CYBER INSURANCE
“FOGS IN THE ‘CYBER ORDER'”
SOME SOCIAL, ECONOMIC, FINANCIAL 


& HISTORICAL PROBLEMS

Michael
Sean Quinn, Ph.D, J.D., Etc.

1300 West Lynn #208
Austin,
Texas 78703

(o)
512-296-2594

(c)
512-656-0503

          Insurance, like many industries, has
struggled to keep pace with the complex super-rapid developments  in the intangible cyber-world, some of the
dimensions of which are remarkable development of or from tangible computers,
the development of multiple X-pads, Y-tabs, and Z-“whatevers,”  the race to new technologies in the provinces
of the Internet, and the “super-sonic, near-speed-of-light,” development of
uses of technologies in the cyber-world so advanced that “Pads” and “Tabs” seem
and may already be are obsolete as of June 30, 2014. (Consider what has been
going on in the collective search for the missing Malaysian airliner. Or,
consider the fact that we all can closely watch the van Eyk Project as it moves
along. 
Computerized information systems and
electronic commerce have out-stripped the capacity of the legal system and
government to keep up—to regulate not only “the web,” but intranets, social
media, and e-commerce in general.  Think
of Amazon; think of Stables; think of Target; think of  X them Y then Z, and then on and on. The Internet now even has its own
highly sophisticated currencies, “tech-cur,” of which Bitcoin is now the best known
example.  

This statement is not intended to
suggest that the insurance industry has failed recognized that insurance is desirable
and even necessary under many circumstances. 
It is necessary for many customers, who become insureds, and it is
desirable for many commercial insurers, since e-will have an enormous role in
at least the century come. Indeed, all industries already use the various
“nets” conducting their businesses. 
Again, think about the 2013“Target Incident” in 2013,  or ponder the alleged hackery-caused ruination
of the Potash merger deal  in Canada
several years ago, with alleged and unconfirmed  hackings of seven, or so, law firms in Toronto
that were professionally involved in the deal.  According to a sophisticated article in the Sunday Review section of the June 22, 2014 NYT, hacking and resistance to it is getting more sophisticated very quickly.  The levels, the twists, the turns, the internationalism, the international politics, and on and one, are getting ungraspable, at least for many of us.   (I don’t know lawyers who actually do, although many in large national law firms say that they do just that all the time.

The fact that the insurance industry is
not keeping up does not mean that insurers are unaware of many of the
possibilities for revenue and profits. It only means that the stages of
development are yet early, and it implies that there are many more “places” to
go.  The decision making players are
conscious of the history of the industry. 
Not charging a premium in the neighborhood of the  “right premium,” not having enough carriers
involved in taking on the risk of loss, not having personnel or enough
personnel with the right sets of 
knowledge,  whether in
underwriting departments, adjustment department, or yet others, has
historically lead to numerous bankruptcies, and similar states.  (And I haven’t even started to get to the
asbestos insurance catastrophe.)

 Insurers
know that prudence in creating entirely new types of insurance—types that may
become a front running component of the industry– is required.  There is no such thing as the instantaneous
development of prudence.  All prudence is
developed relatively slowing.  Anyone who
claims to have acquired prudence with respect to anything

Here is a concrete so-called cyber-world
example. So far as I can tell, there has been no such thing as (or only very rarely
such a thing as) “network-napping” to be thought of as an analogy to kidnapping.
There is such a thing as cyber extortion, but that is about what one might do
in the future. Not about what has already happened.  There is such a thing as data (or
information) trolling, but it does not appear that there is much in the way of
“data-napping, at least, not yet. 
(Also,
I haven’t found much about instances of large scale invasive “data destruction,”
i.e., the destruction of the of the data of others.)  If the NYT article just cited is correct, all of that has recently changed.  
Of course, assuming that “data-napping,”
“network-napping,” “cyber napping [in general],” “data-destruction,” are all
perils, there will be, or already secretly is, insurance protecting insureds
from them.  There is a cyber tort that is
the opposite of both “-napping” and “destruction”; that is the cyber
lockout.  As the reader will know
instantly, that is real peril, and there will be insurance against it, as well.  All “perils” are, virtually by definition in
the insurance industry, fortuities,
to some extent and in some significant ways. 
Insurance is for the fortuitous. Indeed, a fundamental axiom of
insurance as a concept, if the Principle
of Fortuity
, a phrase in the industry everyone knows embraces and respects.

It
is often said that cyber technologies and their uses are changing and growing
at breakneck speed—rather like a super engine racing boat with its remarkable
steering capacities. Consider this minor fact, reported in the Wall Street Journal on November 13,
2013: “In 1993. . ., there were only 34 million cellphone subscribers
world-wide, compared with more than 6.8 billion today.” (Lockton, Cyber Studies Decoded: A Report on Data
Risks, the Law, Risk Mitigation and Insurance p. 3 (February 2012). (This is a
many paged commercial pseudo-treatise, financed by a large source, containing
data often cited by others, with many citations to respectable sources, or so
it would appear. It is easily found on the internet.)  

Of
course, it also must be kept in mind that the advances in cellphone technology
are also extraordinary. So far as the spread is concerned, I cannot walk down a
busy side walk without seeing more than ½ of my fellow walkers doing something
with their cellphone. I doubt that many of them are listening to 
Shostakovitch, discussing
him with their colleagues; many of them, for sure are observing and conversing
with their friends, or others. Consider how fast all this has happened and is
happening. 

