Enterprises And State Governments Commit To Cyber Liability Insurance To Protect The Business
Data Breaches Become A Matter Of When, Not If; Advisors Demand Risk Reduction
Organizations are experiencing data breaches at an alarming rate. Some believe that an organization having a data breach is a matter of when and not if. In a recent survey by research firm IDC, 62% of U.S. retailers report they have been breached at any point in their history. The risk of a breach is increasing as 96% of those surveyed retailers say use sensitive company data digitally transformative technologies.
With the odds increasing that a cyber breach will occur, executives are looking for ways to manage their risk. Businesses and government agencies are increasingly looking into insurance to bring stability to cyber risk.
Insurance has helped stabilize fledgling industries for centuries. In a Task Force 7 Radio episode, John Frazzini, President and CEO of Secure Systems Innovation Corporation (SSIC), outlined the history of insurance. References included the 1666 Great Fire of London and the emergence of property insurance. Then, in the 1680s, Edward Lloyd (“Lloyd’s of London”) founded an insurance mechanism in a coffeehouse that stabilized merchant shipping. About a century later, the radio show guest said, Benjamin Franklin’s Philadelphia Contributorship for Insurance of Houses from Loss by Fire pioneered home insurance by refusing to cover homes built with wood.
The way it comes full circle, he said, is that the cyber insurance market is attempting to do just that – underwrite financial stakes and be a stabilizing force for the space. “The ability of the insurance industry (carriers, brokers) to help organizations understand financial exposure (is) permeating corporate America…” he added.
Cyber liability insurance is a type of insurance policy in case of a malicious attack, a data breach or other cyber security incident. Variability exists for cyber insurance policies to address specific industry sector needs, such as financial services, healthcare or retail. Within cyber liability insurance, two types of policies are available addressing different types of expenses from a data breach: first-person and third-person. “While the primary goal of cyber liability coverage is to protect the business, it can also extend to the clients who interact with the business,” wrote Forbes contributor Bill Hardekopf in a recent article.
Like other insurance types, each policy is unique and the opportunity exists to customize cyber liability insurance to meet the current and future needs of the organization. There are also losses from incidents that are generally outside of the scope for a cyber insurance policy. These risk and loss areas are covered within other types of insurance, such as business property insurance, commercial crime policies and general liability insurance. There may also be expenses exceeding the coverage limits of the cyber liability policy to consider.
The cyber insurance bug has already bitten state governments looking to safeguard their interests. But how complicated is it? The coverage could help shield taxpayers from eating costs on significant breaches. If an attack were to transpire, insured organizations might have to fork over a deductible, but their larger costs would be covered within the plan. This includes remedial steps, forensics investigations and credit monitoring, etc. More than a dozen states have already taken the insurance plunge.
When a data breach occurs, the uninsured will be forced to pay heavily into the recovery process, including legal fees and security assessments of organization servers. The cost of a data breach in the U.S. is $242 per exposed record and this does not include expenses related to rebuilding trust or brand reputation. Is this a risk your organization is prepared to accept?
See Related: CISOs: Is Cyber Insurance On Your Radar?