Cyber risk has become a leading issue for risk managers. Insureds need to be mindful that traditional general liability policies do not provide coverage resulting from cyber-attack. A well-crafted cyber policy has features that include risk consultation, breach resolution services, and insurance coverage for lost income and operating expenses.
Demand for cyber specific policies is growing rapidly. Increased interconnectivity, regulations, contractual requirements, and growth in the number and severity of cyber breaches is driving demand. Within ten years the cyber risk insurance market is expected to increase by ten-fold according to an in-depth market study prepared by Allianz.
Where does your cyber risk come from?
The most obvious cyber threats come from external sources such as malware used to penetrate networks. Malware is malicious software that damages, takes control, and/or steals information from computer systems. Malware takes on many forms, is increasingly sophisticated in design, and increasingly more difficult to detect.
Social engineering is a cyber-crime technique in which a person is convinced to perform an action that unwittingly grants access to a network or extract funds. Terms such as “phishing” are often used in this context.
Disgruntled or malicious employees can be a source of cyber-crime. These employees can take advantage of access to confidential information in order to cause financial and reputational harm.
Another common internal threat is when an employee loses a smartphone, tablet, or laptop. A lost mobile device can cost a company thousands or even millions of dollars if basic security tools and procedures were never implemented.
Consequences of a successful cyber attack
A cyber breach can lead to lost customer data, theft of trade secrets, financial theft, identity theft, regulatory action (fines), public embarrassment and reputational damage, business interruption (included significant loss of profits), breach of contract, and extortion.
The role of insurance
A cyber-attack can lead to severe financial impairment. The difficulty in quantifying the risk to an individual business makes the purchase of insurance coverage that much more important. Policies can be designed to address and identify risks prior to an attack, assist with breach resolution, provide coverage for lost income and third party liability.
Cyber insurance is becoming a contractual requirement
The prevalence of companies having some type of contractual insurance requirement for third parties to carry cyber liability will continue to increase in upcoming years. It will soon become as commonplace as the customary requirements for general liability, auto liability, and workers’ compensation.
Some of the more common challenges an organization will encounter are requests with unclear coverage specifications and requirements for coverage that is unattainable. Terms like “cyber liability” and “privacy liability” can have numerous interpretations. These terms need to be clearly described in a contract so that any confusion and misinterpretation is eliminated.