A rise in social engineering fraud and cyber crime has shone a bright light on the coverage gaps emerging under the crime section of Management Liability policies.
“Hi John, just requesting that for our next invoice you change our bank account details to BSB123456 and account no.3456789. Cheers, Sam.”
At first glance, the email purporting to be from one of John’s regular suppliers doesn’t look out of the ordinary. The email displays Sam’s exact signature, complete with business logo and contact details.
But John, an overworked Managing Director of an SME, doesn’t notice the email address is slightly different. As a result, he sends a request to payroll to change his supplier’s bank account details to those of the social engineering fraudster.
“Social engineering and fraud claims under the Management Liability’s (ML) crime section are a growing concern. Sophistication levels are increasing,” says Mark Sinclair, Platform and Product Manager, Aon
In fact, over 2016-17, social engineering fraud resulted in losses of more than $20 million due to business email compromise. That’s up from $8.6 million in 2015-16, representing an increase of more than 230 per cent, according to ACIC’s Australian Cybercrime Online Reporting Network.
And Insurers are responding.
“With mounting pressure on a ML policy to respond, we’re seeing carriers increasingly exclude social engineering from their policy – potentially at a time when the client’s need for coverage may be at its highest.” says Sinclair.
Other common exclusions in ML policies are professional services, IPO capital raising activities and shareholder actions. Sinclair adds that ML policies also tend to exclude insolvency, unless specifically requested under the policy.
“It’s critical that the exclusion is raised with the client at the time of purchase, as most businesses tend to not account for a potential insolvency,” he says.
Then there’s cyber crime – another growing area of concern for SMEs.
Sinclair says with the advent of Cyber Liability policies, there has been a move away from offering cybercrime within a ML policy.
Matthew McPhee, National Underwriting Manager at Berkley Insurance Australia, adds: “brokers should recognise when clients need a stand-alone option to cover Cyber and Social Engineering claims”. “Some ML policies will cover Cyber theft whilst others will not cover Cyber theft.”
Emerging Risks and Trends
Ben Thompson, Financial Lines Underwriter at Solution Underwriting, says other emerging risks in the current ML marketplace include non-compliant cladding, major changes to privacy legislation, and social awareness of employment practices, such as the #metoo campaign.
“Strong products already exist in the market place, however, identifying which exposures will need to be remediated is crucial,” says Thompson.
Willis Towers Watson Placement Services Director for FINEX, Simon Carter, agrees that there’s been an increase in employment practices claims over the past 18 months, including allegations of unfair dismissal, discrimination and harassment.
“Employees are now more aware of their rights and are more likely to go to a lawyer. As a result, losses are on an upward trajectory,” says Carter.
Carter adds that closer attention is now being paid to policy excesses.
“In the past Employment Practices Liability (EPL) excesses of $5,000 or lower were common but we’re now seeing excesses of $15,000 or $25,000 being imposed on the same risks,” Carter says.
“When it comes to mounting a legal defence in this space, costs can ratchet up. Insurers are also looking at increasing premiums and selecting what they underwrite more carefully.”
Challenges Facing Brokers
Carter says brokers also need to ensure clients are aware of an insurer’s right to take over, defend, and settle claims.
“The insurer can quite easily say that they have been prejudiced and only offer to pay the amount that would have applied at their panel rates,” Carter adds.
“This can lead to a significant gap between legal fees incurred.”
Meanwhile, Sinclair says a large number of businesses today tend to feature complex entity structures that include different subsidiaries, holding companies, and trusts for holding assets – which brokers need to get their heads around.
He adds that frequently, trusts are proposed as the insured entity under a ML policy.
“In legal terms, trusts are not considered a legal entity, and do not employ staff, managers or appoint directors. This creates a number of issues with the policy response,” Sinclair says.
Getting the Right Cover
Carter says clients need to understand the importance of cover requirements and see beyond “price, price, price”.
Common ML extensions include Crime/Third Party theft, EPL, Fines and Penalties, WH&S investigations costs, Tax Audit cover, amongst many others.
Thompson adds that brokers need to gain an understanding of their client’s operational and business practices, along with their risk profile.
Brokers then need to identify the broadest possible coverages with the lowest excesses.
“They also need to take into consideration any dual insurance policy clauses – which may limit the broker and client from choosing the most appropriate and favourable policy to claim on when multiple policies can respond,” says Thompson.
Opportunities for Brokers
When it comes to EPL claims, it’s important to both educate and mitigate, Carter suggests.
“Ensure they’re as savvy as they can be in approaching employment issues when they first arise – when an initial complaint of bullying is made, for example,” Carter says.
“Effective dispute management avoids escalation of HR issues and expensive litigation.”
McPhee agrees that there will always be opportunities for a broker who can use claims examples – such as social engineering fraud examples to demonstrate the need for ML.
“Claims will highlight the potential exposures clients have and a knowledgeable broker will win
business based on their ability to talk risk and assist with risk management steps,” says McPhee.
Management Liability vs Directors and Officers Liability
One of the main differences between Management Liability (ML) and Directors and Officers (D&O) liability Insurance (D&O) is simply the target audience, plains Ben Thompson, Financial Lines Underwriter at Solution Underwriting.
“Publicly listed companies require a specific policy with appropriate coverage and function suitable for larger companies with investors and shareholders, which is the D&O market,” says Thompson.
“The ML Insurance primary market is private small to medium sized companies.”
Thompson adds that ML Insurance is a comprehensive package, which provides broader protection and coverage than traditional D&O Insurance.
“This is ideal for small companies seeking a total solution contained within one policy,” Thompson adds.
Contact your Account Manager today to discuss how a Management Liability can protect your business.
This article, by David Barbeler, originally appeared in the September 2018 edition of NIBA Insurance Adviser.