1-888-643-2217 Email ABEX
Keeping you updated

Implementing Multi-Factor Authentication is Critical

The CFC Incident Response Team notes that the vast majority of claims for business email compromise (BEC) and the associated crimes that result from such a compromise (wire transfer fraud, data theft and further phishing attacks) could potentially be prevented by implementing multi-factor authentication (MFA) on email accounts and other accounts.

Due to the proliferation of modern attack methods used by cybercriminals, not using multi-factor authentication is akin to closing the door of your home but not locking it. To improve your security posture, and to bring it up to date to face current threats, the use of MFA is highly recommended.

 

So what is MFA? It’s an authentication process that requires more than just a password to protect an email account or digital identity and is used to ensure that a person is who they say they are by requiring a minimum of two pieces of unique data that corroborates their identity. This unique data comes in three forms – something you know (i.e. your password), something that you have (i.e. a one-time passcode generated by an app or hardware token), or something you are (i.e. fingerprint, retinal pattern, voice signature or facial recognition).

In the event of a password compromise, perhaps as a result of a phishing attack, it is very unlikely that the threat actor will also have the other piece of the authentication data. Therefore, the chances are that your email account or digital identity will not be compromised. It will increase your overall cyber security posture and will decrease your chances of reputational harm and negative business impact.

There are many free MFA apps and more comprehensive corporate solutions. Below are some additional resources:

We urge all brokers and their clients to take this critical security step as soon as possible.

Source: www.cfc.com

 

 


Look for These Points of Differentiation in Cyber Coverage

There is a slew of ways in which insurers are differentiating the policy wording in their cyber products. Some of these points of differentiation are described below.

  • Additional breach response limits. Look for whether, and how much, additional limits are available specifically for handling breach response costs.
  • Increasing, or eliminating entirely, sublimits for certain exposures. Fraudulent instruction is one particular exposure for which some insurers may be willing to either increase any available sublimits or remove the restriction of a sublimit entirely.
  • “Betterment” coverage. In the aftermath of a data breach, security failure, or other cyber claim, many cyber and privacy insurers are only willing to cover expenses incurred by the insured to get its networks back up to their prior level of adequacy. However, some insurers are willing to offer a degree of “betterment” coverage that allows insureds to work with a third-party vendor to not only restore their systems to their prior adequacy but also set them up with greater security, functionality, capacity, and so on.
  • Quality of service providers offered. The quality of third-party service providers (e.g., cyber-forensics specialists) can vary from insurer to insurer, and insureds and their representatives should do their due diligence to review their qualifications.
  • Number of service providers offered. Similarly, insureds should be aware of how many options may be at their disposal when selecting an insurer-approved service provider.
  • Use of “system failure” coverage trigger. A “system failure” coverage trigger can allow for more coverage for “accidental” exposures (e.g., nonmalicious failures or accidental data deletion), as opposed to a coverage trigger that requires “breach” or “compromise” of data or systems.
  • Trigger for regulatory fines and penalties coverage. Relatedly, many coverage triggers pertaining to regulatory fines and penalties insuring agreements may require a “breach.” However, some insurers may not include the breach requirement, potentially opening up coverage for scenarios in which regulators may “come knocking” even without a known data breach.

Keeping these points in mind can help insureds assemble better cyber and privacy insurance protection to complement their management and/or professional liability insurance portfolio.

Source: www.irmi.com


Secure Favorable Wording in Contractual Liability Exclusion

Contractual liability exclusions are a fact of life in directors and officers (D&O) policy forms. While there is no getting around the existence of the contractual liability exclusion within standard policy wording, insureds can certainly benefit from variations in wording that can carve-back certain elements of coverage. Consider asking the following questions in order to determine potential ways to minimize the impact of the exclusion.

  • Is there a carve-back for liability that would have attached even in the absence of a contract or agreement? All policy forms should make this exception.
  • Does the exclusion bar coverage for written contracts only? Or does it also apply to oral contracts?
  • Does the exclusion only refer to “contracts,” or does it also apply to “agreements,” “warranties,” and/or “guarantees”? Inclusion of these other terms, especially when combined with wording excluding them in their oral forms, can significantly broaden the effect of the exclusion and thus constrict coverage.
  • Is there a carve-back for defense costs in the event of claims against insured persons (e.g., Side A defense coverage)?
  • Does the exclusion apply to both express and implied contracts? Much like the inclusion of some of the terminology shown above, implied contracts can extend the restrictive impact of the exclusion to a far greater range of the insured’s activities.
  • Does the lead-in wording to the exclusion bar coverage for claims “for” contractual liability, or does it bar coverage for claims “based upon, arising out of, or in any way related to” contractual liability? The former is the less common approach but is more favorable for an insured.
  • Does the exclusion explicitly state that it also applies to the liability of others that an insured assumes?
  • Is there an exception for contractual liability related to “employment claims”? With the blurring of some D&O and employment practices liability (EPL) risks in recent years and the frequency with which officers have employment contracts, this is particularly relevant.

