Monthly Archives: February 2013

Gun Liability insurance

We wrote a little while back about a public health approach to the issue of gun violence.  There is another, more private sector oriented approach being mentioned that involves personal responsibility and insurance.  One take on this appeared in the op ed pages of the Seattle Times in early February.    

A cornerstone of the responsibility notion is the concept of gun liability insurance. Liability policies for gun owners do exist. An excess liability policy is available through the NRA that offers personal liability protection as well as a “self-defense coverage” that provide some assistance in criminal and civil defense in the case of a firearms incident. 

The idea of a private sector solution seems to be gaining some political traction. By mid-February Forbes was reporting that three states – Connecticut, Massachusetts and California were considering requiring that gun owners purchase gun liability insurance.   By later in the month that number had grown to six states considering mandatory liability insurance for gun owners. The idea is that insurers are adept at calculating risk. If they were able to underwrite gun owners they might be able to sort the differences in risk among people who acquired one or two guns for hunting and protection and others who had acquired a number of weapons of different capabilities. Since levels of risk are associated with different premiums, it would be encouraging gun owners to consider their responsibilities carefully. Like your Washington home insurance policy, a gun insurance policy might have discounts associated with it. A discount might be offered if the gun owner had trigger locks or a locked storage cabinet. Additional discounts might be offered for evidence of formal training as they are today for young people who have taken driver training courses or for seniors.

In the most optimistic views, gun liability insurance might have an impact on manufacturers who might be induced to include safety features in guns that don’t presently exist, just as car manufacturers have developed a focus on safety as a sales feature. The reliance on the private sector may lessen the second amendment concerns. There would not be a registry of gun owners, although private insurers would have information on gun possession that might include the number and type of weapons.

There are some concerns even in the insurance industry about the notion of mandatory coverage. Even though this might represent a substantial new market for insurers, when insurance is mandated it may come with some unwanted provisions.  For example, the bill filed in New York, would require coverage for damages resulting not only from negligence but also from “willful acts.”  Insuring an act that is under the control of the person insured doesn’t really sit well with underwriters.

There’s likely to be a lot more debate on this issue and with the potential sales of guns and gun liability insurance you can bet there will be a lot more options on the table soon.

And Now, The Award for Best Insurer

This year’s award for best picture went to Argo, beating out Lincoln and a fine crop of other films.  Somewhere down in Argo’s long list of credits, there should be an acknowledgement of an insurance company or companies that helped make the whole film possible.  While it may not be the first thing you think about when you settle into your seat at the theater, but it certainly is among the first things a producer begins to think about when a movie get started. And, there are even agents specializing in this world of risk management.  

oscar.jpg There are locations to find and sets to build or rent; there needs to be insurance on the set or location in the event the movie company causes any damage. There are actors to find and they will need to be insured not only for events which may befall them but for what might happen to the movie if something happens and they cannot perform.  The equipment that will be used in making the film will also likely be insured.



Managing the risks associated with film making is like taking a tour through the catalog of insurance available from liability insurance through health and workers compensation insurance to errors and omissions and even cyber liability. The cost of movie making is so large that it is important to manage as many of the risks as possible. 

That automobile you see going airborne in a chase scene may be covered by an automobile policy and supplemented by a specialized policy covering stunts. The driver will be covered by workers compensation and perhaps incidentally by a health policy.  If the filming will be done on a dry and sunny day there may even be insurance against bad weather – it costs a lot to assemble a crew that can’t work.

Many film production companies move from one location to another.  Schlepping large amounts of expensive equipment from one place to another is not done lightly so an Inland Marine Policy may provide necessary coverage to manage the risks to equipment. And, while equipment is being moved, people are going to and fro and there is a cast insurance to provide some coverage in the event a cast member can’t continue in the movie. This last form of insurance can get pretty contentious as some stars have gained notoriety for their on-set behavior – even reputedly to be “uninsurable.” 

Finally, even bonding comes into play and filmmakers can buy a completion bond that is designed to repay the investors in the event the film can’t be finished. So far as we know, there is no insurance policy or bond that will pay out if the film turns out to be a box office dud.

Moviemaking is a complicated business. It is expensive and complex in the art that is a movie is often composed of a lot of moving parts that need to be organized and directed into a final product. Insurance and risk management are large components of virtually any modern filmmaking enterprise.

