Cyber Liability
What You Should Know
It’s no secret; businesses in Texas and elsewhere are increasingly becoming targets of cybercrime. Regardless of your industry, the size of your business, and whether or not it is “in-the-cloud,” you should assume every business, including yours, is a target for hackers and cyber-attacks.
While there have been numerous reports, blog posts, etc. on what to do to best mitigate cyber threats, the topic is becomingly increasingly popular, especially regarding the expenses and liabilities resulting from cybercrime activities.
This becomes quite clear when discussing the topic with cyber liability insurance underwriters and brokers as several key factors are currently impacting the market.
Major Issues Affecting the Cyber Liability Insurance Market
The rising premiums, higher deductibles, and added exclusions we’re seeing today in the cyber liability insurance market are directly related to huge recent claim payouts resulting from increased ransomware and other cybercrime events.
While cyber liability insurance costs and coverage availability are determined by several factors, the main drivers affecting these today include:
• Rising Frequency – Ransomware has been significantly increasing year over year, but incidents rose considerably by nearly 150 percent in 2021.
• Increasing Severity – Along with increasing frequency, the severity of ransomware events is also on the rise. In fact, data theft is currently up 77 percent during such attacks.
• Average Incident Cost – The cost associated with recovering from a ransomware event is often considerably greater than the actual ransomware request. Similar to frequency and severity, the average overall per incident cost is rapidly climbing.
• Business Interruption – The average ransomware attack results in 23 days of lost business activity and revenue. This does not include the unquantifiable cost of lost opportunity.
New Security Standards
Cyber liability insurance underwriters now require clients to employ stricter security protocols and additional cyber protection technologies and solutions. In fact, there are several security requirements capable of affecting the successful resolution of a claim.
Some of these requirements include:
• Cyber Awareness Training
• Incident Response Plan
• Disaster Recovery/Backups
• Multi-Factor Authentication
• Secure VPN/RDP
• Endpoint Detection and Response
If your business is not implementing these and other modern security requirements, your payout in the event of a cyber-attack incident may be affected.
Is Cyber Liability Insurance Right for Your Business?
Despite the rising ransomware and cybercrime statistics, the question remains whether or not your business needs cyber liability insurance. The best way to approach this question is to perform a risk assessment in order to determine
any and all potential losses that may be incurred in the event of a cyber-attack or ransomware incident.
A proper risk assessment should account for:
• Maximum potential loss
• Most probable loss
• Compliance and regulatory requirements
• Contractual requirements
• Affordability of coverage
On this last point, cyber liability insurance premiums are determined by a variety of factors, including:
• Potential Exposure – The volume of sensitive data processed, collected, or stored by your company
• Cybersecurity – The cybersecurity defenses you currently have in place
• Security/Claim History – The number of times you have filed a claim or suffered losses due to a cyber threat or attack
• Business Demographics – The industry, sector, size, and revenue of your business
• Policy Terms and Conditions – The liability and coverage limits of specific cyber liability insurance policies
To gain a better understanding of these risks and the impact they can have on the cost of a cyber liability policy, we recommend using the Chubb Cyber Index. This helpful tool provides real-time access to the firm’s proprietary data, offering you insight into today’s cyber threats and how to protect your company from them.
Assess Your Coverage Needs
Cyber insurance is more expensive and confusing with more stipulations now than ever before. This makes understanding cyber liability coverages and the cyber security practices of your Texas business all the more important.
Some of the many examples of cyber liability insurance coverages include:
• Cyber Extortion – Includes coverage for ransomware demands, DDoS attacks, email ransom campaigns, and so on
• Data Loss – Includes coverage for fines and penalties, identity recovery, and liability associated with compromised data
• Business Interruption –Includes coverage for interrupted business and financial losses incurred from a cyber incident
• Third-Party Lawsuits – Includes coverage for potential lawsuits resulting from security incidents impacting a third party
• Fraudulent Payments – Includes coverage for some scenarios involving payments or the transferring of money to a fraudulent company or destination
In addition to this broad scope of coverages, the specific expenses covered by a cyber insurance policy can vary greatly. From forensic analysis and data restoration costs to legal expenses, ransom demands, public relations costs, and even credit monitoring services, today’s cyber insurance policies can cover any and all cybercrime-related expenses.
Mitigating Costs
As ample evidence suggests, there is a strong link between cyber insurance and cybersecurity. In fact, when it comes to your business, your level of cybersecurity has a direct impact on your insurance premium, deductible, and even your coverages.
Not only will it make qualifying for cyber liability insurance easier, but good cybersecurity will also reduce your premiums, minimize the costs incurred from an incident, and perhaps most importantly, reduce the likelihood of having to file a claim in the first place.