing the amount of people using the internet. The increase in smartphone and internet users has led to an increase in social media users, and subsequent app downloads. Consequently, this also results in users’ data being collected without their knowledge. Digital Journal reports that a survey done by ProPrivacy.com found that 99% of people do not read the terms and conditions when signing up for an app. Terms and conditions are usually very long, and hard to understand to the average person so they will accept in order to use the app. When an app becomes popular, many people will sign up without caring about the privacy implications. For example Facebook and Instagram’s data policy allows access to the user’s personal data and may record, track and sell it. Furthermore, many apps will sell location data

www.chart-exchange.com

to third party vendors. Companies may use the data to create targeted advertisements. Tim Sandle of Digital Journal reports that the survey found that 68% of people that deleted apps due to privacy concerns were unaware that even after deleting, they were actively being sent targeted ads by the apps. This statistic shows how uninformed many app users including those who are privacy conscious.

Location data is very valuable, and can be used both positively and negatively. As an internet user it is your responsibility to weigh the pros and cons and take appropriate action to protect yourself.” Many apps ask permission to access location services when their app does not need that information to function properly. In 2016, Pew Research center reported that about 90% U.S. adult smartphone users keep the location of their phone on. As the amount of people with smartphones has increased in the past five years, this number has most likely increased as

TABLE OF CONTENTS

well. Subsequently, this leads to much more vulnerable personal data being available. Social media apps have also become much more popular in recent years, and are notorious for collecting data. While this is common knowledge, many kids do not know the extent to which this data is collected. When I was younger, I didn’t know what social media apps were doing with my data. Social media apps such as Snapchat restrict access to certain functions of the app when location is turned off. For example, when location is turned off for Snapchat the location filters no longer apply, and the snap map feature which allows you to see the locations of your friends and yourself becomes inaccurate. GPS apps such as google maps also no longer work when location is turned off, and many weather apps also become inaccurate. Furthermore, for ride-sharing and delivery apps having location on is necessary. Several Covid-19 tracing apps also require location to be turned on. Having location on is a great benefit sometimes. Location tracking apps have become popular these past few years with

See Duality of Geolocation Page 50 APRIL 2021

Let’s build a program together

Program business underwritten on admitted or OUR NEW non-admitted carrier.

40+

YEARS IN BUSINESS

A-

A.M. BEST FINANCIAL STRENGTH RATING OF EXCELLENT

www.fortegra.com

1.6B

ANNUAL REVENUE

specialty@fortegra.com

*Fortegra® is the marketing name for the membership, service contract, and insurance operations of the subsidiaries of Fortegra Financial Corporation.

ANALYSIS - FORTEGRA

LOOKING FOR OPPORTUNITY IN A SEA OF CHANGE By Cooper Wallach

Alpha Stock Images - http://alphastockimages.com/

he last 12-18 months, thousands of businesses have been turned upside down. Survival, let alone success, required rapid adaptation.

our partners rapidly evolved with new cultures and approaches to find standout success. They not only adapted, but identified new opportunities.

At Fortegra, we are no exception. We have adapted internally and externally to the ever-changing landscape to continue our profitable growth. We have also been challenged with doing so while maintaining excellent service for our clients. It seems that those who have succeeded best at weathering the storm have gone beyond adaptation and truly embraced a culture and philosophy of “finding opportunities in times of challenge.” Several of

For example, Patrol, which provides liability insurance for law enforcement professionals engaged in part-time work while off duty. Patrol saw shifts in the marketplace and responded with a solid business solution for an unserved need. They realized that an officer’s individual risk portfolio

was changing, in part, due to the current landscape. Indeed, 43% of law enforcement professionals were engaging in “detail” work through which they provide similar services, but outside of their existing law enforcement agencies. The amount was adding up to over 40 million hours in moonlighting work across the country. This growing market created a need for professional liability protection for these law enforcement officers. According to Glenn Clark, president of Rockwood Programs: “We developed this niche product for law enforcement professionals because we saw uninsured exposures and coverage gaps. This insight enabled our team to create an innovative new product that provides professional liability protection for this very important community. See Opportunity Page 38

bout the author: Cooper Wallach is Vice President of Specialty Products and Programs at Fortegra where he manages the promotion and execution of property and casualty programs with the company’s MGA partners. A graduate of the University of Texas with degrees in business management and business administration, Cooper calls upon more than 30 years of underwriting expertise to help Fortegra partners Experience More.

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

REPORT - INSURANCE BUSINESS

SELECTIVE COMPETITION PROMPTS STUDENTS TO RUN VIRTUAL INSURANCE AGENCIES Reprinted with permission from Insurance Business here.

S Photo by form PxHere

elective Insurance Group has launched a student competition that will run through February across eight colleges throughout the country. The annual competition gives teams of students the opportunity to gain insurance career-building experience and

professionals the chance to experience and resolve real-world situations in a simulated learning environment,” said Shadi Albert, executive vice president for insurance strategy and business development at Selective. “With the support and assistance of insurance professionals from Selective and independent insurance agencies, the

networking opportunities by running a simulated insurance agency. “Selective’s College Competition gives the next generation of insurance

20 APRIL 2021

students have the opportunity to gain insights and perspectives that will help them in the competition and in their future careers.”

TABLE OF CONTENTS

Read more: Selective Insurance offers virtual internships Teams from the following schools are participating in the competition: • • • • • • • •

Appalachian State University Ball State University Illinois State University Middle Tennessee State University Indiana State University St. Joseph University Temple University University of North Carolina – Charlotte

Each team in the competition will operate a simulated insurance agency. The competition will require students to use their education and experience to make informed business decisions about building market share, developing products and services, growing profit, promoting their agency, and contending with competitors. Teams will be mentored by experts from Selective and independent insurance agencies. www.chart-exchange.com

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

How Are You Helping Your Clients Manage Their Risk? With the Enterprise Operating System (EOX) clients gain visibility into real-time data, to help them determine and mitigate risk. Risk Identification & Education

EOX

Risk Level

Risk Control

Gain control. Learn more. info.eoxvantage.com/mitigate-risk 22 APRIL 2021

TABLE OF CONTENTS

www.chart-exchange.com

ANALYSIS - E.O.X. VANTAGE

STRATEGIES FOR OLD, NEW AND PROJECTED DATA by Mike Fieseler

common theme we’ve heard over the past few years is that data has become king in the insurance industry. It hones decisions, drives new business and guides new program development. Plus, we know that consumers now expect faster turnarounds, coupled with enhanced customer interactions and added value offerings from insurers. Effectively employing data can be the key to success in meeting these new standards. RULER WITH A WOBBLY CROWN? Data may be the king, but its crown is often a bit wobbly. Dealing with multiplying masses of data proves an intimidating and complicated proposition.

You must start with top-quality, accurate data and then ensure it encompasses what data science defines as high-value – that it is storable, accessible, sharable, manipulable, consistent, visible and portable, to name a few. It’s a tall order, but worth it. NEW, OLD & PROJECTED: A STARTING POINT As insurance businesses continue to maximize their use of data, they need to also keep in mind the differences between old and new data, and the relationship both have with making your projections. Old data may include external databases found on the internet or what is contained in your ERP or Agency Management System. New data is being generated every day. It often consists of real-time performance data, including figures

from telematics, freezer temperatures, motion detected by security cameras and other IoT-related detection, collecting and reporting mechanisms. Companies have traditionally relied on historical data, but are quickly transitioning to interjecting new, realtime data where possible. Projected data is based on observations of both old and new/performance data. It can help form predictions like the following examples. Vehicle accidents could be anticipated by identifying trends based upon analyzing driver behaviors from old telematics data prior to claims. You may find that out of 50 claims under a common claim code, a couple common behaviors were shown by the drivers and/or vehicles leading up to each claim.

See Data Strategies Pg 43

bout the author, Mike Fieseler: Mike’s focus is on helping clients achieve operational efficiencies and cost savings. His career has spanned IBM, ARC, DataTrak, and for the past 10 years EOX Vantage. Last year he achieved the CPL - Certified Program Leader designation through Target University of the Target Markets Program Administrators Association (TMPAA).

