3 Most Costly Types of Cyber Insurance Claims
A good cyber insurance policy starts with two core coverage components. These are:
- Data Breach coverage
- Cyber Liability coverage
Data Breach coverage is also referred to as 1st party coverage. This helps your business respond to a breach if PII (personally identifiable information) gets lost or stolen, whether it’s from a hacker breaking into your network, or an employee accidentally getting their laptop stolen at a coffee shop.
Data Breach insurance coverage can help pay the [expensive] costs for such things as:
- Notifying affected customers, patients, or employees;
- Hiring a public relations firm for damage control;
- Offering ongoing credit monitoring services to data breach victims;
- Business income coverage to help replace lost income if you can’t run your business because of a data breach;
- Extortion Coverage helps cover the amount you paid if someone takes your business’ data and demands a ransom.
Between data breach coverage and cyber liability coverage, more than 95% of cyber insurance claims costs come from data breach losses! And these data breach losses fall into three broad categories:
Theft of funds
This is the straightforward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, their bank may not reimburse them.
Theft of data
Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly harmless information such as names and addresses stored on a computer network can be worth more money than you think
Damage to digital assets
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a company’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix. Your cyber insurance policy will help do this too…..fix and patch your system.
So, when contemplating the purchase of a cyber insurance policy, data breach coverage (1st party coverage) is the heavyweight coverage you must incorporate into your policy. Cyber liability (3rd party coverage) is just as important, but that’s not where the bulk of the claim dollars are paid in the event of a data breach.
Regardless, make sure both of these coverages are included in your cyber insurance policy. And then drill down even further into the data breach coverage section to make sure the line item coverages such as Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, and Business Interruption are included as well.
No two carrier policies are the same and cyber insurance is absolutely not one size fits all!
Is the Cyber Insurance Market Stabilizing?
I just wrapped up a sizable Cyber insurance policy renewal and based on the results of our marketing efforts, I think it’s a good indication that the market is beginning to stabilize.
The cyber insurance market has been in a hard market for the past several years.
This particular cyber insurance renewal is for a middle market company that works with Fortune 500 companies. They’re required to carry $50,000,000 in coverage by contract.
The insured’s services are viewed as a higher risk for the cyber market. It is a technology-based business that holds a lot of third-party sensitive data. They do about $75M – $80M in annual revenues. Cyber liability and data breach are definitely their primary risk exposures.
This policy renewal took 10 carriers to quota share the risk and the year-over-year premium is down in 2023 by 4-5%.
I had a feeling the renewal premium wouldn’t spike as hard as it did last year, but I was pleasantly surprised there was actually a slight DECREASE for this renewal.
The cyber insurance market is a lot like the mortgage industry prior to 2008.
Up until a few years ago, you could buy cyber insurance by providing very little information and carriers practically gave away quotes. And not very expensive ones relative to the risk.
Then hackers decimated the cyber insurance market with ransomware and social engineering attacks. Millions upon millions of claims dollars were being paid by carriers as a result.
Underwriting ultimately tightened and those looking to secure cyber insurance coverage must now show preventative measures are in place for their organizations such as data encryption, multi-factor authentication (MFA), data backups, etc.
Underwriters won’t even think twice about insuring a business if these types of measures are not in place.
Cyber insurance pricing and trends vary by company. However, in this particular case where we have a sizable middle market company with above-average cyber risk, a decrease in premium this year is a positive sign.
Let’s hope the cyber insurance market continues trending in this direction.
Each and every company/policyholder will see different outcomes with their cyber coverage and rates based on their own unique makeup. However, if you can show that your organization takes preventative measures to help mitigate cyber risk up front, you’re in a favorable spot.
Be Careful of Those ATM Card Skimmers
Are you like me where you get paranoid using public ATM’s and paying for gas with your card at the pump? I am sketched out about ATM / credit card skimmers that scammer’s place on public machines to trace your personal information. I stumbled across this video on Facebook. This is in Europe, but it doesn’t matter, this can happen anywhere. Be vigilant my friends!
Educate Your Employees During National Cyber Security Awareness Month
This October is Cyber Security Awareness Month, an event co-sponsored by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in order to raise awareness of the importance of cyber security issues. While the event is designed to highlight some of the nation’s cyber security precautions, as well as how to be prepared in the event of a national cyber security incident, much of the focus is on good cyber security practices for the average individual.
Specifically, the groups are trying to promote their “Stop. Think. Connect.” and Stay Safe Online campaigns—efforts that teach good cyber security in terms everyone can understand. In order to encourage your employees to practice good cyber security, review the following lessons with them:
- Password Security: More powerful computers have given criminals the ability to crack passwords easily. Passwords with a mix of capitalized and lowercase letters—as well as numbers, symbols and other special characters—are much harder to crack. And, though it should go without saying, make sure your employees don’t write their passwords down in plain sight in their work spaces.
