Protecting Customers and the Business: How the Right InsurancePublished on April 5, 2018
Marinas do what they can to protect themselves and boaters, from everything from storm damage to criminal elements and accidental injury or death. Insurance companies help protect the business in the event of an incident.
It’s a world where digital criminals can steal data and personal information without a trace. The focus has often been on large company data breaches – Target, Home Depot, Equifax. However, the more recent trend has been data theft at small- to medium-sized businesses.
“They don’t have the resources from personnel or the finances to focus on cyber security, so they’ve become soft targets,” said Adam Phillips, assistant vice president for the marine risk insurance group at Starkweather & Shepley Insurance Brokerage Inc.
Cyber theft comes in many different forms. Criminals can take control of a business’s computer system, demanding money in order to release data – ransomware.
Normand Duquette from the executive protection division at Starkweather & Shepley, said cyber theft and data breaches can also be much more menacing than ransomware.
A data breach, in which customer and company information is stolen, isn’t something businesses can pay a ransom for and ignore. Depending on the state and the data involved, many will have reporting requirements. State and local officials need to be notified, as well as those customers who were affected. And often businesses can’t tell if data has been compromised until they bring in a computer forensics specialist, Duquette said.
Cyber criminals are also getting more creative, using social engineering to mimic company communication methods. “It’s more direct. They are figuring out who the key players are in the company,” Duquette said. Criminals can create an invoice, mimicking company format and personnel for a company’s key clients, in order to try and to steal payments.
Dan Rutherford, director of claims and risk management for Maritime Program Group, said wiring money for payment transfers has been a big target for his clients. Insurance premium payments or transactions between boat broker and seller are being manipulated by criminals. For instance, a broker receives money for a boat sale from the buyer and sends the profits to the seller. The broker may send the seller an email, asking for bank wiring details. Criminals can intercept sent messages before they arrive and change bank routing number and account information. Rutherford has seen money transactions for boats go missing from $40,000 up to $400,000.
Insurance companies have also been targeted, Rutherford said. Brokers and agents send bank routing information for premium payments, and the money sent by the insured is intercepted and gone. The use of wire transfers has nearly doubled in the last 20 years, as the internet has made these transactions easier.
When accepting a wire transfer, Rutherford recommends the following practices:
• Accept transfer instructions only during regular business hours;
• Obtain instructions on paper, preferably on known letterhead;
• Ask for a signature and compare to those on file;
• Call the person to whom money is to be transferred on the phone; check the number with those on file;
• Verify the identity of the person on the phone with recent transaction information;
• Contact your financial institution and verify the wire instructions and details;
• If you are the recipient of a wire transfer, verify that your instructions were received and details were correct.
Businesses can purchase cyber security insurance policies in order to protect themselves against data theft. Insurance can be an add on or extension to the property insurance, or as a stand-alone policy. Duquette said the prices on stand-alone policies have come down significantly in prior years due to increased competition. Costs for a stand-alone policy can be as low as $1,000 annually. Add-on policies are typically not as robust as stand-alone policies.
Phillips said more insurance carriers are dabbling in cyber liability and data security insurance. “It can be a good thing, and it can be a challenge,” he said. If someone offering cyber insurance doesn’t understand the marina or boatyard business or all the potential issues, facilities may end up with incomplete coverage that doesn’t protect where they need it to.
With an insurance company that understands marine businesses and specifically with a stand-alone policy, marinas will get better guidance for planning and in the event of a theft incident, a cyber forensic and legal team to help. Some policies will assist with data breach notification costs or regulation penalties. Policies can also provide extortion or business interruption coverage. Add-on policies can still provide some coverage, but operators are left without a concierge service to get them through the process.
“What we’re finding out now is that ignorance is no longer an excuse,” Duquette said. Marina and boatyard owners that have a loss with no cyber security in place can be sued and left to handle litigations alone.
Owners without cyber insurance will need to serve as their own general council in the event of a theft. They need to know data protection laws in their state and possibly other states, where their customers live. They will need a computer forensic staff and attorneys. It can be overwhelming for a small business owner, Duquette said. With a cyber policy, carriers can help owners through the process.