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

NEWS - LLOYD’S OF LONDON

LLOYD’S LAUNCHES FUTURESET: A NEW GLOBAL PLATFORM TO DRIVE GREATER SOCIETAL RESILIENCE TO THE WORLD’S BIGGEST RISKS Lloyd’s, the world’s leading insurance and reinsurance marketplace, is today launching Futureset, a new global platform and community dedicated to driving greater societal and economic resilience to the world’s most challenging risks.

he global platform has been developed in response to the large and complex challenges and impacts arising from the COVID-19 pandemic and the urgent need to begin a new, connected conversation with customers, insurers, and government to tackle the challenges these risks bring. By bringing together diverse perspectives, and through cuttingedge risk insight, intelligence, and cross-industry dialogue on the most complex and fast-changing risks faced by communities, businesses and countries, Lloyd’s Futureset aims to build greater societal understanding and collaboration to find solutions and support greater preparedness, protection and resilience to the growing and interconnected risks that

24 APRIL 2021

customers face today, and into the future. Throughout 2021, Futureset will focus on the landscape of systemic risks, including exploring lessons learned from the COVID-19 pandemic, as well as examining the growing and global risks brought about by climate change. Established as an openly accessible platform, Futureset will convene global experts and partner with world class research organisations, creating new and pioneering insights to drive sustainable solutions to current and future threats around the world. Futureset launches with a six-part Systemic Risk Masterclass series, developed in partnership with the Chartered Insurance Institute (CII)

TABLE OF CONTENTS

and Lloyd’s Market Association (LMA). The COVID-19 pandemic has highlighted gaps in the knowledge, understanding, and mitigation of systemic and black swan risks with potential impacts that are materialising and evolving at a rapid pace. The masterclass series will bring together experts across industry, academia and government to help insurance and risk professionals develop their knowledge and expertise in systemic risk. The first Masterclass takes place on 10 February, with John Neal, CEO of Lloyd’s, leading an interactive panel discussion focused on how governments and the insurance

See Lloyd’s Launches Futureset Pg 36 www.chart-exchange.com

ANALYSIS - LAURDAN ASSOCIATES Continued From Page 12

THE EVOLUTION OF HR AUDITS for and scope of HR audits. First, in the global economy, human capital is becoming the single most important determinant of competitiveness, productivity, sustainability, and profitability. Increasingly, the organization’s human capital is being recognized as the source of innovation and a driver of business success. Thus, to be effective in the global economy, HR audits must be diagnostic, predictive, and action oriented. Second, a confluence of economic, political, and social factors, including corporate scandals, the failure of the financial industry to adequately assess risks, and increasing stockholder initiatives, have resulted in increased statutory and regulatory requirements, a call for greater transparency, and increased internal and external audit activity. Consider: 1. Sarbanes-Oxley requires effective internal controls. While Sarbanes-Oxley specifically requires effective internal financial controls, the financial and organizational costs of

26 APRIL 2021

employment related claims and culture of compliance and to litigation can have a material “monitor and audit” compliance effect on an organization’s activities, behaviors, and bottom line, can have a negative results. Ethical conduct and impact on earnings per share legal compliance, including and the organization’s valuation, nondiscriminatory employment and because employment practices, are achieved by litigation can negatively affect the management setting “the tone at organization’s employment brand, the top.” Audits ─ including HR can impact the organization’s audits ─ provide the C-suite and long-term sustainability. boards of directors with important 2. Securities and Exchange feedback about how effectively Commission Guidelines require they are communicating this management to “…exercise message. reasonable management 4. Governmental agencies oversight.” If human capital is are attacking systemic one of the organization’s most noncompliance. The EEOC important assets ─ it is certainly strongly encourages employers one of the to conduct The value of the organization’s comprehensive ELLA HR Audit largest HR audits as a Model™ is that expenses ─ is it tool to ensure it helps organizations: not reasonable that systemic 1) assess current HR to expect that discrimination management and management does not exist. The employment practices; 2) identify and diagnosis applies the OFCCP considers systemic problems; 3) same level self-assessments evaluate and predict of oversight a “best practice” the impact of corrective and due and has issued measures; 4) develop diligence to the its final voluntary a plan of action; and 5) management guidelines for determine the ROI of such of the self-evaluation actions. Using the ELLA®, organization’s of compensation organizations enhance the human capital value of their human capital, practices. The U.S. reduce their exposure as it does to the DOL considers to employment related management wage and hour liabilities, and improve their of the self-audits as a ability to achieve business organization’s valuable tool objectives.“ other assets. in ensuring 3. The U.S. Federal compliance, and Sentencing the Department Guidelines require that of Homeland Security (DHS) and management demonstrate immigration attorneys encourage that it took reasonable steps employers to self-audit their I-9s to engender an organizational and hiring processes and practices TABLE OF CONTENTS

www.chart-exchange.com

to ensure compliance with U.S. immigration laws. 5. Venture capitalists, investors, and stockholders are scrutinizing organizations’ human resource management practices, processes, and outcomes and using HR audits to help them properly valuate an organization’s human capital asset, expose liabilities, and perform due diligence. 6. Recognizing the importance of the organization’s human capital asset and the risks associated with misaligned, mismanaged, and unlawful employment practices, internal auditors and risk managers are assuming a leadership role in developing HR auditing standards and in designing and conducting HR audits.

B. Assessing the outcomes of the organization’s employment processes, policies, practices, and procedures.

Designing and Conducting HR Audits While an organization’s size, industry, financial health, commitment to becoming a “best place to work,” and business objectives and imperatives affect the scope and urgency of the HR audit process, we have noted some common features, attributes, and objectives in HR audits recently conducted.

E. Developing HR auditing procedures that become an ongoing and sustainable element of the organization’s internal controls.

1) HR audits are becoming increasingly complex and multidimensional. While ensuring compliance is still a basic goal of HR audits, other objectives include: A. Ensuring the alignment of HR management and employment practices with the organization’s business objectives. www.chart-exchange.com

C. Developing the right human capital measurements and HR metrics to allow the organization to calculate and measure the value added by human resources, to determine the ROI and the return on the human capital asset, to measure the outcomes of employment policies and practices and the achievement of EEO and diversity goals, and to benchmark best practices.

CHART DEFENDER COVERHOLDER E&O AVAILABLE NOW!

D. Ensuring due diligence, including uncovering hidden liabilities and assets, identifying vulnerabilities to be corrected, and identifying opportunities to be attacked.

F. Assessing and managing employment related fraud. G. Developing HR auditing procedures that become an ongoing and sustainable element of the organization’s risk management program.

Mark Lann Phone:

305-248-9495 Email: chart.eo@rockwoodinsurance.com

2) HR audit reports are increasingly being used to report audit findings to wider audience. The distribution of the report on HR auditing findings is no longer limited to senior

See Evolution of HR Audits Page 34 TABLE OF CONTENTS

APRIL 2021

NEWS - DUFF & PHELPS Continued From Page 9

BOOST BUSINESS RESILIENCE controllers (PLCs) and remote terminal units (RTUs) that enable today’s smart devices and automation—are a primary point of vulnerability. And SCADA is at the root of another unexpected entry point: physical security systems. Yes, hackers have been known to gain entry through popular brands of security cameras.

