Cyber risk, what most business owners in the internet boom of the 90’s thought was just a movie trope, is actually a very common risk now.
Ask any insurance agent when introducing cyber coverage to a client and these are the objections they hear most often:
1. “Well, we’re not a huge company that would be a target.”
2. “We invest thousands of dollars into our servers and virus protection, we’ll be fine.”
3. “We have the financials to recover from a cyber breach.”
If you’ve ever said or thought any of these, it’s okay, you’re not alone. Cyber policies are new, and it’s easy to think it can’t or won’t happen unless you’ve been affected by a breach first-hand. As a consultant, our biggest challenge isn’t selling what we do, but rather giving a different perspective to our clients to make certain they fully understand the risks that face their business. We’re in the business of hoping for the best but preparing for the worst. That said, our ever-increasing reliance on technology platforms has created an exposure that changes daily. I put an emphasis on daily, because the technology behind breaches is updated as often as your cellphone or laptop asks you to update the operating system. Groundwork laid, let’s dig into why every business owner should be talking about their cyber coverage.
When it comes to your personal cyber exposure, the numbers tell a story. Believing your “mom and pop shop” doesn’t have a cyber exposure is dangerous. The frequency and severity of breaches is rising, which seems like an expected trend. What isn’t expected is the new breadth of industries affected by the losses. The common misconception is that breach targets are Fortune 500 companies or Government entities, but over the last ten years that’s been disproven. As reported by Property Casualty 360, “62% of cyber breach targets are small to mid-size businesses.” Most insurance brokers aren’t talking about this with their clients.
Loss frequency has increased in most industries by hackers finding new ways of obtaining personal information. As criminals diversify how they tap into a company, they have new targets to gain access; your employees. Targeting employees via malware or phishing attempts multiplies the total exposure of companies that give their employees email addresses or passwords for their servers. You may have top-of-the-line server protection, but without proper training, an employee could make the mistake of opening a malicious email. Criminals have reached the point that they can create an email that looks nearly-identical to a company’s email template opening them the opportunity to get sensitive information from another employee. The long-term solution is generally training, but unfortunately most companies don’t make the investment until well after a breach.
It’s a daunting proposition to take all the correct steps in reacting and responding in the event of an attack. Aside from breach prevention, the real bulk of cyber liability cost comes after the claim. There are mitigation expenses and laws regarding when you report the crime that could result in extra fines if not done correctly or timely. So how do you gauge the real cost of all of this?
We recommend that every client uses a Data Breach Calculator. The results never fail to surprise. One of the more detailed calculators can be found here: Vitrium Data Breach Calculator.
The estimated cost of a breach is immensely important when we go to market for a company’s cyber policies, primarily because a cyber policy shouldn’t be based off price, but should instead be tailored to what losses the client would need help mitigating in the event of a loss.
What’s the solution?
Because of current carrier appetites, it’s incredibly easy to find a competitively-priced, personalized policy. Most traditional cyber policies already cover customer loss, business disruption, regulatory fines, and other liability coverages, but now you can go a step further. Working with specialized underwriting groups gives us access to incident investigation and other mitigation strategies that drive costs down under a loss. Insurance carriers have developed these products to protect their policyholders, which is where we come in as an insurance agency. We share these trends because it’s one piece of our comprehensive plan to keep our clients prepared for the worst, but informed enough to hope for the best.