…continued form part 2.
Troy von Kutzleben: I think what this does is it stresses the fact that companies have to have an effective risk management protocol in place. The companies need to have some sort of redundancy built into their system so they do not have all of their traffic on MCI alone.
Phil Zinkewicz: You are dealing with very small companies. I guess it is possible, but is it really feasible?
Mark Hutchins: Absolutely, absolutely. There are resources out there that can do that instantaneously. I agree wholeheartedly. This is not a new issue. There have been people cutting phone lines and power lines and all that. If you are dependent upon a source of supply, whether it is paper or a phone signal or electricity or whatever, that should be part of your day-to-day risk management process. If that fails, what are your contingency plans? So the cyberspace business, e-commerce, internet, web, all of that is dependent upon electronic communication. Because of that, there ought to be a contingency for obtaining another source immediately if your business is time critical.
Troy von Kutzleben: You correctly said it is possible and correctly questioned whether it is feasible. It is certainly an option out there. It is likely to cost that company more money to build redundancy into its system. However, that is just good business practice.
Mark Hutchins: If you don't, you take the chance.
Phil Zinkewicz: To sum up, I'm throwing it out to you folks now. What is the most important issue relating to CyberRisk?
Troy von Kutzleben: I think we have come to some sort of agreement as to what it is. From my perspective, I would say the issue that insurers, reinsurers, everybody that is related to insuring this stuff is going to be involved with is the valuation issue and that is something we are really going to have to tackle as an industry. Because if we can't value what is at stake, we can't come up with a price for it, even if you provide coverage for it. I would say that we don't want to find ourselves in the position that the HPR industry found itself several years ago, which was undervaluing property.
Alan Brown: I would certainly echo the point of the importance of valuation, but also I would quickly add to that, because I am thinking about it in offering a product to a customer. Valuation will remain a challenge, but also other terms and conditions in that policy to make sure that they properly describe the kinds of exposures that we know people operating in CyberRisk already have, plus cyberspace already have, plus the ones that are likely to arise that are not properly described currently. To me, that is the evolving part of it and we have more work to do. I say, literally, we do this all the time and we are trying to figure out better ways of doing some things that we see coming up over the horizon. Certainly valuation is an important part of an insurance contract, but I would say it has to be coupled with wording that has to be made which covers the contingencies that we know our customers will have.
Robin Williams: Adding to what Alan said, from a reinsurance perspective, when we support this, we want to make sure of the program as a whole, that the coverage is described, the pricing is appropriate, the risk management is going to make a difference. We are going to be looking for an analytical train of thought that goes from start to end. Not trying to do too much, a lot of caretaking is required to really identify as many exposures as we can. That is what we are going to be looking for. I think if that is there, it is worth a try.
Mark Hutchins: I echo everything that was just said. One more step is to make sure, as much as we possibly can, with our distribution channels and our industry's distribution channels, that the insurance buyers for CyberRisk, whether it is first-party or third-party, recognize we cannot foresee all of the potential perils that may arise from cyberspace activities and, therefore, cannot necessarily create a contract that will specifically address all foreseeable and unforeseeable perils and perhaps not necessarily be able to finitely define the amount of risk because we are trying to provide a coverage for a future event and not knowing exactly what the future looks like and with no history or limited history upon which to base the structure of our policies and the cost of our policies, there may be an instance where a business person has to recognize that there is some inherent risk to doing business that may not be insured and that by entering into that business, they may be assuming some of that risk. We are trying to work with our distribution partners to help educate the buyers as much as we are asking them to help us be educated in their business.
Eugene Anderson: I see all of this as increasing the flow of information and I think that that is desirable from a multitude of standpoints, social, political, insurance. I think you are going to make a lot more available, you are going to make it easier to get and I see it as a rebirth of the information age.
Phil Zinkewicz: Thank you all for coming and thank you for sharing your expertise.