Michael Sean Quinn
(More About Author At end)
red objects are red, no matter what differences there may be in shades.  All actual Xs involve the same concepts, pretty much, even if not
everyone uses them all in the same way. 
The same point is true about vocabulary. 
Some concepts and/or things are almost universal even though they aren’t
quite. This essay is about concepts, characteristics, and vocabulary at the
foundations of insurance and insurance law. It is an adaptation of a part of an
earlier essay.  

Of course, there may be some limitations on these assertions, but not many, and when there various ideas are missing from a proposed system, there has usually been a mistaken.  Then again, Ludwig Wittgenstein introduced the idea of “family resemblances” into discourses like this one–essays devoted to semantic analysis–and his ideas reign today, even if there were articulated early-ish in the last century. 
essay is not a systematic, scholarly, exhaustive, and/or pedantic essay of how these
terms are concepts are used in an array of case law.  All the concepts are used, and some of them are
formulated and applied utilizing the same vocabulary and the same system of ideas
as are used here.  When there is variation,
it makes almost no difference because the whole system of concept and characteristics
is uniform (or very nearly so) when there is no error.
I. Universal Concepts
The fundamental universal concepts to be found in all
insurance contracts are these:
Moral Hazard, and

These terms and the
concepts expressed by them are used everywhere in the insurance industry.  It is not the case, that they are all used,
in the same way, by everyone, or—in fact—always defined in the same way.   For example, sometimes “risk” is
sometimes-to-often used in place of “peril,” and “loss” can be used instead of
“injury.”  These diversities are
conceptually insignificant, though conflicting uses in conversation,
discussion, argument, and the like can be confusing. What is significant is the
concepts involved here, and they are quite distinct.

Since the concepts are universal, the terms may
correspondingly be very roughly defined as follows:

fortuity needs to be understood in
terms of an event or state of affairs, that is fortuitous and is one which is not planned, not deliberately
performed or brought about, and/or not intentional. Often it is reasonable to
think of a fortuitous event, as an accident,
when thought of from the point of view of the insured.  (It should be remembered that acts are types
of events; omissions need to be thought of as acts, and the effects or
consequences of the event, whether acts or not, may be other events or simply
states of affairs. Acts are not fortuitous; their consequences, however, may
well be.)

A peril is
a state of affairs that may injure an insured and cause it loss. The state of
affairs may be a complex one with many parts. The idea of a storm is like that.

 A risk is the probability that a peril
may cause, or participate in causing, an injury to an insured and thereby a

Causation is the rough idea pertaining to one empirical
event—or a grouped together set of empirical events–inducing another
subsequent event, substantially more probably than not.  This idea can be more easily grasped at an
intuitive, commonsense level if one thinks about A causes B if A makes B happen[2]
(or brings it about that B happens), or is a necessary part of a group of
events which do that, or is part of a chain of events that makes B happen.  More than the last state of affairs in a
chain can be a cause.

An injury
is a state of affairs that is recognizably unacceptable to the insured.  It can easily be, and often is referred to as
harm.  Some of those in the insurance industry
associate injuries with the human body, damages with property of some sort
(often tangible), and harm with property and more abstract insurable entities
or processes, though the term “damages” is the use in that area as well.  I suggest that injuries hurt; they are setbacks; they damage a person; they make
valued things less valuable and less valued than they were, for example, less
functional, uglier, and more objectionable for some reason.  Surveying the insurance industry, the three
terms—“injury,” “damage,” and “harm”—get used in all sectors of the insurable
as meaning the same thing, which they do, except that “harm” may have a broader
sweep.  (If I were choosing a universal
system of insurance vocabulary, I would make “harm” the key general term, use
injury for human bodies, and damage to everything else.

A loss is
how much dealing with an injury is going to cost or how much that of value must
be “kissed goodbye” as a result of the injury. 
Usually this is measured by (or actually is) money. (There can be some
confusion here, since what I am calling “loss”; and I when necessary called
“damages.” After all, that is what plaintiffs see as their loss, their
“damages.” “What were your client’s damages?” Ans. “We said 1M.” Qu. “Did you
get them.” Ans. “We got more for it than its actual losses.” And so forth.)

Finally, there are the problems of moral hazards.  This is a complex concept with a number of
meanings run together, some of them over time and some of them all at once.[3][i]  Thus, the concept of moral hazards is both vague and ambiguous.  (Of course, some think that all vague terms
are ambiguous.)

