Hacker News new | comments | ask | show | jobs | submit login
Insurance Company Says NotPetya Is an “Act of War”, Refuses to Pay (senseient.com)
295 points by marklyon 15 days ago | hide | past | web | favorite | 251 comments



This is why I try to avoid insurance policies wherever possible.

It’s still hard to argue with people questioning why I don’t buy insurance for my $25k or so of household contents in a relatively secure building.

I don’t care how cheap the policy is, I’m assuming they’re charging more than they payout on average, and I lock my doors consistently.


I... Don't get this mentality. Yes replacing 25k worth of contents isn't that big a deal (although it would suck), but in a fire there are other costs that dwarf your contents. Think about how much your building/unit is worth. If the fire started in your place, you could be responsible for all these damages (and especially your neighbour's). Can you afford to repay a whole new building for you and your neighbours + their contents? How about living out of a hotel for a few months while the place is being repaired (which repairs you'll have to cover too) and potentially paying your neighbours' bills for that as well? How does that compare to a 1000$ deductible and a 300$/year premium? To me it's a no brainer. If you really want a low premium, get a 2 or 5k deductible, 5k contents, and shop around. You'll also get added protection like third party liability which is usually minimum 1 million $ and covers any damage you'd do to other's property. Of course no-one wakes up thinking they'll set their house on fire or flood the unit under them. And yet that happens every day. I don't know anyone who didn't have insurance and who got struck by a fire/flood/other damages say that they regret nothing and wouldn't buy insurance if they could go back in time.


> Yes replacing 25k worth of contents isn't that big a deal (although it would suck),

This would be absolutely devastating to most people in America (and the world). Being able to tank a $25k loss without any insurance help is a very privileged position.

I don't have a point of contention with your comment. I just wanted to make that observation, because I think it can be easy for many of us to forget it.


I doubt it’s accurate. Most people underestimate their contents, personal property and clearly in this case their liability risk. As much as people want to hate on insurance, it is in fact an enabler for economic stability.


I'm sure that most of that 25k wouldn't need to be replaced. Clothes, dishes, furniture would be the main items. And for me, 90 percent of my closest really needs to be purged.


In an apartment or house fire, you've lost _everything_. Picture your bathroom in your mind and think of everything you need to replace just in that one room.

Toiletries and soaps. Towels and washcloths. The shower caddy and the shower curtain. The plunger. The cleaners under the sink. The books on the back of the toilet.

Now do the same calculation in your kitchen, your bedroom, your family room. The couch, those chairs, a TV, your mattress and box spring and bedsheets and blankets, dishes and glassware and silverware, pots and pans, and so on. Even if you own cheap stuff, that all adds up very quickly into a loss most people can't readily absorb, even when you factor out the pile of stuff you don't wear any more and really ought to donate. I think we could inventory a lower/middle-income renter's belongings and spend $25K pretty easily.


And do it while suddenly homeless.


I'm not sure a house fire would be the best way to purge your closet, though. As funny as a sitcom with that plot would be, I'm sure there's a better way in reality.

If you feel overwhelmed by the prospect of purging, try doing it a piece at a time. Even make a game of it: when you get dressed in the morning, you also need to pick an item. That item goes into a box near your front door.

When the box is full, go donate it, burn it in the back yard, what-have-you.


That's a plot point that is used a lot, and it's not really a sitcom thing. More of a hero's journey get-him-Jack-Reacherized sort of event.

I had it happen once in a move: At 23, all my possessions got squeezed into 6 packages (5 of which were media mail), a bookbag, and a checked luggage. Everything else got thrown out or given away. I'd been living in a furnished room. At the new location, the only thing I needed to replace was a computer monitor.


Definitely, I was replying to parent who didn't seem to have a problem with a $25k loss.


I begrudgingly get insurance for certain things because I hear enough times how insurance will find a way to avoid paying for even those supposed protections. I hear that plenty times from homeowners where insurance refuses to cover anything they should have paid for due to improper evidence and it’d have been cheaper to save and invest the money spent instead of going through the adjusters while, say, waiting for a new roof. Then there’s the costs once you do eventually file and receive a legitimate claim for your liability (the primary upside of group insurance as a policyholder) and many insurers will refuse to carry you going forward. So it’s almost a one time benefit for many. On the flip side, insurance fraud exists but is definitely prosecutable while I don’t think I’ve ever heard of someone winning against an insurance company’s lawyers for being denied a claim unjustfully.


This is a serious topic, and it turns out that the relationship of insured-insurer is just really complicated.

Moral hazard and adverse selection are real issues insurance faces: that being covered makes the insured more reckless, and that people with higher risk self-select to sign up for insurance.

OTOH, insurance companies make more money the less claims they pay.


I think serious topics need to be discussed a lot more because the things that cost Americans the most day-to-day are housing, healthcare, and arguably insurance (when it doesn't work for them) - all of these things are "complicated" and it's as if we stop being able to talk about anything substantive anymore as a society. Forget the death of long form journalism, how about longer, serious discussions? Every other person I talk to about these things just doesn't seem to care and it's pretty much "X is hard, let's go shopping" left and right, including from people that are otherwise rather educated and smart. We seem to be too exhausted for whatever reason to learn enough to act rationally, which is rather important for a capitalist system like we have. This tendency goes all sorts of ways from political topics to nonsense like anti-vaxxers and so forth.


Nobody ever liked shopping for insurance. Nobody ever liked trying to find a job. Nobody ever liked "find a market niche" and "marketing their unique skillset." The Neoliberal fantasy is that all life choices are reducible to consumer decisions, and people love to pull out their spreadsheets and calculators and make those decisions in the most rational way possible, and it just isn't true. We want healthcare, we don't want to shop around for health insurance every single year, terrified that we will die (or be bankrupted) if we make the wrong decision. We want meaningful work, we don't want to negotiate terms on 85 different freelance contracts per year. We want government services, we don't want to stand in line at 87 different agencies and try to understand the difference between SNAP and CANF or the DMV vs the DPS vs the County vs the City. We want a home, we don't want to read the tea-leaves of what the Federal Reserve is doing with interest rates and what the Case-Shiller index says this quarter. We want a good education for our children, not a consumer choice amongst 3 different competing charter schools.

In general, we want to run our lives like people instead of like miniature conglomerates. Peoples' tendency not to want to live like automata is not the problem: the problem is the system they are trapped in which forces them to live as automata.


Sadly, even worker's compensation insurance that the state runs and that one is required to pay into by the state is the same way. I only wish I could stop paying the premiums to these crooks because I sure as fuck can't get treatment for the injuries I sustained on the job. If I have a few thousand dollars to get a lawyer and pay witnesses and get super lucky, maybe I could get treatment but I'd rather spend that money on actual healthcare than gambling on insurance. Some insurance is just a scam to steal money (Washington State worker's compensation) indeed. That's how America treats its workers steal from then and leave them on their own to deal with their pain. Insurance my motherfucking ass.


Not even mentioning the ridiculous costs (especially in the US) that come into play should the fire that started in your unit injure or kill anyone.


My buildings and contents insurance cost me about $280 a year, I happily pay that for the peace of mind of being covered if shit happens.


It’s great, if the insurance company actually pays when your circumstances merit compensation.


We have filed a few claims over the past 10 years, including:

Water damage due to a sudden burst of a pipe. Required expensive drying of walls, replacement of part of the drywall and replacement of the flooring. Dealing with insurance was extremely pleasant.

Burglary of house. Lost laptops, camera, time machine, diamond earrings. Similar experience. Surpringly, the rule was: if you want to be reimbursed in cash, you get the current value (which is close to zero for a 6 year laptop). But if you buy a new laptop, you get the original purchase price reimbursed. “Hello new MacBookPro!” Zero complaints about the insurance.


> time machine

Wow! How much was the replacement cost for that?


probably talking about https://en.wikipedia.org/wiki/AirPort_Time_Capsule, which works with time machine (the software)


Yes, that. :-)


Insurance paid for all of a new roof after my 14 year old roofing was struck by a hail storm. I’ve heard of others having problems with various aspects of insurance, though, and given the size of the insurance market, statistical patterns or data would be more useful to read than posts by one or two people on HN.


I tried finding data on insurance payout/refusal rate when I was considering switching to a cheaper but lesser known car insurance company. It doesn't seem to exist. So much for consumer choice.


Which company? I know State Farm isn’t good


Farmers.


Insurance companies, to my knowledge, almost always pay out for "normal" claims on standard policies, with some reasonable exceptions. That's why when they don't, it's news. You may not get all that you think you deserve, or you may get more (after the 2011 tornadoes, our insurance paid for a new roof, although only about a third was damaged by the falling tree).


Because fire isn't going to affect you, obviously. The "security" of your house is only part of what folks buy such insurance for.

Only the privileged can do such things and get away with it. You'd have to have enough money to have a nest egg large enough to replace the stuff you need and care about, money to replace documents and ID, money for a hotel and travel, and money leftover so that a second even in a short timeframe does not leave you horribly off.

Poor people go without insurance all the time, but that is more the lack of ability to pay the premiums.

And of course they are charging more than they are paying out - much like a retailer charges more for a product than it cost them to make. There are exceptions in both cases: A car accident can mean someone gets more benefits than they pay in and retailers take losses on some things - but it isn't the norm. The entire point, however, is that the risk is spread out so that most folks aren't hit with a life-destroying event when bad things happen. That's the real service you are paying a bit extra for. I find it weird that you'd judge teh company on making money.

You can judge by how well they pay out claims - how much time it takes, what percentage they pay, and so on. Or how much money they make in total - and this should probably be something over a few years to balance out natural disasters.


That nest egg is much better insurance overall though, as it protects in many more scenarios... job loss, bad boss, loss of residence rights... The basic rule of insurance is "never insure that which you would be able to pay out yourself".

There may be a few exceptions where you know that the risk/premium ratio is in your favour... I twice got my banks purchase protection "insurance" to replace bikes that a bike insurance wouldn't have even insured in that city. And that was with a free bank account.


Self insuring is a completely valid strategy. People do it all the time - that’s what a deductible is meant to allow for. Only makes sense to pay for insurance in a financial sense to cover losses you couldn’t comfortably afford to cover yourself or where you are required to by law.