If a company does experience a breach, Duquette said don’t call it a breach, which may imply liability. “We recommend that they refer to it as an incident,” Duquette said.
Other general practices recommended to protect against cyber theft in the first place include:
• Back up data, and back up again. Ideally, the back up system should be segregated from the main system or somewhere remote.
• Password hygiene. Change passwords regularly, for Wi-Fi and drivers. Make unique, strong passwords.
• Up to date. All software and hardware should be current.
• Clicking on links. Only click on known links, and educate staff to be cautious.
• Access Privileges. Be aware of what employees have access to what, and only give employees access to systems they need.
For back up plans and data, Duquette said it’s important to test the plan. “Make sure you can flip the switch, and you won’t encounter any bugs,” he said.
Even with the rise in cyber criminals, some still resort to regular property theft. Particularly in South Florida, Rutherford has seen a rise in outdoor theft. Boats get stolen from dealerships or marinas, but specifically, there has been a rise in the theft of big block outboard motors by the dozens. Rutherford said other high dollar items, such as GPS and chart plotter systems have been targeted. In 2017, just one insurance carrier, Rutherford said, registered $1.5 million stolen from boats.
Active alarms and motion sensing technology are encouraged over video surveillance, which can only identify incidents after the fact, Rutherford said.
Marinas and boatyards are required to provide reasonable care to protect a boater’s property. The boatyard or marina receives money and the payee receives service or storage, a bailment with mutual benefit. This transaction should include a storage or service agreement, which outlines reasonable care for the vessel. Rutherford noted that reasonable care can vary depending on location. The standard of care at certain locations, where crime might be prevalent, could be more than at other more secure locations.
“The important thing to understand about liability insurance is when coverage is applicable,” Phillips said. With a correctly written policy, it will pay to defend and pay for any damages. For instance, if a fire started on a boat at the fault of the boat owner, the individual’s insurance would cover the losses. But often there is ambiguity around liability or where the negligence lies, and the matter ends up in court, where insurance companies pay to defend their clients.
While there is no direct correlation for insurance discounts to things like video surveillance systems, security teams or gated docks, underwriters will rely on the broker’s detailed description of the property and security measures in order to write the policy and its cost.
Policy holder services are often built into different policies at different levels, but that may include a loss prevention specialist. Phillips encourages owners to take advantage of services that can help identify exposure and minimize loss. It’s good for the insurance company and the business owner.
ESD and Insurance
With the rise of electric shock drowning (ESD) deaths, marinas are examining how to prevent deaths, protect customers and also protect the business. For insurance, electrical systems are part of the property insurance, but with an injury or death, general liability insurance may be important also. “Insurance policies deal with negligence,” Phillips said.
In dealing with customers, he said, contracts can be very important. A hold harmless waiver on a customer contract can protect businesses. Contracts with third-party subcontractors must also be examined and current. In writing contracts, consult an attorney familiar with marine contracts, Phillips said. “Don’t write them yourself,” he said.
Many changes have taken place recently with electrical system code standards and what is required on dock systems. Older systems are not required to upgrade, and the adoption of standards varies from state to state. However, in the event of a storm, for instance, which damages docks, owners may be required to meet new code standards when rebuilding.
DJ Tyler, vice president of Marine Specialties Limited, sees many facilities that don’t have the right kind of insurance or enough to adequately cover the facilities they have. Typical property replacement coverage pays out at the facility’s current value. Tyler has also seen an increase in the number of facilities whose insurance payout can’t cover the full costs of dock replacement because new electrical code standards require more expensive replacement options.
To alleviate this, marinas can purchase a code compliance upgrade rider on their property coverage, which will cover the upgrade costs. “Many are not aware of the significant cost in the code upgrade, so they’re not buying that upgrade,” Tyler said. He said dock owners are becoming more aware of the issue and the costs for upgrades, but he still sees a lot of confusion about insurance coverage after the fact. “The biggest issue with dock owners is not being properly insured,” Tyler said. “They need a local broker who knows the business.”