This cartoon originally appeared in the Central Penn Business Journal. Used with permission.
“Alexa, activate level 10 cybersecurity defenses, now! And get me my insurance agent.”
Maybe, one day, cybersecurity will be this easy. Today, we are all exposed to various risks in this internet of things (IoT) world. We must take it upon ourselves to protect our businesses, customer data we’ve been entrusted with, and our families’ personal information.
A few months back we wrote about the threat of cybersecurity and its impact on the independent agent. Agents were encouraged to use HawkSoft’s Cybersecurity Checklist to get started with security deployment.
What happens if your cybersecurity efforts fail and you are hit with a breach?
This is where cyber liability insurance comes into play. This blog will explore:
- The rise of cyber laws
- 3 things insurance agents must learn about cyber liability insurance to gain the competitive advantage. Click on link to jump to that section of the article.
- 4 steps to get started selling cyber insurance
Use HawkSoft’s Cyber Liability Insurance Resource Guide for quick access to resources that provide important information about securing cyber liability insurance to hedge against damages from security breaches.
With the growth of Artificial Intelligence (AI) and consumers embracing the convenience of online data exchange, it is the perfect storm for hackers and those with malicious intent. They are constantly finding new ways to tap into even the best-laid cyber defenses. No longer is the profile of a hacker a lonely geek in their sleepwear staring at a screen in their mother’s basement. Many outfits are organized, sophisticated, and well funded. 62% of all cyber-attacks occur to small and mid-sized businesses (SMB). With most SMBs not able to afford expensive security defenses, they are a prime target.
“Without cyber insurance, small businesses are twice as likely to close after a breach.”
The rise of Cyber Laws
In recent months there has been a heightened awareness around cyber and privacy security changes. Countries and states are adopting new regulations at a rapid clip.
- European Union (EU) data privacy law, the General Data Protection Regulation (GDPR)
- Facebook’s legal battle and resulting changes over third parties accessing users’ data without permission
Closer to the insurance industry:
- NAIC Passes Insurance Data Security Model Law, creating rules for insurers, agents, and other licensed entities covering data security, investigation, and notification of breach.
- New York’s Cybersecurity Regulation 23 NYCRR Part 500 is the first state to pass cybersecurity law for financial services institutions
- South Carolina’s DOI cybersecurity bill is the first state to pass cybersecurity law for insurance companies
- California’s Consumer Privacy Act of 2018 outlines some of the toughest data privacy laws in the country.
Even our homes are not safe. Private conversations being hacked via virtual assistants like Amazon’s Alexa, Google Home, home routers, and other high-tech devices.
New regulations serve as the gateway for more laws and more opportunity
These new regulations serve as a gateway for other states to follow.
It’s only a matter of time before Main Street businesses start paying attention to security. Now is the perfect time to consider purchasing cyber insurance for your agency and the opportunity of selling it to your policyholders.
But first, take a moment to educate yourself. The more educated you are about the needs and uses of cyber liability coverage, the more of a trusted advisor you can become to your clients.
3 things agents must learn about cyber liability insurance
- Why cyber liability insurance is needed (for businesses and families)
- What cyber liability insurance covers (and why E&O insurance is not enough)
- Benefits of selling cyber liability insurance (and the challenges agents face)
“Agents and brokers must become at least conversant in cyber risk and cyber insurance, both for their clients and for their own enterprises.”
Joseph S. Harrington
Rough Notes’ Agent and Broker E&O Insurance
No cyber security defense strategy is ever 100 percent safe against today’s rapidly changing technology and aggressive hackers. Businesses, families, and individuals are all vulnerable to attacks through the use of email, social media, and mobile technology like phones, tablets, and laptops. Email scams or ransomware attacks can compromise a vast amount of sensitive information (passwords, SSN, banking, and tax details).
|READ: PC Magazine’s The Best Password Managers of 2018 to determine what password organizer is best for you. Top rated included Dashlane, Keeper, LastPass, Sticky Password, 1Password and more.|
Without cyber insurance, most businesses and individuals will not have adequate resources to survive the financial damages of a cyber attack.
“The cumulative critical impact of [62% of SMB being attacked], makes securing and providing cyber liability coverage for customers imperative.”