Having said that, psychologically there is a behaviour changing effect of insurance even where it’s not financially needed which is also beneficial at least for me - eg you don’t worry about taking your expensive things on holiday, you don’t self ration medical treatment, etc. I value this and so am probably overinsured in a financial sense but I view it as money well spent.


> psychologically there is a behaviour changing effect of insurance even where it’s not financially needed which is also beneficial at least for me - eg you don’t worry about taking your expensive things on holiday, you don’t self ration medical treatment, etc.

This is called "moral hazard".


I think it would only be a moral hazard if someone behaved irresponsibly because they have insurance. An alternate situation would be someone who was excessively cautious without insurance but responsibly cautious with insurance. Or someone who behaved the same way but worried less due to having insurance.

Since people tend not to make rational decisions when they are worried, insurance could even lower their risk. For example, my understanding is that many auto insurance companies cover windshield repair very generously because it reduces the risk that a customer will get in an accident trying to chase down a truck that kicked up a stone and damaged their windshield.


...or drive with a broken windshield, risking a larger loss.


The deductible is also intended to take care of moral hazard. You still have some skin in the game. Insurance companies are wise to never shoulder all of the risk.


That would only fix it if the risk was being taken with no benefit. If the person has a $5000 deductible and could spend $300 to prevent a 5% chance at $50,000 in damage, now they won't, because their expected value of the loss has gone from -$2500 to -$250, which is now better for them than paying the prevention cost.

It also makes incentives weird, e.g. with a $5000 deductible you'd prefer a 5% chance at $50,000 in damage (expected value -$250) over a 10% chance at $5000 in damage (expected value -$500).


5% of $50,000 is $2500


Which is why the expected value of the loss without insurance is $2500.

You have a 5% chance of losing $50,000 and a 95% chance of losing nothing. If you have insurance with a $5000 deductible, that becomes a 5% chance of losing $5000 and and a 95% of losing nothing. Expected value is the sum over all events of (probability of event) times (cost of event). 5% times $5000 is $250, 95% times $0 is $0, total with insurance is $250 instead of $2500. So you risk $50,000 over $300 at 5% probability because $45,000 of the risk is on the insurance company.


Why is this downvoted, this is actually an important part of insurance.


Although that's true, that wasn't quite what I was tryingt to explain. At some point buying cover for very likely outcomes or reducing deductibles really starts to look more like a payment plan than insurance.

By doing this I know I am costing myself money, ie the additional cover costs more than I think I am ever likely to benefit from it. I know this upfront but it is still valuable to me because I can rationalise it as a fixed cost and then simply not have to think about a later spending decision, which means I do things which make me happier and/or healthier, even though I could do those same things for lower cost.

It's some combination of valuing certainty and being able to separate the spending from the activity.


Moral hazard requires a fiduciary duty to someone else.


The first sentence of the Wikipedia article says: “In economics, moral hazard occurs when someone increases their exposure to risk when insured ...”

Can you explain where the fiduciary duty comes in?


> "never insure that which you would be able to pay out yourself".

This is silly as a rule, IMHO. I could pay out for all new stuff if there was a fire, but it's a damn site cheaper to pay a few hundred a year for insurance.

The point of insurance isn't that they pay out an individual less than they take in, but the group in aggregate.


Unless you know something the insurance seller does not that makes you more likely to be paid out than others, then it is a waste of money to buy insurance for a loss that you can afford.

Assuming you have no extra information that gives you an edge over the insurance company, insurance is only beneficial for a loss which you cannot afford. Otherwise you’re basically paying someone else to invest your money when you can do it for 3 basis points at Vanguard/Fidelity/Schwab.

This is also why whole life insurance is a waste of money, ignoring any tax advantages which don’t apply to most people.

Edit: This is also why states allow people with sufficient funds to self insure their vehicle. If you have a couple million liquid assets, you don’t need to pay someone else to pay for your lawyers and and healthcare costs, you can just do it yourself.


Surprised (or perhaps not) to learn that cars can be self-insured in the USA. Where I’m from, the main objective of mandatory car insurance is to pay for the life of the people you might kill or seruously injure. Thst can be a considerable amount that I’m not sure anyone would be eager to pay out themselves, even if they’ve got the funds.


The compulsory insurance limits in most states are laughably/ludicrously low. In MA, I have to carry $40K bodily injury liability, and $5K property liability.

Literally, I could be responsible for an accident that totals a 15 year old car and gives the driver an ambulance ride and a couple day hospital stay and have my compulsory insurance not be enough to cover the entire liability.

Of course, nearly everyone carries a substantial (10-50x) multiple of the compulsory minimums in auto-specific liability policies, and if you have any amount of wealth accumulated, it's common to have an additional umbrella policy.

[0]-https://usinsuranceagents.com/massachusetts-car-insurance-re...


Like, it doesn't make sense. My insurance policy is about $600/year and covers up to 25 million(!!!) euro in 3rd party damages. Like, I'd need to crash into several Bugatti Chirons or a plane to actually exhaust my policy.

I guess the reason why US allows it is because the society is so litigious - if you have that amount of money to self insure you also have enough money to fight pretty much any claim against you.


> My insurance policy is about $600/year and covers up to 25 million(!!!) euro in 3rd party damages. Like, I'd need to crash into several Bugatti Chirons or a plane to actually exhaust my policy.

Or one crash where you injure someone so bad that they cannot work anymore for the rest of their life, maybe need specialized support and so on. The damages in property are usually the least important part of a car crash.


> Like, I'd need to crash into several Bugatti Chirons or a plane to actually exhaust my policy.

Or injure a single person to an extent that requires lifelong fulltime medical care.


It adds up really fast, especially when deaths or disabilities (even worth from a financial perspective) are the result of the crash.


Apparently it is a problem in China as well.

https://slate.com/news-and-politics/2015/09/why-drivers-in-c...


You can’t typically self-insure the liability portion, because you are playing with other people’s money. You can choose not to buy collision insurance, which would cover damage to your own vehicle. Even then, you can only do that if you own the vehicle free and clear.


>>Unless you know something the insurance seller does not that makes you more likely to be paid out than others, then it is a waste of money to buy insurance for a loss that you can afford.

That's....insane. Fires happen. Theft happens. Thunderstorms happen. Kids breaking things happen. Yes I can "afford" to replace most things in my house - but why would I risk all of my savings if I can pay ~20 quid a month and not worry about it??


I would change the qualifier to "comfortably afford" , but I do self-insure on most things.

Take an extremely poor insurance bet as an example. The electronics store will offer you an extended warranty plan on your new TV. An LG 55" LED TV (UK6090PUA) is $400 right now at BestBuy. 2 years of "protection plan" on that TV is $50. Do you think that anywhere near 1 in 8 TVs need any kind of service in 2 years, let alone something that would require the replacement of the TV? Sure, there are people who pay $450 for their TV instead of $400 and come out ahead. The vast majority don't and most people can easily shoulder the burden of buying a new TV when their current one breaks. (By the way, that insurance policy allows the insurer, at their sole discretion, to pay you the market value of your TV rather than repair/replace it.)

I self-insure against collision on our cars (meaning I dropped collision coverage). Collision insurance (covering repairing/replacing of our cars) was running around $1000 per year for 2 drivers and 3 cars. In 20 years, between insurance savings and investing the savings, I've banked about $40K by not carrying collision. Not only could I cover a collision now, I could buy 3 replacement cars outright and have money left over and don't have to deal with any insurance paperwork to do so...

I do carry liability insurance (at high limits) for auto. I have our home insured. I have a high-deductible medical insurance plan. I'm not anti-insurance in general; I am anti-insurance for losses that can be easily weathered.


The TV insurance thing is effectively a scam. Your home insurance likely covers accidental damage, and your consumer rights cover any breakdown in that sort of time (depending on where you live).


I agree it's a scam but even if my HO insurance would coverage accidental damage, I'm not making that claim. I have to pay the first $500 no matter what, then my rates will go up.

Worst case, my insurance company drops me and I have to scramble to find another company since lapses in coverage lead to all sorts of issues.

Still, I'm not buying the store's insurance on a TV. I might buy it on my teenager's phone or laptop depending on price and coverage.


I would drop that to trivially afford.

Getting a new TV is the kind of thing most people on HN would barely think twice about. At which point the cost benifit simple. But, move up a few rungs to say a 5,000$ massage chair and you could replace it or do without but most people would feel it. Further, the policy is likely to be closer to 1/20th the price at something like 250$.

It’s still a bad deal, but you can feel better about your overall purchase knowing it will last at least X years.


Why are you buying a 5000$ massage chair if you can't comfortably afford to replace it?


What a weird question. I sometimes feel like people on this website are super ultra rich. Like $100k+/year salaries rich. I feel like anything up to say $300-400 I can "comfortably" replace - but more than that and it's starting to eat into my savings, which obviously I don't want to do. Like, my $800 TV is not expensive by most peoples standards, yet if I had to replace it it would be two months of my savings. That's not trivial or comfortable in any way. Maybe I wouldn't buy a $5000 massage chair, but I own a ~$2000 solid oak table and chairs specifically because I want it to last few decades, it's a really solid table. But I couldn't "comfortably" afford to replace it. That's what insurance is for.


You also rarely need to replace TVs, massage chairs, and solid oak tables.

The other aspect is the need to replace. You can live without a TV while you build up savings, you can live without a solid oak table, but you can't live without a vehicle to get to work, or a home to live in.


This is context you might find interesting, I make less than 40k a year. This is a choice that I have made, and I understand that it has implications for the lifestyle I can afford.


There’s a mix of overpaid software people and the weird tech libertarian-ish attitude towards many issues. Just roll with it.


Mostly I am just using it as an example of a durable good.

Let’s say it’s going to last ~5 years on average then that’s a little under 20$ per week you can set aside for the next one. For something used regularly providing 20$ a week in value is a minimal hurdle, but that does not mean they can drop the full cost on a whim. Making the extended warranty a more understandable choice.


I've seen worse insurance bets than that: mobile phone companies offering insurance at fees and excess levels where you'd have to lose or break two phones a year for the insurance company to return more in claims than you pay in premiums!


It must not happen that often, otherwise insurances would not make much money.

Those events likelyhood, the cost of them, and what the insurance will actually pay you back are probably way off what you think it is in your mind.

