Are brokers buying cyber insurance?

Brokers are reporting great success in selling cyber insurance to clients, but brokerages have the exact same risk as their clients when it comes to keeping their clients’ data confidential. Are brokers protecting themselves with cyber insurance?

Cyber insurance may be a hot new product to brokers to sell, but has it been a hot new product for brokerages to buy?

The answer depends upon whom you ask. 
 
Some describe brokers without cyber insurance as an example of the cobbler’s children without shoes: they will sell the product, but it might not see the value in purchasing it themselves. And this is not necessarily a bad thing, since brokerages are a business like any other; they have to assess their own capability of responding to the risk of a data breach.
 
“Brokers are no different than any other customer when it comes to writing a cheque,” said one broker, who was speaking under condition of anonymity because he was not authorized to speak on behalf of the brokerage. “They are going to sit down and analyze what they are prepared to pay for insurance.”
 
The broker said the decision to buy cyber insurance may depend in part on the size of the brokerage. In Ontario, approximately 60% to 70% of the brokerages write a premium volume of less than $15 million. The question for them is whether or not the amount of data they handle represents a risk that requires an insurance policy.
 
“Insurance is for a customer who has a risk they can’t handle themselves,” the broker said. “So if I am a mid-sized broker or a small broker in Ontario, am I overly concerned about my data being breached and how much it would cost me? If I had to go out and make that purchase and it’s going to cost me $2,000, I might, like any other insurance buyer, say: ‘I’ll keep my $2,000 and I will assume the risk myself.’ And that would make perfect sense.”
 
Many brokers see brokerages keeping pace with the general business population when it comes to buying cyber insurance. (continued.) 
 

#pb#

“I’d say it’s a progression,” said Brenda Rose of Firstbrook Cassie Anderson (CRA) Insurance. “The exposures to our businesses are evolving, just like they are for our customers, and we are working to keep up.”
 
This is not to say that brokerages are currently going without cyber insurance protection. It’s just a matter of what form that protection might take. 
 
Swiss Re Corporate Solutions offers first and third-party data breach coverage through brokerages throughout Canada. The coverage is an extension of its errors and omission (E&O) product and is intended to provide a base level of protection aimed at exposures created by agents and brokers handling the personal data of their customers. It is not structured to be a replacement for a full cyber liability policy.  
 
“Yes, insurance agencies and brokerages are buying cyber liability coverage,” said Bob Petrilli, head of the North American division of Swiss Re Corporate Solutions. “Agents’ and brokers’ awareness of the need for and the importance of this coverage is rapidly increasing.”  
 
Cyber insurance policies generally offer two types of coverage. First, they cover first-party damage costs – such as regulatory costs, for example – related to the disclosure of and recovery from lost or stolen data, hacking attacks, and privacy breaches. 
 
They also cover third-party liability costs. So, for example, if a brokerage experiences a data breach and the hackers use a customer’s data to set up a $600,000 mortgage in the customer’s name, cyber insurance would cover the cost of the customer’s lawsuit against the brokerage for that damage.
 
These are the same cyber risks facing businesses at large, so brokerages typically don’t require a different kind of cyber insurance policy. One insurer contacted for this story said that brokerages buying cyber insurance tend to be buying it straight-up, “with no fancy extensions.”
 
The Privacy Commissioner of Canada reports the number of data breaches in the country increased by 29% percent in 2010, with over 350 breaches voluntarily reported. The average cost of a data breach was $5.5 million in 2011, according to the Ponemon Institute, a U.S.-based, independent research institute on privacy, data security and public policy.
 
Given this type of exposure, brokers’ clients, particularly the larger commercial clients, have been quick to take up cyber insurance coverage. Global brokerage Marsh issued a report a little over a month ago showing that the number of companies buying cyber insurance coverage has increased 33% in 2012 over 2011. 
 
Brokers, like their clients, need to be aware of potential reputational damage that comes with losing clients’ data, says Petrilli. 
 
“Agencies and brokerages must realize that obtaining, storing, and transmitting the personal data of customers – date of birth, drivers’ license numbers, social security numbers, health insurance information, which are all typical questions on insurance applications – creates  not only a monetary liability risk, but also creates a significant reputational risk,” he said. “Theft or other unauthorized access of a customer’s personal data can, in minutes, destroy the bond of trust that the brokerage has worked years to establish.”  

Keep up with the latest news and events

Join our mailing list, it’s free!