3 Most Costly Types of Cyber Insurance Claims
A good cyber insurance policy starts with two core coverage components. These are:
- Data Breach coverage
- Cyber Liability coverage
Data Breach coverage is also referred to as 1st party coverage. This helps your business respond to a breach if PII (personally identifiable information) gets lost or stolen, whether it’s from a hacker breaking into your network, or an employee accidentally getting their laptop stolen at a coffee shop.
Data Breach insurance coverage can help pay the [expensive] costs for such things as:
- Notifying affected customers, patients, or employees;
- Hiring a public relations firm for damage control;
- Offering ongoing credit monitoring services to data breach victims;
- Business income coverage to help replace lost income if you can’t run your business because of a data breach;
- Extortion Coverage helps cover the amount you paid if someone takes your business’ data and demands a ransom.
Between data breach coverage and cyber liability coverage, more than 95% of cyber insurance claims costs come from data breach losses! And these data breach losses fall into three broad categories:
Theft of funds
This is the straightforward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, their bank may not reimburse them.
Theft of data
Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly harmless information such as names and addresses stored on a computer network can be worth more money than you think
Damage to digital assets
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a company’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix. Your cyber insurance policy will help do this too…..fix and patch your system.
So, when contemplating the purchase of a cyber insurance policy, data breach coverage (1st party coverage) is the heavyweight coverage you must incorporate into your policy. Cyber liability (3rd party coverage) is just as important, but that’s not where the bulk of the claim dollars are paid in the event of a data breach.
Regardless, make sure both of these coverages are included in your cyber insurance policy. And then drill down even further into the data breach coverage section to make sure the line item coverages such as Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, and Business Interruption are included as well.
No two carrier policies are the same and cyber insurance is absolutely not one size fits all!
Is the Cyber Insurance Market Stabilizing?
I just wrapped up a sizable Cyber insurance policy renewal and based on the results of our marketing efforts, I think it’s a good indication that the market is beginning to stabilize.
The cyber insurance market has been in a hard market for the past several years.
This particular cyber insurance renewal is for a middle market company that works with Fortune 500 companies. They’re required to carry $50,000,000 in coverage by contract.
The insured’s services are viewed as a higher risk for the cyber market. It is a technology-based business that holds a lot of third-party sensitive data. They do about $75M – $80M in annual revenues. Cyber liability and data breach are definitely their primary risk exposures.
This policy renewal took 10 carriers to quota share the risk and the year-over-year premium is down in 2023 by 4-5%.
I had a feeling the renewal premium wouldn’t spike as hard as it did last year, but I was pleasantly surprised there was actually a slight DECREASE for this renewal.
The cyber insurance market is a lot like the mortgage industry prior to 2008.
Up until a few years ago, you could buy cyber insurance by providing very little information and carriers practically gave away quotes. And not very expensive ones relative to the risk.
Then hackers decimated the cyber insurance market with ransomware and social engineering attacks. Millions upon millions of claims dollars were being paid by carriers as a result.
Underwriting ultimately tightened and those looking to secure cyber insurance coverage must now show preventative measures are in place for their organizations such as data encryption, multi-factor authentication (MFA), data backups, etc.
Underwriters won’t even think twice about insuring a business if these types of measures are not in place.
Cyber insurance pricing and trends vary by company. However, in this particular case where we have a sizable middle market company with above-average cyber risk, a decrease in premium this year is a positive sign.
Let’s hope the cyber insurance market continues trending in this direction.
Each and every company/policyholder will see different outcomes with their cyber coverage and rates based on their own unique makeup. However, if you can show that your organization takes preventative measures to help mitigate cyber risk up front, you’re in a favorable spot.
My Interview with Candy Messer on The Different Types of Insurance To Protect Your Business
Thank you to Candy Messer from Affordable Bookkeeping and Payroll Services for interviewing me on the topic of “The Different Types of Insurance To Protect Your Business” Some of the key items we discussed are:
- Tailoring Insurance Coverage for each unique business
- Commercial General Liability Insurance
- Workers Compensation Insurance
- Errors & Omissions (Professional Liability) Insurance
- Do home based businesses need a business insurance policy?
- Is business insurance required by law?
- Insurance for contractual requirements and lease agreements
- Employment Practices Liability Insurance
- The difference between Commercial General Liability and Errors & Omissions Insurance
- Cyber Liability / Data Breach Insurance
- How much does business insurance cost?
- Ways you can keep your insurance costs down
- Negotiating premiums with Carrier underwriters
Check out our interview together here:
Thanks for watching
Radio Interview: The Different Types of Insurance To Protect Your Business
I hope you’ll catch my radio interview hosted by Candy Messer of Affordable Bookkeeping & Payroll. We discuss all things Business Insurance and Risk Management. From General Liability for a home based business to Cyber Liability and Employment Practices Liability for small to middle market companies. You can catch our interview HERE. Also, link included below.
Topics include: General Liability Insurance, Errors & Omissions Insurance, Cyber Liability Insurance, Businssowners Insurance policies, Employment Practices Liability, Workers Compensation, Risk Management.
Insurance for Accountants, CPA’s and Bookkeepers
Accountants, CPA’s, Bookkeepers, Tax Preparers, and other financial services professionals work with a lot of sensitive, personal financial information which can expose them to high levels of risk. And that’s in addition to the every day risks they face – like damage to their place of business or business-related records, etc.
The Hartford is a great insurance carrier for Accountants, CPA’s & Bookkeepers and other financial professionals. They offer a product which bundles General Liability, Professional Liability (Errors & Omissions), Data Breach, Property, and Business Income into a single package policy at a really reasonable price.
Whether you’re a sole practitioner, or partner at a large accounting firm, you should consider The Hartford for your business insurance if you don’t have a policy with them already.
Contact me if you would like to see what The Hartford can offer. I am an appointed broker who can help you out with a quote for this.
Hackers Are Shutting Down Factories
A growing number of cyber criminals are targeting factories for ransom, knowing that the industry’s time-sensitive nature puts pressure on companies to pay up. “if we don’t make our product in time, that means Toyota doesn’t make their product in time, which means they don’t have a car to sell on the lot that next day. It’s that tight,” says John Peterson, AW North Carolina’s IT manager. The factory was hit with malware last year, with the potential to lose $270,000 in revenue, plus employee wages, for every hour it was out of commission.
Manufacturers: do you carry Cyber Liability / Data Breach insurance? Cyber extortion coverage protects your business against losses caused by ransomware and other types of cyber extortion. Many cyber liability policies cover three types of costs.
Ransomware Victims Have Paid Out More Than $25 Million in Past Two Years
Ransomware victims have paid out more than $25 million in the past two years, according to a new study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering. The study reviewed 34 separate families and discovered that a particularly harmful strain, Locky, received more than $7 million in payments. Ransomware, which infects and locks a system until payment has been received, has become “an almost unavoidable threat” over the past few years. It’s shown to be popular amongst cybercriminals, who often demand payment in the form of bitcoin. Two ransomware attacks made earlier this year by WannaCry and NotPetya had been “deemed destructive in nature,” Forbes writes, but only received $140,000 and $10,000, respectively.
A viable solution to this sort of threat? A good Cyber Liability insurance policy will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat. This is only one of the many areas a Cyber Liability insurance policy can help.
Cyber insurance can be essential in helping your company recover after a data breach, with costs that can include business disruption, revenue loss, equipment damages, legal fees, public relations expenses, forensic analysis and costs associated with legally mandated notifications. A lesser-known benefit of cyber insurance is the role it can play in protecting your company long before a breach occurs.
Be Careful of Those ATM Card Skimmers
Are you like me where you get paranoid using public ATM’s and paying for gas with your card at the pump? I am sketched out about ATM / credit card skimmers that scammer’s place on public machines to trace your personal information. I stumbled across this video on Facebook. This is in Europe, but it doesn’t matter, this can happen anywhere. Be vigilant my friends!
Educate Your Employees During National Cyber Security Awareness Month
This October is Cyber Security Awareness Month, an event co-sponsored by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in order to raise awareness of the importance of cyber security issues. While the event is designed to highlight some of the nation’s cyber security precautions, as well as how to be prepared in the event of a national cyber security incident, much of the focus is on good cyber security practices for the average individual.
Specifically, the groups are trying to promote their “Stop. Think. Connect.” and Stay Safe Online campaigns—efforts that teach good cyber security in terms everyone can understand. In order to encourage your employees to practice good cyber security, review the following lessons with them:
- Password Security: More powerful computers have given criminals the ability to crack passwords easily. Passwords with a mix of capitalized and lowercase letters—as well as numbers, symbols and other special characters—are much harder to crack. And, though it should go without saying, make sure your employees don’t write their passwords down in plain sight in their work spaces.
- Phishing Scams: A number of different scams could fall into this category, but they all have commonalities that your employees should be aware of. Never open an email from an unknown source, and never click on a link in an email unless both the sender and the link can be trusted.
- Software Updates: Security patches are designed to fix known vulnerabilities. Make sure your employees download the latest security patches when they become available.
Those wishing to participate in this year’s activities can find a number of resources available online, or contact me for further cyber security materials.
Participating On A Panel for Cyber Crime
This past Wednesday I was part of a panel for an educational workshop to discuss innovative ways to protect small businesses from cyber crime.
On the panel was an FBI Special Agent who shared FBI insights on fighting cyber crime. Akilah Kamaria from Blue Fields Digital Intelligence shared strategies organizations can use to prepare for and respond to a cyber incident. I shared information on cyber liability and data breach insurance and its role in helping to protect companies from cyber crime losses.
Special thanks to Akilah Kamaria for allowing inviting me to participate. Also, to Gal-A Photography for the professional photos:
Thank you for putting on such an important and great event!