Why Cyber Insurance Is the Most Important Coverage for Today

Graphic of Padlock Interlocking Across a City

Why is Cyber Insurance Important?

Every time we turn on the news, we are overloaded with information regarding cyberattacks against government entities, international businesses, power grids, hospitals, manufacturers, and more. As this cyber claim activity continues to rise, so does the amount of money being demanded. Cyber insurance has become one of the most important risks for companies to evaluate in an increasingly digital business landscape.

However, many businesses are under the impression that if their company transfers their risk to a third party, they are no longer responsible in the event of an attack. Or maybe they believe that they do not present a cyber exposure or that their existing insurance policies cover all potential cyber claims. As a result of this false sense of security, we are seeing increases in claims settlements, costs of insurance, and limitations of coverage in the market.

Background of Cyber Insurance

Globally, companies are becoming more reliant upon computer systems and access to digital information. With Covid-19 pushing companies to shift toward remote work, the adoption of platforms and devices that allow sensitive data to be shared with third parties has accelerated. As the world continues to rely on complex digital platforms, cyberthreats continue to outpace society’s ability to prevent and manage them. With cybersecurity attacks growing by 31% from 2020 to 2021, the number of attacks per company increased from 206 to 207.¹ Cybercrime is projected to hit $10.5 trillion by 2025.² It is now not a question of “if” but “when” businesses will experience a breach.

Why are Cyber Attacks Getting Worse?

Why can’t we stop criminals from cyberattacks? These criminal operations have free rein due to the minimal barriers of entry for participants in the ransomware industry and little risk of extradition, prosecution, or sanction.³ Cyberthreat actors using ransomware are leveraging tougher pressure tactics as well as going after more vulnerable targets—impacting public utilities, healthcare systems, and data-rich companies.⁴ Each year carriers attempt to catch up with new and emerging cyberthreats, resulting in coverages, endorsements, and limits being altered. No one cyber policy is identical. Many businesses may be operating under the belief that their existing insurance policies are enough to cover their data security and privacy exposures. Unfortunately, this is not always the case, and traditional insurance policies may be inadequate to respond to the exposures organizations face today.

Up Close View of Password Entry on Screen

Trends in Cyber Insurance Claims

Understanding the history and context of this issue helps illuminate how businesses have found themselves in such a challenging position. Businesses’ most common cyberattacks are highlighted in the below graph from Verizon’s “2021 Data Breach Investigations Report.”⁵

Cyber Insurance Graph Showing Trends in Claims

Understanding the history and context of this issue helps illuminate how businesses have found themselves in such a challenging position. Businesses’ most common cyberattacks are highlighted in the below graph from Verizon’s “2021 Data Breach Investigations Report.”⁵

Example of a Cyber Insurance Claim

With such a high frequency of claims and the constant focus from the news, it can be easy to dissociate with reality of the actual risk. However, it’s important to see the true damages these claims can cause:

HVAC Company Causes Data Breach at Target

- Target contracted an HVAC company, Fazio Mechanical Services, to work on their HVAC units at a retail location. Prior to starting the job, Fazio Mechanical Services systems had been breached by attackers through an email phishing campaign. During their employment with Target, Fazio Mechanical revealed it had a data connection with Target which was used for submitting electronic bills, contracts, and project management materials. The party responsible for the phishing campaign was able to access Target’s network. This resulted in over 70 million Personal Identifiable Information (PII) and 40 million credit cards and debit cards being compromised. Target’s financial damages were estimated to be between $240 million and $2.2 billion in addition to the banks that were required to refund over $200 million in stolen money from their customers.⁶

Renault-Nissan Manufacturer

- Renault-Nissan is an automobile manufacturer with operations across the globe. In 2017 they experienced a cyberattack involving “WannaCry Ransomware.” This attack stopped production at five plants located in England, France, Slovenia, Romania, and India. To prevent the attack from spreading further, the company was forced to shut down their entire network. While the financial loss was never disclosed, “WannaCry Ransomware” was estimated to cause over $4 billion in damages across the multiple companies.⁷

Long Aisle of Technology Servers in Glass Cabinets

What Can You do Against Cyberattacks?

As cyber continues to be a threat for businesses, so does the cost of protection. Here is what you can do to protect your company from the next cyberattack.

1. First and foremost, hire an agent that understands the complexity of the cyber insurance market. Just as no two businesses are identical, the same can be said for insurance policies.

2. Identify the exposures of your business that are susceptible to cyberattacks and make sure that they are covered under your cyber policy. Some examples include:

a. Healthcare companies will want to include a bodily injury and/or property damage endorsement on a cyber policy. If someone breaches their network which causes life stabilizing equipment to stop working or drug spoilage, are you covered for that?

b. Manufacturing companies may lose income if they are forced to shut down production due to a data breach. Does your cyber policy cover business interruption as a result of a cyberattack?

c. Financial service firms that store sensitive information will be required to notify and indemnify their clients in the event of a data breach, even if that breach occurs on a platform that is not owned by the insured.

3. Protect credentials, especially administrative ones. Consider implementing multi-factor authentication.

4. Implement endpoint protection that combines AI-based prevention technologies so you can stop ransomware attacks before they disrupt your business.

5. Continually back up your servers correctly. Have at least one set of backups that cannot be reached via your network.

6. Provide security awareness training for employees on a regular basis.

7. Work to create and implement an incident response plan.

Get Proper Cyber Coverage Today!

If you have cyber liability coverage, make sure you have the correct coverage. If you don’t have coverage, there is no better time to investigate purchasing it. The ransomware and cybercrime industry is not going anywhere, so it’s time to make sure your business is covered. If you have any questions, please reach out to a Tower Street Insurance agent today, and we will be happy to assist you!

Tower Street Insurance Vacation Insurance

Tower Street Insurance can Help You With All of Your Telecommunication Insurance Needs

When was the last time you had your insurance truly evaluated to assure there are no gaps? Our agents here at Tower Street Insurance can assess your current coverage for all of your loss control, personal insurance, and business insurance needs.

We would love to set up a meeting to go over your coverage with you and provide you with a coverage gap analysis completely free of charge! Reach out to us today to schedule a meeting and get a quote today.

Sources