By Tom Troceen, Chief Technology Officer, DW Simpson
In the wake of several very public data breaches, concerns about cyber risk and the cost associated with it continue to rise. As industries familiarize themselves with cyber security insurance, the main questions companies have are:“What type of coverage isavailable?” and “What constitutes cyber theft?”
What is Cyber Theft?
Cyber theft simply refers to the unauthorized access to sensitive data (financial, personal, etc.) via the Internet, malicious software or other corrupted computer networks.
What is Cyber Security?
Cyber security is an evolving checklist of software, procedures and user permissions to insure that all sensitive information is secure and compartmentalized to minimize losses in the event of a data breach.
What is Covered by Cyber Security Insurance?
Many general liability insurance policies now include limited coverage for cyber crimes, however, a cyber security insurance policy is becoming a necessity to protect businesses against a growing list of cyber risks. Cyber policies typically include coverage for losses resulting from viruses, hackers and even misplaced laptops. Many cyber insurance policies also provide added coverage for copyright infringement, defamation and negligence, while also providing Enterprise Risk Management software and consulting services to prevent future liabilities.
The Future of Cyber Liability Insurance
From major retail chain data breaches to the celebrity photo “Cloud debacle,” cyber crime is becoming a regular occurrence in the news. Years ago, the main cyber risk was a computer geek looking to pull a prank. Today, countries and organized crime are stealing trillions of dollars in data, personal information and intellectual property (Google: China F35). The hardest part about pricing cyber insurance, from an actuarial perspective, is the lack of data and an abundance of unknown unknowns. Many insurers are reluctant to venture into this new high-demand market because the clients they want don’t think they need cyber insurance, and the highest-risk clients are all lined up around the block like an iPhone 7 release party. Target and Home Depot were both targeted by malware attacks launched from Russia. After one of Target’s payment servers was compromised, the company failed to respond to alerts generated by their new $1.6-million malware detection system.
Home Depot’s self-serve kiosks gave criminals access to millions of customers’ personal and financial information, and the data breach was discovered only after fraudulent charges were traced back to the retailer. Both Target and Home Depot have multimillion-dollar cyber insurance policies that cover the cost of IT infrastructure fixes, public relations experts and credit monitoring. According to a March 2013 report from Marsh, cyber coverage demand increased 33 percent for all industries from 2011 to 2012 and it is likely to continue to rise as companies learn more about these products. New payment methods like Chip and PIN cards will make these types of breaches obsolete, but the criminals always seem to be a few steps ahead, while companies are hesitant to adopt new technology. As cyber insurance providers like AIG, Chubb, Marsh and Travelers become more competitive with their products, software and support, these data breaches will have less financial impact on their clients. When we pass that milestone, the cost-benefit curve will undoubtedly make cyber insurance a standard policy for large and small business.