Why Cyber Liability Insurance Matters

0
162

The moment you put any part of your business online you become a potential target for cybercriminals, who can attack from anywhere in the world, at any time. From phishing emails to targeted data breaches and ransomware attacks, cyber threats are a real and present risk that your business needs to protect against.

In 2020, almost 75% of organizations were targets of payment scams, according  to the Association for Financial Professionals 2021 Payments Fraud and Control Survey.[1] Beyond payment scams, there are many other forms of cyberattacks that can damage an organization, including attempts to steal valuable information such as customer data and intellectual property. The IBM Cost of a Data Breach Report 2020 shows that the average cost of such data breach attacks in the United States was $8.64 million.[2]

Traditional insurance does not cover the impacts of cyberattacks, which is why cyber liability insurance is becoming an increasingly important tool for organizational risk management.

Ransomware Aims to Hold Your IT Systems Hostage

Following several highly publicized and costly cyber events, cyber risk now ranks as one of the top enterprise-wide risks facing organizations today. Technological developments have revolutionized the way in which companies offer their products and services, allowing them to reach new customers with increased operational efficiencies, but these changes do not come without risk. As the pace of technological change continues, most companies now have a total reliance on IT networks and the information that they hold.

A growing form of cyberattack is the use of ransomware to hold an organization’s IT systems and/or data hostage and demanding a ransom to return control to the organization. Risk management and advisory firm Willis Towers Watson notes: “Cyber criminals are targeting businesses of all kinds with ransomware attacks. As these attacks become more sophisticated, carrying the potential to affect a wholesale inability to access a firm’s entire electronic infrastructure, ransom demands have increased — often reaching eight figures.”[3]

Factors That Increase the Likelihood and Severity of Cyberattacks

  • Big Data: Large volumes of confidential customer information
  • Expanding network perimeter: Supply chain risk and the myriad of interconnected service providers
  • New threat vectors: Ransomware and social engineering, where users are tricked into making security mistakes or giving away sensitive information
  • Increased regulatory burden: Global privacy regulations continue to tighten, impacting the way confidential consumer information is collected, stored, processed and disposed of, with substantially increased financial consequences in the event of a privacy breach.

Types of Cyber Threats

While ransomware is the primary threat vector currently being used by bad actors, other cyber threats can be equally damaging if an organization is victimized:

  • Business Email Compromise
  • Email Account Compromise
  • Social Engineering
  • Insider Threats/Theft

Chart 1: Ransomware Attacks in the U.S.

View accessible version of this chart.

How Cyber Insurance Can Help

Traditional insurance is usually meant to protect against physical risk and outcomes, such as fire, flood or theft of goods, and is not designed to respond to cyber threats and their resulting impacts, as illustrated in the chart below. Although aspects of cyber insurance can be found embedded in other lines of coverage, the most effective cyber coverage is found in stand-alone policies that can fill traditional policy gaps by addressing the first- and third-party impacts that can result from a cyber-incident, whether malicious or accidental.

Chart 2: Cyber Liability Coverage

Property Crime/Bond Kidnap/Ransom Professional Liability Cyber*
First-Party Privacy / Networks Risks
Physical damage to data Limited Coverage Limited Coverage
Virsus / hacker damage to data Coverage Provided
Denial of service attack Coverage Provided
Business interruption security event Coverage Provided
Exortion or threat Limited Coverage Limited Coverage
Employee sabotage Limited Coverage Coverage Provided
Third-Party Privacy / Network Risks
Theft / disclosure of Private info Coverage Provided
Confidential corporate information breach Coverage Provided
Technology errors and omissions Coverage Provided Coverage Provided
Privacy breach notification Coverage Provided
Regulatory privacy defence / fines Coverage Provided
Virus / malicious code Limited Coverage Coverage Provided

*Cyber insurance is constantly evolving and the exclusions to coverage changing; you should work with your broker/insurer to monitor coverage regularly.

Cyber Threats Are Real

With the frequency and severity of cyberattacks trending upward, protecting your business is more important than ever. Practicing good “cyber hygiene” and having robust defenses in place is your business’s first line of defense, but cyber liability insurance can be a key component to an effective risk management program. You should work with your insurance broker and legal   counsel to determine if cyber liability insurance is appropriate for your business based on your specific risk profile and appetite.  It is important to note that a growing number of cyber insurers are creating exclusions for companies found to be using old or deprecated systems or software. Customers need to be aware of any exclusions. Cyber liability insurance will not prevent losses from occurring but plays a key role in keeping your business running smoothly in the event it experiences such an attack.

 

Accessible Version of Chart 1

Chart 1: Ransomeware Attacks in US

Ransomware attacks are becoming more common in the United States

Ransomware accounted for 30% of all U.S.-based cyberattacks reported to and confirmed by Verizon data breach researchers in 2020, more than double the rate for the world.

World X axis World Y Axis United States X Axis United States Y Axis
2015 1% 2015 -1%
2016 7% 2016 4%
2017 16% 2017 6%
2018 10% 2018 11%
2019 12% 2019 23%
2020 14% 2020 30%
Source: Verizon 2021 Data Breach Investigation Report

 

___

This article was originally published on the PNC Insights blog.

sideways white triangle in orange circle and PNC BANK