In today’s rapidly changing, 'disruption' economy it can be tough to discern whether you are infringing on another’s intellectual property as processes are constantly improving and changing. Finding out the hard way can be a costly mistake. According to the American Intellectual Property Law Association, intellectual property lawsuits cost an average of $4.4 million between defense costs and potential damages. This is problematic as, chances are, every company uses intellectual property at some point in their operations or supply chain and may not even realize it. It should then be alarming that coverage for intellectual property infringement is specifically excluded in the Personal and Advertising Injury part of the Commercial General Liability Policy. Companies are then left with a severe, uninsured exposure that they may not even know they have.

Intellectual Property refers to “creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names, and images used in commerce.” Its broad definition can create confusion

When developing your intellectual property, it’s important to make sure you’re not inadvertently infringing on another’s IP. In many cases, considerable time and resources may be spent only to find out that another company is claiming your work infringes on their IP. The vetting process is further complicated by the rise of non-practicing entities (NPE’s), or what are referred to as “patent trolls.” NPE’s are companies that hold various patents but don’t produce any products or services. They exist by threatening lawsuits to companies that may be infringing on their patents and offer settlements just below the cost of defense. For defending companies, it is markedly cheaper to settle than to hire an attorney and fight in court, thus perpetuating NPE’s ability to acquire more patents and attack other companies.

On the flip side, you invested a lot of time, hard work, and energy into developing your intellectual property and you can’t afford to let another company come along and infringe upon it. However, you also can’t quite afford the $4.4 million price tag that an intellectual property suit brings. The moral hazard is evident; theoretically, a company with larger assets could infringe on a smaller company’s IP; knowing that the smaller entity does not have the resources to enter into litigation.

Often overlooked is the intellectual property your business relies on from vendors and suppliers. A common example is any sort of software that your company licenses. A less common example is a part your company buys from a supplier that is used in your finished product. That supplier may have a patent on either the machinery or the process used to make that part. If they lose that patent in an IP suit you may have to find a more expensive supplier. Finding a new supplier isn’t as easy as picking up the yellow pages. There are search costs, negotiations, product differences, and logistical concerns that can place an undue burden on an organization that has to unexpectedly switch.

Addressing your intellectual property exposure should be part of your enterprise wide risk management program. You should take an internal audit of your software licenses, suppliers, and your own intellectual property; determine your reliance on them and develop the appropriate risk management measures to address those exposures.

As part of your risk management program, you may consider purchasing insurance. The most common is Defense Coverage, which simply covers your defense costs and potential damages you may owe.  Several carriers are also offering Enforcement Coverage that pays your legal costs of suing others who infringe on your IP. In addition, there is coverage available for your reliance on another company’s intellectual property. Some of these policies also offer coverage for your indirect costs of losing an IP suit - like your loss of income or costs associated with creating new IP.

Addressing IP exposures, and the applicable insurance, is very complex and requires a thorough review and understanding of the coverage provided by certain policies as well as a knowledgeable broker to guide you through the process.

Over the past couple years, we have seen the advent of the robo-advisor in the financial services industry. Companies like Betterment or Advizr use software to automate the financial planning and advice they provide for customers. The benefit is clear: automation allows the company to operate with less overhead and then passes those savings along to the customer. Naturally, companies are trying to replicate this model in the insurance industry with robo-brokers but will that be a good thing for business owners?

A robo-broker will probably be an online portal where you can enter in your sales, class codes, etc. It will most likely offer suggested limits or coverages based on your industry and cookie-cutter risk management techniques. It places your company in a box. It boils your business down to its SIC code and assumes you operate in the exact same manner as all of your competitors. The problem is you don’t. Your business is unique, your employees are unique, your goals are unique and your risk management program should be as well. Since the computer treats your company as a generic class code, it cannot help you anticipate and mitigate your unique loss exposures. A generic risk management program is considerably less effective than if it was tailored specifically for your company.

Another aspect of robo-brokers is the automation of your policies, which isn’t necessarily a good thing. The ‘set it and forget it’ mentality works with personal finance because your goals, and how to achieve them, rarely change. Insurance, on the other hand, should be as fluid as your company. The world your business operates in is constantly changing and as your company reacts to it, so should your risk management program.

By the nature of the insurer-agent relationship: a robo-broker will not save you, the policyholder, any money. As you probably know, your insurance agent is compensated by the insurance carrier with commission. Insurance carriers pay a standard commission for each line of business to all of the brokers they work with and this commission schedule is filed with the government. Insurance agents are also not legally allowed to give up commission in order to get a lower premium for the client. So, a robo-broker who uses software automation to decrease its payroll and other costs does not, and legally cannot, pass those savings to the policyholders.

Now think back on your professional relationship with your current agent, could that be handled by a computer? Could everything your agent does for you be substituted by inputting some information online and having a robot take care of the rest? If yes – you may have a serious problem.

Knowing that a robo-broker may actually be a detriment to your risk management program by offering the bare minimum service and not saving you money, why would you accept a human broker who does the same? The majority of brokers all have access to the same insurance carriers, either direct or through a wholesaler. All of your competing brokers can each get you the same policy for the same price so the difference between them is their value to you. You should pick a broker based on his or her individual expertise and trustworthiness. You want a broker who works to help your company achieve its goals throughout the year, not just drops off a renewal annually. If you want to get away from automated risk management, whether it’s by a computer or human, call Insurance Solutions & Services today.

Today, one of our staff received an email from my email address stating that I needed her to send a wire transfer, and was she available to do so.  We have spent hours discussing cyber threats to our company and our clients, and our staff is trained to be aware of suspicious emails, but in this case, the email address sending it was not just similar to my email address, but it was my actual email address!  Ultimately, our staff member was able to determine that the email was fraudulent and no harm was done, thanks in part to our policies and procedures. 

This type of social engineering is on the rise and is a great concern to every company.  There are several popular types of attacks, including:

• Baiting- an attacker may provide a device, like a flash drive which is infected with some type of malware.  The recipient of the flash drive loads in on their computer, installing the malware, and affecting their workstation or server.  Often, the USB flash drive is just left lying around and the person unwittingly loads it to determine what it is.

• Phishing- Often a fraudulent email is sent, disguised as a legitimate email, but is intended to trick the recipient into taking some action, divulging personal information, or somehow deviating from your normal technology protocol. 

• Scareware- Often an attacker will attempt to trick the recipient into thinking their computer is infected with malware or illegal content that has been downloaded inadvertently.  A solution is then offered which allegedly fixes the problem; the alleged fix is really malware.

• Spoofing- This is probably one of the hardest ones to defend against, in that the email address appears to be exactly the same as an email address you are familiar with, or exactly the same as an internal email address.  It is generated from an external source, often from an origin that cannot be traced.

There are many types of attacks, and dealing with them should include a sound cyber security policy addressing the policies and procedures your company has implemented to keep your systems safe.  There are insurance products that can provide coverage for the ensuing damages from an attack.

A big issue we have seen on the rise is a type of phishing where the sender asks the recipient to wire transfer a sum of money to a specific location.  Since the email is bogus if the money is wired it is tough, if not impossible, to recover.  This presents a unique problem for the client in that many crime policies will not respond as it is considered voluntary parting with the money and not a theft or employee dishonesty loss.  Many insurance companies are able to endorse their policy to include social engineering losses.

At Insurance Solutions & Services, Inc., we assist our clients by reviewing their security procedures and protocols to determine the appropriate risk management and insurance program to respond.  Feel free to contact us for a review of your cyber security program.