(1) One of the usages is (or, was) that not all
applicants for insurance should be insured since they are of poor character,
immoral individuals.  Such people are
unreliable and financially dangerous.  It
is not good for society that such people are “awarded” with the safety to be
found in insurance.  This was a
traditional conception.

(2) That traditional concept went with another, and it
went like this: since society regarded insurance as a species of gambling, or
something close to it, and since gambling was regarded as filled with persons
of poor character, no such person should ever be provided insurance. After all,
the business of insurance should be kept far away from gambling in
society.  The insurance industry needed
to adopt this view, assuming its members didn’t believe it themselves if they
wanted to become a legal business.

(3) Another ancient view is that the term “moral” in
traditional theology, political theorizing, moral philosophizing, historically
speaking; popular ethical thinking, and long ago in ordinary conversation
referred simply to the realm of human
.  David Hume, the famous
empiricist philosopher of the Eighteenth Century, used the phrase “moral
science” one of his famous works;[4]
for him it meant a kind of what is today called sociology.  Economists to this day call what they do
“moral science.” Thus, the phrase “moral sciences” might refer to
considerations of immoral conduct, or it might not.  Thus, the moral hazard would be any  problems which arose out of the realm of
human actions, activities, and interactions.

(4) The contemporary and prevailing view—in fact, now
the only prevailing view, the explicit recognition and use of which has a
history going back two centuries, or so–is that owning insurance has a
tendency to encourage  a deceptive
increase in sloppiness and temptation for many insureds with respect to
whatever is insured.  This can easily be
regarded as immoral, and so there is a “moral hazard.” What is being described
here is not necessarily a temptation with respect to which a decision much be
made; instead, it is quite often a kind of slippage of commitment.

Fortunately, given the timing of the genesis of the
cyber world, only “Moral Hazard # (4)” is applicable here. “What the hell,
we’ve got insurance, so let’s not worry about expensive network security
II. Universal Characteristics

What then are essential characteristics of all types
of insurance. The nature of insurance is revealed at least in what are commonly
called insurance policies. All insurance policies are now and always have been
As with any other bona fide contract, one or both parties to it have tried to
set forth relatively clearly the applicable terms of the contract either
explicitly or by the use of entailments. Like all other contracts the vast
majority of the duties and rights of the relationship formed by the contract
are to be “found” in the contract document, though this is occasionally subject
to disputes.[ii]   There are at least ten of them.  At least they are to be found at the
foundation of conceiving insurance.  They
are very simple and can be listed this way:
All contracts of
insurance explicitly involve the transfer of risks, though not using these
words (One party is receiving, usually buying, risks facing the other party.
This is the nature of indemnification. 
To one degree, or another, indemnifications are future looking.)
All insurance
contracts involve the transfer of the risk of dealing with having been beset by
one or more perils, i.e., being
beset by a particular peril that was named explicitly, something that still
often (more or less) happens today,[6]
though sometimes in the last couple of centuries, more general terms are
used.  (Indeed, “today,” unlike
“yesteryear” an insurance policy can transfer a risk of an insured to  the insurer having to deal with that
insured’s having been struck by one or more perils to be found in an abstract
category set forth in the contract, where only the abstraction is set forth in
the contract.[7])

All insurance
contracts involve the transfer of the risk of dealing with direct and
immediate, immediately connected causes
or with causal chains, the nature of
which are sometimes specified explicitly.[8]
All contracts of
insurance are restricted to a determinable set of insureds, sometimes an
explicit list; sometimes they are specified by name, and sometimes they are
specified by category. There is always an attempt and complete
specification.  Usually this has been
done, but sometimes not.
All contracts of
insurance are for specified, understood, or nearly understood types of injuries.[9][iii]  Contracts of insurance do not insure against
all possible injuries. Not every injury, however results in a loss; in fact,
sometimes an injury can result in high benefits or profits.