Dash Cams and Auto Insurance – Back in the USSR

On February 15 when the universe delivered mother Earth a belated Valentine’s Day present, it suddenly seemed to us in the US that half the population of Russia must’ve been outside with their cell phone cameras just waiting for a photographic opportunity. It wasn’t long before the news folks had uncovered the reason there were so many excellent pictures of this cosmic phenomenon; Russians are dash cam fans. 

We’re used to dash cams here; of course, they show up on the evening news or in TV reality shows mounted in police cars or other public service vehicles. Here in the US, we tend to favor rear facing back-up cameras. One might conclude from this that Russian drivers are interested in where they are going an American drivers more interest in where they have been. Neither of these cases is true, both the Russian dash cams and the American backup cameras are risk management tools.

While we are generally defending against a possible claim against our Washington automobile insurance in the event we back over a child or back into a car, it turns out the Russians have dash cams to prevent scams against their automobile insurance. Who knew? Russia has a major problem with auto insurance fraud that is compounded by widespread corruption in their traffic police and a generally poor record as drivers.  Observations on both these situations have been made by everyone from ordinary Russians to former president Dmitry Medvedev.  In fact, bad roads, bad weather, heavy drinking, and aggressive drivers produce a very high accident rate.  The death rate from auto accidents in Russia is over five times that of the US. 

meteorstrike.jpg

Since 2003, every car owner is required to hold liability insurance as a condition of technical certification – the equivalent of our licensing procedures.  The mandatory Russian insurance package guarantees at least partial coverage to car owners in the event of an accident – enough to provide for basic repairs or other expenses resulting from the accident. Voluntary insurance coverage can be purchased to complement the mandatory insurance.  In the event of an accident the average Russian needs to worry not only about his insurance but about the traffic police which Russians seem to agree is an extraordinarily corrupt institution. The dash cam has become an essential automobile accessory to help reduce the risk of being trapped by a scammer who may throw himself across the hood of a car to set up an insurance claim or to provide an objective record of an event that may be distorted by traffic police seeking bribes.

The Russian automobile insurance market will probably continue to mature if it can get past these false claims. Meanwhile, the rest of us can take some comfort in knowing that if there are more cosmic events, or even a zombie apocalypse, we will probably be able to see some pretty good film at 11. If you’d like to see a little bit of what Russian drivers experience, we’ve posted a link to a compilation of dash cam videos from Russia (and in Russian) HERE.  

Insurance Decision Making

A recent article in Forbes Magazine makes a lot of sense.  The author’s claim is that both insurers and the insuring public don’t necessarily act rationally in making insurance decisions – and maybe not insurance regulators either.   They suggest there are three principal purposes of insurance.  The first is to offer information to people about how serious a risk is by establishing a premium – the higher the premium, the greater the risk.  The second purpose is to offer the motivation to obtain financial protection against an event that could produce a significant loss but has a low probability of occurrence.  Presumably this is done by offering information about the risk and the financial consequences of events.  The third purpose is to provide incentives in the form of premium reductions to reward people who invest in measure to mitigate risk.  

A free market should act in rational way in theory where informed consumers purchase protection against the consequences of events at a price that reflects the risk of occurrence less any discount for their efforts to avoid the consequences.  Simply, a person should be able to buy protection against the consequences of theft at a price that reflects the average risk less a discount for their efforts to make their risk less than average – for example, by installing a theft prevention system.

Unfortunately, consumers do not appear to purchase coverage against high risk and serious losses voluntarily. Clear examples are the experience of Hurricane’s Katrina and Sandy where less than half the residents of the areas affected were insured for these risks even though they lived in flood and hurricane-prone areas and suitable insurance products were available.  

The authors suggest that the main reason for this may be that people tend to view insurance as an investment rather than a prevention strategy. Approaching insurance with an investment mindset means that if a claim has been made after a few years there is a sense that the premiums have been wasted. One of their suggestions is for insurers to consider developing products that span a longer period of time. Life insurance, for example, is a product that many people buy knowing that it will be used eventually, but hoping it will not be used in the short run.

Insurance companies also exhibit some strange behavior. After severe losses, companies may decide not to continue to insure the risk that is caused losses. This is generally a reflection of one company’s perceived inability to realistically assess its risk exposure and price accordingly. The example here is that before 2001 insurers did not price terrorism risk as a part of coverage against damage to commercial property. After September 2001 carriers would not offer terrorism insurance out of concern for potential catastrophic losses. It was not until Congress passed a bill that essentially made the American taxpayer the ultimate guarantor of losses the problem of obtaining terrorism insurance was resolved.

