I just wrapped up a sizable Cyber insurance policy renewal and based on the results of our marketing efforts, I think it’s a good indication that the market is beginning to stabilize.
The cyber insurance market has been in a hard market for the past several years.
This particular cyber insurance renewal is for a middle market company that works with Fortune 500 companies. They’re required to carry $50,000,000 in coverage by contract.
The insured’s services are viewed as a higher risk for the cyber market. It is a technology-based business that holds a lot of third-party sensitive data. They do about $75M – $80M in annual revenues. Cyber liability and data breach are definitely their primary risk exposures.
This policy renewal took 10 carriers to quota share the risk and the year-over-year premium is down in 2023 by 4-5%.
I had a feeling the renewal premium wouldn’t spike as hard as it did last year, but I was pleasantly surprised there was actually a slight DECREASE for this renewal.
The cyber insurance market is a lot like the mortgage industry prior to 2008.
Up until a few years ago, you could buy cyber insurance by providing very little information and carriers practically gave away quotes. And not very expensive ones relative to the risk.
Then hackers decimated the cyber insurance market with ransomware and social engineering attacks. Millions upon millions of claims dollars were being paid by carriers as a result.
Underwriting ultimately tightened and those looking to secure cyber insurance coverage must now show preventative measures are in place for their organizations such as data encryption, multi-factor authentication (MFA), data backups, etc.
Underwriters won’t even think twice about insuring a business if these types of measures are not in place.
Cyber insurance pricing and trends vary by company. However, in this particular case where we have a sizable middle market company with above-average cyber risk, a decrease in premium this year is a positive sign.
Let’s hope the cyber insurance market continues trending in this direction.
Each and every company/policyholder will see different outcomes with their cyber coverage and rates based on their own unique makeup. However, if you can show that your organization takes preventative measures to help mitigate cyber risk up front, you’re in a favorable spot.
Are you like me where you get paranoid using public ATM’s and paying for gas with your card at the pump? I am sketched out about ATM / credit card skimmers that scammer’s place on public machines to trace your personal information. I stumbled across this video on Facebook. This is in Europe, but it doesn’t matter, this can happen anywhere. Be vigilant my friends!
This October is Cyber Security Awareness Month, an event co-sponsored by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in order to raise awareness of the importance of cyber security issues. While the event is designed to highlight some of the nation’s cyber security precautions, as well as how to be prepared in the event of a national cyber security incident, much of the focus is on good cyber security practices for the average individual.
Specifically, the groups are trying to promote their “Stop. Think. Connect.” and Stay Safe Online campaigns—efforts that teach good cyber security in terms everyone can understand. In order to encourage your employees to practice good cyber security, review the following lessons with them:
- Password Security: More powerful computers have given criminals the ability to crack passwords easily. Passwords with a mix of capitalized and lowercase letters—as well as numbers, symbols and other special characters—are much harder to crack. And, though it should go without saying, make sure your employees don’t write their passwords down in plain sight in their work spaces.
- Phishing Scams: A number of different scams could fall into this category, but they all have commonalities that your employees should be aware of. Never open an email from an unknown source, and never click on a link in an email unless both the sender and the link can be trusted.
- Software Updates: Security patches are designed to fix known vulnerabilities. Make sure your employees download the latest security patches when they become available.
Those wishing to participate in this year’s activities can find a number of resources available online, or contact me for further cyber security materials.
This past Wednesday I was part of a panel for an educational workshop to discuss innovative ways to protect small businesses from cyber crime.
On the panel was an FBI Special Agent who shared FBI insights on fighting cyber crime. Akilah Kamaria from Blue Fields Digital Intelligence shared strategies organizations can use to prepare for and respond to a cyber incident. I shared information on cyber liability and data breach insurance and its role in helping to protect companies from cyber crime losses.
Special thanks to Akilah Kamaria for allowing inviting me to participate. Also, to Gal-A Photography for the professional photos:
Thank you for putting on such an important and great event!
Two former FBI agents from Travelers Insurance Investigative Services hack into a typical business website and download sensitive data in a matter of minutes to demonstrate how quickly a cyber attack can happen:
Research shows that cyber criminals and hackers are attacking smaller “Main Street” companies who are often less prepared to prevent and respond to an attack.
Cyber insurance can protect companies before an event takes place by helping supply them with risk management tools and advice and access to other professionals in the data security community that can help with their information security.
Check out the full story: http://travl.rs/1WvPHQq
Have questions about cyber insurance? Interested in learning more about the various coverage’s included within a cyber insurance policy? Want to see what it would cost you to pick up cyber insurance for your business? Contact your insurance broker or me today to talk more.
How clever is your password? If it’s on the list below, your password is just as easily stolen as it is remembered. Protect yourself by making sure you’re not using one of the top 25 most commonly stolen passwords of 2015, as determined by IT security firm SplashData.
To create a more secure password, make sure you are not relying only on numbers, and try to avoid simple keyboard patterns. You may also want to avoid easy-to-find information such as birthdays, favorite sports teams and addresses. Attempt to create a password that is eight or more letters long, and avoid using the same password for multiple access points.
According to the 2015 Small Business & Cybersecurity survey, 81% of small business owners think that cyber security is a concern for their small businesses, while 94% either frequently or occasionally think about cyber security issues.
Surprisingly, only 42% of respondents had invested in cyber security protection in the past year, despite the fact that 31% of these businesses had experienced either a successful or attempted cyber attack.
It’s possible that small business owners might simply be spreading themselves too thin. About 83% of small business owners said that they handle cyber security themselves. But given the threat, it was surprising to discover that 95% of small business owners don’t have cyber insurance.
One more stat, 1 in 5 companies uses a cloud services provider. If cloud data is breached, the hiring company (aka your business) is still primarily responsible.
Cyber insurance can offer third-party (cyber liability) and first-party (cyber crime expense) insurance coverage. Most, if not all insurance carriers, have developed cyber security / data breach insurance programs tailored to small businesses.
If you’re interested in exploring the costs of a cyber liability / data breach insurance policy, please contact me to discuss. I have more than several carriers we can quote this coverage with.
According to IBM’s 2014 Cyber Security Intelligence Index, over 75 percent of the cyber attacks the company monitored in 2013 targeted the following five industries:
1. Finance and insurance (23.8 percent)
2. Manufacturing (21.7 percent)
3. Information and communication (18.6 percent)
4. Retail and wholesale (6.2 percent)
5. Health and social services (5.8 percent)
Every day, more than 1 million people become victims of cyber crime. Cyber criminals look for the weak spots and then attack, no matter how large or small the organization. Cyber attacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link.
Check out these 3 reasons why hackers love your small business:
Travelers Insurance Company has joined the ranks of other major carriers such as The Hartford in writing coverage for technology companies. Travelers Global Technology President Ronda Wescott and Chief Underwriting Officer Mike Thoma provide their perspective:
If you have a Life Science or Software and Information Technology Company and would like a review of your current insurance portfolio, feel free to contact me anytime. I can help market your coverage’s with all the major carriers specializing in this sector.
Some of the most common insurance coverage’s important to the Life Science or Software and Information Technology industry are:
- Commercial General Liability
- Professional Liability (Errors & Omissions)
- Workers’ Compensation
- Commercial Automobile
- Commercial Umbrella/ Excess Liability
- Cyber Liability & First Party Data Privacy Expense
- Directors and Officers Liability (D&O)
- Employment Practices Liability
- Fiduciary Liability
- Kidnap and Ransom
- Group Medical Insurance
- Group Life and Disability
Today I stumbled on a business blog post from Chubb that really grabbed my attention. This was regarding disposal of computers, laptops and any other electronic equipment that may contain personal information about employees, clients or customers. Make sure that the information has been completely destroyed!
Here’s the post……“Trashing Bytes of Information”
When you dispose of this type of equipment, it is not enough to simply delete the information from the hard drive or format the disk. Instead, you should overwrite, or wipe, the hard drives and disks. You can do this by purchasing a wipe disk software program that conforms to Department of Defense requirements.
If you dispose of equipment without taking the proper steps to destroy the information, it could still be accessible and this may constitute a data breach. Your business may be subject to the same fines, penalties and regulatory notification requirements as if your systems had been infiltrated by a hacker.
Techniques for Removing Information
Deleting information is not effective. It removes pointers to information on your device, but it does not remove the information. Do not rely on the deletion method you routinely use when working on your device, whether moving a file to the trash or a recycle bin or choosing “delete” from a menu. Even if you “empty” the trash, the information is still there. It can be retrieved.
Overwriting is effective on all computing devices. It puts random data in place of your information, which cannot be retrieved because it has been obliterated. There are software programs and hardware devices available that are designed to erase your hard drive, CD or DVD—but because these programs and devices have varying levels of effectiveness, it is important to carefully investigate your options.
3. Physical Destruction
Physical destruction is the ultimate way to prevent others from retrieving your information. Of course, you should physically destroy the device only if you do not plan to give it to someone else. Specialized services will disintegrate, burn, melt or pulverize your computer drive and other devices. If for some reason you do not wish to use a service, it is possible for you to destroy your hard drive by drilling nails or holes into the device yourself or even smashing it with a hammer. Never burn a hard drive, put it in the microwave or pour acid on it.
See more on this subject at: Cyber Liability Safely Disposing of Your Devices