Staying Ahead of Cyber Crime: Yes, It’s Complicated

Property & Casualty Team

Cyber Insurance | Property & Casualty | Corporate Synergies

As Seen In

Your email might live in the cloud, just like your customer data. You may store files there, too, and you certainly have website content that resides in the nebulous world of modern data storage. No matter the industry you work in or the size of your business, cyber criminals want to steal your data.

Small and mid-sized businesses are just as susceptible to data breaches and cyber crime as large businesses. In fact, an attack might be easier to pull off on a smaller enterprise with less sophisticated IT security. These organizations will also find it harder to fix a damaged reputation in the wake of a data breach.2A recent example involves a Los Angeles medical center, which paid a $17,000 ransom to a hacker who seized control of the hospital’s computer systems and would return access only when the money was paid.1

It’s a 21st Century imperative to establish a cyber-crime response plan.

Ponemon Institute tracks the cost of Internet-based crime for its annual Cost of Cyber Crime Study report. In 2015, cyber-crime costs jumped by 19%. Smaller organizations experienced a higher proportion of related costs caused by web-based attacks, including phishing and social engineering, malware, viruses, worms, trojans and botnets. Larger businesses experienced a higher proportion of costs related to denial of service attacks, malicious insiders (employees, contractors, etc.), as well as malicious code and stolen devices.3

To adequately protect vital data, it’s a 21st Century imperative for businesses to establish a cyber-crime response plan, protect information with encryption, train employees, and secure the proper insurance.

Cyber insurance typically covers:

  • damages to digital assets
  • business interruption and extra expenses
  • third-party privacy liability
  • first-party privacy liability
  • security liability
  • media liability
  • privacy regulation defense awards and fines
  • crisis management
  • cyber extortion

Cyber insurance may provide financial protection from the loss of employee and customer data, downtime your business experiences, and penalties you might face. It may also help offset the enormous cost to repair your company’s reputation and manage a crisis when it hits. The protection you get from your cyber insurance policy should be customized to your business, so you’re paying only for coverage that makes sense for your specific exposures.

But above the actual protection lies another problem: cyber insurance is designed to cover a manmade problem. Other property & casualty insurance policies cover issues like business interruption if there’s a fire, or damage caused by a snowstorm—environmental disasters that have been affecting commercial enterprises for hundreds of years. Cyber security, on the other hand, is a relatively new type of risk, with only a couple of decades’ worth of claims data on which to create a loss model. This creates challenges for insurance companies who struggle to understand how to underwrite cyber insurance without solid claims data.

And this, in turn, presents a huge problem for actuaries and underwriters, who typically depend on data and consistent loss modeling to accurately price a risk. There’s a gap between businesses that want—and need—cyber insurance and the ability for insurance companies to accurately underwrite the risk in a relatively cost effective manner. Pricing for cyber-risk insurance can vary greatly from company to company, and many smaller carriers don’t offer cyber-security policies for this reason.

Carriers currently underwrite cyber-risk insurance similar to errors and omissions (E&O) or professional liability policies. Much like E&O, cyber risk is typically sold as a standalone policy. Your cost may vary depending upon what coverage is provided (i.e. first and third party liability, notification costs, legal fees, etc.).

Risk managers in the banking and finance, government, healthcare and retail industries need to be especially vigilant when it comes to cyber risk; these are the top four industries affected.4 But regardless of your industry, you should get together with your property & casualty insurance broker to discuss the level of exposure your particular business faces. How many customers do you have, and consequently, how many customer files do you have? What type of data do you store, and what security measures does your IT team take to protect this sensitive information? All of these factors play a part in determining the cost of a cyber risk policy.

Without a cyber-attack prevention and response plan, and adequate insurance coverage, you’re likely putting your customer data, your reputation—and maybe even your business—in danger.

1 Los Angeles Times, “$17,000 bitcoin ransom paid by hospital to hackers sparks outrage
2 BizTech Magazine, “Cost of Data Breaches High for Small Businesses
3 Ponemon Institute/Hewlett Packard Enterprise, “2015 Cost of Cyber Crime Study: United States
4 NetDiligence, “2015 Cyber Claims Study


©2016 Corporate Synergies Group, LLC. No part of this material may be republished or distributed without prior written consent.

Download PDF