Now I do think insurance is important for catastrophic events: low likelyhood, but incredible cost, because you can't take this chance at the scale of an entire society.

But for theft or kids breaking things, I'm not so sure.


The insurance company is taking your money, and investing in an index fund, and returning it to you minus their payroll and profit margin.

You can take the same money, and invest it in the index fund, and if and when you need it, sell your assets to pay for the loss. But you get to avoid paying the insurance company's employees.

You wouldn't buy insurance for the bag of rice you buy at a grocery store in case you drop it outdoors, the bag splits open and the rice is ruined. Why? Because you can easily afford buying another bag of rice.

The same reasoning applies to a car. If you have sufficient savings, you can buy yourself a new car if and when you need to. Until then, just invest the savings and reap the investment rewards, exactly like the insurance company will be doing.

But suppose you can afford to buy a new car (like many higher income professionals in the US), but you can't afford to pay for someone else's $500k to $1M medical bills (like almost everyone). Then you would forego the collision insurance for the vehicle, but still purchase the bodily injury liability and personal injury protection insurance.


> You wouldn't buy insurance for the bag of rice you buy at a grocery store in case you drop it outdoors, the bag splits open and the rice is ruined. Why? Because you can easily afford buying another bag of rice.

> The same reasoning applies to a car. If you have sufficient savings, you can buy yourself a new car if and when you need to. Until then, just invest the savings and reap the investment rewards, exactly like the insurance company will be doing.

But it's not the same reasoning. I can afford to buy hundreds of bags of rice every month if I need to, without stretching my budget significantly. Rice for me is pocket change, so yes insurance would make no sense.

For the vast majority of people, a car is not pocket change. Sure high income people might be able to buy another and not go bankrupt, but there's a big difference between being able to afford something, and considering the expense pocket change.


The reasoning is:

If you can't afford to replace it, then you purchase insurance for it.

Replace "it" with whatever you want. Just because a car is not pocket change, doesn't mean you can't afford to easily replace it. And maybe if you feel that it will cause you stress or stretch you thin, then it doesn't fit the definition of "afford to replace it". Auto insurance company has way more data than you do on how likely it is that they will need to replace your car, so they will charge you appropriately, plus their salaries. So if you have a sufficient emergency fund, then you don't need the insurance, just like you don't need it for the bag of rice.


Even if you can't afford to buy a second new car immediately, you could still roll with a cheap used car for a while.


If it happens once on a lifetime and you can afford it: You just calculate how much it'll cost in insurance policy vs invested in government bonds.

The other point: I think most people here are concerned with the insurance paying up once the real deal happen. Most of the time the insurance will: 1. take a lengthy legal path to exhaust you 2. pull some article that you didn't notice from the contract to get away with it.

So you are screwed twice. ouch.

I'm not claiming insurances are a scam and you should avoid them. I'm using them. But I can understand why some people are frustrated.


If you are risking all your savings, you can't afford to self insure.


Seriously.

$1500 auto insurance / yr x 60 yrs of driving is less than the cost of a single catostrophic wreck, even if no one dies.


You seriously underestimate the cost of a significant wreck in the US. The medical bills alone could reach into the hundreds of thousands. The pain of paying $100/mo for insurance vs having to come up with $250,000 all at once makes insurance a no-brainer.

My state used to allow drivers to self-insure (I think they removed the option for individuals recently). I was a really bad deal though, since you had to give the state a minimum $50,000 deposit interest free. It's cheaper to just pay for insurance and earn the returns on your cash.


Yeah I think you misread it, I said that the cost of premiums over 60 years is much LESS than a single catastrophic wreck :)


You can insure just the more expensive parts of a collision, such as liability for others' property and medical care.


This is nonsense, sorry.

As an individual, if there is a catastrophic fire a few years into a policy, I am down tens of thousands, having paid out a few hundred in premiums.


Not many people can afford the loss caused by a catastrophic fire, in which case it does make sense to purchase insurance. But if you are a millionaire and have a $200k house, then you don't really need to buy insurance for the house since you have ample funds to purchase or build a new one if the need arises.


Insurance is putting the risk of a loss onto someone else. Millionaires absolutely buy insurance because it is often the smart thing to do. It is no different than buying/selling options to hedge your stocks during a down turn.


> if you are a millionaire and have a $200k house, then you don't really need to buy insurance for the house since you have ample funds to purchase or build a new one if the need arises.

Unless that fire spreads to someone else's property or kills/seriously injures someone, in which case you'll wish you had insurance.


That still makes no sense at all. If you are millionaire with ample funds, you'd still be down massively compared to if you took out the insurance.

Example - The average UK home contains £35K of stuff. The average annual contents insurance premium is £139. You've been paying for ten years and "Oh no! A fire destroyed all my stuff". You're better off by £33600. In aggregate the insurer makes money, but they don't necessarily make money from every individual. This is where the model makes sense for the buyer and the seller.


Your assumptions are massively overestimating the probability of loss. If insurance premium is only $139, then the probability of loss must be correspondingly low such that the insurance company can make a profit (on aggregate) before having to pay out $35k.


Ok. If you are a millionaire who really would think nothing of shelling out $35,000 tomorrow, what's the best case scenario of going without insurance? 30 years saving $139 a year means you've saved $4200 by going uninsured.

$4200 is noise to someone like this. Meanwhile, if you do suffer a loss, you will be down far more.


The house always wins.

In the long run, all things being equal, it's cheaper to never insure and instead pay out of pocket for your losses.

I'd only insure for truly financially ruinous scenarios. Not for material goods or airfare, etc.


> In the long run, all things being equal, it's cheaper to never insure and instead pay out of pocket for your losses.

Only in aggregate, not necessarily for any given individual.


I really start to struggle with the concept of insurance whenever I imagine the percentage of people working at the insurance company who’s primary incentives involve making sure that I do not get the payout I need should a disaster strike ... how many people are there strategizing the legalese and structure of the policies in a way carefully designed to appeal to me at sale time but to hurt me at claim time ...?

I also shudder at the thought of overly large executive teams milking the profit stream of the company to ensure optimal balance sheet (minimal legal unleveraged asset amounts + maximum access to government lender of last resort backstops).

It’s also very hard for me to imagine the nature of the value chain back to me that comes from the CEO of an insurance company flying around in a private jet at great expense — it’s just not possible for me to imagine that the team of suits in jets running the insurance company could ever be engaging in an activities beneficial to me as they pursue typical corporate business activities...

As a consumer, I think the most sensible strategy for picking insurance involves modeling the profit center clauses of the policies to find who is most likely to be bilked and trying to estimate whether you are more or less likely than the average consumer of the product to hit one of those likely policy “profit centers” ...

In markets where the profitability of insurance companies is regulated, I have a lot of trouble believing that “boondoggle machines” aren’t invented throughout the enterprise to create false cost drivers that ultimately turn profits into costs and higher executive salaries/ bonuses - a kind of profit money laundering.

I think that trust is very valuable but it’s hard for me to believe that insurance companies as a general category are likely to be worthy of trust. If anyone has some arguments how to get over this hangup, would love help shifting my mindset to a less negative outlook here ...


This really isn’t how insurance works. These are regulated industries where pricing, underwriting and actuarial models are under heavy oversight. No one at an insurance company is designing policies for you to get screwed over.

Most insurance companies are relatively low margin enterprises. Most for profit insurance companies manage to turn a 0-5% profit. Claims make up 60-75%, ~15-20% in acquisition related costs and then other expenses like r&d, servicing costs, etc. end up eating the rest. Auto insurance for example is historically a break even business or small loss on underwriting premiums for most companies.

Companies that can underwrite profitably actually help keep the premiums that consumers pay down and keep the market in check from inflating premiums.


I used to work for a car rental company. Actually, it was an insurance company that rented car. Cause 80% of their profits were on the insurance. The car rental part was just to bring more people to insurance part.


Car rental companies seem to deploy exactly the kind of tactics that motivates my skepticism of insurance companies in general.

Car rental companies are notorious for deploying high pressure sales tactics to bully customers into paying for damage waiver or insurance upgrades. I’ve heard of companies basing bonuses for employees on these conversions and I’ve also heard of companies that just have a hard and fast quota with policies like “you need to get this many upsells per unit time or you are automatically fired”.

The fee structure and legalese for rental cars is often customer hostile for the purpose of scaring people into paying for upgrades they don’t need — and in many cases very large categories of risk are excluded from coverage via tricky language ...

I rented from a company called goldcar in Spain recently. Their rental prices are insanely low (paid 30 euro for a car for 3 weeks). They seem to make money entirely on the extras and the float of your excess deposit. They charge you your excess in full when you pick up the car (1200 euro for the car I had) then refund you when you return minus any damages. I’ve rented from them a few times and they do some shadey things which I’ve learned to be careful about.

- They have a range of constantly changing and sometimes screwy refueling policies: buy the tank in advance return empty, “flex fuel” where you pay a (non-refundable!) fee to pay a deposit on the tank and then get refunded your deposit based on how much fuel is in the tank when you return it, and (only sometimes and seemingly at a different rental rate) buy full return full. - Once they charged my card in dollars rather than euros (without asking) resulting in a huge 5% currency conversion fee by their payment processor - I can’t imagine that fee doesn’t make it back to them in some amount ... (that really pissed me off and I probably wouldn’t ever have rented from them again but I actually didn’t notice this until much later)

I think they’ve gotten dinged in the past for some illegal/deceptive practices. I personally have mostly come our ahead using them — but only by being careful and knowing exactly what to say/do on each rental experience ... I think from recent rental experiences it has gotten less scammy for me.

The mentality necessary to navigate rental car insurance decision making seems the same mindset required to engage in business with other insurance entities - most insurance markets generally seem ripe to me for similar adversarial game playing ...


But how fungible are the categories applied to a given cost source? Suppose a company finds a way to target customers in a way they predict is likely to outperform the actuarial models using “expensive ad tech”. They can shave off some of the claim cost, but avoid underwriting profitably by inflating the cost of customer acquisition (including big bonuses for their “industry leading” customer acquisition performance ...)

To me some variation on this kind of scheme seems likely to be common - am I wrong headed to think these kinds of tricks occur often?


No I don’t think that wouldn’t work long term at a public insurer. Expense measures are fairly well understood by analysts, investors and regulators. If expected claims got out of wack with pricing it would become a problem for an insurer.

Many insurers have near fixed acquisition costs due to distribution channel realities. Agents take a commission, Google and Ad networks take a referral fee, etc. and those with large direct to consumer portfolios may experience challenges in underwriting profitability as is. Insurers will certainly try to manage those acquisition expenses efficiently and to optimize underwriting performance. Executive comp would be anchored on those things rather than allowed to underperform and compensated for.

If you call beating actuarial models a trick, then yes that certainly can occur but that’s kind of the name of the game. You’d rather companies figure this out because models become more efficient, pricing becomes more segmented and risks are priced accordingly.


Your arguments apply to every company---do you not deal with grocery stores?


This is a good point I think — but I don’t find myself biased to perceive buying groceries as entering into an adversarial relationship with my grocery store — maybe because the relationship is transactional and tends to end immediately after the transaction...

Maybe I’m wrong but I don’t think there is as direct a conflict between me and the grocery store — me being happy with a particular purchase is not generally associated with the grocery store being “unhappy” that a particular product “works out for me” when I consume it ...


Repeat transactions are very common at the grocery store, very rare (if including actually getting a claim) from an insurance company.


You can’t say insurances will be there every second in case of life-threatening event, given how many times we’ve seen them ask for a paper you don’t have, and how often it is required to sue them to get the supposed benefits, years later.


With insurance, the expected worth for you has to be negative, otherwise how would insurance companies even survive? The value of insurance is not reducing the average loss, but reducing the risk. For example you lose $10 at a probability of 100% instead of $1000 at a probability of 0.5% (that is losing $5 on average). If you look at the probability distribution of your losses, you are not moving it to the left (lower average), you're just making the distribution narrower, that is you reduce the chance that you lose large amounts.

In summary, if losing $25k is no big deal to you, you can on average save money by not buying insurance. If losing $25k is life changing, you should pay some money to reduce the risk.


Insurance also has quite a bit more weight to toss around than you do. So, you’re comparing cost to them vs cost to you which can be very different numbers.

Health insurance negotiators for example often save you more money than their profit margins. It’s dead weight to society but personally it’s a net gain.


> "If losing $25k is life changing, you should pay some money to reduce the risk."

What about the risk of your insurance company going bankrupt? Or the risk of your insurance company fighting tooth and nail to avoid paying you?


> What about the risk of your insurance company going bankrupt?

For most insurance ordinary people would have, except possibly life insurance [1], coverage comes into effect fairly soon after you pay your premium. If your current insurance company is showing any signs of insolvency, you should be able to switch to someone else and get covered.

If there were no warning signs that your insurance company is in trouble and they unexpectedly go bankrupt, but at a time when you don't need to make a claim, you can quickly switch to someone else.

If they go bankrupt and you are making a claim, it should be covered by your state's guarantee fund. Insurance is a regulated industry, regulated by the states. Part of that regulation includes the state establishing a fund paid for by the insurance companies that is essentially insurance that the insurance companies can pay claims.

If you pick a large, diverse insurance company, probably the only real risk that they might unexpectedly go bankrupt at a time when you need to make a claim, and the state guarantee fund might not be able to cover it, would be during some major widespread disaster that causes severe damage over a wide area. You might be screwed then, although there will probably be some kind of Federal disaster recovery aid available then.

[1] I have never looked into details of life insurance so am not sure how that works.


I said reduce the risk, not eliminate it; or make the probability distribution narrower, not collapse it to one value.


AIG cyber policies provide dns filtering appliances customers are required to put in front of their networks. Supposedly works really well for them. Does anyone know if Zurich did the same?


From an economic theory perspective if you have diminishing utility, pooling risks makes sense even if there are some profits for the insurer, since you have more certainty about the possible outcomes. With graphs [1]

If the loss you are insuring is large enough, the acceptable profit is quite large for it still to be a worthwhile investment.

[1] http://www.economicsdiscussion.net/articles/risk-aversion-an...


I feel like you’ve fundamentally misunderstood how insurance works here. Yes, on average, across the entire risk pool, claims paid out average below premiums paid in.

As an individual though you only really need to make one non-tribal claim on a home insurance policy to end up making a profit on the deal. The pathological example is a fire gutting your entire home, destroying everything - in that case you’re going to see $25k paid out to you, on average in the UK home insurance costs about £130, which would be about $170. You’d have to pay into that policy for almost 150 years to end up making a loss on that deal.

Even a fairly minor issue like a burglary requiring the replacement of $5,000 worth of possessions you only end up making a profit by self insuring after 30 years.

The other misunderstanding you seem to have is a pretty common one: “I lock my doors consistently”. Burglary is the thing insurers pay out least frequently on. Everyone locks their door and takes basic precautions to avoid it, even if someone does break in you’re not going to lose much in most cases. The big risks are fire, which is infrequent, but expensive, and flood. Flood is much more frequent than most people realise, and can easily result in paying out hundreds of thousands of dollars to replace contents, rip out all your floor boards and replace them, redecorate the house, and if you’re in an upper level flat potentially to do the same for everyone below you. Flooding is what keeps insurance pricers awake at night, wondering if they’ve accidentally under priced an unknown flood plain.


"an unknown flood plain"

In Australia there was an exception in the "flood" policy (required for a mortgage I think) for rising river levels.

The exception used a very unfamiliar word (that I can't remember at the moment!)


Having got paid about 100k recently on a business insurance policy that cost under $250/month, I don't share your sentiment.

Besides, even if insurance is negative expected dollars, it's positive EV given loss aversion in most cases.


You are an individual. You are not an average. The average is entirely irrelevant for you.

The calculation you need to make is "how is MY life effected by this decision".

If you choose to pay the small insurance amount you probably won't even miss the money in your day to day life.

But when that unexpected event happens, one version of you can come back strong while the sucker can console himself with the thought that the average human is at least being happy.


> I don’t care how cheap the policy is, I’m assuming they’re charging more than they payout on average, and I lock my doors consistently.

Thats not the correct "math". The value insurance provides is that the cost of the risk is higher than the cost of the premium. The whole point of insurance is how much are you willing to pay to avoid catastrophic scenarios.


“Charging more than they pay out on average”... Perhaps they make a profit, but the point of insurance is that some people, on exception, receive more than they pay in.


For extra health insurance (beyond the "socialist" baseline) about 15% of New Zealanders use a private not-for-profit organisation that began in 1961 called Southern Cross Medical Care Society.

https://www.southerncross.co.nz/Group/About-us

Health care is a special case where you usually "win" if you always paid premiums but never have to make a claim (because claims often can't repay bad health).

And if you are a socialist, you can be happy because your premiums go to the health losers (had to make claims but their life might be shorter or shitier).


>I don’t care how cheap the policy is, I’m assuming they’re charging more than they payout on average.

How would an insurance company stay in business if it were any other way?


Insurance companies make money by investing the premiums. It's possible for an insurance company to make a profit from investment even if they had unprofitable underwriting. From Warren Buffet:

> Insurers receive premiums upfront and pay claims later. ... This collect-now, pay-later model leaves us holding large sums -- money we call "float" -- that will eventually go to others. Meanwhile, we get to invest this float for Berkshire's benefit. ...

> If premiums exceed the total of expenses and eventual losses, we register an underwriting profit that adds to the investment income produced from the float. This combination allows us to enjoy the use of free money -- and, better yet, get paid for holding it. Alas, the hope of this happy result attracts intense competition, so vigorous in most years as to cause the P/C industry as a whole to operate at a significant underwriting loss. This loss, in effect, is what the industry pays to hold its float. Usually this cost is fairly low, but in some catastrophe-ridden years the cost from underwriting losses more than eats up the income derived from use of float. ...


That’s just saying the nominal premiums are less than what they pay out, but the real value of premiums including expected return on investment is more than the losses paid out (obviously since the insurance company is in business). This real value is available to everyone since nowadays everyone can invest like the insurance companies with index funds, so comparing the real value of the premiums paid by the policyholder when the insurance company has to pay out is an accurate comparison.


That's a fine point, but the question was probably asked in the context of the nominal values.


It doesn’t seem useful to me to talk about nominal values when discussing value of money over long periods of time. The original comment was that insurance charges more than they payout, which was disputed saying they make up for it in investment earnings.

What I’m saying is that since the same investment earnings are available to the premium payer, it is true that the insurance company charges more than they pay out, hence the original poster is right in avoiding insurance whenever they can (i.e. they can afford to pay for a loss they might have been planning on purchasing insurance for). All they need to do is invest it in one of the many nearly free index funds, and they’re in the same boat as the insurance company, but without having to pay for the salaries of the insurance company’s employees.


There's also a huge reinsurance market that insurers use to mitigate local risk, and arbitrage. It's how they can survive during the exceptional cases like a major flood where everyone is claiming.


I don't understand this for dental insurance in Canada. The premium I paid while a student was a fraction of a single visit. I visited twice a year and had additional work done some years.


My best guess would be that it's cheaper to pay extra towards your routine appointments and catch problems early versus waiting until you need major work done down the road due to neglecting your dental health.


But this is student coverage: the expensive problems tend to:

1) come along later

2) not be wel reimbursed (eg: 60%), so if it can wait, many will until they have employment and better coverage.


They make money investing the float (the money they have received but not yet paid out).


> This is why I try to avoid insurance policies wherever possible.

You read a story about about a special case for a policy four orders of magnitude larger than your own common case.

The results of your cost/benefit analysis are that you should generally avoid insurance policies.

I hate to defend the insurance industry, but it sounds to me like you're exactly the type of person who needs to have insurance.


You're taking a very uncharitable reading of that comment. This is clearly not describing a change they made in response to this particular article.


The reason I have renters insurance in Denmark is that it also covers liability, if I damage someones property.. even on a bike or something.

(If I recall correctly, I had liability coverage through renters insurance in the US, when I lived there)

Cover liability in case you run someone over on a bike and they are severely disabled.


> I’m assuming they’re charging more than they payout on average

You are approaching this wrong. Yet, they charge more than they pay out, on average. But they charge everybody, and they pay out only to small percentage of people. The point of insurance is not making profit for you, it's to cap your losses to predictable small upfront payment, instead of large ruinous random loss at random moment in the future. Yes, if you can easily afford the loss of everything in your household, then insurance makes no sense for you. But if losing significant part of it could be ruinous, by paying a small sum upfront you avoid the possibility of being ruined. The thing you are buying is limiting of the losses.


