Cyber Security Insurance

September 16, 2014

One of the trending topics in the insurance industry has been the emergence of cyber risk, and the greater understanding of how to protect against it.  Cyber insurance provides coverage for the response to and fallout from cybercrime and breaches. The need for cyber insurance has never been more acute, with numerous, massive incidents at companies like Target, Home Depot and eBay, as well as government agencies including the Office of Personnel Management.  These incidents, and many others like it, have prompted companies large and small to mitigate their exposure to cyber risk.

The exposure these companies face could be massive. The extent and cost of a data breach can vary wildly, depending on the nature of the information and the number of people affected. As the International Law Office notes, though, the costs can quickly and easily skyrocket to millions of dollars. According to the Ponemon Institute study, the average organizational cost of a single data breach is $5,403,644, with $565,020 of that being spent on customer notification alone. The costs include forensic investigations, credit monitoring, customer notification, rectification of the breach and defense against liability claims brought by customers or regulatory agencies. Many business owners are shocked to see these figures, yet the vast majority of businesses are not protected against cybercrime. Industry experts hope that as understanding and awareness of this issue grows, so too will investments in cyber risk deterrence and insurance.

There are indications that this is already beginning. A recent New York Times report states that total cyber insurance premiums paid last year were $1.3 billion, a jump from the $1 billion paid in 2012. The bulk of that involves smaller policies issued to small to midsize businesses. With more than 50 carriers now offering cyber insurance, these figures are expected to increase rapidly in the coming years; a recent study by the Ponemon Institute revealed that while only 31% of respondents had a cyber-security insurance policy in place, 57% said they planned on purchasing a policy in the near future.

The increasing occurrence of cybercrime, against large multi-national corporations and small to mid-size business alike, is a trend that is likely to continue. As Federal Bureau of Investigations Director Robert Mueller stated, “There are only two types of companies: those that have been hacked, and those that will be.”

Insurers continue to assess and analyze the risks associated with cybercrime, allowing them to more accurately predict the likelihood of a breach, and the value of any associated losses. As the insurance industry adapts to this new market, we are continuing to educate ourselves on the subjects of cyber risk and cyber liability insurance, and can serve as a resource to any business interested in this subject.