Survey reveals disconnect between cyber risk and coverage

Insurers say most businesses still need to be told what they need and even then may not be ready to take the plunge

Cyber

By

Do businesses take the threat of data breaches seriously? A new survey conducted by DeLoitte during the last months of 2015 and released in February suggests they do. Interviews with insurance industry cyber experts, however, reveal that while businesses may take the threat seriously, many are still uninsured against the risk.

The survey of hundreds of businesses in five large metro markets indicates that about half of businesses have added cyber coverage to their policies, but Jack Coleman, vice president of managing general agent Midlands Insurance, says he thinks far fewer than half actually have such coverage and that the threat of cyber attacks is still largely unaddressed by most businesses.

Attorney Kara Altenbaumer-Price, Sr. Vice President for corporate risk and governance with USI, said, “Clients are more interested in cyber coverage today than they have been in the past. They are finally beginning to come to us to ask about cyber coverage, but we still have clients who don’t see the need.”

She said USI began indicating to clients five or six years ago that they should consider cyber risk insurance.  “They would say ‘we don’t issue credit cards, we don’t see the risk.’ In the last two or three years, there has been a substantial uptick in interest. Today it is impossible not to see the risk if you watch television or read newspapers or magazines—it is everywhere. Everyone has heard of cyber attacks,” Altenbaumer-Price said.

She said coverage types vary but that it always includes breach response, notifying individuals who may be at risk, and that providing credit monitoring to clients who may be at risk is often included.

Other things that might be covered include:
  • The expense of hiring a public relations firm to help clients manage the news.
  • The expense of hiring accountants, lawyers and other consultants to help a company investigate what happened and how it happened.
  • Privacy liability for those whose information was breached.
  • Regulatory response, such as fines or penalties levied by a state’s attorney general for instance.
  • Ransoms.
  • Business interruption, including lost revenue when compared to the prior year.
Altenbaumer-Price said a big advantage of having coverage is it encourages that first response, where companies notify customers or others who may have had data breached. “So far, the odds of being sued goes way down if companies notify customers immediately.” She said another big advantage to businesses is that insurance coverage enables companies to do the forensic work of figuring out what happened, “and that can help you prevent it from happening again. It reveals your vulnerabilities so can eliminate them.”

Coleman said it is still rare for companies to ask for coverage. “Ninety-nine percent of the time, we bring it up. The ‘it will never happen to me’ attitude is the biggest reason followed closely by thinking it’s too expensive.”

According to the DeLoitte survey, more than 90% of corporate executives say that understanding cyber threats is important, but less than 80% feel they have the understanding they need.

Clearly, progress is being made toward businesses having the understanding and the coverage they need, but this is still an area of growth and an area where businesses rely on their insurance agents to lead the way.
 

Keep up with the latest news and events

Join our mailing list, it’s free!