By now, you’ve probably heard some of the hype surrounding self-driving cars; from Elon Musk’s vision of the future to the numerous concerns from lawmakers. The autonomous car will drive down the costs of transportation as we will no longer need people behind the wheel of taxis, Ubers, or buses. The technology will also eliminate the need for parking garages since drivers can send their cars home when not in use. While that seems like a distant vision; carmakers are surprisingly close to bringing autonomous cars to market, and for business owners and insurers alike, they couldn’t come sooner.

If your business has any sort of fleet of autos you are probably keenly aware of the insurance industry’s ongoing struggle with commercial auto insurance. Insurance companies have been consistently raising auto rates across their commercial books and businesses, especially in the transportation industry, have felt the effects.

There are several factors as to why the commercial auto insurance industry has been performing so poorly, but one stands out: the drivers. You can point to more miles being driven, rising costs of litigation, even how the more advanced technology used in cars increases the costs of repairs but all of those would be moot if we had a population of perfect drivers who never got in accidents. Like a ship’s Captain, the driver bears the ultimate responsibility of the car and is thus responsible for the auto insurance woes.

Theoretically, self-driving cars should be safer than those manned by human drivers for obvious reasons. Computers don’t get tired, lose focus, drink or get road rage; however, we all know that technology doesn’t always work in practice as it should in theory. We’ve already seen the first fatal accident involving a self-driving car. Plus, the autonomous cars will no doubt be sharing the road with other human drivers, adding a layer of unpredictability.

Insurance is fundamentally grounded in statistics. Insurers compile a tremendous amount of data on their policy holders, and use that data to infer the probability other policyholders will get in an accident, and how much it will cost. That is at the core of how rates are determined; past data dictates that a driver of a certain age, driving a specific make and model of a car in a given region has X probability of being in an accident. It’s complex, confusing, and imperfect, so insurers are constantly reviewing their data and tweaking algorithms in order to operate at a profit. This is still the case with nearly one hundred years and hundreds of millions of drivers worth of data.

By virtue of their business model, insurers can’t rely on anecdotal evidence that self-driving cars are safer; they’ll need lots of hard data. Without credible information on how self-driving cars act on the road, insurers will likely have one of two initial reactions. 

The first option for insurers is to decline to offer coverage of autonomous cars, either by declining applicants with those types of vehicles, or adding wording to their auto policy specifically excluding coverage while the autonomous function is on. Currently, the auto policy has language specific to who is driving the car for coverage to be in force. It will be interesting to see how the courts interpret it in regards to autonomous driving. In case of an accident, is the person behind the wheel technically driving, or was the computer the legal driver? Insurance carriers may argue that if full control is given to the computer, their customer wasn’t the one driving. The policyholders, on the other hand, would argue the opposite in what could be an important precedent-setting lawsuit once it happens. Courts typically side with the insured in matters of policy interpretation but there’s no way to predict what the legal decision will be right now. In order to avoid costly legal battles, insurers will use specific policy wording to very clearly state their intention to not cover accidents while autonomous function is on.

Alternately, some insurers may respond to the risks associated with this new technology by raising rates. In the absence of the volume of data they need for ratemaking algorithms, insurers will initially err on the side of caution and estimate higher accident probabilities. Over time, if autonomous cars truly are safer, insurers should lower their rates commensurately. The originally skeptical insurers may then join the market after compiling credible data on the safe operation of autonomous cars, thus further lowering rates.

Either way, the most dangerous part of a car (the driver) is essentially removed from the equation and six-figure auto liability claims may become a thing of the past. My prediction is that the failure of autonomous technology will be treated as a manufacturer’s defect, much like if the brakes failed, and claims will shift from the driver’s auto policy to the car-makers Product Liability policy. This reduction in Auto claim payouts will result in rates stabilizing and Auto Policies once again becoming profitable for insurers and affordable for insureds.   

In today’s rapidly changing, 'disruption' economy it can be tough to discern whether you are infringing on another’s intellectual property as processes are constantly improving and changing. Finding out the hard way can be a costly mistake. According to the American Intellectual Property Law Association, intellectual property lawsuits cost an average of $4.4 million between defense costs and potential damages. This is problematic as, chances are, every company uses intellectual property at some point in their operations or supply chain and may not even realize it. It should then be alarming that coverage for intellectual property infringement is specifically excluded in the Personal and Advertising Injury part of the Commercial General Liability Policy. Companies are then left with a severe, uninsured exposure that they may not even know they have.