Source: www.irmi.com


We’re Using ClearPay!

We’re taking a step forward to make it even easier to do business with ABEX with the roll out of ClearPay.

Did you know that every cheque and associated report you send to ABEX actually costs you about $18 to issue and mail to us? On the other hand, ClearPay is integrated into the majority of broker management systems and is an easy digital solution for less than $2 per payment!

Anytime you need to send funds and underlying policy information to us, ClearPay makes electronic payments easy and far cheaper than cheques.

The software is broker-friendly; you follow your existing workflows in generating disbursements and ClearPay automates the gathering of approvals, report and funds delivery. Once and done from your BMS! At a cost of less than $2 per payment, you’ll be saving approximately $15 per transaction that you spend today with cheques and manual reporting. Saved time can be used to devote to more productive customer services. And, most importantly, it’s a digital solution that presents a modern alternative to cheques and helps ensure accurate application to our customers’ policies.

This is just another step towards making it easier to do business with ABEX!

This platform presents mutual benefits and you can learn more by:


Builders Risk Protective Safeguard Endorsements and Warranties

Builders risk policies may contain protective safeguard and/or warranty endorsements that require insureds to implement specific measures to protect property during construction. Such requirements must be complied with by the insured as a condition of coverage. What do these requirements look like, and what are the implications to stakeholders?

Builders risk insurance underwriters may impose policy restrictions regarding the implementation of specific measures to protect property being constructed or renovated. These restrictions are typically memorialized by a policy condition or warranty1 (hereafter collectively referred to as a “condition”) set forth in an endorsement to a builders risk policy. The purpose of these endorsements (“protective safeguards”) is to impose an obligation on the insured to ensure it will fully comply with specific safeguard(s). Otherwise, coverage will be negated.

Protective safeguards endorsements are nonstandard, and substantial differences exist between insurers and policies. These endorsements are titled in a variety of ways. Some examples include the following.

  • Protective Measures and Safeguards Endorsement
  • Protective Safeguards Endorsement
  • Security and Protective Device Provision
  • Protective Safeguards Warranty Endorsement
  • Protective Safeguards and Services Endorsement

Why Do Underwriters Utilize Protective Safeguard Endorsements?

These endorsements are used for different reasons. Some insurers provide a premium discount for actions that reduce risk. Underwriters want to ensure that such safeguards are implemented and maintained by issuing an endorsement. Other underwriters contend that certain construction projects may not be insurable without imposing mandatory safeguards. Still others simply want to reduce their exposure to loss, and they view these endorsements as a tool to accomplish that.

These endorsements tend to be utilized more on smaller construction projects compared to larger ones. It is uncommon for builders risk policies that insure larger projects to incorporate such endorsements. This is because the loss prevention programs of large project owners, construction managers, and general contractors are more evolved and in tune with the demands of underwriters.

What Causes of Loss Do These Endorsements Apply to?

Each of these endorsements has introductory language that specifies how the endorsement restricts coverage. Some endorsements limit the applicability to one or more specific causes of loss (perils). Other endorsements apply to all perils.

Here is an example of language that applies to specified perils.

Protective Measures and Safeguards Endorsement

You agree to maintain the protective measure(s) or safeguard(s) shown below for the term of the policy. If you do not maintain the protective measure(s) or safeguard(s), we will not cover “loss” caused by or resulting from fire, theft, or vandalism during the period that the stated protective measure(s) or safeguard(s) are not in effect or in working condition.

If you fail to provide or maintain the stated protective measure(s) or safeguard(s), coverage for “loss” caused by or resulting from fire, theft, or vandalism is automatically suspended. This suspension will last until the measure(s) or safeguard(s) are back in operation. (Emphasis added.)

Here is an example of language that applies to all losses.

Protective Safeguards Warranty Endorsement

In consideration of the issuance of this policy, the insured hereby warrants that the Protective Safeguards described in the schedule below for which an X is shown in the corresponding box will be maintained at the job sites designated in the Declarations.

