In a world where headlines about Tech are splashed across the top of every business-related news source, cyber insurance has become a major line of coverage for many insurance carriers and their data security conscious clients.  As the pandemic continues to alter lives causing more people than ever to work from home and use mobile devices thereby increasing data breach risks, it is important to understand that cyber insurance is not a “one size fits all” coverage. 

Data Breach Cyber Threats

According to IBM.com, the average cost of a single data breach worldwide is $3.86M.  By contrast, the United States’ average loss for a single data breach is $8.64M. Healthcare security carries the most financial risk where data breaches average $7.13M. And the time to identify and contain a breach is approximately 280 days.

Cyber security insurance became more necessary as realizations over the NotPetya and WannaCry cyber-attacks in 2016 and 2017 demonstrated how disastrous cyber crimes can be on global economics. Carrier Management published an article on the NotPetya attack stating:

“The NotPetya attack dramatically highlighted the potential for systemic vulnerabilities, and how it can have a major financial impact on the global economy,” said Oliver Brew, head of client services at cyber insurance analytics company, CyberCube. “…the attack also illustrated ambiguities in cyber insurance policies, fueling the conversation around silent versus standalone cyber in a quest for greater clarity”, according to Brew.

Silent cyber insurance refers to cyber protections included in liability insurance or other policies. Standalone cyber insurance are policies dedicated and focused on cyber. Although cyber has been written into policies and there are even standalone cyber policies available, just purchasing a cyber insurance policy may not provide all of the coverage needed depending on the risk.

Although there have only been a handful of cyber-attacks to raise awareness regarding the deficiencies in cyber policy, the losses from cybercrime are enormous. Pascal Millaire, CEO of CyberCube said in an article for Insurance Journal:

“Cyber losses are worsening. He noted data released by UK regulatory authorities in 2019, for example, that ranked enterprise-related cyber losses in the country as higher than flood, Japan earthquakes, and most other catastrophes other than California earthquake and Atlantic hurricane-related losses.”

Help for Cyber Threats

However, the good news is there are ways for the insurance industry to get more involved with cyber policy.

Oliver Brew from CyberCube said, “The insurance industry can prepare by supporting clients to improve proactive risk mitigation strategies, develop realistic disaster scenario frameworks to understand the implications and manage capital to address exposures and maintain a sustainable market.”

In conclusion, it’s imperative for the insurance industry to educate consumers, employees, and management on the risks of business interruption by cyber attacks, and also how to combat potential security risks. Michael Millette, managing partner of Hudson Structured Capital Management stated for Insurance Journal:

“With increasing interconnectedness … the cost of a failed connection is higher and higher,” he said. “Cyber risks whether reflected through breakdowns in the cloud [or] web have a chance to disrupt all of our lives [in ways] they didn’t have 40 years ago.”

As the world around us continues to shift and advance, staying informed will only help keep the insurance industry at pace with the current threats. Jeff Nixon of JL Nixon Consulting, Inc. would like to discuss your thoughts.