In our present time with increasingly unpredictable weather patterns, insurers are raising rates, cutting coverage, balking at some payouts and generally working to shift more expense and liability to homeowners, according to some critics.  An alternative might be to find a more effective way to spread the pool of risk so that an individual company might not have to absorb catastrophic claims costs by itself. The weather has even had an impact on auto insurers with the result that there is an expectation that premiums will rise in many areas and for very similar reasons.

As we look at these problems going forward, we should follow some of the discussions that will go on around the renewal of the Terrorism Risk Insurance Act (TRIA) which will afford an opportunity to reexamine the appropriate roles of the private sector and the Federal government and may provide additional insight into how pools of risk can be created that may provide affordable insurance while defending insurers against catastrophic losses. The National Flood Insurance Program (NFIP) is also undergoing a makeover that may provide a model for educating consumers about their specific risks and about specific measures they may be able to take to mitigate those risks. Better risk models, more education and a better understanding of the role of insurance by consumers would be a pretty good outcome from all these activities.

Phishing, Spear-phishing and Computer Security

It has been a while since we wrote about computer security for businesses – just long enough to realize that in this environment, if you aren’t paying close attention you can get burned. During the last several weeks the Wall Street Journal, the New York Times and the Washington Post have all reported attempts to hack into their organizations. The New York Times evidently did fall victim to an attack and some information – including emails – were compromised. In that case, it appears the hackers may have been after specific information relative to a story about a highly placed Chinese politician. The news folks are concerned about this sort of attack in general because the idea that someone could bust into their email systems and get information about sources that even the police or the government cannot get without great difficulty is pretty problematic. Who is going to want to blow the whistle to the press about any government or even industrial problem if their email and their identity may be picked out of the ether and exposed?

This may seem a pretty abstract concern if you run a small business in Washington on the Olympic Peninsula; it isn’t abstract at all. Along with the stories of hacking, the news folks introduced us to a new and dangerous concept called spear-phishing. We all have pretty much gotten used to the phishing attacks. These come from Nigerian directors, in the name of large banks or as an invitation to acquire an undelivered UPS package. Respond to one of these and you end up at a website that wants to know your banking password or your credit card number. Most of us have gotten reasonably savvy about identifying these, and in a business context information about this sort of attack gets spread around an office pretty quickly.

Spear-phishing is another order of magnitude different from the phishing emails that cast a huge net and hope to catch a few fish and it is a rapidly growing problem.   Rather than being directed toward a large number of people, this sort of attack is aimed directly at a single person, or a few people in an office. The subject of the email itself may be something familiar to the email recipient such as a recent order or a sale opportunity. Like phishing, the email generally contains a link to an external website that looks identical to the source of the email. Once directed there, the victim may be asked to enter their login information password and perhaps even to fill in additional information. The attacks are less aimed at getting personal information than at getting a foothold in the organization; with a little organizational knowledge they can be deadly. They can be aimed directly at people who may be less sophisticated or who can be assumed to be more trusting or they can be researched to the point of high specificity. In some cases the emails may themselves carry malware that can download to an individual’s computer and begin to collect data so it can be transmitted to the sender of the email over time. One reported example of this type of hacking reportedly targeted corporate executives with personalized emails about a legal case where the person being addressed the email was allegedly being sued. This sort of highly personalized information is almost irresistible so it was easy for executives to assume that it was legitimate and click the link provided in the message. That is why it is called spear-phishing – the spear pierces the target.

Defending against this type of targeted attack is very difficult. It can be directed toward people in an organization who may be least well-trained to identify an attack. Information from these attacks can form the basis for more sophisticated emails. In a worst-case scenario, accessing a single person’s login and password may give a hacker access to a company’s computers. At this point it is only internal security – permissions to files and directories – that may prevent access to everything a company has in its computer system. 

Breaching the security of your customer data can be a major issue for any company and, as we have mentioned before, there is some Washington insurance for that. Insuring against the consequences of losing data or compromising customer information can be a good idea and should be considered as part of a risk management plan.  

The other part of your risk management plan should be prevention. Use staff training to help employees use care in responding to emails with embedded links or attachments even if they appear to come from a trusted source unless they are expected.  Asking employees to type URLs into their browser by hand rather than clicking on a link in an email can help avoid false links. Companies can also simulate phishing attacks by creating an email with a link that redirects to a page letting them know they were in danger in order to reinforce training.  Finally, there are services that can be used to trap and test links executed through emails to make certain they are not fraudulent.