Failure to maintain the Protective Safeguards required would void insurance coverage for any loss which occurs at the jobsites at any time while such required Protective Safeguards are not maintained.

The undersigned authorized representative of the Insured hereby agrees, on behalf of the Insured, to maintain the Protective Safeguards specified above and further acknowledges and agrees that failure to maintain those Protective Safeguards will operate to void coverage for any loss which occurs at the job sites at any time while Protective Safeguards are not maintained there. (Emphasis added.)

The latter policy language is much more restrictive than the former because the warranty applies to any loss that occurs while a protective safeguard is not maintained—coverage is void during such period.

Types of Safeguards

Each of the endorsements set forth the applicable required protective measures/safeguards. These are segregated into the categories identified below. Within each category are actual safeguard wordings taken from builders risk policies and endorsements. Note that some of these requirements are very clear; others are ambiguous at best.

Fencing

  • You agree to maintain perimeter fencing at minimum of 8 feet surrounding entire jobsite and locked gate(s).
  • The entire Insured Project site will be surrounded with a chain link fence not less than 6 feet in height, suitably anchored in the ground a reasonable distance from insured property. Gates though the chain link fence will be securely locked during nonworking hours.
  • The active construction site is fenced.
  • You will maintain a fence around the entire perimeter of the insured premises. This fence may be constructed of chain link, wood or other suitable material, and must be locked at all times during which normal operations usual to the conduct of your business are not being performed.
  • Enclose the jobsite with a fence at least 6 feet in height.
  • Complete perimeter 6-foot chain link fencing with gates closed and locked during all “nonworking hours.”
  • Fenced jobsite means a fence, not less than 6 feet in height, that completely surrounds the jobsite, with no openings unless gated. All gates to such fence shall be closed and locked, to secure against entry to the jobsite, during all nonworking hours.
  • Perimeter fencing which completely surrounds each job site shown with gates closed and locked during all nonworking hours.
  • A fence with adequate strength and locking gates with a height of at least 6 feet must surround the construction site.

Lighting

  • You agree to maintain lighting on site.
  • The entire insured project site will be illuminated from sunset to sunrise, each day.
  • The active construction site is lighted from sundown to sunrise once power is available at the site.
  • You will maintain lighting around the entrances to the premises, including gates to fences.
  • Shall illuminate the jobsites sufficiently to reveal the presence of trespassers.
  • Exterior illumination (other than public street lights) providing illumination to all sides of the “project site.”
  • Exterior lighting means the premises shall be provided with lighting that shall illuminate the entire perimeter of the premises, and will be operational during all nondaylight hours.
  • Around the entrances of the building or structure, including fence gates.
  • The construction site must be illuminated by adequate lighting a night.

Detection Systems

  • Operable Burglar Alarm System. You agree to maintain a burglar system connected to central station or monitored by a public or private alarm company.
  • Operable Burglar Alarm System. You agree to maintain a burglar system connected to central station or monitored by a public or private alarm company.
  • Automatic Burglar Alarm. Protecting the entire building or structure, which signals to an outside central station or police station.
  • Automatic Burglary Alarm. Protecting the entire building or structure, which has a loud sounding gong or siren on the outside of the building or structure.
  • Operable Smoke or Fire Detection System. You agree to maintain a smoke or fire alarm system connected to a central station or monitored by a public or private alarm company.
  • Automatic Fire Alarm. Automatic Fire Alarm, protecting the entire building or structure, that is connected to a central station or reporting to a public or private fire alarm station.

Sprinklers

  • Automatic Fire Extinguishing System. You agree to maintain the automatic fire extinguishing system.
  • Operational Sprinkler Sprinkler/Standpipe System. When and as required by local fire department/building codes and/or contract documents.
  • Automatic Fire Extinguishing System. Automatic sprinkler system, including supervisory services.
  • Flow Alarm. The insured shall install and employ a water flow alarm on all automatic sprinkler system(s) from the time the system(s) are first filled. The insured shall exercise due diligence in maintaining the water flow alarm in good working order and the Insured shall immediately notify the underwriter in writing when the automatic sprinkler system(s) are impaired.

Fire Hydrants

  • Prior to start of construction, fire hydrants will be installed within the insured project site’s boundaries or within 100 feet thereof and will be connected to a public water supply, tested and fully operational.
  • There will be an operating fire hydrant operating under adequate water pressure within 100 feet of the premises, within __ days after policy inception.
  • Fire hydrants means hydrants installed such that no part of the insured project is more than 500 feet from the nearest hydrant. Installed hydrants must be connected to a public water supply, tested and fully operational.

