What’s at risk when a cyberattack hits?

What’s at risk when a cyberattack hits? | Insurance Business

What’s at risk when a cyberattack hits?

When a data breach happens, it’s personally identifiable information (PII) that’s often on the line for many companies, evident when Ticketfly experienced a data breach that exposed 26 million customers’ data.

That’s not the only asset that’s at risk, however, especially as cyber attackers become bolder and set their sights on bigger targets, including infrastructure and government entities.

“Cyber can cause a variety of losses beyond the breach of personally identifiable information,” said Shawn Ram, head of insurance for Coalition, which offers a suite of comprehensive insurance coverage and free cyber security tools. “Cyber can be a physical peril and cause bodily injury, [it] can cause property damage. If an adversary infiltrates a manufacturing entity or a power plant, not only can credit card information get lost. Perhaps more importantly, buildings can fall to the ground, people can get hurt and environmental chemicals can get released.”

A coffee bean distributor, for instance, could be worried about someone hacking into their system and causing that product to be spilled or damaged, if the hack results in the failure of physical security measures or impedes the transportation of the coffee beans. The same goes for any company operating in the food and beverage sector, manufacturing or other industry that not only holds sensitive information on their networks, but also in their storerooms.

According to Ram, a lot of brokers and policyholders have approached Coalition with similar concerns, but it’s been difficult for them to find that holistic cyber coverage.

“Historically, those would be difficult to cover in a cyber incident, and, from a property standpoint, it’s also difficult,” said Ram, adding that the coverages offered by Coalition mend that gap in exposure between a property or pollution policy and a cyber policy.

There are a few ways to better integrate policies, one of which is adding cyber coverage to commercial casualty insurance – a route that AIG took back in October. Ram sees another way to move forward.

"The notion of covering this adequately in other areas of insurance I think will be difficult over time,” he said. “Reinsurance treaties, pricing, coverage constraints – all of those things are associated with it. I believe this – and obviously we live this – is that the greater opportunity is to have a better product when it comes to cyber insurance as a standalone product.”

Coalition also puts to work a unique underwriting process that includes a technology scan of an insured’s network and web properties, gathering tens of thousands of pieces of information about their cyber security to identify any issues or potential weaknesses. A recent partnership with online market access system Big “I” Markets means the company’s insurance and risk management solutions will now be available to the 10,000 Big “I” Markets agencies, and the businesses they insure, demonstrating the appeal of this type of solution.

While the cyber expert believes that large carriers will continue to provide innovation and drive the cyber insurance market, the lion has something to learn from the mouse.

“At the same token, I’m confident that the disruptive opportunities that exist from smaller companies, start-ups, in the market, will effectively raise the entire wave,” said Ram. “Everyone will rise as a result.”

 

Related stories:
IBM: The “hidden” costs of data breaches severely hurt businesses
In age of data breaches 'complete compliance' is paramount