Cybercrime costs businesses and individuals $600 billion per year, according to Mike Taylor at PropertyCasualty360. As a result, many insurance customers are seeking coverage for their losses through specialized property or liability coverage.
Known as cyber insurance, cyber security insurance or cyber liability insurance, this coverage focuses on breach, loss or damage to digital data and similar assets. Although cyber insurance remains primarily a business product, personal policies are gaining interest among individuals seeking to protect their own data as well, says Taylor.
Insurers who understand this new world of risk can provide more effective coverage while increasing customer loyalty and trust.
What is Cyber Security Insurance?
Cyber security insurance protects people and their information from threats online, says Rachel Sonia at Commonwealth Independent Advisor. “Cyber liability insurance helps mitigate risk exposure by offsetting the costs involved with recovering from a cyber-related security attack or breach.” It may protect a policyholder from first-party losses, third-party claims or both.
First-party cyber liability insurance covers the cost of breaches to the policyholder’s own network, like customer notifications, investigation into the breach and anti-fraud protection. Third-party coverage provides support for policyholders in case they are sued or otherwise held liable for a data breach.
Since cyber insurance remains a new area of coverage, the details of assessing risk are still being formulated by insurance companies.
“While auto insurers can draw reliable data from black boxes to map driver behavior and uncover risk, it is not that easy with cybersecurity. Carriers need metrics to help them distinguish between high and low risk applicants,” says Jack Kudale, former chief operating officer for Cavirin Systems and current founder and CEO of cyber insurance platform Cowbell.
Insurance companies that commit resources to developing these metrics now can tap into the market for coverage more quickly. And that market is larger than it first appears.
“This isn’t just an IT thing, it’s not just a tech company thing. It’s everyone,” says Jason Hogg, CEO of Cyber Solutions at Aon. The pressing need for cyber liability coverage poses key opportunities for P&C insurers.
Cyber Security Risks and Their Coverage
Cyber security insurance is relatively new to both customers and insurers. Many companies don’t carry policies which meet the specific needs of the industry, Fox Rothschild partner Eleanor Vaida Gerhards writes at PropertyCasualty360.
“To avoid potential coverage gaps and disputes, brokers and carriers should work closely with clients to identify their unique risks, tailor coverage to address them, and make sure their insured know exactly what is and isn’t covered,” Gerhards writes.
Other customers assume their general liability policy will cover a data breach. Often, this isn’t the case: A policyholder’s general liability coverage may not adequately compensate for losses caused by hacking or other data issues, says Wendy Marx at Old Republic Risk Management.
To determine whether a general liability policy does cover cyber-related losses, insurers and policyholders may be forced to turn to the courts. For example, several courts, including the Fourth Circuit Court of Appeals and the Texas Court of Appeals, have found that an insured’s losses from a data breach were covered by property or business liability policies. These plans already contained specific language defining electronic data as a form of property, say Eric B. Stern and Andrew A. Lipkowitz, partners at Kaufman Dolowich & Voluck LLP.
If a general liability policy specifically mentions data breaches, a separate cyber liability policy may not only be superfluous, but also create the risk of conflicting coverages that cost more time and effort to sort through. This risk is heightened when a customer purchases cyber liability coverage through one insurer while already holding property or general coverage through another insurer.
Once a breach occurs, most insureds know the next step is to file a claim. Because data breaches and cyber liability insurance are still relatively new territory, however, many customers and insurance companies don’t clearly understand the potential pitfalls of the claims process, says David T. Vanalek, COO of claims at Markel.
For instance, the need for privacy protocols surrounding the breach itself and the compromised data can pose challenges. Unlike a run of the mill car crash or house fire, damage from a data breach can be made irrevocably worse by insurers who fail to maintain strict security protocols when responding to the filed claim.
Also, because cyber liability may be covered by more than one policy, the need to stay alert for third-party claims remains high. Insurers may need to coordinate not only their own policyholders’ claims, but also those of third parties like credit card companies or their policyholders’ customers.
Benefits of Offering Cyber Security Coverage
In addition to attracting new customers with tailored products, insurance companies can generate and enjoy a number of broader benefits from offering cyber liability coverage.
Cyber liability coverage remains low, but increasing demand is creating an untapped market for new P&C customers. The 2017 Cyber Market Survey from the Council of Insurance Agents and Brokers (CIAB) found that only 32 percent of insurance customers had purchased cyber liability or data breach coverage. However, the 2018 survey found that 79 percent of insurance companies said they’d experienced increased demand for this coverage, says CIAB’s Rob Boyce.
The potential market for cyber security insurance customers extends far beyond the national and international brands whose recent data breaches have made headlines. “For small businesses, nothing is more important than protecting their livelihood. Cyber liability insurance is another tool they can use to prevent financial disaster in the event of a malicious attack,” says BankingSense.com editor Natalie Cooper.
Any business that handles personal customer data needs data security measures and coverage if a breach occurs, says David J. Eismont of The Doctors Company. Banks, insurance companies and medical practices provide obvious examples, but the need for protection extends throughout the business world, from the largest banks to the smallest corner stores that handle credit cards or other customer information.
Insurers who prioritize understanding and offering cyber liability coverage, then, stand to tap into a significant new market, bolstering their bottom lines and helping the company meet its growth and performance goals.
The presence of cyber liability coverage itself may also help reduce the risk of data breaches by shaping policyholders’ behavior.
Because data breaches are still a relatively new threat and their cost can seem intangible, many businesses are slow to adopt new technologies and processes that can prevent data breaches. These tools and processes can be expensive, and companies may not see their value until a breach has already occurred, say Paul Merrey and fellow researchers at KPMG International.
Companies that are required to meet certain standards under the terms of their cyber insurance policies, however, are more likely to understand the need for data security and to embrace its value to their business. They’re also more likely to embrace these tools once they understand which risks exist and how their insurance addresses them.
While data security remains a top concern for businesses worldwide, insurance companies have an opportunity to improve security, mitigate risk and tap into a new customer base. Insurers can meet these goals by understanding cyber risks and providing the cyber security insurance policyholders need to protect themselves and their own customers.
Images by: everythingpossible/©123RF.com, Konstantin Pelikh/©123RF.com, everythingpossible/©123RF.com