WHAT YOU CAN DO Automation, the internet of things and smart factories are here to stay. An increase in remote work is likely for the foreseeable future. Businesses must find ways to strengthen cyber security and hunt down every potential entry point. A thorough cyber security assessment by trained experts is your best option for finding easy-to-miss second- and third-tier backdoor vulnerabilities and determining mitigation factors. PREPARE FOR EXTREMES

Recent winter storms have caused widespread devastation to businesses and homes throughout Texas. Even organizations with extensive business continuity and emergency bout the author: Todd Keil management plans have is an associate managing been broadsided by the director in the Security Risk near-complete breakdown Management practice, based in of the state’s critical Dallas. He has over 30 years of infrastructure. Atypical experience managing complex freezing temperatures corporate and government caused a chain reaction programs focused on global due diligence, risk of infrastructure mitigation and protecting people, facilities and emergencies: As natural intellectual property assets. Prior to joining Kroll, gas pipelines froze, power Todd was a vice president at Clearpath Alerts. In generation stations shut this role, he coordinated cyber physical security down. As electricity failed, platforms and communications technologies to water lines froze and burst. formulate security strategies, including extensive The result? The “costliest emergency and crisis planning, and conducted disaster in state history,” security assessments for clients. Before that, Todd according to The Texas was a senior director and chief security officer Tribune.

at Magic Leap. His previous private sector roles include as a senior advisor at Torchstone Global, where he advised on risk mitigation and security strategies, and as corporate security manager in charge of worldwide threat and executive protection at Texas Instruments.

28 APRIL 2021

With bigger and deadlier natural disasters apparently on the rise, businesses need to reconsider the way in

TABLE OF CONTENTS

which they formulate emergency response. Most resilience plans take a “middle-of-the-road” approach, balancing potential problems and expected costs. Few account for extremes—a problem now illustrated in graphic detail in Texas.

WHAT YOU CAN DO Consider extremes in your emergency management plans. Yes, implementing backup plans for extreme events that threaten your physical infrastructure can be costly. But identifying and understanding the potential vulnerabilities that such events present are not. Your crisis management plan should at least acknowledge every possible hazard—which leads us to the next gap. Plan Beyond Your Property Line The Texas disaster and the global pandemic have both highlighted the importance of considering external factors, such as critical infrastructure and supply chains, in your business continuity plans. These factors might be outside of your control. But identifying them provides the opportunity to, at a minimum, open conversations that could lead to change. For example, do you know which substation provides power to your facilities? Have you spoken to a power company representative to determine what that substation will do if it loses power, heat or water? What about water and wastewater? Your business might not technically utilize them, but your facilities likely can’t operate without them. How much do you know www.chart-exchange.com

NEWS about your local water infrastructure and its cyber security and crisis management planning?

WHAT YOU CAN DO Conduct a risk assessment to identify the infrastructure resources you need to maintain full or limited continuity of operations in the event of an incident. Determine who provides critical infrastructure to your facilities. Form a relationship with those organizations. Ask about their emergency planning. If the answer is concerning, decide how you can mitigate a loss of power, heat, water or wastewater if necessary—or even whether a change in location is warranted. HELP IS AVAILABLE The best way to identify opportunities to enhance and strengthen your business continuity plan is to run a business risk analysis, especially if you haven’t done so recently; the threat landscape has changed significantly within just a few years. Risk management experts can conduct a thorough assessment, collaborate with you to create a plan that works for your unique needs and even provide training to help you respond with confidence to events like the ones in Florida and Texas. Be sure to look for the depth of experience necessary to recognize hidden hazards and extreme use cases and to help you develop a plan that meets international standards if necessary. Investing in a thorough assessment, planning and training process now can save you untold dollars in the future.

www.chart-exchange.com

PATRICK TIERNAN TO JOIN LLOYD’S AS CHIEF OF MARKETS Lloyd’s today announced that Patrick Tiernan will be joining the Corporation in the newly created role of Chief of Markets, which will oversee market performance and distribution.

atrick will join Lloyd’s from Aviva where he is currently the Managing Director, UK Commercial Lines & Global Corporate & Speciality, and previously the Chief Financial Officer of Aviva Insurance Limited.

John Neal, Chief Executive Officer of Lloyd’s said: “I’m thrilled that Patrick will be joining Lloyd’s in this newly created role. As a highly regarded industry executive with leadership experience across business and financial management, Patrick has 24 years Patrick joins Lloyd’s of experience in the at an exciting time. insurance industry, Our overarching including serving priorities of as Group Chief performance, Operating Officer at digitalisation, Starstone Insurance culture, together and Chief Executive with a new Patrick Tiernan Officer of Zurich’s ‘purpose’ pillar, Centrally Managed are paramount Businesses. He is chairman of the and drive everything we do in the International Underwriting Association Corporation and across the market. (IUA) and sits on the London Market Patrick will progress these priorities Group’s board of directors. He is also to deliver the impact and results we on the board of ClimateWise and the need right across the market from Innovation Working Group of the Bank customer and distribution, through of England’s Climate Financial Risk to underwriting business and Forum. oversight.” TABLE OF CONTENTS

APRIL 2021

www.bluevoyant.com

••

For insureds that need forensics, incident response, or proactive security services

••

BlueVoyant is a pure play cybersecurity firm

••

WE GET IT – we do it faster and better

Austin Berglas | Global Head of Professional Services austin.berglas@bluevoyant.com Vincent D’Agostino | Head of Cyber Forensics & Incident Response vincent.dagostino@bluevoyant.com Jennifer Rothstein | Business Development Head, Insurance & Legal jennifer.rothstein@bluevoyant.com Breached: incident@bluevoyant.com | Info: contact@bluevoyant.com

SPECIAL REPORT ANATOMY OF A SUPPLY CHAIN ATTACK By Amy Williams, PhD, CISSP, Director of Proactive Services, BlueVoyant

hird-party businesses and their employees, third-party applications and anything else that touches your systems present cyber risk, leaving sensitive data as vulnerable as the weakest link in your ecosystem.

Smaller companies in a supply chain are often the first point of attack as a way into a top tier contractors. Small businesses are often the creative engine in the design process. Think about it-those small design firms with the big ideas are where the creativity

resides. And the details in the design that those small companies create are more valuable to foreign interests than managers of those small companies realize. Also, smaller businesses are less likely to have formal security systems and processes. Accordingly, threat actors are increasingly focused on subcontractors because: • •

•

They hold valuable intellectual property; are less likely to have the resources needed to adequately protect against attacks and; may be used to open an exposure to other companies in

the supply chain. As a result of the risks at the lower tiers of the supply chain, top tier companies must be prepared to answer questions like: • •

•

What third party organizations are exposed to compromise? Across your supply chain, are there common security risks? What are you doing about these risks? What have you done to minimize the likelihood of a successful 3rd party attack?

See Supply Chain Attack Page 48

r. Amy Williams is a Director of Proactive Services for BlueVoyant. Prior to working for BlueVoyant she served as VP of Cybersecurity for Unlimited Technologies and PSB Exero. Prior to that, Dr. Williams served as Director of Cyber for the Citizens Crime Commission of NYC. Before working for the CCC she was a chaired Trustee Professor for Bentley University, hired to foster collaborations between businesses and academic researchers on cybersecurity. She is recognized as an expert on HIPAA, NIST 800-171 and CMMC, the cyber security of physical security and data privacy as well as process improvement for information security. She has received numerous leadership awards including the first ever Visionary Leadership Award from the American Accounting Association (AAA). Dr. Williams has authored dozens of practitioner and peer reviewed scholarly articles and served on editorial staffs of information technology publications. She has been a frequent invited speaker at international and national cyber security conferences, and has chaired 20+ national task forces and leadership committees. Dr. Williams received her Masters and PhD degrees from Virginia Tech and holds the CISSP certification.

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

“WHEN YOU’RE FINISHED CHANGING,

YOU’RE FINISHED” - Benjamin Franklin

Benjamin Franklin: Scientist, philosopher, Founding Father … and business strategist? Mr. Franklin’s advice about adapting to thrive is especially appropriate in the highly ﬂuid insurance industry. The CHART Exchange began with a good idea back in 2015: become the catalyst for growth in the U.S./London marketplace by facilitating interaction between domestic wholesalers/agency specialists and Syndicate underwriters. Large-scale networking events were held annually in elegant venues. While this approach produced results, feedback from the meeting participants indicated we could do much more to achieve our goal. As a direct result of this feedback, CHART 2.0 adopted a more proactive operating model intended to provide advocacy-level support to U.S.-based agencies seeking to place business within the London market. The expertise of our various Vendor Partners — when combined with new brokerage placement capabilities — gives CHART 2.0 clients access to a broad array of services they need to be successful. Interested in learning more? Visit our website at www.chart-exchange.com. We are also available via e-mail (info@chart-exchange.com) or by phone at the number below.

www.chart-exchange.com

The CHART Exchange, 3001 Philadelphia Pike Claymont, DE 19703

Phone: (855) 716-3660 32 APRIL 2021

TABLE OF CONTENTS

•

Fax: (302) 334-0325 www.chart-exchange.com

NEWS - ROCKWOOD PROGRAMS

ROCKWOOD PROVIDES NEW INSURANCE FOR OFFDUTY POLICE OFFICERS Patrol Protect provides a new insurance coverage program for law enforcement officers who provide services outside of their respective police organizations CLAYMONT, DEL.JANUARY 28, 2021

ockwood Programs, Inc. has launched a new insurance product designed to protect police officers while performing important duties outside of their role in law enforcement. Patrol Protect provides insurance coverage for law enforcement officers who provide services outside of their respective police organizations as part-time employees of other organizations. It provides coverage against allegations of negligence, misrepresentation, violation of good faith, property damage, assault, battery, and false arrest/detainment while performing off-duty activities. “We launched Patrol Protect to address an underserved niche in the marketplace,” said Glenn Clark, President of Rockwood Programs. “Municipalities and private employers carry insurance to protect themselves and their organizations in case of a lawsuit. More frequently, we are seeing the individual officer www.chart-exchange.com

being named in these suits. In most cases, the existing coverage does not provide protection for the individual and their involvement in the underlying event. Patrol Protect closes this coverage gap.”

The Rockwood team has supported the insurance needs of law enforcement officers for over a decade. Patrol Protect is a further demonstration of our commitment to support those who watch over us including our partners who support the coverage.” - Rockwood President Glenn Clark

Many police officers take second jobs or off-duty assignments as a way of augmenting their income. Most TABLE OF CONTENTS

of these ‘moonlighting’ positions involve security-related tasks. While officers are trained to diffuse situations in a non-confrontational manner as possible, they must sometimes take more definitive steps to protect the public’s safety. “The Rockwood team has supported the insurance needs of the law enforcement officers for over a decade. Patrol Protect is a further demonstration of our commitment to support those who watch over us, including our partners who support the coverage,” said Clark. Patrol Protect is underwritten by Fortegra Specialty Insurance Company (Fortegra). Fortegra maintains an “A-” (Excellent) rating by A.M. Best, reflecting its financial stability and claims-handling abilities. All claims are adjudicated by Wilson Elser - a nationally-recognized law firm with more than 30 years’ experience in professional liability litigation. Its team of legal experts See Patrol Protect Page 41 APRIL 2021

ANALYSIS - LAURDAN ASSOCIATES Continued From Page 27

https://www.thebluediamondgallery.com/handwriting/a/audit.html

THE EVOLUTION OF HR AUDITS management. As noted above, an increasing number of third parties are expressing interest in the organization’s human resources management. This list of external stakeholders includes not only investors, major stockholders, and venture capitalists, but also governmental agencies, NGO’s, civil rights groups, and plaintiff attorneys. Since HR audits findings include proprietary and confidential information and, in many cases, produce discoverable

34 APRIL 2021

information, the implications of nonmanagement stakeholders reviewing HR audit finding are significant and create a potentially serious problem for organizations. As a result, organizations are spending more time considering the format, content, and the impressions created by their HR audit reports. The Five Critical Components of the HR Audit Process Recognized as setting the standard in HR auditing, ELLA®, the EmploymentLabor Law Audit™, the leading HR auditing tool, incorporates the five critical components of an HR audit into the HR audit process. These components should be addressed in every HR audit. 1. Activities: The starting point of the HR auditing process is a review of the organization’s activities, that is, the tasks and actions that create or implement employment policies, practices, procedures, and programs.

TABLE OF CONTENTS

Activities include such actions as the promulgation of an EEO policy statement, a sexual harassment policy, and other employment policies, and the posting of required employment posters. The Activities component of HR audits is typically evaluated by using a “checklist approach,” that is, the item is checked off when it is completed. 2. Behaviors: Behaviors in this context are actions and conduct that affect ─ either positively or negatively ¬¬— the implementation or effectiveness of the organization’s policies, practices, procedures, and programs and demonstrate the organization’s commitment to stated goals and objectives. Examples of Behaviors include: the creation of a corporate culture that values and promotes equal employment opportunities, diversity, and compliance; the visible and unequivocal support by senior management for the organization’s diversity efforts; and the budgeting of sufficient resources to achieve EEO compliance and diversity goals. Behaviors are frequently assessed using qualitative measures, such as culture scan and employee satisfaction surveys. 3. Risk Assessment: Risk assessment is the identification of current and/or future events that have the potential to cause loss, peril, or vulnerabilities, and management’s willingness to accept those risks. Risk assessment is also the

www.chart-exchange.com

identification of events or conditions that create new opportunities for the organization to achieve its business objectives. Risk assessment provides management with the information to make informed decision about the allocation of the organization’s human, physical, and financial capital and about effective ways to eliminate, mitigate, control, or transfer those risks. Human resource management and employment practices liability related risks include: employment law and regulation compliance failures; lost business opportunities due to the failure to attract, hire, and retain top talent; intangible asset losses due to turnover and the loss of top talent and key employees; ineffective staff development and succession planning; and lower profitability due to the inability to control labor costs. HR auditing activities include assessments of the external and internal factors that impact human resource management and employment practices, including: 1) the economy; 2) legal, regulatory, and litigation trends; and 3) demographic and structural changes in the workplace and work force. 4. Internal Controls: Internal controls are processes, tests, and assessments that help ensure compliance, manage risks, identify fraud, and help ensure the achievement of organizational goals. HR auditing activities include: 1) assessments of the effectiveness and efficiency of HR management processes, policies, practices, and procedures; 2) the reliability and accuracy of HR management reporting; and www.chart-exchange.com

3) the level of compliance with laws and regulations, industry and professional standards, codes of conduct and ethics, organizational policies, and budgets. 5. Outcomes: Outcomes are quantitative and qualitative measurements and metrics that measure and help assess the achievement of organizational goals and objectives. HR auditing activity includes the identification of metrics used by the organization to measure organizational and individual performance; the assessment of results by comparing actual results against projected results, budgets, and internal and external standards; and a description of the activities, behaviors, and internal controls that are needed to maintain or improve future results. The value of the ELLA HR Audit Model™ is that it helps organizations: 1) assess current HR management and employment practices; 2) identify and diagnosis systemic problems; 3) evaluate and predict the impact of corrective measures; 4) develop a plan of action; and 5) determine the ROI of such actions. Using the ELLA®, organizations enhance the value of their human capital, reduce their exposure to employment related liabilities, and improve their ability to achieve business objectives. For more information about HR audits, contact Mr. Ronald Adler, PresidentCEO, Laurdan Associates, Inc., 301-7625794, radler@laurdan.com

TABLE OF CONTENTS

WOULD YOU LIKE TO HAVE YOUR MESSAGE DELIVERED TO 100,000+ FOCUSED INSURANCE INDUSTRY EMAIL ADDRESSES EVERY MONTH?

I’m Kate Boyle Managing Editor. I handle CHART Exchange Advertising. Call me at 302 765-6056 and let’s have a conversation.

APRIL 2021

NEWS - LLOYD’S OF LONDON Continued From Page 24

LLOYD’S LAUNCHES FUTURESET: A NEW GLOBAL PLATFORM

by Anne McElvoy from The Economist. The video-series will bring together industry leaders from a variety of sectors to explore the specific challenges associated with systemic risk. Upcoming guests will include Robert Hannigan, a leading authority on cyber security and former director of GCHQ, and Ann Pettifor, political economist and author of ‘The Case for the Green New Deal.’