Intellectual Property refers to “creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names, and images used in commerce.” Its broad definition can create confusion

When developing your intellectual property, it’s important to make sure you’re not inadvertently infringing on another’s IP. In many cases, considerable time and resources may be spent only to find out that another company is claiming your work infringes on their IP. The vetting process is further complicated by the rise of non-practicing entities (NPE’s), or what are referred to as “patent trolls.” NPE’s are companies that hold various patents but don’t produce any products or services. They exist by threatening lawsuits to companies that may be infringing on their patents and offer settlements just below the cost of defense. For defending companies, it is markedly cheaper to settle than to hire an attorney and fight in court, thus perpetuating NPE’s ability to acquire more patents and attack other companies.

On the flip side, you invested a lot of time, hard work, and energy into developing your intellectual property and you can’t afford to let another company come along and infringe upon it. However, you also can’t quite afford the $4.4 million price tag that an intellectual property suit brings. The moral hazard is evident; theoretically, a company with larger assets could infringe on a smaller company’s IP; knowing that the smaller entity does not have the resources to enter into litigation.

Often overlooked is the intellectual property your business relies on from vendors and suppliers. A common example is any sort of software that your company licenses. A less common example is a part your company buys from a supplier that is used in your finished product. That supplier may have a patent on either the machinery or the process used to make that part. If they lose that patent in an IP suit you may have to find a more expensive supplier. Finding a new supplier isn’t as easy as picking up the yellow pages. There are search costs, negotiations, product differences, and logistical concerns that can place an undue burden on an organization that has to unexpectedly switch.

Addressing your intellectual property exposure should be part of your enterprise wide risk management program. You should take an internal audit of your software licenses, suppliers, and your own intellectual property; determine your reliance on them and develop the appropriate risk management measures to address those exposures.

As part of your risk management program, you may consider purchasing insurance. The most common is Defense Coverage, which simply covers your defense costs and potential damages you may owe.  Several carriers are also offering Enforcement Coverage that pays your legal costs of suing others who infringe on your IP. In addition, there is coverage available for your reliance on another company’s intellectual property. Some of these policies also offer coverage for your indirect costs of losing an IP suit - like your loss of income or costs associated with creating new IP.

Addressing IP exposures, and the applicable insurance, is very complex and requires a thorough review and understanding of the coverage provided by certain policies as well as a knowledgeable broker to guide you through the process.

Today, one of our staff received an email from my email address stating that I needed her to send a wire transfer, and was she available to do so.  We have spent hours discussing cyber threats to our company and our clients, and our staff is trained to be aware of suspicious emails, but in this case, the email address sending it was not just similar to my email address, but it was my actual email address!  Ultimately, our staff member was able to determine that the email was fraudulent and no harm was done, thanks in part to our policies and procedures. 

This type of social engineering is on the rise and is a great concern to every company.  There are several popular types of attacks, including:

• Baiting- an attacker may provide a device, like a flash drive which is infected with some type of malware.  The recipient of the flash drive loads in on their computer, installing the malware, and affecting their workstation or server.  Often, the USB flash drive is just left lying around and the person unwittingly loads it to determine what it is.

• Phishing- Often a fraudulent email is sent, disguised as a legitimate email, but is intended to trick the recipient into taking some action, divulging personal information, or somehow deviating from your normal technology protocol. 

• Scareware- Often an attacker will attempt to trick the recipient into thinking their computer is infected with malware or illegal content that has been downloaded inadvertently.  A solution is then offered which allegedly fixes the problem; the alleged fix is really malware.

• Spoofing- This is probably one of the hardest ones to defend against, in that the email address appears to be exactly the same as an email address you are familiar with, or exactly the same as an internal email address.  It is generated from an external source, often from an origin that cannot be traced.

There are many types of attacks, and dealing with them should include a sound cyber security policy addressing the policies and procedures your company has implemented to keep your systems safe.  There are insurance products that can provide coverage for the ensuing damages from an attack.

A big issue we have seen on the rise is a type of phishing where the sender asks the recipient to wire transfer a sum of money to a specific location.  Since the email is bogus if the money is wired it is tough, if not impossible, to recover.  This presents a unique problem for the client in that many crime policies will not respond as it is considered voluntary parting with the money and not a theft or employee dishonesty loss.  Many insurance companies are able to endorse their policy to include social engineering losses.

At Insurance Solutions & Services, Inc., we assist our clients by reviewing their security procedures and protocols to determine the appropriate risk management and insurance program to respond.  Feel free to contact us for a review of your cyber security program.