Agency Council of Technology (ACT)
Many agents and their insureds operate under the false pretense that Errors and Omissions (E&O) is enough to protect them from the various types of cyber data breaches.
While some E&O policies, specifically technology E&O insurance, do offer some of the same coverage as cyber liability policies, there are some key differences in what each will cover. Cyber coverage is some combination of E&O, network security, and privacy insurance.
Broad implications and uses of cyber liability insurance as cited by ACT:
- Business lost during attack
- Loss of company assets
- Damage to reputation
- Protection costs: staff, firewalls, encryption, and software
- Notification to affected customers
- Potential loss of customers
- Potential state and federal fines if security plan and other required processes were not followed
- Decline in share value and business income
- Costs for post-breach implementations (firewall, encryption, security plans, etc.)
|READ: What is the Difference Between Cyber Liability and E&O Insurance?|
“If a company suffers a cyber attack with only E&O in place, they will not have coverage for a significant portion of their actual expenses. This is why nearly every business will require both forms of coverage to prevent financial ruin after a cyber attack.”
Coverage confusion: First-party versus Third-party coverage
Cyber insurance policies vary immensely in the range of losses that they cover. Terminology used to define loss exposure can be ambiguous and confusing.
Damages covered are typically classified into two categories, First-party damages and Third-party damages. First-party coverage is often the main focus for many businesses, but for some companies, especially tech firms that sell software products or provide technology services, Third-party coverage can prove crucial.
IA Magazine provides explanation on these differences in, First-vs-Third-Party Cyber Coverage, including these definitions:
- First-party cyber coverage: protection for the data you own, such as information that pertains to your customers or employees
- Third-party cyber coverage: protection for liability associated with your customers’ data, among other things
- Privacy breach: incident that results from a failure to protect private, personally identifiable information
- Security breach: incident that bypasses security systems to result in unauthorized access or release of sensitive or confidential data
- Electronic media breach: infringement of a service mark or trademark
In order to buy or offer your clients the most comprehensive coverage possible, you need to understand the value and usage of both First-party and Third-party coverage.
“The bottom line for agents: Ask each and every customer how much personal information they own, and inquire about the breadth of customer information they access. Understanding these simple questions can help agents more appropriately determine the cyber coverage and limit needs of current or prospective insureds.”
Protecting the personal home frontOn a personal level, our homes are being run like smart phones and increasingly vulnerable to hackers. The Standard’s “Protecting Families and Smart Homes With Cyber Insurance” highlights the need for cyber insurance to protect families against attacks done through home devices like Amazon’s Echo, Google’s Nest thermostat, home network routers, gaming consoles, and even cyber bullying of children on social media platforms.
|FACTOID: The emotional and financial costs associated with cyber bullying may be covered with cyber insurance. (The Standard)|
“The National Association of Insurance Commissioners (NAIC) says cyber insurance was the fastest-growing line of insurance in 2017. Packaged policy premiums almost tripled from 2016 going up from $416.8 million to $1.1 billion.”
Cyber liability insurance got a slow start, but is recently on the fast-track. PIA’s Cyber - The Industry’s Fastest Growing Line, provides eye-opening stats about the growth of cyber insurance, like the number of claims and the occurrence policies in-force purchased jumped a whopping 71%.
Cyber insurance coverage offers a tremendous growth opportunity for Personal and Commercial insurers. By 2022, cyber coverage premiums could grow tenfold to $14 billion, according to Fitch Ratings.
So why aren’t more agents diving into this fast-track of selling cyber insurance?
Challenges of selling cyber insurance
Rough Notes’ Agent and Broker E&O Insurance highlights two primary reasons agents are challenged with selling cyber insurance:
- Flux in cyber policies
"Agents are well advised to offer it, but as the cyber insurance market evolves, the carriers, coverages, and terms and conditions are in flux,” says Mark Angelucci, Resident Senior Vice President and E&O Segment Leader of Utica National Insurance.
- Consumers are slow to purchase
"Many customers are shopping and quoting, but not making the purchase,” says Jason Rogers, Senior Vice President Gallagher Affinity Insurance Programs. But there is a shift coming. Rogers thinks that the slow start is changing, and service-based professionals like accountants and attorneys are beginning to see the value of the coverage and are starting to purchase.