John Neal, CEO of Lloyd’s, said: “The COVID-19 pandemic has shown that a hypothetical systemic risk, is never far from becoming a reality and that we must do everything we can to prepare and mitigate against the worst impacts of the constantly changing industry can partner more effectively and challenging risk landscape. As the to protect society and the economy world turns against systemic to recovery, risks. Panellists Lloyd’s has include John a unique Doyle, President position and and CEO of opportunity to Marsh, Paula bring together Jarzabkowski, communities, Professor businesses, of Strategic insurers and Management at governments the University to find of London’s solutions to Business School, those risks that and Patrick threaten our Sterling, RIMS shared future. Vice President & The launch Senior Director John Neal, CEO of Lloyd’s of London of Futureset of Legendary sets in concrete People and Risk our commitment to be a catalyst for at Texas Roadhouse. action, and in doing so empowering innovation, economic growth and As part of Futureset, later this month human progress around the Lloyd’s will also be launching ‘An world.” Expert’s Take’, a video-series hosted

36 APRIL 2021

TABLE OF CONTENTS

Continued From Page 14

BACKWARD REASONING – IS YOUR DATA STRATEGY FIT FOR THE FUTURE WORLD OF INSURANCE? at the moment here in London, there is a huge amount of work being done to modernise and digitise processes and procedures to meet the ever-increasing demands placed upon them in delivering such operations to an ever discerning and data hungry customer base. It can be argued that perhaps a little too much focus is being given to the ‘current state’ and perhaps not enough is being done to focus on the ‘future state’ and where Delegated Authority in particular can be a driving force for the fast-changing environment of insurance delivery and the customer propositions of tomorrow. I recognise and applaud the considerable efforts that are being made to deliver a marketplace of www.chart-exchange.com

ANALYSIS - MOTOSI CONSULTING decade and beyond from now. We’ll the future and for London to be see the continued ‘Uberisation’ of seen again as a top global centre insurance and the creation of ‘hyper for the provision of insurancepools’ in which the whole insurance based products and services, but ‘mix’ is different in it’s make up, the focus does seem about getting with Sovereign wealth funds of the best from a current state rather Governments, Reinsurers and than a complete re-think on what Insurers and many others placing a future state may look like. This is capital at risk in truly massive pools where some solid Sherlock Holmes to meet the global backward reasoning and changing work may come in Consider nature of insurance, handy and for it to more ‘horizon catering for the be applied to the scanning’ and different and global whole risk model be a bit more like nature of risk. and in particular Sherlock Holmes and the Delegated work backwards and It is here that Authority offering assess what needs to Delegated Authority of the future. be done now to make can and should your future vision a We can reasonably reality. Be bold in your be positioning itself, to act as the assume that the assertions and build mechanism by insurance market your business on a which insurance of 10 years from solid future footing, is distributed now will be vastly with data at the heart effectively and different to how it of everything you do, efficiently on behalf is now, the whole become intimate with of global capacity mechanism for it, understand it, and provisions and delivering insurance treat it like a living and utilising slick and to customers will breathing entity that customer focused have changed will fuel your business Delegated Authority beyond recognition and help shape propositions to from that of which the future world of deliver the service we observe today. insurance.” of the future. The economies Working backwards of the world will from here is where the real value be different, the buying habits of will be derived, not from getting people will be different and the stuck in the ‘current state’ and technology to deliver solutions focussing energy and effort to will be different, but we appear modernise existing processes and to be working on solutions to practices, which only serves the problems that exist now and that immediate or short-term need. fit the market of today and are not This is where data comes in. truly focussed on the market of a www.chart-exchange.com

TABLE OF CONTENTS

As we all know, the biggest and most profitable companies on the planet are at their heart, data companies and companies that have understood this for many years, hence their incredible dominance and prevalence in our societies. Insurance (in all its guises) is all about data, it is fundamentally at its heart, pumping round the eco-system in vast quantities, supplying the nutrients and life sustaining energy required to support human activity and endeavour in all its varying forms, from private individuals to farmers protecting their crops and to global industrial concerns and everything in between. It isn’t good enough just to accept that data exists but to truly get to the heart of it and how it affects the part of the world in which each company operates and plays its part, and this is where Delegated Authority can position itself as the insurance mechanism of the future state. So, to summarise, consider more ‘horizon scanning’ and be a bit more like Sherlock Holmes and work backwards and assess what needs to be done now to make your future vision a reality. Be bold in your assertions and build your business on a solid future footing, with data at the heart of everything you do, become intimate with it, understand it, and treat it like a living and breathing entity that will fuel your business and help shape the future world of insurance. APRIL 2021

ANALYSIS - INSURANCE BUSINESS Continued From Page 11

THE MOST IMPORTANT CONVERSATION You can do the exact same thing by looking at what you’re saying to yourself before you do something you consider relatively easy or simple.

realize. It’s up to us to make sure the words coming out of our mouths, and those in our head, are giving us the best chance to succeed and live how we desire. The most important conversation you’ll ever have is the one you have with yourself.

NEVER MISS AN ISSUE OF THE CHART EXCHANGE!

Create a mantra or ‘go-to’ phrase. We can craft personalized phrases that really click in our minds. For example, my go-to is inspired by the legendary band The Grateful Dead. Whenever I’m faced with a daunting challenge, I remind myself, “Just keep trucking.” It doesn’t make the task any easier, but I’ve at least reminded myself to keep my head down and keep working.

38 APRIL 2021

LOOKING FOR OPPORTUNITY IN A SEA OF CHANGE There is an underserved need, and we were able to fill that gap.” Patrol did more than find opportunity in a sea of change – the company was able to increase the service levels for off-duty officers beyond just providing the liability coverage. Their approach to the market stresses education and discussion around the issue and the serious risks that many off-duty officers face.

Speak to yourself like a champion. Even the world’s greatest performers and experts have rough days, but what makes champions different is that even on those days, the conversations they have with themselves are motivating and encouraging. It’s not blind optimism – it’s showing belief in yourself through your language, even when the cards may be stacked against you. This process might take a bit of time, but you have all the time in the world. Start the journey today and never look back. What we say to ourselves matters far greater than we often

Continued From Page 19

SUBSCRIBE NOW!

TABLE OF CONTENTS

Another partner, Sera-Brynn, found opportunity in the cyber security space. It is no secret that breaches, or hacks are becoming round-theclock events. Individuals and small business owners feel like this space is a “black box” and for many, it is. Sera-Brynn took applied knowledge, experience, and tools to develop a self-serve product that identifies, quarantines, and provides sufficient knowledge to eliminate cyber threats BEFORE they strike. CHECKLIGHT sharply differs from current virus/ www.chart-exchange.com

NEWS malware protection because it is proactive, require no updates, and is highly prescriptive in its approach to malicious activity. According to Rob Hegedus, President of Sera-Brynn: “We found ourselves in a position where we could see how hackers were taking advantage of small businesses and companies that had shifted to work from home. We had the tools, knowledge, and expertise to make a difference. It was just a matter of packaging and developing the product to be a user-friendly, self-help tool that could provide significant value and wasn’t intimidating regardless of an individual’s technical or IT acumen.” These may seem like simple solutions, but their simplicity reflects a complex process of assessing market demands, corporate resources, and evolving risks. The ability to identify opportunity while facing the extensive change at the same time is like changing the tire on a moving race car — not so easy.

SIAA MAINTAINS RECORD WRITTEN PREMIUM IN 2020

ebruary 11, 2021 – Hampton, NH: Jim Masiello, Chairman of SIAA, has announced that the organization reached a total in-force premium of $9.6 Billion for 2020, an increase of 7.9% from 2019. SIAA signed 527 independent agents in 2020, an increase of 14.8% over 2019 and averaging 493 new member agencies over the past 5 years. Please click on the attached infographic below.

ABOUT SIAA SIAA (Strategic Insurance Agency Alliance) is a national alliance of independent insurance agency members generating hundreds of millions in new premium business annually. SIAA is dedicated to the creation, retention and growth of the independent insurance agency distribution system. To learn more about SIAA, visit siaa.net.

