From the November 19, 2012 issue of National Underwriter Property & Casualty • Subscribe!

Cyber Coverage: Protecting Against the ‘Hack Attack’

Travelers’ Tim Francis on the essential elements of a Cyber Liability program, which industries are at high risk and who should get the first call when a breach occurs

Cybercrime, including identity fraud, is the world’s fastest-proliferating criminal threat. According to Interpol, cybercrime, which used to be committed by expert individuals, is now perpetrated by organized syndicates that target big and small businesses alike. The crime-enforcement association estimates that, to date, such organizations have stolen up to $1 trillion in intellectual property from businesses worldwide. 

And even though the average cost of a data breach jumped by nearly a million dollars between 2009 and 2010, only 23 percent of U.S. businesses now have formal Internet-security policies in place.  

While there is no sure firewall against smart and determined criminals, Tim Francis, vice president of portfolio management at Travelers Bond and Financial Products, discusses how equally determined organizations can maximize their insurance protections against data thieves. 

What are the components of a comprehensive Cyber Liability program? 

Two important concerns of Cyber coverage are Liability Protection, for when third parties hold the insured responsible for information stolen during data breaches or other network intrusions; and First Party coverage for the forensic investigation, litigation and remediation expenses attributed to the breach. A well-rounded Cyber program will also include additional coverage options that can be tailored to the insured’s needs. Additional coverage can include regulatory-defense, crisis-management or public-relations expenses as well as Business Interruption and Cyber Extortion coverage.

How has Cyber coverage evolved over the past several years?  

Every year leads to newer developments in coverage as more claims are filed, technology changes, customers harness technology in different ways to conduct business, and tech crimes evolve. A few years ago, coverage was predominantly liability-based—hence the term “Cyber Liability.” However, coverage has become a combination of Liability and First Party coverage to deal actively with breach notification and response to states’ breach laws. It has also evolved to encompass an increasing variety of customers in different industries and in a variety of corporate sizes. 

Which sized business is most vulnerable to data breach—small ones like cafes that allow multiple users to access Wi-Fi capabilities, or large corporations with much to lose but that can also afford to invest in security technology? 

Vulnerability may have less to do with the industry or the size of the business than it does with the business’ ability to prepare for, respond to and cope with a data breach or other cyber event. Typically, people assume that the largest breaches happen to large companies with much stored information. That logic is correct, but it doesn’t necessarily mean that those companies are the most vulnerable. 

Smaller breaches can result in an enormous amount of money spent to determine the breach’s scope, what types of records were compromised and who was affected. A smaller breach consisting of a few hundred records may require the same work to be done as those concerning several million records. The actual impact of a small breach can be more damaging to a small company’s bottom line than a large breach to a large company with the resources and reputation to survive such an attack. 

Which industries are currently at the highest risk of a cyber attack? 

The most frequent attacks occur in industries that collect, store and communicate a lot of personally identifiable information, such as education, financial services, health care, government and retail—but in truth, cyber events can and do happen in every industry. The health-care industry is currently at a higher level of cyber-hacking risks because this type of information can be sold more efficiently and for a higher value than credit-card information. Keep in mind, though, that the majority of breaches that occur go unreported.

What is the cost of an average compromised record? 

Actual costs will vary greatly depending on how many records are involved, but as a general rule of thumb, according to 2011 research by the Ponemon Institute, the cost to a company is approximately $200 per record [compromised]. This total amount is a combination of the actual cost of investigating and alleviating the situation, potential liability and potential loss of future business to the company’s competitors.

Who should a hacked business call first? The police, their lawyer or their insurer? 

While it depends on the situation, Travelers would advise a business to contact all of the above as early as possible once a breach is detected. This is why it is so important that the customer is prepared and has a plan in place, should a breach occur. This preparation should include a tabletop exercise that lays out what the next steps are and who is responsible for executing different aspects of the plan. 

Comments

Resource Center

View All »

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Get $100 in leads with $0 down!

NetQuote's detailed, real-time leads have boosted sales for thousands of successful local agents across the...

The Growing Role of Excess & Surplus Lines in Today’s...

The excess and surplus market (E&S) provides coverage when standard insurance carriers cannot or will...

Increase Sales Conversion with this Complimentary White Paper

This whitepaper will share proven techniques - used by many of the industry's top producers...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

How Many Of Your Clients Are At Risk Of Flood?

Every home is vulnerable to flooding. Learn four compelling reasons why discussing flood insurance with...

Gauging your Business Intelligence Analytics Capabilities and the Impact of...

Big Data, Data Lakes and Data Swamps, How to gauge your company's Big Data readiness....

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.