Cyber Insurance is a relatively new coverage and one that businesses and individuals are finding increasingly expensive to forgo. According to its 2022 Cyber Readiness Report, insurer Hiscox found that 48% of U.S. businesses surveyed reported at least one cyber-attack last year, up from 43% in 2020. The average cost of a cyber incident rose 29% to just under $17,000 – a figure that ‘masks’ the true costs of many cyber-attacks whose systemic impact can be difficult to immediately quantify and can lead to loss of customers and layoffs. At the same time that cyber insurance is increasingly being recognized as essential, the marketplace for coverage is tightening and premium costs are rising.
Howard Insurance is assisting our clients in navigating the rapidly changing cyber insurance landscape in order to obtain needed coverage while taking steps to mitigate risks and control premium costs.
Ransomware attacks are usually what come to mind when thinking about cyber risks and liabilities. Unfortunately, this tactic used by criminals to extort cash is just one area of concern. Cyber insurance covers a variety of large and small business risks that are divided into two parts:
First-party coverage – Covers damages that you and your business suffer because of a data breach. This can include things like investigative services, business interruption coverage and data recovery. A breach could be as effortless as an employee emailing financial data to the wrong party or opening a phishing email and infecting a network.
Third-party coverage – Covers damages if your customers or partners are affected by a cyber-attack on your business. This can include legal fees, settlement costs, security failure and media liabilities. Whether a cyber incident is involuntary or voluntary, the impact on customers, vendors and other parties can be costly, leading them to seek damages.
The types of cyber risks and liabilities are constantly in flux. Howard Insurance can assess coverage needs and educate clients regarding their cyber insurance options.
The State of the Cyber Insurance Market
Due to a lack of claims experience, much of the cyber coverage initially issued was underpriced. As the types of exposures evolved and expanded, insurers found they were paying out more than was collected, leading to a market correction. Compounding matters, COVID-19 changed the way many businesses and their employees worked, and this created additional cyber liabilities. For instance, remote work surged, and employers did not have the infrastructure to shore up security for every employee’s home network. For many companies, there was a trade-off of simply remaining in business versus planning for adequate safety measures.
Cyber criminals look for opportunities and COVID-19 provided plenty. Small businesses suffered a disproportionate impact from cybercrime, mainly due to a lack of IT resources. Ransomware attacks increased, and the average size of cyber extortion payments grew by over 40%. Insurers raised premiums to reflect the actual cost of claims and became selective in who they would accept as policyholders. The good news is that insurers are providing tools to help clients reduce the likelihood of cyber breaches and increase their probability for coverage for reasonable premiums.
Howard Insurance is working with cyber insurance companies to go on the offensive against cyber criminals by taking a proactive approach to risk management with clients.
Businesses Should Take Action
Cyber insurers want to know there is an organized and proactive effort to manage cybersecurity risk. While insurers may not ask potential clients about specific technology or processes, insurers do want to know how existing technology and internal standards are leveraged in pursuit of an effective risk management effort. At a minimum, those measures include:
All of these are considered cyber hygiene best practices. Companies should use an insurer’s requirements to build their investment in cybersecurity and use those requirements as a way to build a compelling business case to convince decision makers and boards of directors of the importance of a strong cybersecurity program. If companies have a good security system already in place and are willing to take the steps needed to meet the demands, cyber insurers are willing to develop a partnership and provide coverage.
Underwriting is a critical tactic to making these partnerships a success. One example of these relationships is the testing for IT security. Insurers are regularly employing ethical “white hat” hackers to identify security vulnerabilities in hardware, software and networks – often before writing a policy. Then, after issuing coverage, an insurer may use artificial intelligence to continuously search for threats. If a susceptibility is discovered, the insurer proactively alerts the policyholder so action can be taken before a breach occurs.
Showing clients how to leverage technology to meet a cyber insurer’s requirements is just one way Howard Insurance supports our clients seeking cyber insurance.
Cyber Insurance for Individuals
Reinsuer Swiss Re estimates that, by next year, a typical US home is expected to contain as many as 50 different IT connected devices, including games consoles, TVs and set-top boxes, smart doorbells, security systems, baby monitors and white goods such as smart fridges. More than half of the world’s households (53.6%) are already connected to the internet. In the developed world, it is even higher – 84.4%. In 2012, that figure was just 37.9%. Added to which, the number of smartphones in use has surpassed 3.8 billion. The probability of a data breach or cyber crime impacting individuals is climbing.
The top four cyber risk scenarios that people worry about most are:
1. Illicit access of financial credentials (a hacker gets access to your online banking details and might therefore be able to steal money)
2. Identity theft (an attacker steals your digital identity to purchase goods or services online in your name)
3. Data loss due to a technical issue (your personal data gets deleted by a virus or software glitch)
4. Illicit publication of personal data (somebody else publishes your private pictures online)
These are also the four main areas where customers are receptive to the idea of a cyber insurance policy that will cover them against some of the consequences of these fears coming true. As with businesses, when individuals understand a cyber insurer’s requirements and engage in personal cyber hygiene practices, coverage is easier to obtain.
At Howard Insurance, we understand the unique insurance needs of businesses and affluent individuals. When evaluating the need for cyber insurance, we provide the bridge between understanding what coverage is necessary and the proactive steps our clients can take to obtain it.
For over 75 years, Howard Insurance has helped each of our select clients secure their assets, their ambitions, their businesses and, ultimately, their legacies. Leaders in private insurance advisory and risk management, we pair deep expertise with sincere attention to our clients’ needs to create unique solutions that benefit them best.