All contracts of
insurance exist to transfer risks of losses,
and losses are tied to asset or money damages.
All contracts of
insurance are based upon the idea of fortuity.  The purpose of insurance is not for paying
people who deliberately perform acts that are intended to obtain compensation
under the contract of insurance. Often these kinds of acts violate terms of the
relevant insurance policy.
All contracts of
insurance are designed to transfer risks only from persons who have a prudent
or prudence-inducing[10]
relationship with that which is insured.[11]
This might be described as an insured’s valuing positively that which is
At the same time,
all contracts of insurance entail the existence of moral hazards. Some ways of them are usually parts of the
insurance contracts,[12] the applications for and of them, plus some
of the conditions connected to the contract. They are there, as indicated to
try to eliminate, minimize, mitigate, or control at least some of the insureds’
susceptibility to moral hazard problems. The existence and power of moral
hazards results from the nature of man in general. We are creatures of
self-interest and temptation. Getting contracts of insurance to be clear about
this point in general, i.e., in standardized and hence generalized policies, is
anything but easy.[13]

            10. Proposition #10, the Moral Hazard Problem(s), as
already indicated, arises because when a person is characterized, at least in
part, by the pursuit of self-interest, having insurance, or a relevant paid-for
source of or right to money, at least tends to diminish the wish and the will
of that person to make sure that it has no loss. It makes no difference,
whether a person is a human person or a corporate type person owned and/or run
by human persons.
 Given this
characterization of moral hazards, there is moral hazard resting upon the
shoulders of the insurer as well as those of all insureds. Insurers have
received premiums in advance of having to pay any claim.  Having already received money from its
insureds and having put the receipt of it onto its books, an insurer is tempted
(has a tendency) to keep the money to spend as little as possible paying
Since insurers, or their hirelings, with few very
narrow exceptions, are the only, or the only final, drafting entities doing the
central features of all modern real-world insurance policies, the fact of the
moral hazards inherent in the insurers is not explicitly acknowledged.  Nor are clear rules of prevention, restraint,
or other considerations deterring insurers from succumbing to that hazard—that
peril–acknowledged, even impliedly, it insurance policies.  One wonders the situation would be different
was drafting by “bi-party commissions” invented by both of the what I have
called “families” in the insurance industry. 
(Nor are the moral hazards insureds face because they are afflictions of
insurers generally acknowledged outside the policies either.  Indeed, ads for insurers virtually deny any
such thing or suggest that only other insurers are subject to them.)
is important, to keep in mind that every contract of insurance has all these
characteristics, and that is true whether the contract is designed for the
everyday—old, long established–world, for the cyber-world or both. It is also
important, to keep in mind that the idea of a loss is tied inextricably to the
so-called real world. This is true because the idea of a loss is glued to the
idea of money, and not just private currency[iv]
like Bitcoin, a type of “virtual currency,”[14][v]
since its value is determined by “coins of the realm.”
III. Nearer to Being Universals

Although there are fixed, timeless, universals at the
heart of insurance—indeed, at the heart of the very idea of insurance as we
know it—not all well known characteristics are like that.  This is true, at least in part because
insurance is an idea or set of ideas—that had an ancient start and then a long
sporadic history.

One example is that there are many, many types of
policies.  Cyber insurance is just the
latest in a long and now hugely diverse set. 
It all started with bottomry, commercial transport insurance—camels
crossing deserts may have come first but soon–including ocean marine insurance
and “burial”—and maybe a bit of life insurance–for Roman soldiers.[15][vi]

Not only are there different kinds of policies
insuring many different types of entities, actions and events, there are
different types of jobs that policies perform and the way they do it.  Thus, there is primary insurance, excess
insurance, levels of excess insurance, umbrella policies, which are both excess
and primary (as umbrella policies usually are) reinsurance policies for all of
those, and
reinsurance for reinsurance a/k/a and so forth. 
Moreover, there are different forms, e.g., so-called “cat bonds,” bonds
for various occupations, performance bonds, fidelity bonds, and there can be
many sorts of different mixtures. Imagine a package policy that is
primary with respect to one thing, excess to a
different policy, excess to another excess policy, and reinsurance as to

Cyber insurance is simply the latest new substantive
area, and it came into being toward the end of the most insurance-innovative
century, or century and a half, of all times. Having come into being toward the
end of the Twentieth Century, it has been multiplying in many different ways
faster and faster. 

