By Janet Horenberg, CPCU, CIC, CRM
NFP Property & Casualty Services, Inc.
Virtually every business is at risk to cyber losses. Cyber insurance was created to close the gaps in other insurance such as General Liability, Crime and Directors & Officers/Management Liability. A Cyber policy can include coverage such as Privacy and Network Security Liability, Regulatory Proceedings/Fines & Penalties, Media Liability, Data Breach Expenses, Network Extortion, Digital Assets, and Business Interruption.
Storing or using private or proprietary data, accepting credit cards, e-commerce, maintaining employee information or a website presence are just some of the activities that create cyber liability exposures. An organization can be held liable for damages to others as a result of failing to protect data, failing to provide access to authorized users, infringement of copyrighted property, failing to comply with privacy laws, indemnity agreements in cloud agreements and other business contracts.
Out of pocket costs as a result of damage to digital assets, cyber extortion, business interruption, reputational injury, forensics, credit monitoring and notification expenses to comply with privacy laws are often underestimated and typically a significant part of the loss. The average cost of direct loss from a data breach can exceed $200 per record.
High profile attacks are widely publicized, but we don’t hear about the frequency or the impact on small to mid-sized companies. Microsoft estimates that 20% of small to mid-sized companies have been the victim of cybercrime – not a surprising statistic considering many smaller organizations don’t have the resources to spend on computer security.
The Cyber insurance marketplace is continuing to evolve as insurers learn more about technology and gain experience from losses. Cyber insurance is widely available; however, the coverage, terms and conditions vary greatly among different insurers. These non-standard coverage forms require a thorough review to avoid surprises at the time of loss. The analysis of the loss exposures and the purchase of insurance can be a complicated process, considering the myriad of state and federal privacy laws, mobility of data and the rapid changes in technology. Purchasing Cyber Insurance requires the expertise of an experienced insurance professional who can assist an organization with the analysis of an entities’ risk profile and available cyber insurance policies to align the insurance to meet the needs of the organization.