I know little about insurance from a professional context, but as an investor what I know is often insurance companies do not earn more than they pay out from premiums, they earn it from the float. This can persist for very long periods of time.

The entire “cyber” insurance thing has seemed extremely questionable to me. Technology is changing too fast and software propagates far to quickly to meaningfully quantify risk based on anything which has happened in the past.


Even if losing everything you own wouldn't be financially ruinous, there is still value in limiting losses.


It’s an argument that doesn’t make any sense, I’d imagine having it gets tiring.

My in-laws just went through an event like this. A sewer backed up and basically destroyed about 60% of everything they owned — everything from HVAC to clothes to kitchen.

It’s not a hazard that is likely to happen at that scale, but for the ridiculously cheap cost of that insurance it’s certainly something worth careful consideration. Getting a boiler replaced on an emergency basis in January is an expensive proposition.

Low probability, high impact risks are the best risks to insure. Home/renter insurance isn’t a scam.


The fundamental product that insurance offers is moving resources from scenarios where you have more than enough to ones where you don't. It's an amazing trade from a maximin perspective. Going purely on EV will convince you to do things that are like picking up nickles in front of a steamroller.


It's basic risk v reward. When you buy insurance you always lose on average. But the point is when you "win", you "win big". Meaning when something bad happens, it doesn't wipe you out.


It's hard to argue, because your argument does not make any sense. For ~$200/year you can offload the non-zero risk of a $25k loss onto someone else. IMO, that's a great deal.


You don’t live an aggregate of many lives, you live one. Insurance is the way you keep your individual outcome close to the population average.


Multi billion insurance Co is not going to argue with you on $25k petty theft.

Junior clerk is going to check paperwork and process your claim.

$100M claim is a different story.


Why should "act of war" not be covered?

If I'm going broke because of a war, why shouldn't my insurance company?

Similar, with natural disasters, those should be covered by default -- insurance companies can easily spread the risk geographically..

These exceptions feels like legacy from the "good" old days when wars were common and globalization limited.


Because insurance companies are generally in the business of insuring unsystemic risk.

The entire model breaks down in cases of systemic risk, unless that has been accounted for and dealt with. Which is why it's a major element of insurance policies.


In Chile the insurance companies have fine print saying they won't cover injuries resulting from paramilitary activities (reasonably sensible, OK) or anything nuclear, right down to a nuclear bomb.


Even in the US it is common for home insurance to not cover nuclear war -- mine specifically says it doesn't for example. Although I suspect not getting an insurance settlement would be the least of my concerns in that event.


Today you can insure against systemic risk through re-insursnce in other countries.. this should be a benefit from globalization, right?

So why we keep allowing insurance companies to make these exclusions?

If there is systemic risks to the entire planet, then an insurance company should just go bankrupt.. I mean the survival of a company isn't very important if we talking about the apocalypse :)


> So why we keep allowing insurance companies to make these exclusions?

In general, we don't have to "allow" contracts between two private parties to happen. We can "not allow" (i.e., outlaw) certain contracts, but an insurance company and a private party can (and should!) set up the contract between them however they please. Especially in a case like this, where the contract is huge, and probably had teams of lawyers from both sides going over all its details.


It should not be covered because there is a statement in the policy that it is not covered. The only controversial thing here is whether or not this actually was an act of war, and that is something the insurance company must prove.


What does prove even mean in that context?


That the insurance company feels comfortable nobody will punish them for stealing your money. Their business model is who can they get away with not helping really.


This is a very strange point of view.

If they are stealing, they aren't doing it very well! Insurance companies tend to only have profit margins around ~5%.

And what does that mean about insurance buyers? Are they all idiots for buying insurance, since it just means their money will get stolen?

Insurance companies can't afford to pay out any more than they need to; doing so would raise premiums for all customers and make their products less appealing in a fairly competitive industry.

Whether NotPetya was an "act of war" (a legal term of art), is a legitimately interesting discussion! To have it reduced to "those insurance companies are stealing" is depressingly simplistic.


That ~5% worked out to almost 4 billion profit last year for my healthcare company. They are incentivized to decline coverage as much as they possibly can and have a long history showing they want to.

https://en.wikipedia.org/wiki/Anthem_(company)#Controversies

    The DMHC randomly selected 90 instances where Anthem Blue 
    Cross canceled the insurance of policy holders who had 
    been diagnosed with costly or life-threatening illnesses, 
    to find how many of these cancellations were legal. The 
    agency concluded that all these cancellations were 
    illegal.
Falling on "it was an act of war" when no government has declared such a war is nothing more than creative accounting. (this is also Anthem)

    On 17 March 2010, WellPoint announced it was reclassifying 
    some of its administrative costs as medical care costs in 
    order to meet new loss ratio requirements under the health 
    care law, which requires insurers to spend at least 80% or 
    85% of customer premiums on health care services, 
    depending on the type of plan.[5
https://www.quora.com/How-many-people-die-in-the-US-each-yea...

https://www.nytimes.com/2007/03/26/business/26care.html

https://www.thedailybeast.com/my-insurance-company-killed-me...


Yes, they are profit making companies. Those profits are distributed to investors, in the case of Anthem, that's mostly institutional investors, i.e. people's retirement funds. What's your point?

Anthem's 4% margins are well below the S&P 500 average of 11%. If Anthem was simply stealing surely their margins would be a little higher? And who are the idiots buying Anthem insurance? I mean, if it was just stealing, everyone would take their money somewhere else, no?

Of course the truth is not simple, but rather complex. Most any company has a "Controversies" section on their wikipedia page. Toyota once shipped a car with bad brakes. What does it mean? Are all companies simply stealing?

Yes, insurance companies are incentivized to decline coverage, so that they can lower premiums (to compete) and increase margins. But they are also incentivized to payout because if they don't, people stop buying insurance.

> Falling on "it was an act of war" when no government has declared such a war is nothing more than creative accounting. (this is also Anthem)

Quite certain that is not how the courts will interpret the term "act of war." In international law, for example, there is certainly no precedent that a government declaration of war is required for an act to be considered an act of war. Any aggressive act can potentially be considered an act of war.

If Russia decided to blow up a bunch of US freighters, sans-declaration of war, fairly certain the act could pass as an act of war.


If California had investigated 100 of Anthem's paying customers' cancelled policies at random, instead of 90, and found 100 were illegally cancelled because of the cost instead of the 90 out of 90 they found to be illegally cancelled because of the cost, would it be stealing then?

What is it if it's not stealing when you take people's money in exchange for a service but illegally close their account and keep the money they paid instead of providing the service?

    In May 2014, Anthem Blue Cross refused to pay for the 
    hospitalization of a Sonoma County, California man for 
    stage four cancers, although he had paid Anthem over 
    $100,000.00 in premiums.[61][62] Anthem ended up paying 
    for coverage following public outcry.[63].


You are making the following argument:

1. Anthem Insurance stole from policy holders. 2. Ergo, Zurich Insurance stole from Mondelez.

If you are going to make a claim that all insurers are systematically stealing from their customers, I think you are a long way off. So Toyota sometimes ships cars with bad breaks. Ergo all car companies are trying to kill drivers?


Are health insurance companies abnormal or representative of non-health insurance companies? Zurich Insurance doesn't look better at all based on the submitted article -

    specifically covered “all risks of physical loss or 
    damage” and “all risk of physical loss or damage to 
    electronic data, programs or software” due to “the 
    malicious introduction of a machine code or instruction.”


5% profit margin doesn't mean I will lose 5% on average. My risk will be pooled with reckless people and scammers. I know I am neither but my insurance company doesn't.

Then there are the sales and administration costs that need to be paid. On both their side (coming out of my premium) and on my side (coming out of my free time). I don't like keeping receipts and I don't like filing claim.

All in all I'd lose much more than 5%.


Actually most insurance companies pay out more money in losses than they take in via premiums.

The real business models for insurance companies isn't underwriting profits, it's arbitraging the time value of money (pay premiums now, pay claims later) via investing the float.


That's not more money though; that's less money exchanged into a weaker (more inflated) currency. Four pounds isn't more than three kilograms just because the number is larger.


That might have been true at some point in history but is no longer possible in a ZIRP environment.

In this context, "prove" means convince a judge of the Cook County court that the NotPetya ransomware was not an ordinary cyber attack, but rather a Russian act of war against the US.

I think Zurich's point of view is not untenable. If a Russian military submarine had sunk a Mondelez freighter, would it be an act of war? I think possibly. What if a Russian military cyber hacking squad steals their money with ransomware? Less clear, but still certainly a belligerent act on Russia's part.

Of course Zurich will need to present a convincing case that the cyber attack was committed by the Russian government.

Will be an interesting case.


I think Courts will decide on that matter. The insurance company says some govts claim that these are actions perpetrated by Russia. If courts accept it, they have to decide do these come under the scope of "acts of war". Courts will ask that insurance company to provide more than a newspaper claims. So, they will ask for evidence whether Russia indeed committed these.


You're just restating the insurance company's position. The issue is why don't insurance companies want to cover people against war, and the answer is that that's when the people you relied on take the money and run because there's a decent chance that their erstwhile customers will die (physically or financially) and never be able to come after them.


They will absolutely cover acts of war. It is simple - just ask them to and hand over the extra money.

There is essentially no risk that cannot be insured, but the standard pricing is going to exclude a bunch of tail risks that would be prohibitively expensive to include by default


I think there are probably risks that cannot be insured in practice. One of the particulars of war is that it might destroy many insured parties at once, overwhelming any conceivable insurance syndicate. Yes, you could perhaps sell a few policies with limited coverage, but if you cannot credibly calculate the probability of the event occurring it seems hard to imagine there is a price that will make sense to both parties.


That's no different to any other catastrophe. Earthquake or tsunamis etc.

> it seems hard to imagine there is a price that will make sense to both parties.

The price you'd have to pay is likely to be extremely high due to the value at risk and level of uncertainty, and yes insurance companies would also be modelling their exposure and stop selling at some point. A single tanker, for example, could almost certainly find a price at Lloyds.


As have been pointed out by others, insurance companies are more than happy to cover acts of war in exchange for higher premiums.

Some insurance policies cover acts of god (extremely rare disasters), some don't. They are priced accordingly. I'm sure it is no different with acts of war or anything else.

Insurance companies pretty consistently report ~5% profit margins. Surely if they were simply stealing, their margins would at least be reaching Google levels?


I don't think low margins is a good way to define not-theft. Golden goose, you know.


Fair enough. Though I guess I just don't see how the argument that insurance companies are "bad guys" has any legs.

Yes, insurance companies only want to pay out when they are contractually obligated to do so. That is patently obvious. If insurance companies paid out when they weren't, insurance would be much more expensive than it is now.

If an insurance company is unsure a situation is contractually covered, they will not pay, and a court will decide the case. Once such ambitious cases are clarified, all future parties benefit.

I don't see anything shady or underhanded about any of this. Especially since it is all basically part of the definition of what an insurance company is!


IIUC, it's because a war would likely cause harm to a large number of clients at the same time. The insurance company could not afford to pay so many concurrent claims.

Which makes this case even more important: how could any insurance company guarantee to pay damages caused by a computer virus, when many viruses are designed to quickly spread across many systems?


> IIUC, it's because a war would likely cause harm to a large number of clients at the same time. The insurance company could not afford to pay so many concurrent claims.

disclaimer, I know nothing about the insurance industry, but for sake of intellectual argument:

insurance companies already have to deal with scenarios like this e.g. home earthquake insurance in California.

They do this by re-selling the income and risk from their policies in the "re-insurance" market. This spreads the risk out to counter-parties (who are in the other parts of the US and the world) who buy this stream of income+risk.

In turn, those counter parties are probably buying the income+risk of all kinds of insurance policies from different geographies so any one event of earthquake or war is less likely to catastrophically affect them.


Yes but even though you might be able to sell “act of war” insurance, like earthquake insurance it wouldn’t be something covered by a generic policy


But maybe it should be!

Why do we allow these exclusions in the contracts?

I'm sure we have regulation on what can and cannot be part of the insurance terms.


It arose in the context of maritime shipping, and so was essentially an analogue to floodplain exclusions — i.e., “If you’re going to sail in defiance of a likely sinking or seizure by a hostile power, don’t expect us to make you whole.” It later was included by convention in property and casualty contracts as well.

In the US, at least, Zurich’s attempt to wriggle out of payments would be an uphill battle at best — there are unfavorable judgments in the context of international terror attacks, as well as (in Multi-Foods vs United Commercial) Russian seizure of goods. In the absence of actual war or war-like activities (such as Korea or Vietnam), hard to see how they win. But, hey, even a 5% chance of victory is probably worth the cost of litigation.


Because these institutions have mostly transitioned from mutual insurance companies to public companies.

Their duty is to shareholders vs policy holders.


I think that the direct loss of lives due to the action and a permanent damage to critical to very important infrastructure is the current guideline to declare a hostile act from a nation state as an act of war

I wonder how that insurance company expects to continue business. If they don't pay in case of damage, why would anyone buy insurance from them?


The thing you’re buying from an insurance company is “Can you pay me in case of a covered claim?” not “Can you pay me if I need money because something bad happened?” If you buy medical insurance and file a claim because your house burned down, expect not to get money. If you file a claim which falls into the policy exclusions which are briefed at excruciating length and which you had your lawyers review because you are a professional risk manager and know this policy’s value to you is potentially nine figures, expect to not get money.

The reason companies with very intelligent risk managers keep paying Zurich money is that Zurich reliably pays out covered claims, as you would expect from a highly-regulated entity. HN’s incredulity about insurance companies routinely paying out claims staggers the imagination. They’re highly regulated publicly traded companies which denominated claims expenses in (in this case) billions of dollars; that isn’t code for “Psych we actually just bought mountains of cocaine and would have successfully hoodwinked all counterparties, regulators, and courts but for the diligence of Internet commenters.”


Now and then, insurance companies will pull fast ones. E.g., insured dies of heart attack two years after buying policy, preexisting condition even though preexisting exclusions go away after one year according to policy.

Put mostly the dim view of insurance companies comes from health insurance in the US, which is a catastrophe.

Or someone gets cut rate car insurance and has trouble with a claim. How do you think they keep the rates so low?


This seems like an overly snarky and patronizing response which mostly dances around the point at hand. You’ve effectively sidestepped the discussion to talk down to HN commenters as a whole because you think they’re ignorant of The Way Things Work in risk management and insurance. That’s likely true; it’s also dismissive. Thank you for explaining to us all how insurance works, but to be honest I don’t think that resolves whether or not this claim should be paid.

All we’re talking about is whether or not they are right to not pay out this specific claim. Do you have any justification for this being an act of war? What is your position on that particular issue? Your comment portrays a world in which lawyers don’t disagree because they all meticulously defined and agreed to a contract. I think it’s very fair to conjecture neither side thought of this particular scenario, and that as a result, there is a legitimate problem about which reasonable people (and lawyers) disagree.

Moreover, I think it’s fair to have the orthogonal - but related - debate about whether or not “acts of war” should be covered, even if they ultimately prove not to be in this scenario. I think it’s okay if we debate this even if we’re not all experts in law, insurance and risk pooling. We’re not directing policy here, we’re commenting on a message board.

Note that I’m not crusading against insurance, nor am I saying lawyers are dumb or malicious. But I am trying to convey the very even-handed position that people are fallible. Your comment strikes me as more of a lecture than a substantive response to whether or not fallible people could be making a mistake in rejecting a claim. Consider the spirit of the comment to which you replied - yes, this may turn out to be by the book for this insurance firm. But if that’s the case, it can still be true that potential customers will not want to purchase coverage from them because “act of war” hacking is a risk they want to (quantifiably) share.


As I stated downthread, this claim hitting the exclusion feels very plausible to me. Hostile acts by a foreign government are excluded. The US national security apparatus is so convinced that they have Russia dead to rights on this that they’ve publicized their accusation and evidence. Their accusation is that Russia destabilized core infrastructure in several countries as cyber aircover for the conventional war in eastern Ukraine that no intellectually serious person disputes is happening.

I think Zurich is very plausibly right by the letter and spirit of the bespoke contract which they struck with a sophisticated counterparty who had competent legal advice.

You should certainly price in the risk that, if you have an uncovered loss that you wish your insurance company would cover, your insurance company will point to the contract and say “Uncovered loss; no.”


> All we’re talking about is whether or not they are right to not pay out this specific claim. Do you have any justification for this being an act of war? What is your position on that particular issue?

Not the parent, but the if the hackers are employees of the Russian government and the ransom money was collected by the Russian government, that seems pretty "act of war"-ish to me.

If a Russian military submarine held up an American freighter, boarded, commandeered the vessel and took the goods back to Russia, wouldn't that be an act of war? Of course this case is different, but I think it is similar enough that taking this case to court is not at all unreasonable.


The debate here is whether it was a covered claim or not.

A reasonable person would certainly think that a policy sold as cyber insurance would cover a cyber attack. And presumably a large multinational like Mondelez would have had the policy reviewed by their legal department before signing and paying the premiums.

So far as regulations - in the US standard types of policies (such as auto, home, etc.) are regulated by the states not the feds. A policy that isn't one of those likely has very few regulations around it. In which case the policy language (aka the contract) governs the relationship.

If Zurich wanted to limit the total damages, they should have put that in the policy. And then resell some of that risk to a reinsuror.

This is going to have to be settled in the courts. But in the meantime, I would be hesitant to purchase any cyber insurance from Zurich (or any other insuror) because of the uncertainty that a claim would be paid that this action introduces.


Rather than separating claims into "covered" and "not covered", I recommend a third bucket "might be covered". I think this goes into that third bucket. Whether or not this particular claim should be paid doesn't mean it's not in the third bucket.

When buying insurance, you shouldn't rely on payments for claims in the third bucket, especially not without a legal fight.

Many consumers don't understand any of this. But I expect (hope) that most large businesses are sophisticated enough to understand this.

I don't think this will hurt Zurich's business, because most of their customers probably understand this.


I agree with your conclusion, but keep in mind that most policies don't cover things that are actuarially impossible to predict, like acts of war. Both sides of this situation seem to have reasonable cases; the results will depend on the definition of "act of war."


Is "Criminal organization decides to create damaging ransomware" really so substantially different from "Criminal organization (known as the Russian Federation) decides to create damaging ransomware" that Zurich actuaries can earnestly predict the likelihood of one but not the other?

I assert that the line between cyberwar and cybercrime is very faint.


"HN’s incredulity about insurance companies routinely paying out claims staggers the imagination. They’re highly regulated publicly traded companies which denominated claims expenses in (in this case) billions of dollars;"

I used to use the "smart money" heuristic a lot in my thinking - for all of the reasons you list above, and more.

Then the 2007/2008/2009 mortgage meltdown and liquidity crisis occurred and we saw that a lot of the "smart money", including the very insurance providers and investment banks (or subsidiaries thereof) were caught unawares. AIG[1], for instance, which was in very much the same league as Zurich RE, et. al.

I would take the size of these companies, and the billions at stake, and their regulators ... and all of it ... with a big grain of salt.

[1] https://en.wikipedia.org/wiki/American_International_Group#L...


“What kind of claims does Zurich pay our, Patrick?”

Fire at a port in China; $600 million in losses from single incident, with the meter still running.

https://www.insurancejournal.com/news/international/2015/11/...


What they're saying in this case, however, is that they will not pay a covered claim. That's why people are up in arms about it. Cyber war is their euphemism for yes we should pay this but we won't. It's a preposterous and ridiculous claim and everyone here knows that. So the question stands: why would anyone buy insurance from this company that won't pay out covered claims like the malware in the article? I don't care how public or big this company is, after this case, you'd have to be insane to continue paying them when to them any run of the mill cyber attack is an act of war that they won't pay. Are you going to pay theranos now for their blood testing kits? No. The trust has been lost. Then why pay this company for insurance against cyber attacks when they've proven they won't pay the covered claim? The trust has been lost there too.


Regularly paying out vaguely-calculated $100 million claims wouldn't bode well for their long-term existence either. I'm guessing that Zurich did their own assessment of the losses and came up with a much, much lower number. The article states that they were originally willing to pay $10 million. Before casting aspersions on Zurich, we should take a critical look at how Mondelez calculated $100 million of losses.

Mondelez likely threatened Zurich with extensive lawsuits when they realized the companies were an order of magnitude apart (10 vs 100mm), and Zurich threatened back with their version of Judge Smalls -- you'll get nothing, and like it!

To a commentator below who doubted they could prove Act of War conclusively in court: they will never have to -- this would be a civil case, they only have to achieve "more likely than not," which may not be difficult given the extensive declarations, as mentioned in the article, from FBI, DoD, Pentagon, etc.


US jurisprudence may be different from the Australian law I studied, but as I understand it the "more likely than not" applies to the facts in a civil case not to the legal issue of what constitutes an act of war. That is a question of existing legal precedent and statute law. If there isn't a clear legal definition of cyber war they may indeed have a difficult time proving that cyber attacks are an act of war. But they may think it is worth the effort to try and establish a precedent.


"Mondelez likely threatened Zurich with extensive lawsuits when they realized the companies were an order of magnitude apart (10 vs 100mm), and Zurich threatened back with their version of Judge Smalls -- you'll get nothing, and like it!"

It's easy to grin, when your ship comes in, and you've got the stock market beat ... but the man who's worthwhile, is the man who can smile, when his pants are too tight in the seat!


I hope the courts study this carefully before giving a judgement - ultimately this can open a can of worms if insurance companies were to claim every malware infection as an "act of war".


Honestly they don't. The deeper truth here is surely that Zurich was overexposed and just doesn't have the money to pay the claim. They know this is a ridiculous position and that they'll lose the suit, but denying the claim now lets them at least try to rework their finances and come to a settlement instead of just declaring bankruptcy and giving up.

Insurance companies make risk management mistakes too, and this is what it looks like when they do. The money Mondelez is owed isn't there.


Zurich can pay out a hundred million dollars and shrug it off. Yes, it’ll hurt for a bit, but this is nowhere near the sort of thing it would take to bankrupt them.


That's Zurich, an insurance behemoth, almost half a trillion in assets.


I can see why now. Getting money and not paying claims


> "hostile or warlike action in time of peace or war"

A lot of comments jump on the war and cyber war definitions, but the article states the exclusion is based on a "hostile or warlike action", which is a much looser definition.

Based on the announcement of multiple governments that this attack is from Russian origin this exclusion might very well be justified.


Couldn’t most hacking attempts be defined as “hostile actions”? And the second part “at a time of peace or war” effectively means all the time. Seems like an extremely broad exclusion.


Yea, I thought that too. I imagine either the "or warlike" part or additional text that was not quoted narrows it down to state actors or state-like actors (e.g. terror groups like ISIS or al-Qaida). Would still be a very broad definition.


I have no idea how the law would interpret it, but while 'hostile warlike act' might narrow the scope as you suggest, 'hostile or warlike act' would seem to widen the scope to any hostile act, warlike or not. (Are there any non-hostile warlike acts? Accidents such as so-called 'friendly fire' incidents might fit...)


I think the implication here is that it must be carried out by a state agent.


There seem like two possible outcomes:

1. Insurance that covers nation-backed cyber attacks becomes very expensive, or

2. Countries start treating nation-backed cyber attacks as actual acts of war.


Yes some PR people made some statements, but have they produced any evidence that these attacks originated in Russia? Zurich will need actual evidence of facts, not newspaper articles quoting the spokesmen of political appointees in charge of these agencies.


there's a comic that goes :

- it wasn't elective surgery. I would have died!

- but you elected to live.


Source article from The Register.[1]

[1] https://www.theregister.co.uk/2019/01/11/notpetya_insurance_...


I would kind of expect the argument about not paying out to be one of negligence on behalf of Mondelez. NotPetya uses the EternalBlue exploit which Microsoft patched in March 2017, NotPetya was late June 2017. Don't install security patches on 1,700 servers and 24,000 laptops for four months? Don't get an insurance payout.


I'm sure negligence is covered under insurance, that's why Zurich made a claim of "cyber war", which is harder to prove than negligence. Also if negligence wasn't covered, almost everything can be claimed as negligence. For example, fire started due to electric short circuit: negligence, you should have got everything inspected every x months/years. Theft: negligence, you should have x number of security guards. You see where I'm going?


In my mind, the usual handling of negligence is that your insurance contract may specify steps that you're required to take in order for any eventual claim to be valid. For example, a policy insuring your car against theft may specify that you keep your car parked in the garage and not on the street. If your car is stolen off the street in front of your house, you're not going to get anything.

Conceptually, such a clause represents you guaranteeing a particular standard of non-negligence in exchange for lower premiums.


Sure, but not in the right direction. They wouldn't have an argument for negligence because of a short circuit if you followed the official rules for inspections.


That’s an interesting point. Just as there are financial auditors for investors do cyber insurance companies actually do any auditing of their clients?

It would be in both of their best interests to do so. Mondelez would see that they need to get their security house in order and Zurich would gain some expertise in what to look for in their clients.


This would be a massively interesting suit, if fought out to conclusion. Looking for a proper definition of war, you might even go back to the Hague Conventions or some historical precedents in common law. Probably the terms and conditions do not further specify 'war', let alone 'cyber war'. But if it would be an easy case, the insurer wouldn't take on Mendelez, unless perhaps as long shot to prevent ruin.


And that's the last time anyone buys cyber insurance from Zurich. What's the point of cyber insurance that doesn't cover ransom wear? Just a useless waste of money.


They aren't not covering ransomware. I suspect future buyers are going to re-evaluate if they really don't need coverage against being casualties of nation-state attacks though.


Insurance against war related damage is called reparations.


Not really, no. It's got little to do with the idea of insurance.

Property insurance industry works with the security community to develop and enforce standards for security operations, safes, locks, alarm systems, etc. that reduce theft, and employs investigators to recover stolen high-value goods.

Auto insurance industry works with the automakers and regulators to develop and enforce standards for crash safety, airbags, crumple zones, collision avoidance systems, etc. and employs litigators to recover damages from the at-fault party.

Insurance companies aren't just professional gamblers. They are risk managers. You pay them to deal with the nitty gritty of risk mitigation in whatever domain because it's not your speciality.

How are you going to manage the risk of enemy damage in war? You're going to wield more violence than the threat, and seize its assets to make yourself whole. Instead of settlement or recovery, we call it reparations.


There are insurance companies that insure war risks, e.g. for facilities in unstable countries, and those companies are not in a position to seize reparations.

Insurance companies live in the weird realm of customer service up front, and financial defense when the whistle is blown.


I wonder if you can get insurance against insurance companies not paying out?


Yup,that's called legal insurance and is often quite an affordable backstop, at least in the EU. Pro-tip is to get yours at another supplier than your regular insurance to best align incentives. In things like consumer conflicts I've never had to use my legal insurance, just announcing that you'll get them involved usually is met with some kind of compromise.


Absolutely second the benefits of legal insurance. It clearly shows others you are not afraid to fight this out as the costs are covered.

The free legal counseling hotline my insurance provides helps me at least twice a year with the right approach to tackle problems. And they have such a large network of lawyers that I'm always speaking to a specialist in my problem's area.

The combination of legal counseling and the simple fact that I had legal insurance helped me compromising in my favor or outright win all legal disputes I had since buying the insurance without actually using it.

Legal insurance is also probably a very lucrative insurance model. They avoid a lot of cases for their customers by their pure display of power and can advise their clients about which battles are worth fighting for in the first place. Furthermore (afaik) the losing side pays most of the legal fees of both parties.


That's not the same. What you are talking about is an 'insurance' where you, when you get into legal trouble, are reimbursed for (some of) your legal costs. That's not what the GP meant.


What the GP meant is literally quite strange. You get reimbursed re conditions of the contract, period. If the insurer doesn't pay it's either a legally correct action or not. If legally correct you get what you paid for. If incorrect you need legal recourse. The only type of insurance possible against an insurer not paying is legal insurance. Otherwise you are asking for an insurance for you not understanding the terms and conditions. That's typical.


> Otherwise you are asking for an insurance for you not understanding the terms and conditions.

Is this an unreasonable request? :)

Whenever I get insurances through work I rarely get terms and conditions? If I do, I rarely get something specific, it's very ambiguous.. and contains unqualified conditions.

I find that agents can rarely answer questions I have, how was I suppose to understand things?


Or you need insurance against your insure going bankcrupt which I would want for life insures, at a minimum.


Insurance is like a `bottomless wishing-well`, demands regular offerings but return favours during unforeseen emergencies not guaranteed.


So what is the standard of evidence for something like this? The fact that say top security outfits did attribution to APT-blah or APT some blahBear and there is some level of confidence that the groups might be state actors is it really enough?


Not entirely surprising that insurance company is attributing this to an Act of War.

* Russia is actively pursuing an Active Measures (активные мероприятия [1]) political war against the west

* Russian companies & persons charged by Mueller have actively used the defense in filing that their actions were Acts of War, and so not illegal. These defense claims have not yet been ruled upon, AFAIK.

* The Russian govt, former KGB organization, Oligarchs, Russian Mob, and hacker community have effectively morphed into a single operation entity.

Nevertheless, it is a bit of a stretch to consider a specific hacking event as part of the Active Measures war. Not that it is surprising that the insurance company tries it. They'll st least delay any payments.

This may, interestingly, raise the stakes on any cooperation with such operations (e.g., being a funds conduit, renting out a botnet to deploy the malware) from standard criminal conspiracy charges right up to treason. Not sure if it will play out that way, but I wouldn't want to be the one testing the prosecutors' discretion, or the inclination of the NatSec organizations to get involved. Totally changes the risk profile of getting involved for those inclined to play around the edges.

[1] https://en.wikipedia.org/wiki/Active_measures


If insurance stops paying out then companies will take data security more seriously. Their very existence will depend on it.

Net win for society from my perspective.


Some might but many wouldn't though, because the risk of a problem occurring is still relatively low. No insurance just means it's worse if it does happen. The company would fail, resulting in a loss of service for their customers and a loss of jobs for all the staff.

To use a good old car analogy, if car insurance stopped paying out people wouldn't all immediately become better drivers.


Production reliability and user privacy are different goals. It’s true that a generally tighter ship will be better at both, but they are often in direct conflict. “Fail secure” is an outage waiting to happen.


