One Year Later: Progress and Potholes in Cyber Risk, the Most Dangerous Threat No One’s Talking About
By: Michael Miller, State Director Minnesota, Wisconsin, and Iowa
A year ago in this magazine, I introduced the most dangerous threat no one is talking about in the insurance industry—cybersecurity—and why that was great news for your business. For every four business owners who walk into your agency, three will not be protected against cybersecurity risks. It’s a staggering number, and one that gave you a valuable opportunity to help your clients.
Now, a year has passed, and I wanted to update you on the state of cybersecurity risks today and the progress—and potholes—our industry is making to help protect individuals and businesses.
Notable Cyber Risks in 2017
More data breaches occurred in the first half of 2017 than in all of 2016. Misconfigured security settings, out-of-date software, and lack of strategy on how to prevent and stop data breaches were largely to blame. Uber, InterContinental Hotels Group (IHG), and Verizon all experienced cyber-attacks and data thefts, affecting millions of consumers.
But the largest breach of 2017 occurred at Equifax. In September 2017, Equifax announced 145.5 million consumers were affected by a data breach. That’s nearly half the US population’s sensitive information, including addresses, birth dates, Social Security numbers, and credit card information. The breach was absolutely massive, and experts believe it will cost consumers and Equifax around $4 billion to ameliorate.
Progress and Potholes within the Insurance Industry
Fortunately, the insurance industry continues to develop products to protect consumers and businesses from cyber risk. More than 60 carriers now write monoline cybersecurity policies, with gross premiums into the billions of dollars. Popular carriers include many in the Smart Choice® program, such as Travelers, Burns & Wilcox, Liberty Mutual, CNA, and Crump. Experts at the NAIC believe the number of carriers who offer cyber risk policies and the types of liability those policies cover will increase over the next few years.
However, protecting against cyber risk with insurance is still relatively novel for consumers and businesses. Many continue to learn the hard way that their general liability policies don’t cover losses from a data breach, hack, or other cyber-attack. This puts businesses and consumers at risk of having sensitive information stolen, held ransom, or used against them. Businesses face their own set of cyber risks, from damaged reputations to loss of valuable assets such as customer lists and trade secrets.
What 2018 Has in Store for Cyber Risk
While cyber insurance and cybersecurity regulations will grow stronger and more numerous this year, so will the intensity and frequency of cyber attacks. Sophisticated attacks using artificial intelligence will be increasingly difficult to identify and prevent. Bad actors will continue to hijack consumer and business networks and hold them ransom. Cryptocurrency technologies will sustain attacks, too.
With these threats on the horizon, you can’t afford not to offer cyber insurance to your consumer and business clients. This year, learn about the cyber insurance policies your carriers offer and develop a plan on how to cross-sell them to your current commercial insurance clients. Once you have your pitch down, start promoting cyber insurance in every conversation you have with potential commercial insurance clients. Become the local resource on cyber risk and offer solutions that empower businesses to protect their own data and the personal information of their customers.
What Cyber Insurance Covers
Cyber insurance policies cover liability and property losses that occur when a business is hit with a cyber attack.
Coverage may include:
- Business interruption from cyber attack
- Computer fraud
- Costs of credit monitoring, fines, and loss after a data breach
- Cyber extortion
- Data loss and destruction
- Funds transfer loss
- Liability from data breaches
- Liability from web content
- Notification costs in the event of a data breach