What do Hillary Clinton, Donald Trump, JPMorgan Chase, Sony Pictures, Anthem Blue Cross and Blue Shield, the US O� ce of Personnel Management, and the infi delity website Ashley Madison all have in common? Strange bedfellows though they may seem, all have been recent victims of highly publicized cyber attacks.
Whether it’s one prominent politician’s email account or the fi nancial information pertaining to 76 million households and 7 million small businesses across the nation, today’s cyber criminal underground is both chillingly precise and appallingly indiscriminate in the devastation that it wreaks around the globe on a daily basis.
Given the level of interconnectedness in today’s business environment, a cyber attack is not a matter of if, but when. According to a recent MarketStance report, more than 6.6 million businesses could be current targets of some type of cyber threat. And a data breach can have serious ramifications for a company’s bottom line. An IBM-sponsored global analysis released in May 2015 found that the average total cost of a data breach has escalated to $3.79 million.
In the past, senior executives and boards of directors might have been complacent about the risks posed by data breaches and cyber attacks. However, the IBM study found that growing concern about the potential damage to reputation, classaction lawsuits and costly downtime is motivating executives to pay greater attention to the security practices of their
organizations. Even so, three-quarters of American businesses still have no cyber liability coverage, according to a recent Towers Watson study.
“Most companies are really just starting to look at their cyber exposure and trying to understand what the risks are for them,” says Tracie Grella, global head of professional liability at AIG. For insurance professionals who are up to the task, this represents a colossal market waiting to be convinced to purchase cyber liability coverage.
“It’s a hot product and a hot sector,” says Jeremy Barnett, senior VP of marketing at NAS Insurance. “It’s a big deal, and it’s constantly evolving.”
Who needs cyber insurance?
Just about any organization that uses technology to do business faces cyber risk – which is why they should be prepared with cyber liability insurance.
“You would have to live under a rock to not realize that all kinds of companies are vulnerable to all kinds of serious threats,” says Kurtis Suhs, vice president and national
technology and privacy product manager at Ironshore. “Even if you are a company with very little personally identifiable information and data, you could still have an event like
CryptoLocker [a ransomware trojan propagated via infected email attachments] that could indiscriminately target you because you are connected to the Internet, and then knock you offline.”
Industries that have adopted cyber coverage most broadly include financial, retail, healthcare and other professional services (such as lawyers and accountants), as well as the hospitality and education sectors.
“But over the last two years, all industries are buying the coverage,” Grella says. “The last industries to really buy are manufacturing and oil and gas.”
While these sectors have less personal data and thus are less at risk of the kind of data breach that is most commonly associated with cyber liability, “they see the value of other things that are now covered under a cyber policy – like business interruption and cyber extortion, which are real threats for those kinds of organizations,” Grella says.
(Part 1 of 2)
to be continued...
