Hack Yourself First: Trends in Cyber Insurance for Small to Medium Enterprise.

Tech-based cyber risk solutions combined with insurance coverage improvements help agents improve close ratios. Almost six in 10 small and medium-size enterprises (SMEs) do not purchase any type of cyber insurance. Only 33% purchase stand-alone coverage. Less than 15% of SMEs are trust currently used cyber defenses to detect and respond to cyber-attacks with two-thirds of SMEs reporting a cyber attack during the last 12 months. Despite aggressive pricing and increasing risk, traditional cyber insurance solutions remain a tough pitch for agents. The good news for agents is new insurers are capitalizing on these market realities with technology driven, broker-friendly offerings and market coverage improvements to assist agents to close more deals. Engineered Cyber Insurance Solutions “Engineered” cyber risk solutions are gaining traction in the expanding market for small to medium-sized risks. These products go beyond traditional risk finance and claims services to include the use of security technology to assess risk as well as ongoing security services historically affordable only to large enterprises

Top Reasons to Purchase Cyber Insurance

Having a hard time garnering interest in cyber insurance with your insureds? One thing to point out is that relative to other lines of business insurance, cyber insurance is inexpensive and easy to customize specifically to risks facing your insureds. Other pitch points include: Data is one of your most important assets yet it is not covered by standard property insurance policies Most businesses would agree that data or information is one of their most important assets. It is almost certainly worth many times more than the physical equipment that it is stored upon. Yet most business owners do not realize that a standard property policy would not respond in the event that this data is damaged or destroyed. A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss no matter how it was caused and up to the full policy limits. Systems are critical to operating your day to day business but their downtime is not covered by standard business interruption insurance All businesses rely on systems to conduct their core business, from electronic point of sales software to hotel room reservation systems. In the event that a hack attack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not respond. Cyber insurance can provide cover for loss of profits associated with a systems outage that is caused by a non-physical peril like a computer virus or denial of service attack. Cyber crime is the fastest growing crime in the world, but most attacks are not covered by standard property or crime insurance policies New crimes are emerging every day. The internet means that your business is now exposed to the world’s criminals and is vulnerable to attack at any time of the day or night. Phishing scams, identity theft, and telephone hacking are all crimes that traditional insurance policies do not address. Cyber insurance can provide comprehensive crime cover for a wide range of electronic perils that are increasingly threatening the financial resources of today’s businesses. Third party data is valuable and you can be held liable if you lose it. We all hold more data than ever before and often this data belongs to our customers and suppliers. Non-disclosure agreements and commercial contracts often contain warranties and indemnities in relation to the security of this data that can trigger expensive damages claims in the event that you experience a breach. Increasingly, consumers are also seeking legal redress in the event that a business loses their data. This risk is further heightened in the event that you hold any data on US consumers. Retailers face severe penalties if they lose credit card data. Global credit card crime is worth over $7.5bln and increasingly this risk is being transferred to the retailers that lose the data. Under merchant service agreements, compromised retailers can be held liable for forensic investigation costs, credit care re-issuance costs and the actual fraud conducted on stolen cards. These losses can run into hundreds of thousands of dollars for even a small retailer. Cyber insurance can help protect against all of these costs. Complying with breach notification laws costs time and money. Breach notification laws are slowly being introduced across many different countries. These generally require businesses that lose sensitive personal data to provide written notification to those individuals that were potentially affected. Even though a legal obligation to notify only currently exists in some countries, this is changing and there is a growing trend towards voluntary notification in order to protect your brand and reputation. Customers who have had their data compromised expect openness and transparency from the businesses they entrusted it with. Cyber policies can provide cover for the costs associated with providing a breach notice even if it is not legally required. Your reputation is your number one asset, so why not insure it? Any business lives and dies by its reputation. Although there are certain reputational risks that can’t be insured, you can insure your reputation in the event of a security breach. When your systems have been compromised, you run a risk of losing the trust of your loyal customers which can harm your business far more than the immediate financial loss. Cyber insurance can not only help pay for the costs of engaging a PR firm to help restore this, but also for the loss of future sales that arise as a direct result of customers switching to your competitors. Social media usage is at an all-time high and claims are on the rise. Social media is the fastest growing entertainment channel in the world. Information is exchanged at lightning speed and exposed to the world. But often there is little control exercised over what is said and how it is presented and this can give rise to liability for businesses who are responsible for the actions of their employees on sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims arising from leaked information, defamatory statements or copyright infringement. Portable devices increases the risk of a loss or theft The advent of portable devices and the ability to work away from the office has made life a lot easier for many of us. However, this new style of working also means that important and confidential data can be stolen or lost much more easily. A laptop left on a train, an iPad stolen in a restaurant, or a USB stick going missing are all good examples. In addition, the devices themselves are being targeted with a growing number of viruses being built just for them. Cyber insurance can help cover the costs associated with a data breach should a portable device be lost, stolen or fall victim to a virus. It’s not just big businesses being targeted by hackers, but lots of small ones too. While the large-scale hack attacks on the news often involve big companies, small companies are also at risk and often don’t have the financial resources to get back on track after a hacking attack or other kind of data loss. In fact, over a third of global targeted attacks were aimed at businesses with less than 250 employees. Cyber attacks are quickly becoming one of the greatest risks faced by smaller companies, making cyber liability insurance a must. It can help protect smaller companies against the potentially crippling financial effects of a privacy breach or data loss. Of course we are always available to assist you close deals! Call or email us for addition for assistance.

