Underwriting cyber insurance based on diligent risk management makes sense for insurers and insureds.
Having cyber insurance in this day and age would seem like a no-brainer. However, according to a September 2015 Council of Insurance Agents and Brokers’ (CIAB) study, only 40% of Fortune 500 companies had cyber insurance when the study was conducted, while many others had limited coverage that didn’t cover the full extent of their exposure. Based on these surprising figures one can surmise that if large companies are this exposed, medium-size and smaller businesses and non-profits are likely even more susceptible to lapses in cyber insurance.
A malicious attack on your company’s computer information systems, infrastructure, computer networks and/or personal computer devices presents a multi-level challenge to your enterprise. Whether the thieves accessed and pilfered your customers’ personally identifiable information such as credit cards and medical records, your critical data systems, proprietary technologies, email servers, trade secrets or other sensitive data, what you do next is critical to how your business or non-profit will survive the damage done to it and your reputation – in your industry, with the press, with shareholders, and with your customers.
Cyber Insurance Fact #1: Cyber crooks steal data
History shows us for every new idea or technology that comes along and opens up new markets there are an equal number of thieves and crooks (including nation states) that will attempt to subvert the new technology to steal, wreak havoc and sometimes simply embarrass. The quicksilver nature of technology as it evolves into new and exciting business and information opportunities is, in itself, part of the problem. Insurers know how to underwrite and price coverage for risks that are predictive and measurable, such as product liability insurance, business insurance, personal insurance and so forth. But technology changes like the wind. Risks that seem logical and identifiable today can suddenly open up new cyber exposures that a well-conceived, standard cyber insurance program didn’t take into account.
Cyber Insurance Fact #2: Cyber insurers lack data
Given the dearth of data that’s available, confusion reigns among brokers, IT executives and especially insurers charged with underwriting and pricing exposures. According a report by the Deloitte Center for Financial Services, “One prime reason why insurers have struggled to get their arms around cyber risk is the lack of historical data, which makes it difficult to build the predictive models that can help assess probability of loss.”
Managing risk and cyber insurance programs more effectively
The fact of the matter is virtually every security wall is in danger of a malicious attack because cyber-attackers are probing for weak spots with each security upgrade. This is why businesses should consider another angle by bringing in expert risk prevention guidance and planning from the underwriting side to help mitigate their company’s unique vulnerabilities and shape cyber insurance coverage that not only meets their present needs but also evolves along with their exposures.
According to the CIAB, by focusing on producing a “risk-informed model” underwriting and pricing assessments would emphasize specific risk-management steps that companies could take to prevent security breaches, detect malicious attacks as they happen, and regain control and recovery. By involving a cyber insurance risk management expert in the security conversation to help assess risks and suggest more targeted insurance programs, insureds will have a firmer grasp of their exposures and liabilities and insurers will have a more informed basis for pricing.
How aware are you of your cyber insurance vulnerabilities?
Every new data breach, large or small, that makes the news sends shivers down the spines of company executives and IT department heads around the world. We are all familiar with the drill that follows each cyber-attack. The CEO will apologize for the security breach and the inconvenience to customers. He or she will then state that the company is strengthening security measures throughout the system and, finally, the company is working closely with law enforcement to find the bad guys.
Why do they always wait until after an attack to shore up their security protocols? And, why wait until after a data breach to find out that certain cyber risks are not included in your insurance coverage?
Having a cyber risk management expert with an insurer’s perspective on hand early in the security planning process will help you assess your vulnerabilities and ensure that your coverage meets your needs in the event of a malicious attack.
Schaefer Enterprises can help you in this regard. Our cyber insurance and risk management experts bring added value to your cyber security discussions and a deeper understanding of the potential costs of a cyber event in terms of:
- Devaluation of trade name
- Loss of intellectual property
- Customer breach notifications
- Post breach credit monitoring
- Regulatory fines (PCI Compliance)
- PR crisis
- Updates to IT infrastructure
- Operations disruption or destruction
- Value of lost contract revenue
- Legal fees & more.
We’re Here and Ready to Help
To schedule an appointment with a cyber insurance expert, call SEI New York at 877.237.2481 or fill out our contact form here.