In the age of social media, live streaming, the cloud, and smart phones, the internet has become a hot spot for crime. As seen in the movie Hackers, those with a certain skill set can choose to use those skills either for good or for evil. Those using them for evil are finding new and innovative ways to hack into your business systems, your personal smart phones, and even your web-based home security systems. However, those using their skills for good are helping businesses and everyday citizens stop these hackers from the onset, keeping personal data safe and secure. As this industry need to protect your data at every turn rises, the need to have insurance in the event of a problem also rises, making cyber security insurance the newest wave of income for property and casualty insurance suppliers.
Liability coverage for cyber security is a growing area for many insurance providers. As of today, over fifty insurers are carrying lines that protect your cyber risk. However, there is little known, as of yet, about this field of liability and how the courts will react to lawsuits brought about as a result of a hack and loss of data or monies from the victims. Even more important, cyber issues are changing daily. Just as technology, in general, changes faster than most people can keep up with, cyber issues change just as rapidly. The hacks are becoming more and more complex and the losses are becoming steeper. New laws are enacted regularly to attempt to mitigate the issues and the losses, however, when dealing with the internet, US regulations do not necessarily have any effect on our ability to catch or prevent perpetrators from places like Russia and Hong Kong.
Currently, the insurance industry has a tough road ahead if it is to make cyber security insurance a must-have for most businesses. A 2015 Risk and Insurance Management Society Cyber Study shows that only 51% of its respondents purchased stand-alone cyber policies. Fifty-eight percent of those policies carry less than $20 million of coverage. In addition, the premiums of 49% of those policies exceed $100,000, which is quite high for many small to mid-sized companies. The good news is 74% of those without insurance for a cyber risk plan can purchase a policy right away.
Information from numerous avenues has made a clear case that cyber risk is the number one emerging and non-traditional insurance risk facing businesses today. As technologies continue to improve and expand, cyber risks will become more invasive and prevalent in business. PwC’s 2014 Global Economic Crime Survey saw 17% of businesses and 39% of the financial sector had been victims of cyber-crimes. In the past two years, these numbers have only continued to climb.
As a result, the federal government has attempted to at least track the problem to help the process of finding a solution. The Federal Cybersecurity Information Sharing Act was created to facilitate companies sharing cyber threat information and their best practice guidelines to prevent the attacks. However, many businesses fear this does not solve the problem, simply because the reports are done only if data is lost and other filings must be completed. Therefore, insurance is still at a standstill when trying to truly determine the risk of cyber security issues.
The Actual Coverage
In this unstable environment of the launching of insurance offerings, not only are businesses trying to understand their risk, but they are trying to understand the new coverage. Many carriers will cover loss of data and notifications to third party victims, as well as associated fines and issues resulting from the end client’s loss. However, if money is transferred between the first party and the scammer, it is unlikely the insurance policy will pay back that money as it is not easily proven to the insurance company that the monies were given to the fraudster and that proper due diligence was conducted prior to parting with the monies..
Furthermore, since this is a relatively new idea for protection and the insured may have significant coverage gaps, cyber insurance may be too costly for some of the smaller, more at-risk firms to afford. Currently there is no cap on the premium and no true understanding of the risk for most business models. As a result, insurers are mitigating their potential losses by raising premiums based on access, not true risk.
There is still a lot of research and development needed to decipher and mitigate cyber risk insurance. In the meantime, it may be best to speak with a person who deals almost exclusively in this field of insurance to understand the needs of each client in this field.