☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

Signs of Progress on National Flood Program for Canada

Posted on by

Canada is making good progress on a national flood program, pending a final decision by federal, provincial and territorial (FPT) ministers responsible for emergency management.

“What they are looking at is one national insurance solution to improve outcomes for high-risk Canadians across the country,” Craig Stewart, vice president of federal affairs at Insurance Bureau of Canada (IBC) told Canadian Underwriter in an interview Tuesday. “There may be regional insurance pools adapted to local conditions, but it would be nationally coordinated.”

FPT ministers responsible for emergency management have mandated IBC to lead a national working group to take a look at options and what they would look like. IBC provided three options:

  • A pure market approach (like in Germany and Australia) where governments exit disaster assistance
  • A broadened version of the status quo, but with better-coordinated insurance and disaster assistance
  • Deployment of a high-risk pool analogous to Flood Re in the United Kingdom.

The next step is for the working group, which Stewart chairs, to cost out the pool. “The pool needs to be capitalized as it was in Flood Re,” Stewart said. “So, we need to figure out where that money is going to come from. Is it going to come from governments? Is it going to come from insurers? Where is it going to come from?”

A final decision will be made by ministers after the high-risk pool is costed, which Stewart expects to be completed by June. Decisions on eligibility, how to capitalize the pool, and on any cross-subsidization await the results of that costing analysis.

In addition, this spring, the ministers will hold a technical summit on flood data and science. “Our view of the risk many not align with the government’s view of the risk,” Stewart said. “We need to bridge the gap. This symposium is going to focus on essentially the data and science of flood modelling.”

In early 2020, there will be the launch of a consumer-facing flood risk portal. IBC has been working with the federal government to develop the authoritative flood portal, where consumers can discover their risks and what to do about them.

“Elevating consumer awareness of flood risk is key,” Stewart said. “Consumers aren’t going to be incented to protect themselves or to buy insurance unless they know their risk.”

In May 2018, FPT ministers responsible for emergency management tasked IBC to lead the development of options to improve financial outcomes of those Canadians at highest risk of flooding. IBC worked with a wide range of insurers, government experts, academics and non-governmental organizations to produce the three options, which were tabled with ministers last week.

The ministers released the first-ever Emergency Management Strategy for Canada: Toward a Resilient 2030 on Jan. 25. The document provides a road map to strengthen Canada’s ability to better prevent, prepare for, respond to, and recover from disasters.

“In less than two years, Canadian insurers have secured a mandate with every province and territory to finalize development of a national flood insurance solution, have successfully catalyzed a national approach to flood risk information, have secured over two billion dollars in funding for flood mitigation, and have succeeded in securing a funded commitment for a national flood risk portal,” Stewart said.

Source: Canadian Underwriter

“Reading the Policy” Means Reading Every Word

Posted on by

Every insurance professional has had experience with small policy language changes that have big effects (usually negative) on coverage. Sometimes it’s a single word—added, deleted, or altered—that fundamentally changes the way a policy will respond to a given loss exposure, and those language differences are obviously the hardest to deal with, or even to find.

Take a look, for example, at this phrase from a modified commercial general liability (CGL) policy “aircraft, auto or watercraft” exclusion: “… the ownership, nonownership, maintenance, use or entrustment to others of any auto.…”

The term nonowership, of course, has a long tradition in commercial automobile insurance. It provides liability coverage for automobiles the insured does not own, hire, lease, rent, or borrow but that are used in connection with the named insured’s business. It includes autos owned by employees, partners, or members of their households used in connection with the business. So, it’s not a strange coverage term … in an auto policy. But remember, the policy under discussion is a CGL policy.

A knowledgeable CGL insured doesn’t expect to have coverage for liability arising out of the ownership, maintenance, or use of autos. But that same insured will expect to have CGL coverage in connection with auto-related exposures when some unrelated third party—for whose activities the insured does not otherwise have any legal responsibility—is the owner, operator, or user of an auto. (The use of vehicles by an independent contractor doing work for the insured is a common example. In such situations, the insured’s liability arising out of the nonownership of an auto is an important feature of CGL coverage, although few people would be likely to describe the exposure using that term.)

In this instance, the CGL insurer that was excluding coverage for the “nonownership of any auto” was one that markets its policies to firms with large land holdings, industrial operations, or retail establishments with substantial vehicular traffic. Warehouses, industrial sites, timber operations, quarries, and entertainment venues are examples. These risks typically have heavy traffic on their premises and perhaps personnel directing traffic in and out. An exclusion applicable to the “nonownership” of autos wipes out general liability coverage for these common exposures.

The modified exclusion in question was imposed in the middle of 1 of 23 pages of endorsements to a standard CGL policy. While it resulted in a material, and important, reduction in coverage, it could easily have gone unnoticed by an insured—or that insured’s insurance professional—unless every word of the policy and its endorsements were read carefully.

Source: International Risk Management Institute, Inc. (IRMI)

Vulnerability Found in Multi-Factor Authentication

Posted on by

CFC sent us the advisory below to share regarding a new multi-factor authentication (MFA) vulnerability.  Whether you have your cyber policy with CFC or elsewhere, please review and take steps to minimize your exposure.

CFC has become aware of a significant new security vulnerability that can be easily exploited to bypass multi-factor authentication (MFA). MFA is commonly used to protect against phishing attacks and compromised passwords, which are two of the most common root causes of cyber claims seen by our incident response team. Even worse, we’ve become aware of tools available on the dark web that exploit this vulnerability and expect substantial use of the tool to compromise previously protected environments.

