The Secret Behind Cyber Insurance

Property & Casualty Team

Most B2B business owners and executives don’t spend a lot of time thinking about this, but here’s the truth: you are vulnerable to cyber crime.

Hacking incidents at eBay, Target Corp., Sony Corp., JP Morgan chase & Co., Home Depot and even the U.S. Office of Personnel Management have raised eyebrows about the seriousness of cyber attacks. According to Kaspersky Lab’s IT Security Risks Survey of 2014, 94% of the companies surveyed have encountered cyber security issues from external sources1. This means that even if you have a world-class IT team that has implemented the very latest security systems and processes, there is a very real possibility that your seals are not tight enough. That’s why organizations must also have cyber insurance to back up IT security precautions.

But here’s the dirty little secret about most cyber insurance: A lot of those policies are practically useless when you have a claim.

Cyber Risk, Defined
When we talk about cyber attacks, we’re usually talking about the taking of information from B2B firms. Approximately 80% of cyber attacks are focused on theft or loss of information. It is rarely a “worm” designed to take down a system. Executives need to realize that cyber security is central to safeguarding their most precious assets—intellectual property, customer information, financial data and employee records. Not doing so can be disastrous. This is serious business.

In addition to deploying appropriate enterprise risk management, organizations should also consider the purchase of cyber insurance. Many businesses know this and have done so. However, it pays to look more closely at that insurance policy. Cyber insurance is a relatively new coverage area for carriers and therefore policies vary dramatically. There are numerous stories about businesses purchasing boiler-plate cyber coverage only to realize that is virtually useless when criminals strike. These policies often have major gaps that leave the client ostensibly uninsured. When it comes to cyber insurance, businesses often don’t realize what they need and what they don’t have.

There is a 1 in 7 chance your business will be attacked this year.

Cyber Threats are Growing
While you might think cyber security has made great strides, businesses are more vulnerable than ever and the threat is increasing exponentially. Internet security firm Symantec reports that in 2014, cybercriminals continued to steal private information by direct attacks on institutions, such as banks and retailers’ point-of-sale systems, on an epic scale. The number of breaches increased 23% over 2013.2

The good guys working on cyber security measures are smart and hardworking, but the reality is they’re slipping farther behind the bad guys. There are several reasons cybercrime is on the rise, and they all have to do with increased vulnerability:

  • The proliferation of cloud computing.
  • The rise of mobility, including the mobility of data through thumb drives and other storage devices.
  • The increased use of wearable fitness and personal health devices.
  • More people using credit cards.

Cyber Insurance as a Cash-Flow Tool
Executives should think about cyber insurance as a cash-flow tool. If a business system is attacked and high-priced consultants have to be hired to fix the problem, a significant cash flow will be required to cover the expense. There could be lawsuits by customers to deal with and significant loss of revenue, not to mention hard-to-overcome reputation damage. The risk is real. The loss can happen in an eye blink. And if you aren’t properly insured, the result can be catastrophic. If it happens, will you be prepared?

Why Cyber Insurance Matters
When you’ve seen the news reports about major retailers getting hacked and losing huge amounts of consumer credit card information, you likely thought, thank goodness that would never happen to me. The reality is that B2B companies, non-profits and public entities are very much in the crosshairs of cyber risk, and you need to take precautions, starting today.

Cyber security is central to safeguarding an enterprise’s most precious assets: intellectual property, customer information, financial data and employee records. Not doing so can be disastrous. Damages from a single successful targeted attack could cost a company as much at $2.54 million.3 Management can also be held accountable by shareholders for not initiating the proper procedures and processes. Additionally, breaches can trigger crippling class action lawsuits; the attack on Home Depot prompted a class action on behalf of banks affected by the costs of reissuing payment cards and notifying consumers.4

Not All Cyber Risk Insurance is Created Equal
Here’s the problem with cyber insurance—a substandard policy can leave a business exposed. A good cyber insurance policy will include first party or business interruption coverage. In many instances, coverage is for liability only, but that’s not going to be good enough when your organization comes to a standstill. And while business owners may be covered for lawsuits, they will not see any coverage for lost revenues. Additionally, businesses must pay close attention to the exclusions in their policy; particularly with cyber insurance, exclusions can leave you with a policy full of holes.

Unlike Property insurance or Workers’ Compensation, there are no standardized cyber insurance policies. Which means business owners must pay close attention to their coverage.

Will your business be able to recover if it’s hit with a cyber attack?

1 Kaspersky Lab, “2014 Global Corporate IT Security Risk Survey”
2 Symantec, “2014 Internet Security Threat Report”

3 Kaspersky Lab, “2014 Global Corporate IT Security Risk Survey”
4 Cyberrisknetwork.com, “Banks Hit Home Depot with class Action Lawsuit

 


RELATED TOPICS

  • Employees who travel expose Workers’ Compensation vulnerabilities 
  • Total cost of risk advisory services
  • [/block_grid]
    ©2016 Corporate Synergies Group, LLC. No part of this material may be republished or distributed without prior written consent.


    Download PDF