ACTION: With consumers researching cyber insurance, yet still on the fence to purchase, a trusted agent can help inform their clients of the benefits of this policy type.
ACT further notes that although there are positive impacts of having and offering cyber liability insurance, including protecting customer’s assets, stabilizing the market’s cyber exposure, and reducing data breach costs, there are many negative hurdles to overcome:
- No standard industry form on which cyber liability policies are written
- Forensic investigation expenses
- Business interruption or extra expense due to system downtime
- Cost of notification of breaches and other response activities
- PCI fines, penalties, and assessments
- Various regulatory action defense, fines, and penalties
Overcoming the challenges
Despite the challenges of cyber policy ambiguity, the good news is, cyber insurance is a growing market. Insurers will continue to have opportunities to become more educated about the value of selling cyber liability coverage to help counter cyber threats. Pricing should also get more competitive as the soft market continues.
- An educated resource
- Offer coverage options
- Explain coverage options in a way your clients understand
Step 1. Education, education, educationUse these resources to help you stay ahead of the game.
- How to Sell Cyber Insurance in a Competitive Market (Independent Agent)
- Analyzing Nonstandard Cyber and Privacy Insurance Policies (International Risk Management Institute)
- Cyber Liability (ACT)
- Where to Find the Best Possible Cyber Coverage (Insurance Journal)
- Trends in Cyber Insurance and Cybercrimes (Rough Notes)
- Expert Gives Agents C- on Understanding Cyber Insurance (The Council of Insurance Agents & Brokers)
Step 2. Understand the risks and guide the purchase process
In order to effectively sell cyber liability insurance, you must understand which risk your clients are exposed to and how best to combat that risk. Insureds need guidance on knowing their own risks - they don't know what they don't know. This is where an educated agent can become a trusted advisor in helping them discover their risks. Here are two really good resources that provide insight into exposing risks, the purchase process, and tips on selling it.
- A Cyber Insurance Policy Checklist (infosecinstitute.com)
- 6 Tips for Selling Cyber Insurance (Propertycasualty360.com)
Step 3. Decide what type of policy to sell, packaged or standalone
There are two sides to selling cyber coverage: packaged policies versus standalone policies. Review these three resources to understand the difference and the process involved with the selection of effective cyber insurance coverage.
Packaged (Unbrokerage) Some, like Unbrokerage, believe packaging your technology E&O and cyber liability insurance policies offers better coverage, especially when it involves both a services failure and a data breach.
Standalone Policies (Insurance Journal) A.M. Best says that top insurance writers are shifting their approach to standalone policies because “this transition to standalone cyber policies may contribute to better pricing and reserving methods, which may ultimately lead to refinements in modeling tools and contribute to more accurate understanding of risk aggregation,”
Where to Find the Best Possible Cyber Coverage (Insurance Journal)
Step 4. Conduct your own evaluation process
One of the most effective ways to become an expert at something new is to experience the process yourself. Consider going through the exercise of evaluating your own agency’s exposure to cyber risk and the types of cyber coverage needed to protect those risks. Even if you decide not to purchase right now, you will gain first-hand knowledge of how best to sell insurance to your clients.
Check with your state insurance associations to see if they offer security and privacy coverage training programs like that of Ohio Insurance Agents. Their program offers member agencies pre-qualification to enroll in a holistic risk management process that trains agency employees privacy compliance in addition to handling data breach notification and third-party suits.
Hedge costly cyber damages with cyber insurance
“Cyber insurance can not only help mitigate the risk on the back-end, but it can also ramp up cybersecurity practices on the front-end due to employee training opportunities and mandatory cybersecurity requirements. While it is important that organizations of all sizes strive to protect their data and stop a breach before it occurs, a cyber liability policy can at the very least, help hedge the costs of a data breach if one were to occur.”
We invite you to comment and discuss our blog and the issues of cyber liability in the Comment Section below. We can all benefit from hearing others' experiences in this new and fast growing market of cyber insurance. Feel free to borrow our materials and/or graphics to assist with your client education journey; all we ask in return is a link back to our article and HawkSoft listed as the source.