From the November 19, 2012 issue of National Underwriter Property & Casualty • Subscribe!

Cyber Coverage: Protecting Against the ‘Hack Attack’

Travelers’ Tim Francis on the essential elements of a Cyber Liability program, which industries are at high risk and who should get the first call when a breach occurs

Cybercrime, including identity fraud, is the world’s fastest-proliferating criminal threat. According to Interpol, cybercrime, which used to be committed by expert individuals, is now perpetrated by organized syndicates that target big and small businesses alike. The crime-enforcement association estimates that, to date, such organizations have stolen up to $1 trillion in intellectual property from businesses worldwide. 

And even though the average cost of a data breach jumped by nearly a million dollars between 2009 and 2010, only 23 percent of U.S. businesses now have formal Internet-security policies in place.  

While there is no sure firewall against smart and determined criminals, Tim Francis, vice president of portfolio management at Travelers Bond and Financial Products, discusses how equally determined organizations can maximize their insurance protections against data thieves. 

What are the components of a comprehensive Cyber Liability program? 

Two important concerns of Cyber coverage are Liability Protection, for when third parties hold the insured responsible for information stolen during data breaches or other network intrusions; and First Party coverage for the forensic investigation, litigation and remediation expenses attributed to the breach. A well-rounded Cyber program will also include additional coverage options that can be tailored to the insured’s needs. Additional coverage can include regulatory-defense, crisis-management or public-relations expenses as well as Business Interruption and Cyber Extortion coverage.

How has Cyber coverage evolved over the past several years?  

Every year leads to newer developments in coverage as more claims are filed, technology changes, customers harness technology in different ways to conduct business, and tech crimes evolve. A few years ago, coverage was predominantly liability-based—hence the term “Cyber Liability.” However, coverage has become a combination of Liability and First Party coverage to deal actively with breach notification and response to states’ breach laws. It has also evolved to encompass an increasing variety of customers in different industries and in a variety of corporate sizes. 

Which sized business is most vulnerable to data breach—small ones like cafes that allow multiple users to access Wi-Fi capabilities, or large corporations with much to lose but that can also afford to invest in security technology? 

Vulnerability may have less to do with the industry or the size of the business than it does with the business’ ability to prepare for, respond to and cope with a data breach or other cyber event. Typically, people assume that the largest breaches happen to large companies with much stored information. That logic is correct, but it doesn’t necessarily mean that those companies are the most vulnerable. 

Smaller breaches can result in an enormous amount of money spent to determine the breach’s scope, what types of records were compromised and who was affected. A smaller breach consisting of a few hundred records may require the same work to be done as those concerning several million records. The actual impact of a small breach can be more damaging to a small company’s bottom line than a large breach to a large company with the resources and reputation to survive such an attack. 

Which industries are currently at the highest risk of a cyber attack? 

The most frequent attacks occur in industries that collect, store and communicate a lot of personally identifiable information, such as education, financial services, health care, government and retail—but in truth, cyber events can and do happen in every industry. The health-care industry is currently at a higher level of cyber-hacking risks because this type of information can be sold more efficiently and for a higher value than credit-card information. Keep in mind, though, that the majority of breaches that occur go unreported.

What is the cost of an average compromised record? 

Actual costs will vary greatly depending on how many records are involved, but as a general rule of thumb, according to 2011 research by the Ponemon Institute, the cost to a company is approximately $200 per record [compromised]. This total amount is a combination of the actual cost of investigating and alleviating the situation, potential liability and potential loss of future business to the company’s competitors.

Who should a hacked business call first? The police, their lawyer or their insurer? 

While it depends on the situation, Travelers would advise a business to contact all of the above as early as possible once a breach is detected. This is why it is so important that the customer is prepared and has a plan in place, should a breach occur. This preparation should include a tabletop exercise that lays out what the next steps are and who is responsible for executing different aspects of the plan. 

About the Author
Anya Khalamayzer, PropertyCasualty360.com

Anya Khalamayzer, PropertyCasualty360.com

Anya Khalamayzer is Assistant Editor of Risk for PropertyCasualty360-National Underwriter. Khalamayzer graduated from CUNY Baruch College after intensive internships with Time Out New York Kids and Crain’s Investment News. Keenly interested in environmental science, music and the arts, her articles have been published in Gotham Gazette, Wonkster blog and Ear to Mind magazine. She can be reached at akhalamayzer@summitpronets.com

Comments

Resource Center

View All »

Contractors General Liability Coverage 102

What is a prior work exclusion? Which option is right for my client? Why do...

Sign up today to get a 50% matching credit -...

Insurance marketing sometimes seems like it's a game of swings and misses, but we're here...

Guide: 5 Steps to Selling Cyber

Cyber risk and data security is on the agenda of every business owner and executive....

Citation Correlation

Do rigger and signalperson qualifications correlate with the cause of crane and rigging accidents? ...

Complete Guide to Electronic Signatures in Property & Casualty Insurance...

In property and casualty insurance, closing new business quickly is key. Learn how to leverage...

INSTANT ACCESS: Complimentary Sales Closer Questionnaires

Help property owners or managers compare your commercial residential property insurance coverage vs. the competition....

Determining Vacant Property Perils and Valuations

Are your clients fully covered for Vacant Properties? In this economic climate, your insureds may...

Risk Management for Law Firms

This package of 3 concise risk management articles offers straightforward content and practical suggestions law...

Guide: Top 15 E&O Risks-And How To Avoid Them

Accidents happen. But when it's an errors and omissions oversight, that accident can open your...

We'll Show You How to Reach Your Sales Goals

Whether you work alone or have a team of agents working for you, we can...

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.