(Is it relevant here to mention that the purchase and use of devices to lock cell phones shut if they appear to have been stolen?)
The
insurance industry is not like that. Its ontological constitution is not built for blindingly rapid change! By its very nature, it can’t keep up with the innovative speed found in (or, stimulating) the so-called “cyber world
.”  In the insurance industry, historically speaking, changes have been more like an aircraft carrier turning and not to speed ahead or turn like a huge engine speed
boat.  Even the banking industry moves
more quickly.  The role of insurance as
“risk guardians” requires this.  The
nature of prudence in the area of protection—and that is what insurance is all
about, protecting insureds from determinate fractions of worrisome losses—does
not leap into consciousness and decision-making straight from a cloud.
To
continue this metaphor, insurers carry, as it were, in their heads, all sorts
of powerful and useful ideas with semi-details of them, and they will all be
considered in a variety of ways. This risk-shifting and “how-to-shift-risks”
thinking  is  necessary for the carriers, their balance
sheets, and their stockholders, for the stability of the industry, for the
policyholders, for others that may need the benefit of coverage (those if any
whom the policyholder has injured in a covered way), and for the purpose of
being relatively in line with public policy. Of course, as with any innovation,
there must be hypotheses about how to go, how to think, how to reserve, what to
do next, experiments, and how to deal with the inevitable and instructive
mistakes.

One
example of the slowness of insurers and catching up to the time is the problem
of gambling. Part of the analogy is financial-economic, and another part is
political. From the financial side, underwriting parts of the gambling business
is nerve racking. Even where gambling is legal and certainly as to online
gambling carriers have been slow to get involved in anything but routine
coverage, such as property insurance. 

It’s
easy to see why. Even in insuring casino buildings, there are very special
risks and liability insurance is much more problematic.  Setting premium prices, making sure that
application forms are sufficient, making sure that applications are filled out more-or-less
correctly, and trying to price premiums in a reasonable way, are all extra problems.
 

 In the world of cyber insurance, both of these
types of insurance—first party and liability insurances–will have substantial
preconditions upon the issuance of policies, e.g., insurers are now and will
forever impose requirements on the character and extent of a customer’s
security system, whether physical or behavioral.  Determining what these should be is a major
project” filled with ideas, debates, advice, more ideas, more debates, more
consultation, and intro-company politics.

In
addition, there is a historical-political set of problems. For centuries,
governments and churches regarded insurance as nothing but gambling, which I
think it actually is.  It took a long
time for potential insurers to convince their governments, and hence regulators,
to either change their minds or look the other way and thereby soon to see the
social and economic benefits of having a heavily regulated insurance industry
and “un-see” the idea that all sorts of gambling ruins cultures and countries.  

This unconscious collective concern in the
industry may be part of the reason that insurer’s are perhaps skittish about
moving forward in some areas of the cyber world.  After all, everyone who studies insurance
learns a little bit about its history, and that little bit will likely include
the “gambling problem” in the business of insurance. Business “memories”
regarding regulation can last a very long time.

  In any
case, the worries about governmental and institutional problems have made the
insurance industry at least somewhat attentive—even if this “watch” is not
visible on the surface and so is unconscious (to the extent that institutions
can be described as having something like mental states)–not only to what
insurance regulators do, but also the tendencies in and histories of
governmental actions, probabilities, tendencies, and what is these days called
“accountability,” as well as “unknown unknowns.”  In major part, insurance exists to deal with
precisely these.  They will be mentioned
again presently.

Even though insurers individually and
the industry as a whole have moved slowly “forever,” amazingly, in the last three or so
decades, the industry has thought hard and moved forward in what must be
regarded as a fair distance, especially when it is likened to an enormous
aircraft carrier.  The enormous need for the
shifting of risks—usually in part–has grown immensely in e-commerce, where
that term includes all dimensions of businesses involved and the industry has
struggled to keep up with this need. That fact is reflected in the diversity of
modifiable coverages, large variation in cost, a substantial (though not
universal) lack of uniformity and standardization in formulating coverages, even
though there is close to uniformity in the topical areas for which there will
be coverage. 

The insurance industry realizes where one of the next great sources of profit is to be found, and it now taking chances to get into and stay in the game.  The mail problem, as indicated herein, is inattentiveness in pricing, not to mention new coverages and new languages. This having been said, it is worth noting, in passing, that
what coverages there are in a given policy is principally determined by the
insuring agreements, the definitions, and the exclusions, though not usually
the conditions. In cyber policies, at this point in history, though definitions
in all insurance policies are of cardinal importance, the definitions in cyber
policies are of even more significance than those found in so-called real world
policies. This is especially true for the definitions which are not identical to
or pretty much the same as a definition in a real world policy. After all,
experienced members of the insurance “community” are already familiar with
those definitions policies.

At the same time, a way to slow down the radical innovative process,  it must be conceded
that the rapidity of the industries “infant”-to-“early adolescence” changes
have depended heavily on existing, reliable, and stable real world
policies.  After all, first party
coverage in the cyber world resembles that found in the material world;
liability insurance is the same way; and so are conditions.  One of the main differences is what is being
insured; and what is the nature of the injuries for which there may be coverage. 


So, we have a chaotic business world, ambiguous yet as to what kind of insurance it needs, how much insurance it should have, what it should pay for it.  Uncertainty as to pricing is acute. In addition to this apparently free market, there are conflicting economic currents, and at least as significant, there is hacking, little real evidence of how many will get hurt and for how much, and almost no established law about how to handle it where there are damages and liability.  Of course, this portal is where insurance comes into the fog, and it is in a fog itself.

Originally posted on 06/22/2014 @ 10:35 pm

Michael Sean Quinn, PhD, JD, CPCU, Etc

Michael Sean Quinn, PhD, JD, CPCU, Etc. (530)

One of Texas's leading insurance scholars, Michael Sean Quinn is a past chair of the Insurance Section of the State Bar of Texas and has a broad legal practice.

Hits: 0