2016 has the unfortunate distinction of being one of the worst years for network security, with data breaches continuously plaguing corporations, SMEs, government entities – and even the Democratic National Committee (DNC). The insurance industry, according to the Insurance Information Institute (I.I.I.), has responded over the last several years to the new normal of cyber attacks with more than 60 different insurers offering standalone Cyber insurance policies in a U.S. market of more than $3.25 billion in gross written premiums in 2016. In fact, some estimate that the market has the potential to grow to $7.5 billion.
According to the I.I.I., the premium figure of $3.25 billion is the direct result of two related trends. First, data breaches are becoming more expensive for companies with the average breach in 2016 costing $7 million and representing the third-costliest business risk this year.* This increase has given rise to the second trend, which is that businesses are becoming much more concerned about protecting themselves against potential financial losses as the result of hack attacks that are almost inevitable.
In addressing the various types of cyber risks that exist, the insurance industry is up against continually meeting a new set of challenges and complications as hackers become more sophisticated in their attacks and as new exposures present themselves, including cyber extortion and ransomware, for example. Cyber Liability policy forms are continually being updated with additional coverages and enhancements, including mitigation support services, to address emerging risks.
What Can Be Included in a Standalone Policy?
Cyber Liability insurance helps companies cover costs such as legal fees and court judgments that may be incurred following the theft of an enterprise’s data and the unintentional transmission of a computer virus that causes financial harm to a third party. Crisis management is included with Cyber insurance, covering the cost of notifying consumers about data breaches that resulted in the release of private information and providing them with credit monitoring services. A policy can also be designed to cover the cost of retaining a public relations firm or launching an advertising campaign to rebuild a company’s reputation.
Some insurers also will cover liabilities incurred by directors, corporate officers or other members of management who might be at risk due to decisions made on behalf of the company. Business interruption stemming from an attack can also lead to a loss of income, another exposure insurance companies are increasingly starting to underwrite.
Cyber extortion is also available to help cover the settlement of an extortion threat as well as the cost of hiring a security firm to track down the blackmailers.
In addition, insurance carriers are starting to offer policies that include coverage for damages as a result of destruction of data or other valuable assets stemming from viruses, malicious code and Trojan horses, as well as the cost of posting criminal rewards for information leading to the arrest and conviction of malicious hackers.
RPS specializes in providing agents with Cyber Liability insurance solutions for their clients, including making available an innovative proprietary platform to address this risk through RPSCyber.com. Contact us for more information to assist you with your client’s cyber insurance needs.
*Allianz’s Risk Barometer