When I think about these examples, it can be narrowed down to leadership and attitude. It’s no simple task to push a new project through an organization grappling with so many other unprecedented personal and organizational change. For many, it has been a real-time business case study in how to embrace and sail on the sea of change. However, somethings never change – success is defined by attitude, execution, and leadership.

www.chart-exchange.com

TABLE OF CONTENTS

APRIL 2021

NEWS - M&A SERVICES

FIRST AMERICAN ANNOUNCES ENTRY INTO P&C INSURANCE BOOK TRANSFER AGREEMENTS RESULT OF DECISION TO EXIT PROPERTY AND CASUALTY BUSINESS AND TO FOCUS ON ITS CORE BUSINESS

irst American Announces Entry into Property and Casualty Insurance Book Transfer Agreements Result of Decision to Exit Property and Casualty Business and to Focus on its Core Business January 19, 2021, Santa Ana, Calif. First American Financial Corporation (NYSE: FAF), a leading global provider of title insurance, settlement services and risk solutions for real estate transactions, announced today that its property and casualty insurance subsidiaries have entered into book transfer agreements with Safeco Insurance (Safeco), a Liberty Mutual Company, and Heritage Insurance Holdings, Inc. (Heritage). The agreements provide qualifying First American property and casualty insurance agents and customers an opportunity to efficiently transfer their policies to Safeco or, in certain

40 APRIL 2021

circumstances, Heritage. The entry into these agreements is the result of the initiation of a process by the company, announced in October of last year, to exit its property and casualty business and to maintain focus on its core business. “Safeco and Heritage are leaders

forward with established and wellrespected carriers.” The company expects the transfer to be completed by the end of the third quarter of 2022. Merger & Acquisition Services Inc. served as the sole financial advisor to First American Financial Corporation. ABOUT FIRST AMERICAN

in book transfer arrangements and have a strong commitment to serving independent agents,” said Dennis J. Gilmore, CEO, First American Financial Corporation. “These agreements allow us to exit our property and casualty operations, while providing a valuable option for many of our agents and customers to move TABLE OF CONTENTS

First American Financial Corporation (NYSE: FAF) is a leading provider of title insurance, settlement services and risk solutions for real estate transactions that traces its heritage back to 1889. First American also provides title plant management services; title and other real property records and images; valuation products and services; home warranty products; property and casualty insurance; banking, trust and wealth www.chart-exchange.com

management services; and other related products and services. With total revenue of $6.2 billion in 2019, the company offers its products and services directly and through its agents throughout the United States and abroad. In 2020, First American was named to the Fortune 100 Best Companies to Work For® list for the fifth consecutive year. More information about the company can be found at www.firstam.com. ABOUT MERGER & ACQUISITION SERVICES, INC. Merger & Acquisition Services, Inc. is a specialist advisory and financial services Firm to the insurance and reinsurance industry, with offices in New York, Connecticut, Georgia & Cayman Islands. Founded in 1999, the Firm and its affiliates provides investment banking and insurance consulting services globally, including; merger & acquisition advisory capital raising, valuations, program placement/fronting, and reinsurance advisory. Merger & Acquisition Capital Services, LLC., a registered broker-dealer and member FINRA / SIPC, is an affiliate of Merger & Acquisition Services, Inc. To learn more about Merger & Acquisition Services, visit https:// maservices.com.

www.chart-exchange.com

Continued From Page 33

ROCKWOOD PROVIDES COVERAGE FOR OFFDUTY POLICE OFFICERS will provide an advocacy defense for Patrol Protect policyholders.

WOULD YOU LIKE TO HAVE YOUR MESSAGE DELIVERED TO 100,000+ FOCUSED INSURANCE INDUSTRY EMAIL ADDRESSES EVERY MONTH?

Premiums start at $250. Two limit of liability options are offered. Customized plans are available to groups such as police departments, law enforcement-related associations, and organizations. Interested parties can learn more about the product by accessing the Patrol Protect website at https:// patrolprotect.com. ABOUT ROCKWOOD PROGRAMS Rockwood Programs is a Wilmington, Delaware, based administrator of several countrywide management liability programs. Rockwood has been one of the premier providers of insurance agent E&O for nearly 20 years. The program covers P&C retail agents as well as newly licensed agents.

TABLE OF CONTENTS

I’m Kate Boyle Managing Editor. I handle CHART Exchange Advertising. Call me at 302 765-6056 and let’s have a conversation.

APRIL 2021

ANALYSIS - SIAA

TIME FOR INSURANCE AGENCIES TO ATTRACT YOUNGER GENERATIONS Article reposted with permission from SIAA, the largest alliance of independent insurance agency members in the United States.

Millennials and Gen Z Add Value, Diversity and We Need Them

Y (ages 24 -39) is currently the largest available workforce, with Gen Z quickly making gains to overtake them. Characterized as tech-savvy and full of expectations, both of these populations of nextgen insurance professionals bring valuable skills for agencies seeking to expand their technological capabilities.

technology, customer service, sales, and data analytics. HOW DO YOU ATTRACT THEM?

Understanding what the younger generations are seeking in a career is key to attracting and keeping them in your agency. Most want a workplace that offer them ith the average purpose, flexibility, development insurance and mentorship, along agent 59-60 Having a crosswith a decent salary. Take years of age generational workforce steps to ensure your agency and readying for retirement, offers and values these is not without challenges, but insurance agencies are now studies show that there are more things. Then, make sure facing a long-predicted job candidates are aware commonalities than differences talent gap. A shortage of of the rewarding career insurance professionals, across generations when it comes that awaits them at every combined with a tight labor to career goals. With a baseline of step of the recruitment market, is affecting agencies’ understanding and modernizing, process, including your job ability to recruit and retain your agency can reap the benefits description, where you post talent, and some principals of investing in the next generation it, and during the hiring are finding fewer options in process. their perpetuation planning. of talent.”

The good news is agency owners can benefit by tapping the Millennial generation, along with Gen Z and, more broadly, an increasingly diverse workforce. WHAT’S IN IT FOR YOU? The Millennial generation, or Gen

42 APRIL 2021

PURPOSE.

What they lack in insurance experience and training, these (mostly) digital natives bring a range of valuable skills to the workplace, including communication, marketing,

TABLE OF CONTENTS

When disaster strikes, you are there to help. Insurance helps people, and having the right agent matters. Since working with people in their communities is a top driver of job satisfaction, local insurance agencies can offer a very rewarding career. www.chart-exchange.com

ANALYSIS - E.O.X. VANTAGE Continued From Page 23 •

FLEXIBILITY. Agencies offering flexible hours or work-from-home options are attractive to the younger generation. TRAINING & DEVELOPMENT. While courses and designation programs can provide product and technical training, much of the institutional knowledge needed to

STRATEGIES FOR OLD, NEW AND PROJECTED DATA

be successful is acquired on the job. Whether you have one employee or forty, having a formal training program and policy is important. MENTORSHIP. Enabling (and expecting) experienced staff to share their knowledge and insights with younger agents through a mentorship program will help the mentees hone their goals and take the steps necessary to pursue their careers. Having a cross-generational workforce is not without challenges, but studies show that there are more commonalities than differences across generations when it comes to career goals. With a baseline of understanding and modernizing, your agency can reap the benefits of investing in the next generation of talent. www.chart-exchange.com

Then, as you monitor and analyze new/real-time data, you can predict that a driver is trending to having an accident and notify them to take precautions. You may find that adding other variables (weather, road conditions, tire wear, etc.) can further reduce the risk exposure of your insureds. Likewise, based on new data sources from 5G-enabled IoT, you will be able to alert insureds like homeowners to take risk mitigating actions such as turning off an oven, getting the furnace checked or looking for leaks (assuming a remote shut-off is not built in). You can see that new data, grounded in real-world performance metrics, is especially useful for guiding anticipatory actions. As you strategize the use of these interconnecting data types, you will need to consider: How will you benefit by your focus on total solutions for your clients, not just your traditional insurance product. TABLE OF CONTENTS

• •

Use data to help them understand risks and where they can take preventative action, which will help them drive down costs. Give them actionable suggestions they can take. Provide them visibility of their risk profile through a dashboard summary.