At the same time, it must be remembered that all new
types of insurance policies are built on the terms, definitions, general
exclusions, and conditions of older policies, to one significant extent or another—though,
of course, never completely.  New types
of policies must create or use some new terms and new understandings of what is
covered, but there will be very strong continuity. A very good example of the
reuse of traditional terminology coupled together with brand new terms is found
in the history of aviation insurance. Property policies of the 21st
century are built on policies from the 20th century, which are in
turn built upon those of the 19th century, and those of the 19th
are linked to those of the 18th.[16]
Maritime and fire policies of early in the last century are easily recognizable
as connected to policies 100 years earlier. [17][vii]
This is probably true at least back to maritime policies of the Renaissance. [18][viii]

 As one might
expect, as the centuries have gone by, the policies have gotten longer and
longer, partly, because fire policies of yesterday insured the peril of fires
only and what are often called fire policies today insure perils other than
fire, as well as fire, but are developed from the original fire policies.  In addition, some of the key language found
in earlier policies, for example, “accident,” dropped out of many policies as a
defined term and therefore as a term of immediate and central focus.  But it was followed by  the word “occurrence,”; it  was more or less substituted for it, and it
was then defined, in substantial part, by the word “accident”—the very term
that has just dropped out.   The same
propositions are already true of cyber-insurance, whether it is for that realm
only or for both realms. Perhaps standardization of the policies will cut down
on this but one doubts it.

It is also worth noting, that all insurance involves
the attempted preparation by at least one party to price the product (or
service) in a rational or reasonable way. Insurers now lead the way on this,
assuming that the insureds actively participate at all. Of course, highly
regulated markets have something to do with this as well, but there are vast
efforts spend on in-advance preparation, and it spreads all over the
respectable parts of the industry.

 The reverse may
have been true early on, 25 (or so) centuries ago. At that point, insureds may
have done the original pricing, subject to negotiation, but that changed long,
long ago. As insurance policy pricing has become more and more rationalistic or
scientific or empirically based, and therefore economically and financially
sophisticated, insurers have relied more and more on statistics, for example,
actuarial methods and results. It became even more complicated the more perils
a single policy covered, in parts the value of the perils interact in some
cases. Insureds and many other participants in the various parts of the
insurance industry do not understand how these processes work either, including
many who call themselves “risk managers.” 

(Risk managers may not be particularly involved in
underwriting. They may be engineers, security specialists, or project
managers.  Even if they have some
actuarial knowledge, it must be remembered that some of them are in-house at
insurers; some are in-house with insureds—where they might manage risk in
various ways, e.g., insurance purchasing, collecting injury data, providing
internal advice, and education; some are employees of insurance brokerage
houses; and yet others have their own businesses.)

Naturally, it is more difficult for insureds to have a
good command of all these pricing techniques, nor is it easy for them to find
out. Insurers have an incentive for their pricing methods not to reach at least
many insureds.

These methods are not easy to use in cyber insurance
just yet because the relevant and relatively reliable data is still scarce.[19]  In addition, new techniques are being placed
in the underwriting tool boxes, this being especially true now that a great
deal of the economics of  insuring is now
regarded as something to be found in the toolbox of international finance.[20][ix]

Another Universal: Policy Typology

            All contracts of insurance can be
divided into exactly three categories. 
The first type can transfer to an insurer from an insured virtually any
type of risk that can be somehow specified in (or somehow brought into) a
contract of insurance, save one.  

             The category that is the exception is one in
which the insured itself is the peril, where certain conduct of the insured is
the peril against which there is insurance, that is, where the peril to the
insured is its own liability to someone or some entity it has injured or is
said to have injured.  Another way to put
it, is that there is a distinct type of insurance that transfers the insured’s
risk resulting from it (or an entity for which it is liable) having caused
specified injuries to another.

third type is an insurance contract is one that contains both the types of risk
transfers found in the other two. Of course there are other ways to
“typologize” insurance policies. For example, there is insurance for tangible
physical objects, and there is insurance for rights to performances.  There is insurance for autos; there is
insurance for airplanes; and there is insurance for sea ships. That is not the
point here, however.
            The former type of the insurance
contract is called a “First Party [Insurance] Policy” (“1PPs”), while the
second is called a “Third Party Policy” (“3PPs”) and the third type is one type
of that is called a “package policy,” or something of the sort. 1PPs are often
called “property policies,” while 3PPs are usually called “liability policies,”
though they often 3PPs contain a 1PP component, namely, the carrier’s duty to
defend its insured, if sued or compelled to arbitrate.[21]