- Phishing Scams: A number of different scams could fall into this category, but they all have commonalities that your employees should be aware of. Never open an email from an unknown source, and never click on a link in an email unless both the sender and the link can be trusted.
- Software Updates: Security patches are designed to fix known vulnerabilities. Make sure your employees download the latest security patches when they become available.
Those wishing to participate in this year’s activities can find a number of resources available online, or contact me for further cyber security materials.
Participating On A Panel for Cyber Crime
This past Wednesday I was part of a panel for an educational workshop to discuss innovative ways to protect small businesses from cyber crime.
On the panel was an FBI Special Agent who shared FBI insights on fighting cyber crime. Akilah Kamaria from Blue Fields Digital Intelligence shared strategies organizations can use to prepare for and respond to a cyber incident. I shared information on cyber liability and data breach insurance and its role in helping to protect companies from cyber crime losses.
Special thanks to Akilah Kamaria for allowing inviting me to participate. Also, to Gal-A Photography for the professional photos:
Thank you for putting on such an important and great event!
Cyber Security: Anatomy of a Main Street Hack
Two former FBI agents from Travelers Insurance Investigative Services hack into a typical business website and download sensitive data in a matter of minutes to demonstrate how quickly a cyber attack can happen:
Research shows that cyber criminals and hackers are attacking smaller “Main Street” companies who are often less prepared to prevent and respond to an attack.
Cyber insurance can protect companies before an event takes place by helping supply them with risk management tools and advice and access to other professionals in the data security community that can help with their information security.
Check out the full story: http://travl.rs/1WvPHQq
Have questions about cyber insurance? Interested in learning more about the various coverage’s included within a cyber insurance policy? Want to see what it would cost you to pick up cyber insurance for your business? Contact your insurance broker or me today to talk more.
25 Most Commonly Stolen Passwords
How clever is your password? If it’s on the list below, your password is just as easily stolen as it is remembered. Protect yourself by making sure you’re not using one of the top 25 most commonly stolen passwords of 2015, as determined by IT security firm SplashData.
To create a more secure password, make sure you are not relying only on numbers, and try to avoid simple keyboard patterns. You may also want to avoid easy-to-find information such as birthdays, favorite sports teams and addresses. Attempt to create a password that is eight or more letters long, and avoid using the same password for multiple access points.
Small Businesses Most Vulnerable to Cyber Attacks
According to the 2015 Small Business & Cybersecurity survey, 81% of small business owners think that cyber security is a concern for their small businesses, while 94% either frequently or occasionally think about cyber security issues.
Surprisingly, only 42% of respondents had invested in cyber security protection in the past year, despite the fact that 31% of these businesses had experienced either a successful or attempted cyber attack.
It’s possible that small business owners might simply be spreading themselves too thin. About 83% of small business owners said that they handle cyber security themselves. But given the threat, it was surprising to discover that 95% of small business owners don’t have cyber insurance.
One more stat, 1 in 5 companies uses a cloud services provider. If cloud data is breached, the hiring company (aka your business) is still primarily responsible.
Cyber insurance can offer third-party (cyber liability) and first-party (cyber crime expense) insurance coverage. Most, if not all insurance carriers, have developed cyber security / data breach insurance programs tailored to small businesses.
If you’re interested in exploring the costs of a cyber liability / data breach insurance policy, please contact me to discuss. I have more than several carriers we can quote this coverage with.
Top 5 Most Targeted Industries For Cyber Attacks
According to IBM’s 2014 Cyber Security Intelligence Index, over 75 percent of the cyber attacks the company monitored in 2013 targeted the following five industries:
1. Finance and insurance (23.8 percent)
2. Manufacturing (21.7 percent)
3. Information and communication (18.6 percent)
4. Retail and wholesale (6.2 percent)
5. Health and social services (5.8 percent)
Every day, more than 1 million people become victims of cyber crime. Cyber criminals look for the weak spots and then attack, no matter how large or small the organization. Cyber attacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link.
Check out these 3 reasons why hackers love your small business:
Travelers Insurance: Insuring Technology Companies
Travelers Insurance Company has joined the ranks of other major carriers such as The Hartford in writing coverage for technology companies. Travelers Global Technology President Ronda Wescott and Chief Underwriting Officer Mike Thoma provide their perspective:
If you have a Life Science or Software and Information Technology Company and would like a review of your current insurance portfolio, feel free to contact me anytime. I can help market your coverage’s with all the major carriers specializing in this sector.
Some of the most common insurance coverage’s important to the Life Science or Software and Information Technology industry are:
- Commercial General Liability
- Professional Liability (Errors & Omissions)
- Workers’ Compensation
- Commercial Automobile
- Commercial Umbrella/ Excess Liability
- Cyber Liability & First Party Data Privacy Expense
- Directors and Officers Liability (D&O)
- Employment Practices Liability
- Fiduciary Liability
- Kidnap and Ransom
- Group Medical Insurance
- Group Life and Disability