Three ways to boost confidence in cybersecurity insurance
Roughly nine out of 10 organizations have a data breach plan in place, but less than half think that plan is effective.
For most companies today, the threat of cybercrime or a major data breach is not a case of if, but when hackers will strike.
More than half (56%) of respondents to Experian’s 2018 Data Breach Preparedness Study reported their organization had experienced a breach, and 70% reported multiple breaches. According to the study, while 88% of organizations have a data breach plan in place, less than half of respondents think it’s effective.
Hacking goes mainstream
What was once considered a major risk solely for large data-heavy organizations is now a universal concern. Cybercriminals don’t discriminate and are unleashing new, sophisticated attacks, from ransomware and malware attacks to phishing scams. Hackers are even employing the latest artificial intelligence and machine learning technology to stay ahead of efforts to detect and thwart them.
In this climate, more organizations are opting for the protection of cybersecurity insurance. Data from a study conducted earlier this year by Ovum on behalf of FICO showed that just 24% of U.S. firms have no cybersecurity insurance, down from 50% in 2017.
But because the product is so new, the survey also revealed a great deal of confusion and lack of confidence in the market. For example, just 32% of U.S. companies said their cybersecurity insurance covers all risks and 26% don’t believe their insurer priced their premium based on an accurate analysis of their risk profile.
By 2022, the cyber insurance market is expected to reach $22 billion globally, according to a report from Allied Market Research. Here are three tips to help capture a piece of that growing pie and reassure clients that you’re providing the coverage they need.
No. 1: Make sure customers understand what they’re buying.
Cyber liability insurance should cover both the direct and indirect costs associated with a breach. Most companies need adequate coverage for the substantial direct costs of data breach response, such as providing free credit monitoring services and hiring forensic investigators, crisis management, public relations and other experts ― as well as for third-party losses, to handle costs associated with defending against claims, lawsuits or regulatory actions brought by data breach victims.
Organizations also need coverage for social media activities, which typically are not included in standard cybersecurity policies. Other areas your customers need to consider are coverage for vendors, if a breach happens to a service provider that handles the company’s data; for data restoration, to cover costs of getting systems back up and running; and for denial of service attacks, to cover lost income and repair costs if the company or service provider is shut down completely and can’t conduct business.
No. 2: Educate your broker network.
Brokers who sell cyber liability policies should be knowledgeable on the differences in policies, coverages, exclusions and prices, so they can advise clients adequately based on the organization’s risk profile. An off-the-shelf or standard policy may not be sufficient to cover the particular needs of an individual business.
Pricing these premiums also can be challenging, as hackers can strike at any time, regardless of geography or season, and don’t follow any predictable patterns of more traditional disasters, such as floods or fires.
No. 3: Work with your clients on a risk assessment.
Risk assessment can be tricky, especially when it comes to intangibles such as damaged reputations and lost sales. Intellectual property, such as product design and software code, is difficult to quantify. Companies need to undertake a risk assessment and impact analysis which encompasses a careful review of assets, including financial and customer data and intellectual property, and identifies points of vulnerability.
Businesses also need a comprehensive and robust data breach planning process that involves everyone critical in the organization ― IT, security, legal and PR ― as well as outside partners. For help, Experian’s updated Data Breach Response Guide can serve as a resource.
Cybersecurity insurance will become more critical as the cybercriminals flourish and find new ways to take advantage of corporate vulnerabilities. As the cyber liability market expands, carriers and brokers can work closely with clients so that everyone feels more protected.
Michael Bruemmer (Michael.bruemmer@experianinteractive.com) is vice president of Experian Data Breach Resolution, which helps businesses mitigate consumer risk following data breach incidents.
These opinions are the author’s own.