The news reports are more frequent, and we must realize that the insurance industry is witnessing the scope of cyber claims expand. The idea that someone outside of your business could break into your computer system/digital files is no longer a movie plot. Cyber-attacks can steal, destroy, or even hold hostage your business’ most vital information.
Growing up during the 70’s and 80’s, there were no shortage of international spy-movies pitting the USA against a few evil organizations around the world. It was fun to imagine that, while in the car, you could follow your location on an electronic map, receive calls on a shoe-phone or even decode a cryptic message using symbols.
As an adult, these former fantasies have become a reality. Although relying on a GPS is a daily activity, some still have an atlas in the car. Also, kids never leave the house without a cellphone, even if the intention is not to call their parents. When conducting business, we also use our cell phones and could be crippled without their convenience. However, the decoding thing has become more of a nuisance than a blessing.
Although the number of attacks were down in 2018 compared to 2017, the cost of ransomware claims increased 60% and business email compromise losses have “doubled,” according to OTA 2018 Cyber Incident & Breach Trends Report. It’s not something that only large financial corporations and hospitals need to concern themselves with. Cyber-attacks can happen at all levels...small business, municipalities, international businesses, etc. Unfortunately, the common CGL (Commercial General Liability) policy does not address these types of risks.
The reality is that data breaches, ransomware freezing system operations and loss of clients (due to poor public image) are not considered tangible losses by insurance carriers. The insurance industry is actively evolving to provide specialized coverage to address cyber-liability and the claims that accompany technological crimes. Cyber-liability is happening, and the new insurance coverage is stepping up.
So, insurance agents must educate themselves on the risks associated with cyber-crimes. What are the common claims? What triggers coverage on a policy? Who needs to understand the various risks and coverages associated in this dark area of business? There is a responsibility to clients to be knowledgeable and ask the right questions.
One main factor is that many carriers will not offer policy coverage unless businesses can provide proof of some type of information security plan. For example, this could include a hard copy of network security policies and procedures.
This is not uncommon to an Enterprise Risk Management (ERM) plan. These processes are designed to help organizations, large or small, limit the amount of financial damages that can be caused by cyber risks. What are the procedures for network safety and Internet use? How are cyber risk issues handled? The National Institute of Standards and Technology (NIST) is a division of the U.S. Department of Commerce and can also offer some insight.
Don’t forget a reputable IT company for frontline defense. Multiple layers of protection can go a long way when addressing cyber-risks.
When seeking to secure this type of insurance, it’s important to understand how the business operates, and to have a firm grasp of the resources and program options that are not only available but addresses specific business exposures.
To help understand how the policies work, become familiar with the two specific categories that cyber coverages break into first- and third-party coverage.
This can be described as expenses or money paid out-of-pocket to get back on your feet or overall remediation. For example, your business is back up and running again).) Event coverage can come as a package to include forensics (locating and identifying), data restoration, privacy breach notification, or payment for improving company reputation after negative publicity (public relations). Cyber extortion can provide for another possible expense (ie, give us money to restore your network systems).
This is focused on liability, such as those who make claims against you for not protecting their personal data, or even data loss that happens at a 3rd-party vendors’ operation. There are also regulatory penalties/fines that can be assessed through violation of PCI rules (Payment Card Industry) as well as State and Federal laws (Consumer Fairness Act, Breach of Personal Information Notification Act) Some cyber-liability coverage examples include Privacy and Security Coverage ,which can address expenses for claims against a business; and Multi Media Coverage geared towards website and social media slander/libel or infringement.
A variety of coverages allow businesses to be proactive instead of reactive. Be prepared to put a magnifying glass to business operations.
We can see the writing on the wall and need to react accordingly. Business owners shouldn’t shy away from seeking guidance, because this is not a shameful affliction. There is no need be embarrassed of wanting to protect your assets. This is a reality. The investment in appropriate insurance coverage, as well as upgrades with IT and monitoring technological risks, can pale in comparison to the costs associated with cyber-security losses.