We have found this course of action has helped our clients become irreplaceable partners with their policy holders, positioning them to expand their relationship/coverage rather than defending their renewals each year. EVERYTHING NEW GETS OLD A crucial point to remember is that new data will become old data eventually. In time, volumes of telematics data will become standard historical sources like driving violations and credit history are today. This will also become portable over time, similar to asking for loss data records today. Once new data becomes old data, it can be parsed and leveraged with your existing data. Data usages and practices should be planned with this built-in obsolescence in mind. PREP FOR CHALLENGES Looking forward, what are some of the challenges we will face as new data continues its rise? See Data Strategies Page 47 APRIL 2021

NEWS - LLOYD’S OF LONDON

NEW LLOYD’S REPORT HIGHLIGHTS THE INCREASING RISK OF CYBER-ATTACK TO THE INDUSTRIAL SECTOR Lloyd’s, in partnership with cyber analytics specialist CyberCube and reinsurance broker Guy Carpenter, has launched a new report which examines how ‘Internet of Things’ devices are posing an increasingly high risk of cyber-attack to industrial and manufacturing businesses.

s cyber threats continue to evolve and become more sophisticated, it is crucial for insurers to understand these emerging risks in order to keep pace with their clients’ exposures. The new report: The Emerging Cyber Threat to Industrial Control Systems, considers potential real-world scenarios which visualise a range of cyberattacks causing physical damage to major industrial and manufacturing organisations. Cyber-attack risks have previously been considered unlikely to materially impact the physical market, with cyber perils traditionally emerging in the form of non-physical losses. However, the

44 APRIL 2021

report looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches. As bridges are increasingly being built between information technology (IT) and operational technology (OT), along with increases in automation and sophistication of threat actors, it is paramount that (re)insurers carefully consider where major losses may occur.

(Manufacturing, Shipping, Energy, and Transportation) and assesses precedent and potential impact on each. Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios of business, the report focuses on three potential routes of attack by organised hackers: •

Lloyd’s, CyberCube and Guy Carpenter have conducted an analysis detailing three scenarios which represent the most plausible routes by which a cyber-attack against industrial control systems (ICS) could generate major insured losses. The report considers four key industries dependent upon ICS TABLE OF CONTENTS

A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution

See Risk of Cyber-Attack Pg 46

www.chart-exchange.com

Bringing U.S. Entrepreneurship to the London Market The CHART/Wilson Elser strategic partnership combines the innovative underwriting philosophy of the world’s oldest insurance brand with the entrepreneurial mindset of U.S. agencies. For close to 40 years, Wilson Elser has helped organizations to better navigate challenging markets and realize improved combined ratios. We provide London- and Europe-based insurers with ready access to more than 60 discrete legal services delivered by nearly 800 attorneys in 34 strategic locations throughout the United States. Guided by a proprietary, systematic legal project management program, we help clients define strategies and achieve outcomes that align with agreed business requirements. We also implement dedicated Program Claim/Litigation Management services, creating value and driving efficiencies with respect to legal spend and indemnity. Wilson Elser is especially proud of its strategic partnership with CHART Exchange and our shared commitment to strengthening relationships between cover holders and risk takers on either side of the Atlantic.

NEWS - LLOYD’S OF LONDON Continued From Page 44

LLOYD’S: INCREASING RISK OF CYBER-ATTACK TO INDUSTRIAL SECTOR •

•

A targeted attack, in which attackers exploit a vulnerability in widely used Internet of Things (IoT) devices found in industrial settings The infiltration of industrial IT networks to cross the OT “air-gap”.

Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management, said: “The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have

“We know that the risk of ICS-based cyber-physical events is increasing. Because of this, we’ve partnered with CyberCube and Guy Carpenter to create these illustrative scenario pathways based on highly realistic threats and modes of attack.” Pascal Millaire, CyberCube’s CEO, said: “Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk. The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the

Photo: Joseph Eddins - Defense Dept. - Public Domain

In one scenario, malware is introduced into the industrial site via malicious software updates and/or installation of new (infected) devices. A logic bomb in the malware delays the

activation with specified conditions that can be programmed for maximal impact. Other scenarios could, for example, lead to attackers gaining control of water pumps or temperature regulation systems.

the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios.

46 APRIL 2021

TABLE OF CONTENTS

www.chart-exchange.com

future and could eventually become a systemic risk for the global economy.” Jamie Pocock, Guy Carpenter’s Head of GC Cyber Analytics – International said: “A major ICS attack could impact a broad range of industrial businesses and classes of insurance. As these attacks cross the divide between information technology and operational technology, they could conceivably involve significant property damage and loss of human life. The key is continued research, surveillance, and risk selection to help improve underwriting standards and portfolio management.”

Continued From Page 43

STRATEGIES FOR OLD, NEW AND PROJECTED DATA Inaccuracies will naturally occur due to time passing. For instance, people move and that will make their once correct addresses out of date. That might or might not prove a hindrance, depending on your current purposes, and may require spinning it off into other data sources.

www.chart-exchange.com

One key obstacle to address will be how to integrate and analyze your new and old data. As always, it’s best to have a plan in place to store and integrate all your data. Your data should be structured, formatted properly, and suitably stored so that it is easily recalled and presented. Due to the extreme volumes of data and masses of data points, you likely will require a full-time person and tools to continually analyze and summarize your base cases. In addition, your technology department will need to have data integration and aggregation skills. This includes gathering data from multiple sources, as well as integrating results from one system to another, such as summaries into an underwriter workstation. Determining who needs the data and in what format is also critical. We have found a Red-Yellow-Green system visually indicating what meets your expectations and what requires focus to be a good method for summaries, while bar or line charts work for depicting trends. Take time to map out what each role within the organization needs to see, and the best depiction for them. FINAL RECOMMENDATIONS In the time ahead we will all expand our data sources, as well as the amount TABLE OF CONTENTS

and frequency of data collected. As this happens, the task of identifying and analyzing trends becomes all but impossible without also having a plan for implementing Artificial Intelligence (AI) tools. AI tools can help you quickly identify trends and “select” business matching your risk appetite as well as to quickly change the profile of your target policy holder. This also gives you the ability to target-market your solution to a specific group. It can take a great deal of time, effort and investment to optimize your data standards, but at stake is nothing less than the future of your business. You will need a thoroughly thought-out and codified approach with consistent practices and SOPs. Now is the time to develop a data governance plan. The best data methodology will result from training, teaching and improving data literacy across your organization. At that point, all your team members will be able to recognize and address any actual or potential issues. A carefully chosen technology partner can also help guide and implement your data strategy. Your data is an invaluable asset. Give it the care and attention it deserves. In short, treat it like royalty …and it should do the same for you! APRIL 2021

REPORT - BLUEVOYANT Continued From Page 31

ANATOMY OF A SUPPLY CHAIN ATTACK AN ILLUSTRATION OF THE PROBLEM

To help explain how these attacks may take place, the following illustration is provided. This is purely fictional yet based loosely on common scenarios seen by BlueVoyant’s Incident Response (IR) team.

This fictional attack starts with Anna the Attacker exploiting a weakness she found in a popular training website TrainCo. TrainCo offers courses on engineering and business. They don’t have any trade secrets, so they haven’t felt the need to have any sort of security review. If someone hacks their website, then they will just get free access to education, right? Anna reasons that they will be an easy target and she is correct. She was able to modify the website so that she captures the log in credentials of anyone taking courses through the TrainCo website. This is called a waterhole attack. Now that she has modified the website, she just waits for her victims to show up.

contributes design innovations on the software that goes into handheld navigational devices used by soldiers. Edison loves to learn and he’s currently taking a class on 3D CAD at TrainingCo.

Edison the Engineer works for DesignCo, a company that

DesignCo does not use multifactor authentication so now Anna is in Edison’s email, with full access to all of his messages, his contacts and his calendar. Edison is one of DesignCo’s lead designers, so he frequently talks with managers at ManuCo who make the cases for the handheld devices. Since he also needs to occasionally have use case conversations with PrimeCo, the company that sells the final handheld product to the DoD, Edison also has email contact information for PrimeCo employees in his address book.

