The biggest myth about cyber insurance

Despite its prevalence, many producers don’t know much about cyber insurance and that could come back to bite, experts say.

Risk Management News


The recent hacking of online merchandiser eBay, which put its 145 million “active buyers” at risk of data breach, has once again ignited the insurance community’s discussion of cyber liability insurance.

But beyond the obvious “headline as sales push” application, experts say the eBay hack has also taught agents and brokers important lessons on what they don’t know about cyber insurance—and what they ought to be passing along to clients.

Cyber insurance’s biggest myth
As chief privacy officer for Identity Theft 911, Eduard Goodman knows exactly what cyber liability insurance covers and what it doesn’t. That’s not something he can say about all producers selling the product.

“The way I look at it, cyber insurance is sort of a poorly named catch-all,” Goodman told Insurance Business. “A lot of what cyber is designed to do is to address old timey, 1990s concerns—and that might as well be Victorian times from the tech standpoint. The market is starting to respond to data breaches, and agents and brokers are driving that, but they’re not selling specialized coverage for specific SMEs.”

And the biggest misconception of all?

“A lot of folks buy cyber and think they’ll be covered for a loss of personal and private data, but then they’re completely out of luck when it comes to having access to money for letters to be sent, lawyers to be hired, and remediation to be conducted,” he said. “One of the big, gaping holes is that cyber policies are not built or equipped to deal with more common risks, which is actual personal data exposure.”

That’s where producers can point clients to breach response specialists, like ID Theft 911. These services hire experts to cater to the immediate aftermath of all data breaches, ensuring clients are in line with state and federal policies regarding data breaches.

Password protection tips are key
Producers should also pass on tips for password safety, says Jean Chatzky, a personal finance expert and education partner with LifeLock.

Many consumers—like those victimized during the eBay hack—fail to create strong passwords and then change their passwords every four months. A strong password contains eight characters, including capital and small letters, numbers and symbols, Chatzky says. Together, they should not make out a word commonly found in the dictionary.

“My shortcut trick is to come up with a sentence that means something to you,” Chatzky said. “Take the first letter of each word in that sentence and substitute a letter or symbol where appropriate—for example 1 for ‘I.’”

What’s at stake
Producers who fail to learn about cyber insurance and pass along these tips are not only missing out on a potential revenue stream, they may also stand liable in court.

As for their clients, Chatzky says people involved in a data breach are affected financially one-quarter of the time.

“The most benign thing that happens is someone uses your credit card to make a purchase, your company notices, calls you and changes the card,” she said. “The most egregious is they use other information about you to create another version of you and apply for a tax refund or a loan in your name. That becomes very difficult to unwind.”

You may also enjoy: "How you're sabotaging your own cyber sales"
"FTC can sue companies over data breaches, court says"
"Five critical coverage gaps for private companies"

Keep up with the latest news and events

Join our mailing list, it’s free!