How it works

A new penetration testing tool has been published by a security researcher that automates phishing attacks against multi-factor authentication protected websites. This tool, dubbed Modlishka, sits between a user and a target website such as Outlook 365 or Gmail.

The victim receives authentic content from the legitimate site but all traffic and all the victim’s interactions with the legitimate site pass through and are recorded on the Modlishka server. Any passwords a user may enter are automatically logged on this server, while the reverse proxy also prompts users for 2FA tokens when users have configured their accounts to request one.

If attackers are on hand to collect these tokens in real-time, they can use them to log into victims’ accounts and establish new and legitimate sessions. We have seen a similar method used to intercept other web services such as Citrix Web Access.

You can find more information here.

Steps to take

  1. Disable web access to email or remote desktop environments where possible
  2. Use hardware tokens as a means of multi-factor authentication (FIDO 2.0 and U2F)
  3. Implement phishing awareness and education:
    • Do not click on links in emails, and instead type the address in your browser
    • Avoid suspicious email attachments or links, and if necessary, verify the sender
    • Never hand over your credentials such as passwords or sensitive information such as bank account numbers
    • Check that the website address looks right and is spelled correctly
  4. Use DMARC in order to protect against spoofing of email domains

3 Network Security Threats to Watch Out for in 2019

Posted on by

Cyber security attacks continue to increase in both size and severity. In order to truly protect themselves, businesses must remain informed on the latest cyber security trends. While it can be difficult to predict the emergence of new risks, the following is a list of major threats experts have identified for 2019 and ways to protect your business:

  1. Viruses and worms—Computer viruses and worms are malicious programs designed to infect core systems and destroy essential data. What’s more, viruses and worms can replicate themselves, infecting an entire network quickly. To protect your system, install anti-malware on all network devices.
  2. Drive-by download attacks—Drive-by download attacks generally refer to the unintentional download of malicious code from an app, operating system or browser, which, in turn, opens you up for an attack. What’s most concerning about these attacks is users don’t have to click, download or open anything to become infected. The best way to avoid these types of attacks is to keep your web browsers updated and ensure users don’t navigate to potentially dangerous sites.
  3. Phishing attacks—Phishing scams are a common strategy for hackers—one that requires minimal technical know-how and can be deployed via email. With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. Successful phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses, particularly for businesses. To avoid becoming the victim of an attack, organizations need to train users on how to identify and avoid common phishing scams.

For more information on network security threats and prevention strategies, contact your insurance broker today.

© Zywave, Inc. All rights reserved

Contingent Business Interruption Insurance

Posted on by

Just one brief business interruption can be incredibly costly for an organization, often leading to serious reputational damages or long-term closures. Standard business interruption policies are vital in these instances, providing protection against a variety of common interruptions, including natural disasters, equipment damage and vandalism.

But what happens when one of your suppliers or customers experiences an interruption that derails your operations? To help address this concern, contingent business interruption (CBI) insurance is crucial.

What is CBI Insurance?

Unlike traditional business interruption insurance that compensates the policyholder for a loss resulting from damage to its own property, CBI insurance lets businesses transfer the risk of certain losses to the property of a third party. CBI insurance is an optional extension of business interruption insurance that reimburses lost profits and extra expenses resulting from an interruption of business at the premises of a customer or supplier. Coverage is typically triggered by physical damage to a customer’s or supplier’s property, or to property on which the insured company depends.

In the policy itself, the covered third party property may be specifically named, or the coverage may simply blanket all customers and suppliers. There are a variety of scenarios where this type of coverage is useful:

  • When an insured business depends on a single supplier or a handful of suppliers for materials. In these instances, CBI insurance can help the insured stay afloat should they experience a break in the supply chain.
  • When a business relies on a single or a few key customers to purchase goods or services. For instance, if a natural disaster affects your primary customers and they are no longer able to purchase your goods, CBI insurance can provide coverage for lost revenue.
  • When a business depends on a nearby attraction or neighbouring commercial operation for customers. For instance, if your business is located next to an amusement park that attracts new customers to your store and that park closes down, CBI insurance can respond in kind and help keep your doors open.

When in place, CBI insurance can help employers cover ongoing expenses—like payroll and rent—should the insured’s revenue stream be impacted by interruptions at a third party. In many cases, it is not necessary that the customer’s or supplier’s property be totally shut down to trigger CBI insurance.

CBI coverage is provided for a covered loss during the “period of restoration.” This is a time frame specified by the insurer and relates to the reasonable amount of time it should take for the affected property to repair any damages and resume normal operations.

Evaluating Your CBI Needs

To truly understand your CBI insurance needs, it’s important to assess your exposures. CBI exposures will differ depending on the industry you operate in, but are most common in manufacturing, retail, hospitality and professional services.

Prior to meeting with your insurance broker and securing coverage, ask yourself the following:

  • If there is a temporary production stoppage at one or more of my suppliers, can my business survive? How long?
  • How much of my company’s operations rely on another entity?
  • Do I have alternative suppliers in place should an interruption occur?
  • Do I rely on one or a few customers to purchase the bulk of my products? Do I rely on a neighbouring business to attract customers to me?

To get started or to learn more about CBI insurance, contact your insurance broker today.

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN