What type of insurance is required for radio station owners and what’s recommended?
Thanks In advance!
Thanks In advance!
-
Get involved.
We want your input!
Apply for Membership and join the conversations about everything related to broadcasting.
After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
If you use a disposable or false email address, your registration will be rejected.
After your membership is approved, please take a minute to tell us a little bit about yourself.
https://www.radiodiscussions.com/forums/introduce-yourself.1088/
Thanks in advance and have fun!
RadioDiscussions Administrators
Insurance For Radio Stations
- Thread starter Radiomogul79
- Start date
Normal business insurance covers most: fire, theft, business interruption. Add to that liability coverage for anything said on the air... even for a music station. Auto policies for station vehicles. Tower insurance for specific tower issues. Any other coverage required by landlords and property owners. Umbrella policy to cover any extreme liability or loss.
When I was running the radio division of a large supermarket chain, we were self-insured on everything except liability and there we covered internally anything up to $1 million.. Because we were a billion dollar sales company, with over 100 supermarket locations, self insurance was cheaper than buying outside insurance.
If you rent tower space, the landlord likely will require an additional million-dollar insurance coverage to protect their site from damage caused by natural or man-made reasons. As David said; an umbrella policy covers most of what you'll need. The only other thing might be business interruption insurance, in case the worst happens and you're unable to make revenue for a week or longer.
I know of one station that had a multi-million dollar insurance package on their morning guy. If he died or was disabled, they had plenty of money to make up for the loss in revenue and ratings while they found a replacement.
Was that key man insurance?
It was based on that concept, but amended to specify that the talent was not an administrator but a performer who significantly enhance the value of the enterprise.
I have to say this - don't forget the cybersecurity insurance. Makes me wonder if Audacy had it when their systems were attacked - and not to pick on Audacy, because there are other examples, but that was the first known widely-known one in the radio business.
Good point. I forgot to add that, and I'll bet lots of stations don't have it. I was told by may agent that it could also be done as a ride on a business interruption policy, but do not know if that is with one carrier or most of them.
Thanks for adding that detail, Mark. The cool thing about this group is that if one of us misses a detail or says something confusing, others will make up for that!
Speaking of "oddball" insurance policies...According to this article, Lloyd's of London insured the vocal cords of Bob Dylan and Bruce Springsteen, and the legs of Betty Grable and David Beckham..And they insured this porn star's "took of the trade" for $1Million:
Brit porn star insures penis for $1m - Realbollywood.com News - IMDb
IMDb, the world's most popular and authoritative source for movie, TV and celebrity content.
www.imdb.com
Knowing that group, I seriously doubt they would carry any more insurance than they absolutely had to. Since the beginning of Entercom, they have never seen technology as being all that important. Joe's philosophy was to just do the bare minimum, buy used equipment if able, and send hand-me-downs between stations in smaller markets. From what I hear, the two ransomware attacks caught them completely with their pants down.
It doesn't surprise me. Cybersecurity is an overhead item that boards of directors don't really like to talk about, other than to have reassurance. Their attention also tends to be captivated by talk of hackers and attacks. Certainly that's something they should be informed about, but they also should not be neglecting risk management. They wouldn't neglect financial risk management but, somehow, and this had been a source of frustration for me for years until I retired, cyber-risk management takes a back seat if it's discussed at all.
The reaction in the CISO community to a possible SEC proposal requiring at least one corporate director in a public company to have cybersecurity expertise was instructive. There was a great deal of excitement at first. "Finally, we get a seat at the table!" Then someone described the likely outcome: the NACD (National Association of Corporate Directors) would put together a six or eight-week online course on cybersecurity. Then, in any given company, one or two directors would take the course. And - voici! - there's your cybersecurity expertise.
Too often today, the CISO has to muffle what they're saying in order to avoid embarassing the C-suite. This does not encourage effective risk management. Clearly I have a passion about this, and tried to position myself to make a difference, but then I ran into all sorts of obstacles, at three different companies.
I can't speak much to radio since I've been out of that business for three and a half decade, but I have to believe there are some basics that need tending to even before getting to the level where formal risk management is useful. For example, treating playout systems as a crown jewel (yes, that's a term used in CISO-land), protected much the same way as a utility's control room would be protected, or an industrial process system, or a warehousing system that's moving merchandise around for shipment. Beyond that, there's the need to have a dedicated cybersecurity team to begin with to develop and implement effective protections. I suspect most broadcasters, given the financial margins they have to work with these days, aren't doing that, even if they are publicly traded. I guess when your stock price is already scraping the basement floor, or if your loans are in desperate need of renegotiation, worrying about a ransomware attack that could put you off the air isn't top of mind.
Edit: I will note that a very few publicly traded companies have seen their stock price dip after a confirmed report of a successful attack. Usually the effect on that financial yardstick is limited and not long-lasting.
Last edited:
I can remembers years back Limbaugh talking about going in for a physical for insurance that would cover losses for him passing away
Imagine how much that insurance cost Premiere Radio Networks….
This has been a particular interest of mine for around 15 years. At first, carriers didn't really know how to underwrite such coverage. Loss experience data was spotty and often hard to come by. The underwriters got more experience, and loss experience data got better. In recent years, underwriters have been able to do a much better job of setting the right premiums and, a consequence, it's gotten more expensive. The large insurance brokers, such as Marsh, have also developed internal consulting practices that evaluate the state of a company's cybersecurity program. That information also goes into the underwriting process.
The challenge now is to get data on loss of control. For radio, this could be relevant for playout systems and remote control functions. Thanks to numerous data breaches and privacy legislation, there is good data on the cost of such losses. But loss-of-control data is much harder to come by. I discovered this when I was part of a risk quantification process at a big California utility. Our state regulator, the CPUC, pushed by intervenors (i.e. public-interest groups and advocates), wanted every risk to be quantified and costed out. Our risk register had more than 500 risks, rank-ordered, of varying impacts and costs. But in the security field, both cybersecurity and physical security, we ran into a problem. How do you qualify ill intent? To contrast, a gas pipe in the ground corrodes at a known rate and doesn't intentionally corrode. But in security, the likelihood of an attack is dependent upon someone else's intent, with psychological factors that no one has measured. A lot of what we have is speculation. Between that, and a general lack of data, we were in a real pinch. It took a lot of hard work with me, my leadership team, and the company's consultant to get a pass...this time. But that still doesn't solve the problem with a lack of loss-of-control data.
This type of experience, which isn't unique other than dealing with the CPUC's general obtuseness, also indicates that cybersecurity is not a very mature field at the present time. There are quite a few good people in the field trying to get better data and get risk management practices to be implemented - and to educate the board of directors on what should be done. (More on that in my other post tonight.) But there aren't enough of those people.
I am in the personal casualty insurance businsess as a broker. Out commercial team tries HARD to include a cyber rider on every packet; sometimes it flies and sometimes it doesn't. But they try. I won;t sell a homeowner's policy without the little cyber box checked- proteciton is like 25 bucks a year.
Many would be surprised how much of your business (and even personal) coverage is ultimately underwritten by Lloyd's of London. Most insurance carriers are re-insured by Lloyd's, Munich RE, Mitsubishi/Tokio (this is, oddly the correct spelling) and a few other giant outfits. They are the insurance company for your insurance company, and what they say goes. When these big boys decide Florida is no longer worth the risk, then individual companies will still be able to write policies there, but those companies are on their own.
Many would be surprised how much of your business (and even personal) coverage is ultimately underwritten by Lloyd's of London. Most insurance carriers are re-insured by Lloyd's, Munich RE, Mitsubishi/Tokio (this is, oddly the correct spelling) and a few other giant outfits. They are the insurance company for your insurance company, and what they say goes. When these big boys decide Florida is no longer worth the risk, then individual companies will still be able to write policies there, but those companies are on their own.
Just a couple years ago, I was brought into a public station to pick up the pieces after a particularly nasty cyber attack got their entire donor database, including contact info, credit cards on file, etc. It was REALLY ugly. We literally had to toss and replace new, every workstation and server in the building, including on-air systems. After the dust settled, I felt we needed to address the network core hardware next, since the (former) Chief Engineer had purchased most of it from Ebay. All but one switch was confirmed grey market Cisco, with invalid or missing serial numbers. The same went with the firewalls. It was going to be another unplanned capital expense that I felt required immediate attention. After receiving several Cisco bids from authorized dealers, it took a large spatula to peel management off the ceiling. I left two months later having never replaced that network gear.
This is a prime example of ”el dinero del avaro, dos veces va al mercado” - the miser‘s money goes twice to the market
And honestly? That's a pretty typical mindset for radio. Everything seems stable now, so we can finally stop spending money.
I need to add that one to my mental risk register: insider threat through sloppy procurement and/or improper sourcing.
Fortunately I never had to deal with that as a CISO, though there were times when I had to question people pretty hard about what they were doing when devices suddenly appeared on a network without the usual paper trail. No, Mr./Ms./Mx. Developer, you are going to use standard builds!
"Tokio" was once Tokio Marine, which indicates its origins. Otherwise, reinsurers are now coming under more scrutiny for precisely the reasons you describe, as they are far more lightly regulated than direct insurers.
- Status