“I’d say it’s a progression,” said Brenda Rose of Firstbrook Cassie Anderson (CRA) Insurance. “The exposures to our businesses are evolving, just like they are for our customers, and we are working to keep up.”
This is not to say that brokerages are currently going without cyber insurance protection. It’s just a matter of what form that protection might take.
Swiss Re Corporate Solutions offers first and third-party data breach coverage through brokerages throughout Canada. The coverage is an extension of its errors and omission (E&O) product and is intended to provide a base level of protection aimed at exposures created by agents and brokers handling the personal data of their customers. It is not structured to be a replacement for a full cyber liability policy.
“Yes, insurance agencies and brokerages are buying cyber liability coverage,” said Bob Petrilli, head of the North American division of Swiss Re Corporate Solutions. “Agents’ and brokers’ awareness of the need for and the importance of this coverage is rapidly increasing.”
Cyber insurance policies generally offer two types of coverage. First, they cover first-party damage costs – such as regulatory costs, for example – related to the disclosure of and recovery from lost or stolen data, hacking attacks, and privacy breaches.
They also cover third-party liability costs. So, for example, if a brokerage experiences a data breach and the hackers use a customer’s data to set up a $600,000 mortgage in the customer’s name, cyber insurance would cover the cost of the customer’s lawsuit against the brokerage for that damage.
These are the same cyber risks facing businesses at large, so brokerages typically don’t require a different kind of cyber insurance policy. One insurer contacted for this story said that brokerages buying cyber insurance tend to be buying it straight-up, “with no fancy extensions.”
The Privacy Commissioner of Canada reports the number of data breaches in the country increased by 29% percent in 2010, with over 350 breaches voluntarily reported. The average cost of a data breach was $5.5 million in 2011, according to the Ponemon Institute, a U.S.-based, independent research institute on privacy, data security and public policy.
Given this type of exposure, brokers’ clients, particularly the larger commercial clients, have been quick to take up cyber insurance coverage. Global brokerage Marsh issued a report a little over a month ago showing that the number of companies buying cyber insurance coverage has increased 33% in 2012 over 2011.
Brokers, like their clients, need to be aware of potential reputational damage that comes with losing clients’ data, says Petrilli.
“Agencies and brokerages must realize that obtaining, storing, and transmitting the personal data of customers – date of birth, drivers’ license numbers, social security numbers, health insurance information, which are all typical questions on insurance applications – creates not only a monetary liability risk, but also creates a significant reputational risk,” he said. “Theft or other unauthorized access of a customer’s personal data can, in minutes, destroy the bond of trust that the brokerage has worked years to establish.”