Video Surveillance

  • Video/surveillance equipment with recording system.
  • Video surveillance monitoring that is around the perimeter and interior of the building or structure and supervised by an independent security service at all times during which normal operations usual to the conduct of your business are not being performed.
  • Internet-based video surveillance and recording be provided by an established supplier.

Security Services

  • Guard Person. You agree to maintain, at your expense, a watchperson at the indicated premise(s) at night and during non-working hours.
  • Guard Person. You will maintain a private watchperson, under your exclusive employ. The watchperson will be on duty on the premises at all times during which normal operations usual to the conduct of your business are not being performed. This watchperson will have a radio, cellular telephone or other communications device allowing instantaneous notification of law enforcement and fire protection authorities.
  • Guard Person. You will maintain a private watchperson, under your exclusive employ within the number of days after policy inception indicated below. The watchperson will be on duty on the premises at all times during which normal operations usual to the conduct of your business are not being performed. This watchperson will have a radio, cellular telephone or other communications device allowing instantaneous notification of law enforcement and fire protection authorities.
  • Guard Person. Employ a watchman to guard the job sites when insured or a contractor representative hired by the insured does not otherwise occupy the sites.
  • Guard Person. The named insured will employ a person, whose sole duty will be the security of any insured project site, who will be on the premises of the insured project site during all nonworking hours. This guard will be equipped with a telephone for immediate use.
  • Guard Person. Watchman or guard on clock stations whose regular patrol route covers all areas of the “project site” at least hourly during “nonworking hours.” The watchman or guard shall have a telephone on premises for his use.
  • Security Service. The named insured will employ a security service with one or more guards on the premises of the insured project site, with a recording system or watch clock, making no less frequently than hourly rounds covering the entire insured Project site during all nonworking hours. The guard or guards will record or have a watch clock record the time of each inspection round. The guard or guards will be equipped with a telephone for immediate use.
  • Security Service. Engage a guard service which shall maintain a representative on the job sites when the job sites are not occupied by the insured, one of the insured’s representatives or a contractor representative hired by the insured.
  • Security Service. Security service means a watchman, or watchmen, making no less than hourly rounds of the entire jobsite during nonworking hours, and maintaining appropriate log(s) of such hourly rounds. Security service shall be required once the erection of walls has commenced at any structure at the insured construction site.
  • Security Service. Private security guard service for each job site with regular patrols of the job site during all nonworking hours.

Activities

  • Cutting and Welding. All combustible materials will be moved at least 25 feet away from, the cutting and welding area(s) or will be covered or shielded by noncombustible material.
  • Cutting and Welding. All floor, wall, window and other openings including gaps, cracks, or spaces in the building or structure, within 25 feet of the cutting or welding area(s) will be covered by noncombustible material.
  • Cutting and Welding. Dedicated standby firefighting equipment will be provided at the cutting or welding area.
  • Cutting and Welding. A designated employee, trained in the use of the stand-by firefighting equipment, will be assigned the sole responsibility of fire watch and will remain on duty at the cutting or welding area during cutting and welding operations and at least 60 minutes after such operations are ceased. No hot work permits shall be issued and not hot work activities should be permitted within 2 hours of the end of the workday or the end of a shift.
  • Welding, Brazing, Soldering, and Thermal Cutting. A fire watch person with a UL listed portable fire extinguisher having a rating not less than 2-A/10-B, and trained in its use, will be present at all welding, brazing, soldering and thermal cutting operations and at least for 30 minutes following their completion; such operations shall cease 30 minutes prior to the end of the shift; 20 feet of clearance will be maintained between such operations and any combustible materials that are not permanently installed; adequate temporary protection shall be provided for any permanently installed combustible materials within 20 feet horizontally and for any combustible materials at any vertical distance below such operations.

Other

  • Storage. Fully enclosed locking metal containers whose locks are protected against cutting, or a fully enclosed locked room with double cylinder dead bolt locks will be used for storage of electrical wiring, lighting fixtures, plumbing fixtures, switch panels, and other pilfer able items.
  • Brush Clearance. Brush clearance means all covered property at the project location shall have brush, and any other vegetation, completely cleared, to a minimum of 500 feet, from such covered property.
  • Locks. All points of ingress and egress to and from the building or structure will be gates and locked when normal operations usual to the conduct of the insured’s operations are not being performed. If a gate is unlocked, the insured will ensure guarded access to check credentials.

