How do I become a ‘better risk’?

Tim SmitTimothy Smit
Sr. Global Privacy and Cyber Security Risk Leader, Lockton Companies

Timothy develops long-range strategies directing clients how to optimize their data effectively and responsibly.  He focuses on privacy compliance, data protection, and the use of or introduction to digital technology.  He assists in identifying data privacy risks, operational risk, process improvement, and conducting data flow mapping exercises.  Timothy conducts risk assessments and develop strategic solutions for managing those risks along with building incident response programs and plans to improve operational resiliency to a cyber or privacy event.

Over the past few months, we have engaged with numerous clients on their working from home solutions along with preparing to return to their office strategies.

A common topic of both scenarios has been, “How do we become a ‘better risk’?”

Our role is to assist and educate our clients and prospects on their risk exposures, the likelihood of those being exploited, and when they are, what will the impact be to their operations, finances, reputational, strategic, and regulatory risks.

Where do we begin?

To become a ‘better risk’, you must know what kind of current risk you are.

This begins your reflection assessment on where your organization currently is.

An initial starting point may be a review of your most current information or data risk assessment and begin reflecting on:

What were your most critical risks that were identified?  What was the organization’s risk response to those critical risks?

Did you mitigate them within a set period or do those risks remain unaddressed?  Perhaps you transferred the unacceptable levels of risk to a broad, best-in-class cyber liability insurance program.

How does our organization manage information risks?  What information protection framework has been implemented to better protect us?

These reflecting questions will start the process of outlining what questions need answers to baseline your current risk level.  Once that has been completed, you are able to project where you want to be as it relates to a ‘better risk’.

What do we do next?

Resources are plentiful to engage with to help your organization identify and reduce risks, but where do you start.

If our organization has not conducted and completed a current information risk assessment, you may be guided to conducting that first.

If asked, my initial questions for you to answer would be the following:

What does your information life cycle look like?

What is your critical information flow path look like?

Do you have that documented that depicts each information asset the critical information touches or traverses through?

What does your data classification policy look like?

When did your organization conduct its last data mapping exercise to ensure these are accurately depicted and protected?

Each organization is different; however, the same concepts apply.  What information do you have?  Where do you collect or create it?  Where does it go (internally and externally)?   Who has access to it?  How is it protected?  How long do we need to retain it? And, when do we need to destroy it?

Once an organization can answer those questions fully, will the strategy of becoming a ‘better risk’ become more likely.

Now what?

Partnerships are critical in any successful business relationship.  Leveraging experts to assist and focus on gaps and opportunity areas is not a simple process.

Outlining the accurate information above prioritizes what gaps and opportunities your organizations may consider focusing on within your overall ‘better risk’ strategy.

You have your current baseline.  Check.

You have your information lifecycle and flow path documented.  Check.

You have your information classification policy set.  Check.

We now are ready to proactively prevent risks and losses from occurring.

A possible first step is to self-assess what and where your most critical risks reside and how well your current information security controls are working.

Your cyber carriers provide proactive loss services to help you conduct those self-assessments.

Now, correlating your initial, current risk level with your completed self-assessments will provide your organization with insight to where you are and drive the conversations of where you want to be as it relates to a ‘better risk’.

Your cyber carriers provide proactive loss services, such as security training and awareness programs, assisting in improving your risk posture within your workforce members, and other services, based on where you may need assistance.


Take into consideration all the proactive measures your organization is conducting and reassess your risk posture monthly, quarterly, and annually.

The results will showcase where you started, where you have been throughout the year, and where you are today.

The progress will tell your story and you will see that your organization is becoming a ‘better risk.’


For more information or guidance on these and other privacy or cybersecurity matters, please feel free to contact me directly at

Top Ten Practices for Successful Remote Mediations

Emily_Bonds_390_4x5Emily Sides Bonds
Partner, Jones Walker LLP

Emily represents agents and brokers, directors and officers, other professionals, and business entities in professional liability, products liability, mass tort, class action, banking and financial services, insurance coverage, and other commercial litigation. Her practice extends to all state and federal courts in Alabama and Mississippi. In addition, Emily is a trained mediator and arbitrator.

Life has changed in the last few months. New words have made their way into our dictionaries: Covidiot (someone ignoring public health advice), covideo (online parties on Zoom), the “rona” (Coronavirus), and covexit (strategy for exiting the lockdown). Social distancing was apparently an established phrase, but I had never heard of it.

COVID-19 has significantly altered the way in which witness interviews, depositions, mediations, and even trials are being conducted. We are forced to handle tasks virtually or remotely instead of in-person as we have done in the past. To say the least, this unprecedented, unpredictable, and ever-changing time demands that we examine and understand how to participate in and be on top of our game when conducting discovery, mediations, and trials remotely.

The current state of this pandemic will demand remote mediations for the near future. However, I anticipate that remote mediations will continue even after the pandemic has subsided. If done successfully, participants will want to continue this practice for the efficiency and cost savings that it brings to the litigation process. Of course, the opposite is true: if participants to remote mediations have a bad experience, they will be less likely to want to continue the practice once COVID-19 cases decrease.

I am Emily Bonds, a litigator and mediator licensed in Alabama and Mississippi. This post contains my “Top Ten” list for successful remote mediations.

#1:       Confirm with Mediator/Attorneys how Participants Will Appear at the Mediation

Nothing gets a mediation off on the wrong foot like the opposing side believing that a party or insurance representative will appear in-person, only to find out that the person is only available by phone and possibly for a limited time period. Make sure your side confirms how each attorney, party, and insurance representative will appear. Do not depend on the mediator to begin this discussion; instead, make sure your attorney confirms and manages the opposing side’s expectations for attendance.

#2:       Pre-session with the Mediator is a Must

With a remote mediation, it is tempting to just show up and let it all work out. This follows typical mediation practice. Lawyers draft and forward position statements, mediators review those statements the night before the mediation, and everyone shows up without knowledge that there is a roadblock to a successful resolution. Make sure that your attorney has talked with the mediator about the upcoming mediation and not just through a last-minute position statement. I have found that a pre-mediation session is the most over-looked and under-used tool in trying to get cases resolved. Your lawyer could suggest a pre-mediation meeting with the mediator via Zoom. The mediator should make the same suggestion. If no one does it, then you make the suggestion. It is an easy way to begin the building blocks to a successful mediation.

#3:       Schedule a “Dry Run” with the Attorney and Party/Insured

If this is your first time utilizing Zoom or another virtual meeting service, take the time to request that you and the attorney conduct a “dry run” of the process. This may be more important for the party/insured who is likely to be less familiar with the mediation process itself. Misunderstandings and confusion can be avoided by simply trying it out beforehand so everyone is on the same page.

Also, you may need a plan for how to communicate with each other in the event that you are unsure if your discussions are confidential. Make sure all participants on your side have each other’s cell phone number.

#4:       Be knowledgeable as to how Zoom Works

Most of us had never even heard of Zoom before March. Now, we have to know the ins and outs of it in order to have a successful mediation. Most law firms and insurance companies are conducting training on how to work Zoom and how to effectively participate in it. Take advantage of the resources available to you.

The remote mediation will likely be hosted by the mediator. The mediator can put each side into a waiting room and then caucus back and forth between the parties. Make sure that you discuss with the mediator that he/she will announce his/her appearance into a waiting room to which you are a part. Because you may have some uncertainty about the confidentiality of your waiting room, I would be careful as to any comments that may be deemed derogatory to the opposing side or the opposing side’s case or claims. A colleague of mine recently shared with me an experience in attending a remote mediation. The mediator forgot that he was in the waiting room with my colleague and his client. The mediator made a derogatory remark about the client. That one event made my colleague and his client completely distrust the process. The mediation was not successful.

#5:       Make Sure the Remote Mediation has your Full Attention

Some insurance representatives are double booking their remote mediations. I get it. There’s a lot of downtime during a mediation and we all want to be efficient.  I advise against this! You will be distracted and likely with too much on your mind to effectively hear the positions being taken by the opposing side, the mediator, and even your attorney. Also, avoid half-way participating in the mediation by checking email or surfing the web. While it may appear that multi-tasking is effective, it actually may increase the time you spend at the remote mediation because facts and strategies had to be repeated to you while you were in the midst of checking your email.

#6:       Sharing your Screen can be an Effective Tool

Zoom has an awesome feature that allows a participant to share his/her screen. Your case may have a complicated damages calculation or your attorney may want to share the points of the summary judgment motion with the mediator or the opposing parties. Think outside the box with your attorney as to what will be most effective way to present your side of the case at the mediation.

#7:       Observe Proper Etiquette

Check your computer or phone camera to make sure it is smudge-free before joining the mediation. Make sure your appearance is professional. Do not wear clothing that is the same color as your background because it will cause you to fade out. Mute your audio when you are not talking. If you do not have an office, then use earbuds or a headset to avoid background noise and maintain confidentiality.

#8:       Check your Lighting and Background

If your law firm or insurance company has a professional virtual background, then I would use that. I would not use an alternate background, such as a beach, which looks unprofessional. I actually had this happen in a hearing where my client was participating. All of the participants appeared as if they were in their office. My client looked like he was on the beach in Tahiti. This is probably not the image you want to portray. The use of a background is something you, your attorney, and the party/insured can discuss during your “dry-run” mediation.

#9:       Don’t be too Close to the Camera or have it Below You

This tip is self-explanatory. If you are too close to the camera then you are not portrayed professionally. If the camera is below you then the other participants can see up your nose!

#10:     Make Sure You have a Sufficient Internet Connection.

Last, but not least, make sure you have a sufficient internet connection. If you are working remotely and your home internet is spotty, you may need to visit the office for the mediation. Mediations conducted remotely can really go downhill when the opposing side has to wait for the other side to figure out their internet issues. This can be avoided by a dry-run mediation.

Remote mediations are here at least for the short-term, and my prediction is that they will be here in some form or fashion even after COVID-19 is under control. A remote mediation is an effective and efficient tool, but it must be managed appropriately. Expectations must be managed for how participation will occur. Participants must be educated and well-versed on whatever system is used to conduct the remote mediation. Following the tips listed here will give you a leg up on this process and hopefully make the remote mediation successful.

All this being said, I hope that in-person mediations never go away completely. There are many cases where the lawyers and insurance company representatives need to be present to judge the credibility of a witness, to size up the opposing counsel, or simply to set the tone that the defendants are serious about resolving the case.

Good luck with your remote mediations and please feel free to email me at I would love to hear your stories and other tips on remote mediations.

D&O Perspectives on Coronavirus: Part 4

Join Kevin LaCroix, Carl Metzger, and Rob Yellen for Part 4 of their discussion on D&O Perspectives on Coronavirus. These speakers continue to look at possible effects of COVID-19 from a variety of D&O perspectives. This recording is part of the ongoing PLUS series PL Perspectives on Coronavirus—past recordings are here on the PLUS Blog, and stay tuned for more discussions to be posted in the coming weeks.

Listen here to D&O Perspectives on Coronavirus, Part 4:


KevinLaCroix2019Kevin LaCroix, Executive Vice President at RT ProExec

Kevin LaCroix is an Executive Vice President at RT ProExec, Beachwood, Ohio, a division of R-T Specialty, LLC. RT ProExec is an insurance intermediary focused exclusively on management liability issues. Kevin is also the author of the Internet weblog, The D&O Diary, which the New York Times called “influential” and the Wall Street Journal described as “widely followed.” Kevin has been involved in directors’ and officers’ liability insurance issues for more than 35 years.

Metzger_E_CarlCarl Metzger, Partner and Chair of Risk Management & Insurance at Goodwin Proctor

Carl Metzger is a partner in Goodwin’s Financial Industry and Business Litigation practices and Chair of the firm’s Risk Management & Insurance practice and Chair of the firm’s Partnership Committee. His clients include both public and private companies, major insurance carriers and brokerages, private equity and venture capital firms and non-profit and educational institutions. 

Rob YellenRob Yellen, Executive Vice President, D&O and Fiduciary Liability Product Leader, FINEX at Willis Towers Watson

With over 28 years of Financial Lines industry experience, Rob Yellen is a respected leader in the management and professional liability space. He currently works with Willis Towers Watson, FINEX NA brokers and claims advocates to identify and track developments in risk, coverage and markets, and with our business partners to develop innovative, best-in-class strategies and solutions. Rob joined Willis Towers Watson in 2015 from AIG where, during his 14-year tenure, he served in several key leadership roles–including Chief Underwriting Officer, Financial Lines, U.S. and Canada and, most recently, Head of Product Development for Financial Lines–globally and for the Americas Region.