When he logs in, Anna collects his credentials. His credentials are his company email address and a password. Anna can see from his email address what company he works for, so she takes a guess at DesignCo’s webmail address and tries to log in to Edison’s email address using the TrainCo password and guess what. It works because Edison reuses his same password everywhere. This is called credential stuffing.

Now Anna has a multitude of different devious strategies to choose from. Does she send an email to Milo the Manager at ManuCo 48 APRIL 2021

TABLE OF CONTENTS

www.chart-exchange.com

or Piper the Purchasing Officer at PrimeCo as her next step? Does Anna just use Edison’s email for its legitimacy, or does she try to redirect Milo or Piper via the content of a message to a rogue website? It’s interesting to note here that somewhere between 90 and 95% of cyber security attacks involve some form of email attack, especially phishing attacks.

Going back to the illustration above, the point is that Anna now has a myriad of different options at her disposal for her next method of attack simply by having access to the legitimate email account of a subcontractor to a subcontractor of a prime.

•

so that they can provide help to the businesses that need it most Identify the most common risks across the entire population and use that to offer training/ remediation advice for broader distribution across the population of businesses with that problem.

It’s important that top tier companies engage their supply chain members to help mitigate third party risk. Cyber attacks are increasingly highly orchestrated, multifaceted, multi-tiered attacks with different companies being victimized and targeted in different ways. You don’t have to look further than the SolarWinds attack to see how devastating these attacks can be.”

Why? Two reasons – they work, and also because there is less to trace within the organization’s network if the attacker can get an employee to click on a link that is outside the organization, or convince the employee to send information, or convince the employee to perform an action. There’s less evidence in the network than there would be with, say, a malware attack where malware is downloaded onto the network. Also, if you are an attacker looking to collect intellectual property, you’d probably rather find a way to keep monitoring and collecting information rather than perform a one-time hit, so you’d want to avoid any actions that left a highly visible trail of your dirty deeds. Of course, there are exceptions, but this seems the most logical route for attackers.

The illustration above is far simpler than reality. Many supply chains have multiple layers. As many as 7 layers is not uncommon. The least secure layer within that stack presents a risk to all the suppliers in the stack. Tier one companies should track evolving risks for each and every member of the supply chain. Risks are dynamic and tools designed to offer external views of partner and potential partner risks can: •

• www.chart-exchange.com

Provide regular reports with a global view of how the supply chain population is doing overall Identify the highest risk partners TABLE OF CONTENTS

Going back to the illustration of the fictional attack above, many tell-tale signs of the attack strategies used by Anna can be flagged by the right third-party risk capabilities and that can be used to stop the attack. For example, weaknesses in website security, unpatched applications, credential theft, credential stuffing – these are all identifiable risks that can not only be flagged by footprinting and data analytics but can actually be proactively resolved. CONCLUSION

It’s important that top tier companies engage their supply chain members to help mitigate third party risk. Cyber attacks are increasingly highly orchestrated, multi-faceted, multi-tiered attacks with different companies being victimized and targeted in different ways. You don’t have to look further than the SolarWinds attack to see how devastating these attacks can be. APRIL 2021

STUDENT REPORT - CONT’D Continued From Page 17

THE DUALITY OF GEOLOCATION families looking to track each other’s whereabouts. In 2019 a database belonging to the family location app, Family Locator was breached. This resulted in over 238,000 users’ real-time location, profile photos, and unencrypted passwords being available for several weeks. For people trying to stay safe by knowing each other’s location, it is quite concerning that this information was available, possibly putting the users in more danger. Additionally, Microsoft which hosted the database were the ones to notify the affected individuals. Eerily when I searched up “family locator app”, “can I track my wife’s phone without her knowing?” appeared as a popular search result. The other popular search results also were

inquiries about spying and catching a cheating spouse. Location can not only be tracked through apps, but also mobile networks and internet browsers. Sometimes location tracking through mobile networks can be useful, such as through 911 calls where the caller can be saved because of location tracking. Location based apps such as Citizen also use location to notify users if they are near a crime. Internet browsers also collect location data, for demographic and targeted advertising purposes. Location data can lead to a lot of sensitive data being accessible such as your address, habits and religious data. Many people may think while creepy, having this information accessible is harmless, because what will people do with a random person’s data other than create targeted ads. The problem is that if this data falls into the wrong hands it can be used against you to do harm. Furthermore, collecting location data can be viewed as a privacy

violation especially when the user is unaware. Covid-19 tracking apps use of location data has also been a concern, as they are a target for hackers and contain sensitive data. Personally I keep my location off when possible, decline apps access to my location data, and always keep bluetooth off. It is important to stay aware and educated on how your data is being used, and collected by apps and websites you visit. To prevent unwanted location tracking the National Security Agency recommends turning off wifi and bluetooth access when they are not in use, as well as setting web browser settings to not allowing location data usage. Additionally, those worried about their location data being compromised could use a VPN to mask their presence. Location data is very valuable, and can be used both positively and negatively. As an internet user it is your responsibility to weigh the pros and cons and take appropriate action to protect yourself.

bout Heaven Kadro: I am a Junior at Hunter College currently studying Computer Science with an intended minor in Economics. Growing up I have always had an interest in solving mysteries, whether it be historical or crime related. As I got older I started to learn about coding and started to enjoy developing applications and websites. I have held previous jobs working with kids, and have seen many of them use social media without being aware of the risks, and get worried over phishing scams. I have also seen my friends get hacked. Due to these events and my interest in crime and coding Cybersecurity became a topic I am very interested in. Primarily finding ways to protect user data. I am a member of various clubs supporting woman in tech including Break Through Tech New York, which advocates for women in the Computer Science industry. Currently I am working on updating past projects, and learning new coding libraries.

50 APRIL 2021

TABLE OF CONTENTS

www.chart-exchange.com

INTERVIEW - PL COMMUNICATIONS Continued From Page 15

INTERVIEW WITH POLLUTION INSURANCE EXPERT DAVE QUINN Is cost an issue for insureds to purchase pollution coverage? Pollution insurance is not as expensive as it used to be seven or 10 years ago. Today it’s extremely affordable (almost one-third of the cost). We also see an increasing awareness of the need for pollution. For example, when contractors are working for a big box store, the major retailers want to know they have pollution coverage as part of their contract requirements. Hotels are concerned about Legionella affecting their guests, and their HVAC contractors have to have the proper pollution insurance. The lower cost and awareness is driving the need for more pollution products. Some agents may not sell pollution insurance because they feel the learning curve is too great. How do you respond to that? www.chart-exchange.com

I understand that concern, so I make myself available to the agent before they see the client to help the agent ask the right questions to start the discussion. One of the most helpful things an agent can do is to request a copy of the prospect’s current coverage. We have found that the coverage is wrong seven out of ten times, and it can be improved. That gives the agent a wedge against the current agency. Over time agents become more comfortable bringing up pollution insurance and gaining a skillset for the coverage.

WOULD YOU LIKE TO HAVE YOUR MESSAGE DELIVERED TO 100,000+ FOCUSED INSURANCE INDUSTRY EMAIL ADDRESSES EVERY MONTH?

How can offering pollution coverage be a differentiator for an agent? If you’re going after new business, you want to offer pollution coverage because oftentimes the incumbent agent has not done that. During renewals it is an opportunity to improve and increase coverage. It helps position you as a trusted advisor. If an agent shows a prospect that their lack of pollution coverage is an issue for their business, it then opens the door to discuss their other insurance needs. If an agent you are competing against offers pollution and you don’t, that can also impact the decision to choose your agency. Paul Lavenhar is the principal of the insurance marketing communications firm PL Communications.

TABLE OF CONTENTS

I’m Kate Boyle Managing Editor. I handle CHART Exchange Advertising. Call me at 302 765-6056 and let’s have a conversation.

APRIL 2021

LLOYD’S OF LONDON

52 APRIL 2021

TABLE OF CONTENTS