Management liability insurance is frequently referred to as “executive protection” coverage, which includes the ultimate in executive protection—kidnap and ransom coverage, as well as related coverages, such as extortion and workplace violence coverage.
Other forms of management liability insurance protect executives’ personal assets, but kidnap, ransom, and extortion (KRE) coverage can protect executives’ lives, as well as the lives of employees, family, and guests.
Who needs a KRE policy?
One of the more obvious scenarios in which we recognize a need for KRE coverage is when we’re placing insurance on a financial institution risk, as it is easy to comprehend the need to protect banking executives in the case of kidnap or extortion attempts. Any insured whose executives engage in international travel also has a very visible exposure. However, there are many other insureds who can benefit from these coverages.
The incidence of kidnapping of adults in the United States is far less than that occurring in more volatile territories, but there are still potentially thousands of abductions per year. (Abductions are not separately tracked from other causes of missing persons in the statistics, so pinpointing a number is not feasible.) Four factors that can contribute to an insured’s attractiveness to potential kidnappers are:
Proximity to the southern borderOpulent lifestyleAccess to large amounts of cashLack of visible security measures
If you contemplate those four attributes, you will probably be able to think of a handful or two of insureds that could benefit from KRE coverage, even if they do not tend to travel outside of the U.S.
If you have insureds that travel to volatile areas, whether for business or pleasure, the hazard is heightened. You can check the State Department website for up-to-date information about the risks in any given country to which your insured wishes to travel. The State Department’s link is travel.state.gov/content/passports/en/alertswarnings.html.
Before your insured leaves on any trips to hazardous areas, a KRE policy should be put in place, at least for that trip, if not on an annual basis.
What will a KRE policy do for your insured?
First and foremost, a KRE policy will reimburse the insured for monies paid to ransom a kidnapped person. This coverage is always provided on a reimbursement basis—never “pay on behalf.” However, if the insured cannot quickly acquire the needed monies, a bank will provide a loan based on the KRE policy.
In addition to the ransom itself, the policy pays for a multitude of other benefits. They vary by policy, but some of the most common include:
Costs for consultants to assist with negotiations and possible extractionRepatriation expensesMedical expensesCost of transportation and lodging for the family to be near a suitable location related to the kidnapping situationDisability/dismemberment coverage for loss of limb or sightSalary of the kidnapped person (so their family is not disadvantaged, and the insured entity is not expending monies for an employee who is not working)Salary of replacement personnel (so the insured entity can hire an interim executive while the original one is indisposed)
Some kidnapping scenarios have gone on for multiple years, so you can see how these additional coverages could be incredibly valuable.
In addition to the iconic kidnap for ransom scenario, there are a few variations on the theme, and policies cover these variations differently. Some of the common types of non-traditional kidnapping are:
Express kidnapping—An insured is abducted, taken to multiple ATMs and forced to withdraw funds until the account limits are reached or all monies have been drained from the accounts. Whereupon, the victim is generally deposited somewhere, relatively unharmed, although often mugged. This can be accomplished in a number of hours and sometimes over the course of a few days.
Detention—A governmental agency detains an insured for unknown or invalid reasons, refusing to allow the insured to return home.
Virtual kidnapping—The perpetrator obtains the ostensible victim’s phone, or makes sure the victim cannot access his or her phone, and then calls the victim’s family, pretending to be holding the victim hostage. The perpetrator seeks a small, quick ransom, keeping the family member on the phone the whole time, preventing the family member from reaching the victim to confirm their safety, or lack thereof. The victim in these cases generally does not know anything is going on. He or she may be at a movie, out with friends, or may have been told to evacuate the premises of a hotel, and while the victim is otherwise occupied, the perpetrator attempts to get funds from the family. This kind of kidnapping seems to most often target college students and their families, although any traveling person can be vulnerable.
KRE policies also cover extortion. The difference between extortion and ransom is relatively straightforward. In laymen’s terms, ransom is money paid to return what has been taken. Extortion funds are paid to keep that taking, or other threatened event, from happening. Both are covered under a typical KRE policy.
Extortion coverage can include threats against persons, property, buildings, data, computer systems, or intellectual property. Extortion attempts against an insured’s computer systems, or threats to release data, could be covered under a KRE policy (as long as it includes computer extortion) or under a cyber policy.
Please note, however, that the same cannot be said of a ransomware attack. Most KRE policies restrict the ransom coverage to abducted persons—not seized systems or data. Even if this were not the case, coverage most likely would not pertain in a ransomware attack because a KRE policy will usually require that the cause of loss be a “targeted attack” against the insured.
Ransomware attacks generally emanate from malware that is broadly and randomly distributed, and the perpetrators have no idea which of thousands of potential victims will actually click on a malicious link and download the necessary malware. Accordingly, ransomware is generally not a targeted attack, and one would be prudent not to rely upon a KRE policy for coverage, unless this scenario is discussed and coverage agreed to with underwriters.
A relatively new addition to KRE policies, workplace violence coverage provides response services should an insured entity incur an incident of workplace violence. Unfortunately, no policies appear to provide services to prevent such incidents from occurring in the first place. Rather, they focus on counseling, post-event security, and business interruption coverages. So, if an insured has been threatened with workplace violence by a disgruntled employee, the policy will be of little help in ensuring that the employee does not act on his or her threats.
Many KRE policies will allocate a limit to the insured to be used for security and safety training and loss prevention. It’s possible that this coverage feature could be used to minimize the potential for violence to be manifested, but that will vary by policy.
The Bottom Line
As you can see, the world of KRE policies is wide and varied. The exposures run the gamut, while policies can have a lot of moving parts and cover just about anything. Identifying insureds that have KRE exposures is the first step to getting coverage in place where it is appropriate. The good news is that coverage, although critical when needed, is not overly expensive, and most insureds will be delighted at the value proposition once you have explained all the benefits of the coverage.
About the Author: Chris Christian, CIC, RPLU
Chris Christian is a member of The National Alliance National Faculty. She stumbled into insurance in 1985 as a temporary worker in a bank-owned agency and got hooked on the delightful mix of legal concepts, contracts, sales, and services that comprise the industry. She has specialized in professional liability since 1991, working on the carrier and wholesaler sides. In addition to her daily practice of the art and science of wholesale brokering, Chris is a frequent contributor to industry publications, speaker at events and educational seminars, and the author of Cyber Insurance Basics, available on Amazon.