Cyber is everywhere, even earning its own CSI spin off on TV! With the well-publicized cyber attacks and data breaches at Target, NATO, JPMorgan Chase, and Anthem, cyber security and losses associated with cyber crimes are a growing concern throughout the business world. While the total number of data breaches and record exposures often fluctuates year to year, organizations are seeing a continued upward trend.
According to the Identity Theft Resource Center, the number of U.S. data breaches tracked in 2014 hit a record high. The center has been tracking these events since 2005. The reported 783 breaches in 2014 represents an increase of 27.5 percent over the 614 reported in 2013 and an increase of 18.3 percent over the previous milestone of 662 breaches tracked in 2010. In addition, the number of data breach incidents hit a high of 5,029 reported incidents, involving more than 675 million estimated records.
Cyber risk has now moved into the top three global business risks, according to the fourth annual Allianz Risk Barometer Survey. This is a significant jump from its eighth place ranking and 15th place ranking in 2014 and 2013, respectively.
It is clear that cyber is becoming a critical threat to both governments—faced with a potential for undermined national security—and businesses—struggling to store confidential customer and client information online. Unfortunately, traditional insurance policies have not typically covered the emerging cyber risks. As a result, specialized cyber insurance policies have been developed to support and protect businesses and individuals. A joint survey from Advisen and Zurich recently found that 52 percent of companies are claiming to have purchased cyber liability insurance.
With an ever-evolving range of risks, the selection of cyber risk coverage options is expanding as insurers work to keep ahead of the game. Some interesting options that have emerged as a result of the growing focus on cyber risk include the following:
- Loss/Corruption of Data: Focused more on protecting the actual data, loss or corruption insurance often covers the damage to, or destruction of information assets, due to viruses and malicious code.
- Business Interruption: When an attack on a company’s network limits its ability to conduct business, business interruption insurance covers the loss of income, as well as extra costs including forensic expenses.
- Liability: Cyber risk liability insurance covers the legal costs incurred and, sometimes even the punitive damages, resulting from data theft, virus transmission and security failures.
- Cyber Extortion: This newly introduced coverage option focuses on the “settlement” of extortion threats against a company’s network, as well as the cost of hiring a security firm to handle blackmailers.
- Crisis Management: Managing and rebuilding one’s organization following a cyber incident can be extremely costly. Crisis management covers the cost of notifying consumers of the breach, providing remediation services and retaining public relations assistance to help with the potential fallout.
- Criminal Rewards: This insurance policy covers the cost of posting a reward for information leading to the arrest and conviction of a cyber criminal involved in attacking company computers or networks.
Cyber risk is evolving at a rapid pace. Today’s insurance organizations are working hard to evolve with it. Already, focus is on the latest round of emerging risks, including the growing use of cloud services, the use of personal devices for business, and the emergence of social media and the resulting potential for online slander. Only time will tell what the future holds in the realm of cyber risk coverage.
What do you predict will be the next major trend in cyber risk insurance?