Your e-mail might live in the cloud, just like your customer data. You might store files there, too, and you certainly have website content that resides in the nebulous world of modern data storage. No matter the industry you work in or the size of your business, cyber criminals want to steal your data.
The FBI is investigating an incident involving a Los Angeles medical center, which paid a $17,000 ransom to a hacker who seized control of the hospital's computer systems and would return access only when the money was paid. The medical center paid the ransom.
Small and mid-size businesses are just as susceptible to data breaches and cyber attacks as large businesses — in fact, an attack might be easier to pull off on a small business with less sophisticated IT security. These smaller companies will also find it harder to fix a damaged reputation in the wake of a data breach.
The Ponemon Institute tracks the cost of Internet-based crime for its annual "Cost of Cyber Crime Study" report. In 2015, cyber-crime costs jumped by 19%. Smaller organizations experienced a higher proportion of related costs caused by web-based attacks, including phishing and social engineering, malware, viruses, worms, trojans and botnets. Larger businesses experienced a higher proportion of costs related to denial of service attacks, malicious insiders (employees, contractors, etc.), as well as malicious code and stolen devices.
|Establish a cyber-response plan
To adequately protect vital data, it's a 21st Century imperative for businesses to establish a cyber-response plan, protect information with encryption, train employees, and purchase cyber-risk insurance. Cyber-risk insurance typically covers:
- Damages to digital assets.
- Business interruption and extra expenses.
- Third-party privacy liability.
- First-party privacy liability.
- Security liability.
- Media liability.
- Privacy regulation defense awards and fines.
- Crisis management.
- Cyber extortion coverage.
Cyber-risk insurance may provide financial protection from the loss of employee and customer data, downtime your business experiences, and penalties you might face. It may also help offset the enormous cost to repair your company's reputation and manage a crisis when it hits.
The protection you get from your Cyber policy should be customized to your business, so you're paying only for coverage that makes sense for your specific exposures.
But above the actual protection lies another problem: Cyber insurance is designed to cover a manmade problem. Other Property and Casualty insurance policies cover issues such as business interruption if there's a fire or damage caused by a snowstorm — environmental disasters that have been affecting commercial enterprises for hundreds of years. Cyber security, on the other hand, is a relatively new type of risk, with only a couple of decades' worth of claims data on which to create a loss model. This creates challenges for insurance companies who struggle to understand how to underwrite Cyber insurance without solid claims data.
And this, in turn, presents a huge problem for actuaries and underwriters, who typically depend on data and consistent loss modeling to accurately price a risk. There's a gap between businesses that want — and need — Cyber insurance and the ability for insurance companies to accurately underwrite the risk in a relatively cost effective manner. Pricing for Cyber insurance can vary greatly from company to company, and many smaller carriers don't offer Cyber policies for this reason.
|Standalone policy
Carriers currently underwrite Cyber insurance similar to Errors and Omissions (E&O) or Professional Liability policies. Much like E&O, Cyber insurane is typically sold as a standalone policy. Your cost may vary depending upon what coverage is provided, such as first- and third-party liability, notification costs, legal fees, etc.
Risk managers in the banking and finance, government, healthcare and retail industries need to be especially vigilant when it comes to cyber risk as these are the top four industries affected. But regardless of your industry, you should get together with your Property and Casualty insurance broker to discuss the level of exposure your particular business faces.
How many customers do you have, and consequently, how many customer files do you have? What type of data do you store, and what security measures does your information technology team take to protect this sensitive information? All of these factors play a part in determining the cost of a Cyber policy.
Without a cyber-attack prevention and response plan, and adequate insurance coverage, you're likely putting your customer data, your reputation — and maybe even your business — in danger.
Benjamin Zhang is a consultant in the Property and Casualty practice at Mount Laurel, N.J.-based Corporate Synergies, an insurance brokerage and consulting firm. Opinions expressed in this article are his own.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