I wonder what the long tail costs are for not paying the claim?

If I had any insurance policies with this company I would cancel and look elsewhere. The insurance company must have modeled both scenarios.


If they can't pay out in a case like this, they shouldn't be in business. I hope the affected insureds sue this scumbag insurance company into the bankruptcy it deserves. And if the whole cyber attack insurance industry goes belly up, it sounds like a win for society: maybe these other idiot companies will start to take security seriously rather than just trying to collect money for their insurance companies.


I’m curious how much the insurance thinking was: if we pay this, more companies will maintain bad security, pay bribes and we’ll be left to foot the bill.

In addition to more victims, the second compounding effect of this would be that giving money to hacker groups means they would become bolder. That might even mean they’d potentially blur the line from State-sponsored to something that outgrows even the authority of a (rogue) State.


Companies won't take security seriously until there are real costs to losing customer data. Right now, they can just send out an apologetic press release after getting attacked due to their shoddy security and that's it.


Just subpoena the intel agencies? Just because they haven't released the evidence publicly doesn't mean it wouldn't seem reasonable for the intel agencies to assist the case.


That's a sleazy insurance company. They use a lame excuse to avoid paying.


Good luck proving conclusively in court that russia was behind the software


In civil suits, the standard is a preponderance of the evidence. That makes this pretty hard to surmount:

> Zurich American Insurance Company points to the official statements of national security officials from the UK, Canadian and Australian governments, all of which blamed Russia for the cyber attack in February 2018. Even the White House in the United States said the cyber attack was part of Kremlin efforts to destabilize the Ukrainian government.


It’s interesting that insurance Co didn’t point to an absence of proper inclusion clause. They tried to find exclusions that may help them to pull the fast one on a customer.

Which means the policy wording clearly matched the covered event.


The insurance company’s argument is “When we gave your lawyers a bespoke contract that said ‘Irrespective of whether a loss would otherwise be covered or not, we will not pay any claim which...’, what precisely did you think we meant?”

They quote the language in the policy and quote the national security apparatus as having made a determination that this was hostile action by a foreign government or their affiliates. Contractual disputes are often substantially less well-grounded in assertable facts than this one.


Was there a declaration of war? Did their policy specifically mention 'cyber war'?

what a steaming load.

insurance companies trying to squirm out of paying something is as certain as the sun rising.


I was offered a rider on my last business insurance policy, for about a 5% premium increase. It was labeled the Terrorism Rider but the legal code was war, acts of state-sponsored violence, etc etc. If you don’t buy that rider, and someone drops a bomb on your building, your claim falls into an exclusion.

These exclusions were largely inserted into new policies for risk management after 9/11. If you’re negotiating a 9 figure insurance policy, you have lawyers who read the thing and can debate the issue with the insurance company’s lawyers if there is a dispute over exactly what the bespoke language you signed meant.

I’m not unsympathetic to the insurance company here. The intent of this language is “We did not sign up to take on Russia. We are willing to do that, but it isn’t free.” If somebody doesn’t negotiate for that, well, you pays your money and you takes your chances.


The clause is meant to reduce correlation - acts of war can happen to everybody at the same time, while fires and floods only happen to a tiny percentage of customers.


I remember "war not covered" language from home insurance policies, going way back before 9/11. Also exclusion of flood damage, and there are special FEMA-backed policies for that.


That's fine, except that the insurer has to prove the state-sponsorship beyond reasonable doubt, no? Exceptional claims ...


“The US government has publicly claimed this was a hostile act by Russia” wins that argument, trivially, in a US courtroom. And it will be a civil trial; the standard will be “preponderance of evidence.”


By the way, to get a trial going, you only have to raise reasonable doubt. Getting beyond reasonable doubt is the problem.


“Reasonable doubt” is a term of art in law. Your use of the term does not agree with how the legal field understands it. “Preponderance of evidence” is another term of art, which is a strictly lower burden to meet than “beyond a reasonable doubt.” Your understanding of which of these two standards the legal system applies in civil cases mispredicts the behavior of the legal system. You can confirm this representation with a lawyer of your choice.

The standard to survive an attempt to dismiss will be approximately “even reading all factual representations as true in the most charitable reasonable way to the suing party, no reasonable finder of fact would see a justiciable controversy here.” You’re welcome to ask a lawyer on whether the suit would pass that burden.


I hope you mean officially, because e.g. a public fox news proclamation falls under hear say, IMHO.

So much for the court as last instance of truth. So what, do they have to go to the international war courts where genocide is prosecuted instead, to rectify the unfair situation in which the claimant is caught between two hard places and the rock that is burden of proof?


Yes, as the article says, that's an official white house statement: https://www.whitehouse.gov/briefings-statements/statement-pr...


Lawyer here. In the U.S., the "beyond a reasonable doubt" standard applies only in criminal prosecutions, not in civil disputes. The thinking is that, before the police may lock someone away for more than a few hours for allegedly committing a crime, or permanently confiscating his or her money as a fine for criminal behavior, we the people insist that the authorities must demonstrate, with properly-admissible evidence, that reasonable minds could not differ about the defendant's guilt.

In contrast, in civil trials the plaintiff need only convince the fact-finder, whether jury or judge, that the plaintiff's legally-cognizable claim is more likely than not to be factually justified, even though reasonable minds might well differ. That's what's known as the preponderance of the evidence standard.

(Think of the image of the scales of justice: If the plaintiff fails to adduce enough properly-admissible evidence to tip the scales in favor of the plaintiff's version of events, then the plaintiff loses. This includes cases where the scales are equally balanced, referred to as the evidence being in "equipoise.")

Exception: In a few special types of civil case, such as allegations of fraud, the plaintiff typically must demonstrate factual support for its claim by clear and convincing evidence, which the U.S. Supreme Court has defined as "plac[ing] in the ultimate factfinder an abiding conviction that the truth of its factual contentions are 'highly probable.'" [0]

Another exception: By statute in the U.S., a claim that a patent is invalid or unenforceable must be supported by facts proved by clear and convincing evidence. The Supreme Court reaffirmed this standard in the Microsoft v. i4i case, 564 U.S. 91 (2011). [1]

Incidentally, in a criminal trial, when a jury returns a verdict of "not guilty," it's a misnomer: The verdict should really be "not proved beyond a reasonable doubt." (I understand that this is in fact a permissible form of verdict in Scotland.) The defendant could still be held liable for damages — but not imprisoned — in a civil trial under a preponderance standard.

That's what happened to OJ Simpson: He was acquitted in his criminal trial, because the jury found that the prosecution had failed to prove his guilt beyond a reasonable doubt. Afterwards, though, the families of Nicole Brown Simpson and Ron Goldman successfully sued Simpson in civil court for wrongful death. The families persuaded a different jury that Simpson was more likely than not to have killed the two. The jury awarded the families some USD $33 million in damages. Much of Simpson's property — including his Heisman Trophy — was seized and sold at auction to pay (part of) the damage award. [2]

[0] https://scholar.google.com/scholar_case?case=102304536890726...

[1] https://scholar.google.com/scholar_case?case=180843048559846...

[2] https://en.wikipedia.org/wiki/O._J._Simpson#Nicole_Brown_Sim...


I’m not unsympathetic to the insurance company here. The intent of this language is “We did not sign up to take on Russia. We are willing to do that, but it isn’t free.”

The intent of the language doesn't matter in the least. What matters is the language itself and the meeting of minds that existed when the policy was purchased. Cyberattacks, whether perpetrated by Russians or the script kiddie down the street, do not fall under anyone's legal definition of "war."

If I'm wrong about that, then great -- now we can legitimately bring up the subject of treason charges against those who were complicit in the DNC hack and subsequent email dissemination.

I suspect you'll be a lot more sympathetic when you file a claim and your insurance company interprets your policy on the basis of a dictionary they wrote themselves.


Per the article, the exclusion was "a hostile or warlike action in time of peace or war.", and part of the argument is based on the fact that the US government labeled it as a russian campaign to destabilize other countries (https://www.whitehouse.gov/briefings-statements/statement-pr...). That's not just the insurance company redefining words there...


Once again, defining cyberattacks as "war" or even "warlike" would have profound implications well beyond the confines of the insurance industry. These definitions are not left open to opinion for some very good reasons.

This insurance company is going to lose. It's simply unbelievable that people here are defending them, even on a site known for turning devil's advocacy into a religion.


We'll see, I don't think it's clear cut how it'll pan out. I agree that this definition is a line that's tiptoed around a lot, with one the one hand them being clearly seen as a tool of the military, and the US administrations making statements that they consider military strikes a possible response to cyber attacks, and on the other hand lots of careful warning about the risks of doing so, the problems with attributions, attacks being handled on a civil level, ..., but the former half could be enough. Especially if the attack is put into context of the existing war/conflict in the region, qualifying it as part of the conflict might come easier than if it were a standalone attack without this context.

It's not like the courts opinion would force a change in the government position, and governments don't necessarily treat all examples of conventional state aggression as war (or at least not as war they want to concern themselves with) either.


There's a potentially long road between a destabilizing act and war. Economic/diplomatic policies, or propaganda, can certainly be destabilizing.


It takes two to tango. If a cyber war is ongoing, then I think the insurance company should cite retaliatory action in the war as evidence. From what I can tell western governments do not generally publicize any specifics of effective cyber operations.

So i wonder if this puts insurance companies in a position where they benefit from classified operations are outed to bolster the case that this was indeed an act of war.


I thought that retaliatory action would be a good indicator, so I took a look, and I'd say this supports Zurich's decision:

https://techcrunch.com/2018/03/15/russian-sanctions-treasury...

Others cited the exclusion to be worded as "hostile or warlike action in time of peace or war", further tilting the scales in the insurance's favor.


The sanctions as retaliatory? I’d agree the are but I was thinking more of a cyber counter offensive.


War, hostilities, civil unrest and acts of god have been standard exclusions in insurance policies, well, forever.

I'm not sure why this would be any different, but for the "cyber" that gives HN something to talk about. After all, a bloodless coup or invasion would be an act of war without retaliation.

Normal civil standards of proof would be all that's needed.


Those would be but there is clear precedent those are war-like actions. There is not president that ransomware is cyberwarfare.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: