Why Cyber Insurance is a Must Have for Business of All Sizes
Cyber Insurance: A Must-Have for Businesses of All Sizes
A brief look into Cyber Insurance and how it can protect a business from catastrophic losses resulting from a data breach.
Authored by Guest Blogger, John Vlahos CLCS, SCS Agency for Pupfish Sustainability Solutions
Why is Cyber Insurance Essential to Businesses of all Sizes?
It’s Cyber Security Awareness Month, and what better time to discuss an increasingly essential line of insurance coverage that can help protect your business from potential cyber-related crime - Cyber Insurance. In 2020 malicious cyber-attacks increased by 55%. This was mainly driven by the transition to remote work during the pandemic and an increased reliance on mobile devices that left organizations vulnerable to malicious data breaches. In addition, the healthcare sector’s dependence on telehealth left the industry vulnerable to bad actors. This increase in cyber-attacks reverses the downward trend in the previous few years, as bad actors searched for more lucrative options, namely ransomware!
Who Should Carry Cyber Insurance?
The short answer is anyone operating a business. While cyber-attacks on large corporations make headline news, all companies large and small have exposure. In fact, 80% of malicious cyber-attacks are on small businesses. Bad actors do not discriminate and are increasingly targeting mom-and-pop-type operations.
According to a recent study by the Ponemon Institute, the average annual cost of cyber-attacks for small and medium-sized businesses is over $2 million. Most small businesses don’t have that kind of money lying around, and as a result, nearly 60% of small businesses victimized by a cyber-attack close permanently within six months of the attack.
Further, any business that stores customer information, is subject to state and federal cyber security and data privacy laws. More information on these laws can be found here. Fines and notification requirements apply in the case of a cyber breach - in addition, statutes generally require each unique record that has been exposed be notified via certified mail which costs on average $7 per record.
This emerging risk impacts businesses in every industry. Any business that accepts credit cards, stores customer information, manages payroll, collects financial or medical data, or simply uses a computer, tablet, or mobile device has risk exposure in the event of a data breach.
Where Does Standard (General Liability) Insurance Fall Short?
Nearly all businesses have a Commercial Insurance Package of some kind that includes General Liability and Business Property Insurance to protect them from various exposures particular to the industry. However, in most cases, cyber-related crime is an excluded cause of loss in these policies. And in those cases where an insurance package may include coverage for cyber-related claims, this coverage almost always has a sub-limit (a much lower limit than the limit of the policy). Further, most of these policies are limited to third-party claims only and do not cover the costs and losses to the policyholder’s business that are the result of a cyber-attack like systems restoration, or cyber extortion payments. A Cyber Insurance policy can help fill this gap in coverage.
What is Cyber Insurance?
Cyber Insurance (may also be referred to as Cyber Liability or Cyber Security Insurance) protects businesses against computer-related crimes and losses. This may include ransomware attacks, malware, and phishing, as well as improper IT asset / data destruction or disposition practices pertaining to decommissioned IT Assets. A recent example of this type of data breach occurred recently when a trusted financial institution was fined $60m for failure to properly oversee the decommissioning of several data centers, putting client data at risk.
It is important to understand that, currently, Cyber Insurance policies are not standardized. This means coverage forms differ from carrier to carrier making it essential that a policyholder reviews and understands what (is) and (is not) covered by their policy.
A cyber insurance policy generally has (2) parts: 1st Party Coverages (&) 3rd Party Coverages.
First Party Coverages may include:
System remediation and restoration
Cyber forensics
Cyber extortion / ransom
Cost of notification after a breach
Social engineering Losses
Soft costs (public relations and credit monitoring)
Third-Party Coverages may include:
Cyber liability resulting from a data breach
Cost of legal defense
PCI fines resulting from breach of contract
Regulatory fines pertaining to industry-specific requirements set forth by HIPAA, FINRA, FERPA, FISMA, Sarbanes-Oxley, etc.
*Keep in mind coverages vary from carrier to carrier.
While it is of the utmost importance to have the proper preventive and mitigation measures in place to avoid cyber-attacks, having the right Cyber Insurance policy in place will help transfer this risk when systems and protocols fail.
How and When Should I Secure Cyber Insurance for my Business?
Cyber Liability coverage is still relatively new to the insurance industry and actuaries are determining pricing and insurability in real-time as we learn more about this emerging risk. The rise in frequency and severity of cyberattacks, driven by ransomware, as well as poor risk management procedures and employee training are resulting in an increase in insurance rates as well as heightened scrutiny from underwriters. Carriers are paying out more actuarial analysis predicted, reimbursing ransom payments for 64% of cyberattack victims. Despite rising premiums, we have experienced a 95% increase in clients requesting cyber coverage. Part of the increase in demand comes from clients who haven’t typically purchased cyber coverage and those who experienced a data breach or other cyberattack and didn’t have coverage.
As we approach Q1 2022 it is going to be more common for underwriters wanting to see a history of cyber insurance experience to secure preferred rating and coverage. Also having the proper preventive measures already in place will impact a business’s insurability and premium rates.
At SCS Agency, we understand how cybercrime can impact your business and bottom line. As ransomware attacks and similar concerns increase, call 516.726.2623 or visit SCS Agency to learn how to mitigate risk and ensure your business is adequately protected against a catastrophic data breach.