The presence of 1PP coverage inserted into a 3PP
policy is extremely important to remember when we consider the cyber-policy—the
Travelers CyberRisk Policy to be
discussed later in Part II.  There is an
issue that will be seen to arise in a policy with both 1PP and 3PP parts, where
one of the parts is entitled “Third Party Insuring Agreements” while the other
is entitled “First Party Insuring Agreement” but where one of the latter
agreements (a 3PP) is—or appears to be–quite surprisingly incorporated, mixed,
or blended,  at least in part, into one
of the former type (1PP) agreements, or vice versa, where a 1PP is incorporated
into a 3PP, somehow.  From the point of
view of an insurance policy geek with proclivities toward cyber policies, this
is an astounding and fascinating development.)

In addition, there can be both cyber-policies and
real-world policies in the same joined together and be a sort of integrated
packet of documents that is, the same “package policy.”  (It is a good idea to remember that a package
policy can be “togethered,” if that can be a word, if that is a word, as one
might say, to various degrees.  These can
be real headaches when it comes to policy interpretation for lawyers and
adjusters. The problems can be multiplied if both 1PPs and 3PPs of both worlds
are packaged together.)

In any case, there are at least, four ways to join
different types of policies together. (i) Different policies are simply
clipped/stabled together. (ii)  Policies
can be shuffled together with substantive portions of two or more policies
overlapping with more or less true fit. 
Of course, when creating package policies from the two worlds this can
be difficult. One way to help is by stating which explicitly which exclusions
apply to which insuring agreements. 
(iii) The two or more policies can be genuinely integrated. And (iv)
Packaging can be done by using endorsements.

At the same time having “integrated” policies—one
policy with consecutively numbered pages, a Table of Contents that’s clear and
briefly descriptive, as few endorsements 
as possible, and no jumping around required—makes life easier for
handlers, whether from the insurer, the agent-broker, or the risk manager from
the insured. A policy can simply be this way right from the start without any
shuffling or endorsements. A totally integrated policy also makes it easier for
a coverage attorney to do the coverage analysis and the explanatory letter and
lay it all out clearly.  Too many different
parts, section, and paragraph numbers make reporting by lawyers harder to
follow, but it may be necessary to foster needed precisions. Lawyer prose is
often inescapably opaque.

The nature of risk and dealing with it in the 20th Century is discussed
in an interesting manner in Arwen P. Mohun, RISK: NEGOTIATING SAFETY IN
AMERICAN SOCIETY (2013). A large number of more general discussions are
referenced in her endnotes for the introductory chapter and in the discussion
of insurance in the next chapter.
From a philosophical point of view, the idea of to make happen may itself be
obscure.  But we don’t practice insurance
law at a philosophical level.
See Tom Baker, On the Genealogy of Moral
75 Tex. L. Rev. 237 (1996). 
Professor Baker studies the history of this idea, and discusses all of
the phases, except for #(3). Here are two forms of moral hazard–one old, one new.  For several centuries observers have been concerned about there being life insurance where the policyholder was someone other than the insured or someone close to (usually a) him. It was though that this might create the moral hazard of murder. Obviously this is correct.  More recently there is the case of “crop prevented coverage.” This is a type of crop insurance where what’s covered is the farmer’s inability to plant a specified crop because of conditions existing at relevant times.  That might be flooding, or it might be drought. The moral hazard s that the farmer will be tempted to seek coverage for a type of crop that the farmer knows will likely be “unplantable.” This has become a political controversy because of fact that some corp insurance is subsidized by the federal government.  
[4] David
[5] Quite
frequently, I will refer to both parties to contracts of insurance as entities.
Thus, I am treating real persons—people—as entities, which they actually are.

Here are some actual examples of “named perils”: fire, flood, hail, collision,
terrorist attack, hackery, embezzlement by an employee, trademark infringement,
breach of security, lock out of network system, and extortion as to lock out.
Here is an example of an unnamed, general peril: an accident, a disease, health
of an animal, business interruption, computer malfunction, default on a note,
specified defects in a bond, and so forth.
[7] As
a matter of semantics and logic, of course, all risks listed have some level of
generality.  This is true even if the
risk is “hail stones no larger than a dime width sphere blown into a tin roof
from the west.” Semantically speaking this risk still have elements of
generality built into it. Of course, taking recognition of this fact makes the
idea of ambiguity much broader than it is usually perceived, and that have
potentially profound implications for insurance in the cyber world, since much
of the terminality invented for it is relatively new and therefore not fixed in
is an example of different types of causation: insurance for direct causation,
but none for indirect.
Sometimes the term “injury” is used explicitly, e.g., with respect to the human
body (“bodily injury”). Sometimes the term “damage” is used instead of “injury”
to mean the same thing (“property damage”). That useless distinction can be
confusing and the concept of “damages” goes well with the concept of “loss.” (If
asked “What were you damages?,” most people would know the question was “How
From what point in time the prudence is
measured, for how long it’s measured, and how much there need be, varies.
Where tangible property has been involved ownership, something related to
ownership (like a mortgage), or something like ownership, are used as one of
the ways to limit who may be an insured. The same more or less holds for
intangible property.  For example, in
trade credit insurance and its near relationships a right is covered, in
particular, the right to be paid. The same propositions are true in the cyber
Often some of these pieces of the design are built into or around the
application for insurance.  For example,
an insurer might require that the insured have and know how to use fire
extinguishers. Some of these may be for real world policies (for example,
having tires checked); others may be for cyber-world policies (having using
encryption codes of some sort or a specified sort; and yet other may pertain to
both worlds (like fire extinguishers).
Ed. 2007), a mildly interesting book that actually portrays nothing an average
lawyer would not know about how to draft an insurance policy correctly.  The point to the citation being that there is
little helpful literature about how to actually to draft; this is now and
perhaps always has been and esoteric art. 
The phrase or term “virtual currency” is just another name for “private
currency” devised for the “virtual world.” One wonders whether this use of
“virtually” is like usage of “worlds” and “spaces” in talking about the
so-called “real-world” and the so-called “cyber-world.”  Historically, the latter lead to the former,
bit semantically, they are distinct.  The
world “virtually” usually means “very much alike,” “can perform the same
function though different in nature,” “almost alike,” or “near substitute.” The
term “world” has not such meaning except, maybe referring to video games. The
terminology around “virtual currency” is just another phraseology for a kind of
currency devised for the one world that there is.  There is a nice example of fog and confusion
arising out of the idea of there being plural worlds.
[15] [15]
CONRRACT OF BOTTOMRY (1926) though written a while before that. (Actually,
bottomry is an obvious case of what is actually insurance, and why people have
resisted recognizing this is beyond me.)
See H.A.L. & Edwin Green, THE BRITISH INSURANCE BUSINESS 1547-1970 (1976),
(Second Edition1964), and Robin Pearson, INSURING THE INSUSTRIAL
REVOLUTION: FIRE INSURANCE IN GREAT BRITAIN, 1700-1850), and a few others for
(1800-1805[hard to tell). Most of the sections and pages by far are about
maritime insurance. The others are an Introduction, Life Insurance, and Fire Insurance.
The U.S. version was apparently published in 1805, though the British version
was used in the U.S. before that.  The
currently available volume is a “hugely” thick one volume paperback. It is not
recommendation that you drop it on your foot or on the head of your baby or
grand-baby in residence or elsewhere.
[18] Giuseppe
(1958) Chapters  V entitled “The Insurance Contract” pp.
57-65, including picture  (It is
distressing to observe that there was a brisk trade in slave insurance. It is
encouraging to note that there were strict laws against at least some forms of
trading in them.  Unfortunately, the
business was too lucrative (literally in ducats) to resist. See pp. 52-54.
See Michael Sean Quinn,  “Underwriting and Cyber Insurance Coming of
,” Quinn’s
Commentaries on Insurance Law
(June 24, 2014)[a Blog].
Eric Briys & Francois de Varenne, INSURANCE FROM UNDERWRITING TO

For reasons of saving space, I will use 1PP to
refer to a first party insuring agreement where there are other insuring
agreements, and 3PP to refer to a liability insuring agreement where there are
other insuring agreements in the policy. 
This is done, of all things, in the interest of minimizing abbreviations
and hence clarity.

The Law Firm of Michael Sean Quinn 
Quinn and Quinn
                                 1300 West Lynn Street, Suite 208
Texas 78703
344-9466 – Fax
                                E-mail:  mquinn@msquinnlaw.com