InfoSec Distribution of Cyber Insurance: Has the time come?

Has the time come? Cyber insurance is distributed by business insurance agents specializing in traditional commercial products such as property, general liability, workers’ compensation and employee benefits. Despite diminishing premiums and dramatically improved coverage forms, cyber insurance take-up rates remain very low for SMB’s (small to mid-sized buyers under $250M annual revenue). Can infosec channels more effectively provide comprehensive cyber cover to this highly vulnerable market? “The only thing missing from managed security services offerings is cost effective financing for isolated and possibly catastrophic client events.” Wrong buyers and wrong sellers? Market survey estimates suggest somewhere between 16% and 35% of SMB’s purchase comprehensive cyber coverage. Many obstacles make for a difficult sale. Almost 50% of brokers’ surveyed say not understanding exposures is the biggest obstacle to closing cyber deals. This compares to onerous application process (15%), not understanding coverage (14%) and cost (13%). In our experience, lack of exposure knowledge actually keeps some agents from presenting coverage. When providing workers’ compensation insurance, agents maintain specialized knowledge and can accurately quantify and communicate key exposures to loss. Insurance agents and brokers are seen as subject matter experts in workers’ compensation, as well as other products comprising a business insurance portfolio. Due to the paucity of loss data and limited technical expertise, this is not the case with cyber insurance. In response, many global and large regional brokerages employ talented, often credentialed cyber experts. This is not true with middle market agents who often rely on spotty cyber endorsements added to existing business insurance products. Travel insurance is a good example to consider. Travel agents are subject matter experts when it comes to travel risk. They can easily explain the risks involved and offer insight based on first hand traveler experiences. Perhaps this is why travel agents distribute some 70% of travel insurance. InfoSec involvement in procurement can improve underwriting and coverage outcomes Unlike insurance agents, security experts can explain the exposures to buyers and clearly understand cost components involved in responding to a breach event. In many cases, it is easier to educate a security professional about how insurance responds to a cyber event than to teach an insurance agent to understand and explain cyber risks. Sample Cyber Claim Denials $275k: Reporting Delay $475k: Use of Unapproved Vendors $4.1M: Application Misstatements $2.0M: PCI-DSS Contract Exclusion Leaving infosec subject matter experts out of the procurement process often leads to coverage disputes and unacceptable claim recoveries. The likelihood such outcomes is minimized when infosec professionals are involved in the process and properly on-boarded. In addition to understanding exposures, security vendors already possess data needed for the application process. As such, CFO’s and other corporate officers may no longer need to endure the task of completing onerous applications “Are you nuts? We don’t want to sell insurance” MSSP’s should not get into the insurance selling business for many reasons. Commercial insurance is one the most heavily regulated industries in the US. Directly selling of commercial insurance and requires appropriately licensed and trained insurance professionals. A cyber insurance product imbedded into a security service offering is possible and need not be overly complicated. If designed properly, a successful program does not require vendor licensing, additional internal resources or material product “touch” by the vendor. The volume of premium generated by a single InfoSec provider will also reduce premium costs for customers. We note that Apple and Cisco recently teamed up with global insurance providers Aon and Allianz to offer discounted cyber cover to users of their platforms. “In many cases, it is easier to educate a CISO on how insurance responds to a cyber event than to teach an insurance agent to understand and explain cyber exposure to loss” Driving Demand In order for the cyber insurance market to meet robust growth projections, catalysts beyond scare tactics about newsworthy mega-breaches such as Target, Equifax, and Yahoo are needed. Most SMB’s can’t relate such large-scale events to their business. One catalyst is the increasing number of companies requiring business partners purchase cyber coverage. Better education of cyber risk is also driving some level of demand. For small to middle market organizations, the use of external third party information security support services such as managed security providers is a key strategy to mitigate cyber risks. The only thing missing from most security services is cost effective financing of isolated and possibly catastrophic events. Some infosec vendors think rounding out services with cyber insurance will differentiate their services in a very crowded market resulting in improved new business and customer retention. If properly designed, incorporating a level of cyber coverage within the security services offering can result in better-educated buyers, painless application process, lower rates, and better coverage outcomes Sources: Deloitte University Press: Demystifying Cyber Insurance Coverage-Clearing Obstacles in a Problematic But Promising Growth Market 2017 PartnerRe & Advisen: Cyber Liability Market Trends Survey October 2016. Finaccord: Distribution Channels for Travel Insurance and Assistance 2013. About Cyber Risk Underwriters: We underwrite and distribute specialty cyber insurance products for InfoSec vendors and retail insurance agents. Our products include cyber warranties, MSSP distributed cyber insurance, as well as stand alone cyber and technology errors & omissions insurance. Contact: Jeffrey Smith Managing Partner Cyber Risk Underwriters 866.292.3092

Contact Us Today