Insuranceciooutlook

Cyber Attacks Can Be Costly - Is Cyber Insurance the Answer?

By Adam Hamm, Managing Director, Risk and Compliance, Protiviti

Adam Hamm, Managing Director, Risk and Compliance, Protiviti

The WannaCry malware attack in May 2017 marked a new and unsettling aggressiveness on the part of cybercriminals. No previous assault matched the breadth of its impact, which affected hospitals, corporations, and government offices in more than 150 countries around the world. WannaCry caused global financial and economic losses estimated at up to four billion dollars. Additionally, some organizations could still face law suits over their failure to secure the previously disclosed Windows vulnerability that the criminals exploited.

"For almost all companies, a comprehensive cyber liability insurance policy is a prudent course of action"

Already this year, security breaches have been experienced by U.S. power companies who have publicly acknowledged Russian hacking into their grid systems; U.S. universities who claim to have lost more than 31 terabytes of data; and well-known consumer brands including a major clothing retail chain from whom data pertaining to approximately 150 million customers was stolen, and several other main street retailers.

In the face of threats like these, a recent Ovum survey commissioned by FICO shows that take-up of cyber-risk insurance is growing, with 76 percent of those surveyed having some form of it in place. However, only half of those companies have a comprehensive “all-risks” position and the survey finds that many are over confident about their existing threat protection capabilities. Additionally, the 2018 Top Risks survey published by Protiviti and North Carolina State University’s ERM Initiative reported that 61 percent of executives are significantly concerned that their organizations may not be sufficiently prepared to manage cyber threats.

For almost all companies, a comprehensive cyber liability insurance policy is a prudent course of action. Although it should never be a substitute for strong cybersecurity defenses, it can spell the difference between a severely affected and fairly unscathed bottom line in the aftermath of an attack. Before committing to a policy, however, it is important that management teams and their insurance brokers discuss three pivotal issues:

• What kind of cyber liability insurance policy does the company need? Does it need a first-person policy to cover the cost of retrieving data critical to the operation, or does the company possess consumer information that requires protection against third-party lawsuits? Does it need both?

• What amount of coverage does the company want to obtain? This figure will depend on a number of factors, including the size of the company and the type of coverage it needs. To mitigate third-party risk, for example, settlements like those from retailer Target’s data breach could provide useful benchmarks.

• What is the premium an organization is willing to pay? A number of variables should be used to determine this figure, including a company’s earnings, the size of the IT budget, and the operations or data at risk.

Once a company has answered these questions, it can begin to shop for cyber liability insurance. As part of the process, the management team needs to fully understand what the policies cover. But perhaps most importantly, organizations need to understand what the policies don’t cover, which will ultimately indicate whether the policy is worth the expenditure.

Given the sophistication and prevalence of successful data breaches, it is now more important than ever for companies to analyze whether a cyber liability insurance policy should be a part of their overall cyber strategy.

Read Also

Innovation is not about Ideas. It's about making them happen!

Innovation is not about Ideas. It's about making them happen!

Marin Roos, Chief Innovation Officer, Unigarant
The Use of Technology Helps Streamline Claims Processes

The Use of Technology Helps Streamline Claims Processes

Allan Robinson, Senior VP of Field Operations, Horace Mann [NYSE:HMN]
Accountability in the Cloud

Accountability in the Cloud

Michael Stoeckert, CTO, ProAssurance
New Technology Developments Impacting Insurance Regulation

New Technology Developments Impacting Insurance Regulation

Mike Consedine, CEO, National Association of Insurance Commissioners (NAIC)