Which Parties Do These Protective Safeguards Impact?

These endorsements apply to either “named insureds” or “insureds,” depending how the builders risk policy is structured. Since the majority of builders risk policies include the project owner, general contractor, and subcontractors as insureds, one should assume the requirements apply to all insureds.

From a practical standpoint, these endorsements can cause significant problems for stakeholders. Based on my experience with projects and builders risk insurance, the stakeholders are rarely aware that a protective safeguards endorsement is part of the policy.

Unlike builders risk policies issued in Canada and Europe, policies issued in the United States rarely have a “separation of insureds” or a “severability of interest” clause. Such clauses clarify that coverage will remain intact for insureds that do not contribute to a breach of a policy condition or warranty. If there is no such clause in a builders risk policy, it is likely that none of the insureds will be covered if there is a breach of the condition by one of the insured parties.2

What Can Go Wrong?

Stakeholders are commonly unaware that a protective safeguards endorsement is part of the policy. How does this happen? Many reasons exist.

  • The insurance agent or broker that placed the policy is unaware that the proposal and policy contain such an endorsement.
  • There was no mention of the endorsement in the proposal, but the policy is issued with an endorsement.
  • The insurance agent or broker is aware of the endorsement but does not point this out to the policy sponsor (typically the first named insured).
  • The policy sponsor is unaware of the endorsement because it does not read the policy.
  • The policy sponsor is aware of the endorsement but does not inform the other insureds.
  • The builders risk policy is not distributed to other insureds by the policy sponsor.

What Are the Consequences?

If there is a builders risk loss and it is determined that the insured did not adhere to the requirements of a protective safeguard endorsement, it is probable that the builders risk insurer will deny coverage. This often leads to litigation. Insurers are generally successful in denying coverage when unambiguous protective measures are required in a builders risk policy but not adhered to by the insured.

An example is Liberty Ins. Underwriters, Inc. v. Weitz Co., 158 P.3d 209 (Ariz. Ct. App. 2007). Liberty issued a builders risk policy to Weitz, the contractor for four dormitories being built at Arizona State University. The policy contained three warranties that required the contractor to (1) maintain adequate fire extinguishers on the job site, (2) conduct a fire watch during all welding operations or other hot process, and (3) inspect the premises for fire hazards. Each of the warranty endorsements specified that failure to comply with the warranty rendered coverage null and void. After a fire destroyed one of the dormitories under construction, Liberty filed a declaratory judgement action seeking to exclude the loss due to the contractor’s failure to adhere to the warranty endorsements. Liberty prevailed.

In those cases where insureds prevailed, courts found that (1) the protective safeguard endorsements were ambiguous, (2) the insurer knew before the loss that the insured was not complying with the protective safeguards but failed to do anything about it, or (3) the failure to adhere to the required safeguard was not the cause of the loss.

Best Practices

The following actions can help prevent problems and litigation following a loss.

  • If a builders risk underwriter imposes protective safeguard(s) in its proposal, the agent or broker should review the safeguard(s) to better understand what is being required.
  • The agent or broker should attempt to eliminate the safeguard(s) if possible, or at least ensure the safeguards are reasonable for the project.
  • To the extent that the agent or broker is unsuccessful in eliminating the protective safeguard requirements, he or she should educate the sponsor of the builders risk policy by making it aware of the safeguards.
  • The policy sponsor should inform the stakeholders about the safeguard(s).
  • The general contractor should make the subcontractors aware of the safeguard(s) and require its workforce and subcontractors to adhere to the safeguard requirements.
  • The policy sponsor should read the builders risk policy and make it available to all insureds.

Summary

Some builders risk policies contain conditions relating to mandatory protective safeguards. These safeguards must be adhered to preserve coverage. But the first step is to make sure that the stakeholders are aware of the safeguards. Agents and brokers can and should serve an important role in this regard.

Source: www.irmi.com

_____________________________________

1 Within the context of builders risk insurance, policies may contain warranties, such as a promissory warranty, that certain acts shall be done. Builders risk policies may also contain conditions (e.g., mandatory loss prevention measures) that, while not labeled specifically as a warranty, must be maintained after the risk attaches. For a full discussion of warranties and conditions, see Couch on Insurance, 3d, chapter 81, West Group Clark Boardman Callaghan Pub. 12/96.

2 See my IRMI Expert Commentary article titled “Builders Risk: Separation of Insureds Clause” (May 2015).


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn