A HISTORICAL APPROACH TO POLICY MODULARITY
Resilience has developed a new process for modular policy production that solves many of the common problems associated with cyber insurance and creates new opportunities for broker partners to demonstrate their value and expertise to clients in a more meaningful way. This new modular production process allows our underwriters to tailor the policy content to meet the individual needs of every insured without the need for traditional endorsements, while also enabling international content variation without the need for separate product versions.
The process for our underwriters to produce a completely custom modular policy tailored to the specific needs of each insured consists of three separate layers:
- The smart assembly of policy content;
- The application of in-line amendments; and
- The population of dynamic fields.
The smart assembly of policy content:
There has been a longstanding “all or nothing” approach to policy content in cyber insurance that has unnecessarily limited the options available to insureds in the market. Not every coverage is relevant to every insured, and not every provision is relevant to every coverage. The policy form itself should be able to expand and retract to fit all shapes and sizes of insureds. One of the major goals in developing our modular production process was the ability for our underwriters to mix and match coverages based on the insured’s needs, with the production process only pulling the content relevant to the purchased coverages into the policy form.
The first step in developing this initial layer of policy modularity required a thorough relevancy analysis of every word of the entire policy form. It wasn’t as easy as “this provision is relevant to coverage X” or “this provision isn’t relevant to coverage Y” because varying degrees of relevance often exist within a single provision. Certain definitions can refer to various coverages; certain exclusions provide carvebacks for various coverages; the notice provision itself has a range of requirements for various coverages. It wasn’t enough for us to go provision by provision. We needed to go line by line, word by word to succeed. Our relevancy analysis, while complex, allowed us to better define lines around the policy content in a way that established clean breaks in the event such a break was necessary. It also allowed us to disaggregate the policy content so that the resulting flexibility opened the door for layer two of the modular policy production process: the application of in-line amendments.
The application of in-line amendments:
At some point, the flawed “all or nothing” approach to policy content began to be supplemented by amendatory endorsements. The insurance market’s “fix” for the one-size form not fitting every insured was to provide traditional endorsements that amended the content while existing outside the four corners of the policy. As the complexity of cyber risk and the volume of endorsements grew, the policies issued to insureds became very complicated and confusing. Antiquated systems of roman numeral references and a wide range of necessary amendments gave rise to massive catalogues of endorsements available at every cyber insurance carrier worth mentioning. To this day, at each of those carriers, the product is only as good as the suite of endorsements available. The old static policy forms have become significantly less important, now overshadowed by all the contemporary wording only available by endorsement.
In addition to contemporary wording, the need for customized wording added to the weight of these endorsement catalogues. Every insured is different. They each have different organizational structures, belong to different industries, and conduct business utilizing different computer systems. The relentless need to amend the policy content to better reflect every insured’s unique structure and business operations created entire sub-suites of endorsements.
The flexibility we achieved following the conclusion of our relevancy analysis allowed us to throw the traditional endorsement system away, and instead introduce contemporary wording and policy customization through “in-line” amendments that actually change the original policy content. Following our relevancy analysis, the lines defined around the policy content allowed us to map all our amended content to original content with no need for additional documentation, keeping policy bulk and complexity at a minimum. While mapping our amended content options to the original policy content, we came across another opportunity for enhanced policy flexibility, thus giving rise to our third layer of modular policy production: the population of dynamic fields.
The population of dynamic fields:
At some point in developing their massive endorsement catalogues, cyber insurance carriers began to utilize dynamic fields. This reduced endorsement count by eliminating repeat wordings through the population of dynamic fields immediately prior to policy issuance. My go-to example for this scenario surrounds the definition of “control group.” Most carriers’ definition of a control group lives within their policy form, defining each of the high-ranking officers at the organization, who usually have a higher burden concerning knowledge and notice requirements. The officers that comprise the control group can vary so drastically between each insured, that at some point, it made more sense to replace the one hundred endorsements—that redefined the control group in one hundred different ways—with one single endorsement that redefined the control group, utilizing a single dynamic field populated by the underwriter immediately prior to issuance.
Although dynamic fields have spread throughout the catalogues available at each carrier, reducing the number of endorsements that need to be maintained, the endorsements themselves still live outside the four corners of the policy form. The carriers benefited from the introduction of dynamic fields within traditional endorsements, but this benefit has not been extended to the insured. The insured is still forced to navigate a complicated policy issued with a high volume of endorsements.
Our application of in-line amendments through layer two has allowed us to embed dynamic fields into the policy form, benefitting all parties involved. Through our use of embedded dynamic fields, we at Resilience have achieved greater efficiency concerning the pool of in-line amendments we need to maintain; and the insureds benefit through an enhanced degree of customization available to them, without the need for any additional policy bulk or complication.
There is logic behind the layers:
The flawed approaches and processes that I’ve referenced here directly reflect the limited technology that was—and continues to be—available at most insurance carriers. Legacy policy administration systems were not designed to handle the degree of policy manipulation necessary in volatile insurance markets such as cyber. These legacy systems are also difficult to integrate with newer technologies that could allow for enhanced policy customization without critically interrupting business operations.
After having suffered through years dealing with technological inadequacy at these other carriers, the team at Resilience came together with plans to do it differently. It was and continues to be our goal to improve upon the process of policy production.
Technology has come a long way. It’s only logical for the insurance industry to leverage this technology to establish a more effective and efficient policy production process that benefits all parties involved.
About the Author
Sam Lisi is the Insurance Product Director at Resilience. Before joining Resilience in 2019, Lisi served in roles at Beazley and Travelers. Lisi holds a JD and an LLM in Intellectual Property and Information Governance from the University of Connecticut and a BA in English from Eastern Connecticut State University.