In May we saw remarkable and disturbing events that many will wish to forget. Firstly the cyber-attack using ransomware that crippled the operation of many hospital trusts causing many patients to suffer. Then, the horrific events in Manchester where many innocent children were tragically killed and injured. Naturally our thoughts remain with all those and their families that were affected.
May also saw some remarkable moments of bravery and a demonstration of how resilient the British public can be in the face of such adversity. On refection however, May also saw the introduction of a seemingly meaningless piece of legislation that encompasses the British resolve to do the right thing with the Enterprise Act coming into force.
For me, this is yet another example of how most of us hate legislation but value the order it brings to society. Terrorist events are intended to disrupt this and to this extent the Manchester event failed. A terrorist event by definition is intended to influence or over throw a government. That is not going to happen and if anything it has brought the British public together as was demonstrated in the moving tributes by the residents of Manchester. Yes the insurance industry can offer financial protection and in the event of terrorism with government backing in the form of the Pool Reinsurance scheme. But again that is not the point. Insurance doesn’t bring lives back and all we can do after such an event is to learn lessons for the future as a legacy to those that suffered. For me personally I still travel in London but remain vigilant and hopefully safe. And if I remain to do so then they continue to fail!
The cyber event that caused so much disruption to the NHS offers some very simple lessons. Much has been reported, but how many people have taken any proactive action? Let me share thoughts that are easy to implement.
The ransomware attack known as the “WannaCry” attack was simply exploiting vulnerabilities on machines with out of date security updates. This attack was able to propagate through a computer network without even requiring a user to click on a suspicious email. Once past your defences it could not only encrypt the files on the computer it had infected, but also the files on the network that machine could write to. In addition it could propagate the network to other machines it could infect. All of this was however avoidable by keeping software up to date and patched.
If you have sophisticated security you will have a programme that monitors that every machine on your network is running the latest patches. Assuming you don’t then it would be prudent to check every machine on your network is installing the latest updates. This is a simple routine with windows and all you need to do is run windows update and check that no important updates are available and the date of the most recent check.
Much has been written about the importance of antivirus software but have you checked that is up to date? Naturally we all back up our data, but when was the last time you tested it. Proactive management should include a test reinstatement of your data and this is a much overlooked rehearsal I would personally recommend. It costs little to practice your procedures, yet when did you last do this?
Consider briefing your staff
This is something we do regularly as part of our team meetings. Talk about the potential threats and things to look out for. For example the emails that can slip past the security and be inadvertently clicked on that may have malicious intent.
Consider your security
Are your firewalls up to date? Have you considered the latest software to prevent cyber-attacks such as ransomware? Products now exist that can detect and prevent the encryption of disks and they aren’t even that expensive.
As a final resort there is insurance
Insurance may be able to mitigate some financial losses but doesn’t fix all the harm caused.
So the good news in May was this under looked legislation named the “Enterprise Act”. This applies to any policy renewed or incepted on or after the 4th May 2017 and adds to the “Insurance Act” to redress the balance between insurer and customer. The simple impact of this act is that it allows customers to claim compensation if an insurer unfairly delays settling a claim. Naturally there are stipulations around this about reasonableness but this replaces a historic legal position where a policyholder had no redress where an insurer delayed settlement of a claim.
Naturally with any new legislation insurers will be nervous and there will be pressure on both managing agents and insurance brokers not to cause any delays in claims settlements that could adversely affect the insurers position. The interesting challenge for me is in respect of freeholders or their managing agents delaying claims and the contractual impact that has on lessees.
There have been many examples of claims being resisted by freeholders and their managing agents and mainly these have been well intentioned. For example it is only appropriate to not lodge a claim that is under the excess or one that has no prospect of success as it is not an insured peril and possibly this is only common sense. However there are a number of other reasons why claims are resisted and these are more questionable. Simply resisting genuine claims to keep the claims experience down and help reduce future premiums is not acceptable. Neither is frustrating a claim because of service charge arrears.
As an example imagine a lessee has a genuine unresolved dispute and decided to formally withhold part of the service charge account, probably a breach of lease. Following a legitimate claim the freeholder decides to frustrate the reinstatement affecting that claim until the service charge account has been settled. Not only is this a separate breach of lease but now could incur an insurer costs in the form of damages under the enterprise act. Naturally insurers will take a very dim view on any freeholder who does so.
So as we move forward it is imperative that freeholders and managing agents ensure they handle claims promptly.
This month I hope you all stay safe and keep your data safe.
Paul Robertson is MD of Midway Insurance and 1st Sure Flats / www.1stsureflats.com Tel: 0345 370 2842.
