This cartoon originally appeared in the Central Penn Business Journal. Used with permission.
“Alexa, activate level 10 cybersecurity defenses, now! And get me my insurance agent.”
Maybe, one day, cybersecurity will be this easy. Today, we are all exposed to various risks in this internet of things (IoT) world. We must take it upon ourselves to protect our businesses, customer data we’ve been entrusted with, and our families’ personal information.
A few months back we wrote about the threat of cybersecurity and its impact on the independent agent. Agents were encouraged to use HawkSoft’s Cybersecurity Checklist to get started with security deployment.
What happens if your cybersecurity efforts fail and you are hit with a breach?
This is where cyber liability insurance comes into play. This blog will explore:
Use HawkSoft’s Cyber Liability Insurance Resource Guide for quick access to resources that provide important information about securing cyber liability insurance to hedge against damages from security breaches.
With the growth of Artificial Intelligence (AI) and consumers embracing the convenience of online data exchange, it is the perfect storm for hackers and those with malicious intent. They are constantly finding new ways to tap into even the best-laid cyber defenses. No longer is the profile of a hacker a lonely geek in their sleepwear staring at a screen in their mother’s basement. Many outfits are organized, sophisticated, and well funded. 62% of all cyber-attacks occur to small and mid-sized businesses (SMB). With most SMBs not able to afford expensive security defenses, they are a prime target.
“Without cyber insurance, small businesses are twice as likely to close after a breach.”
Phillip Naples
CEO, UnBrokerage
In recent months there has been a heightened awareness around cyber and privacy security changes. Countries and states are adopting new regulations at a rapid clip.
Closer to the insurance industry:
Even our homes are not safe. Private conversations being hacked via virtual assistants like Amazon’s Alexa, Google Home, home routers, and other high-tech devices.
These new regulations serve as a gateway for other states to follow.
It’s only a matter of time before Main Street businesses start paying attention to security. Now is the perfect time to consider purchasing cyber insurance for your agency and the opportunity of selling it to your policyholders.
But first, take a moment to educate yourself. The more educated you are about the needs and uses of cyber liability coverage, the more of a trusted advisor you can become to your clients.
“Agents and brokers must become at least conversant in cyber risk and cyber insurance, both for their clients and for their own enterprises.”
Joseph S. Harrington
Rough Notes’ Agent and Broker E&O Insurance
No cyber security defense strategy is ever 100 percent safe against today’s rapidly changing technology and aggressive hackers. Businesses, families, and individuals are all vulnerable to attacks through the use of email, social media, and mobile technology like phones, tablets, and laptops. Email scams or ransomware attacks can compromise a vast amount of sensitive information (passwords, SSN, banking, and tax details).
| READ: PC Magazine’s The Best Password Managers of 2018 to determine what password organizer is best for you. Top rated included Dashlane, Keeper, LastPass, Sticky Password, 1Password and more. |
“The cumulative critical impact of [62% of SMB being attacked], makes securing and providing cyber liability coverage for customers imperative.”
Agency Council of Technology (ACT)
Many agents and their insureds operate under the false pretense that Errors and Omissions (E&O) is enough to protect them from the various types of cyber data breaches.
It’s not.
While some E&O policies, specifically technology E&O insurance, do offer some of the same coverage as cyber liability policies, there are some key differences in what each will cover. Cyber coverage is some combination of E&O, network security, and privacy insurance.
Broad implications and uses of cyber liability insurance as cited by ACT:
| READ: What is the Difference Between Cyber Liability and E&O Insurance? |
“If a company suffers a cyber attack with only E&O in place, they will not have coverage for a significant portion of their actual expenses. This is why nearly every business will require both forms of coverage to prevent financial ruin after a cyber attack.”
Cyber insurance policies vary immensely in the range of losses that they cover. Terminology used to define loss exposure can be ambiguous and confusing.
Damages covered are typically classified into two categories, First-party damages and Third-party damages. First-party coverage is often the main focus for many businesses, but for some companies, especially tech firms that sell software products or provide technology services, Third-party coverage can prove crucial.
IA Magazine provides explanation on these differences in, First-vs-Third-Party Cyber Coverage, including these definitions:
In order to buy or offer your clients the most comprehensive coverage possible, you need to understand the value and usage of both First-party and Third-party coverage.
“The bottom line for agents: Ask each and every customer how much personal information they own, and inquire about the breadth of customer information they access. Understanding these simple questions can help agents more appropriately determine the cyber coverage and limit needs of current or prospective insureds.”
FURTHER READING:
Understanding Third-Party Cyber Liability
Technology E&O Insurance vs. Data Breach Insurance
Tech E&O Insurance - A Primer for Risk Managers
| FACTOID: The emotional and financial costs associated with cyber bullying may be covered with cyber insurance. (The Standard) |
“The National Association of Insurance Commissioners (NAIC) says cyber insurance was the fastest-growing line of insurance in 2017. Packaged policy premiums almost tripled from 2016 going up from $416.8 million to $1.1 billion.”
Source: Pia.west
Cyber insurance coverage offers a tremendous growth opportunity for Personal and Commercial insurers. By 2022, cyber coverage premiums could grow tenfold to $14 billion, according to Fitch Ratings.
So why aren’t more agents diving into this fast-track of selling cyber insurance?
Rough Notes’ Agent and Broker E&O Insurance highlights two primary reasons agents are challenged with selling cyber insurance:
ACTION: With consumers researching cyber insurance, yet still on the fence to purchase, a trusted agent can help inform their clients of the benefits of this policy type.
ACT further notes that although there are positive impacts of having and offering cyber liability insurance, including protecting customer’s assets, stabilizing the market’s cyber exposure, and reducing data breach costs, there are many negative hurdles to overcome:
Despite the challenges of cyber policy ambiguity, the good news is, cyber insurance is a growing market. Insurers will continue to have opportunities to become more educated about the value of selling cyber liability coverage to help counter cyber threats. Pricing should also get more competitive as the soft market continues.
In order to effectively sell cyber liability insurance, you must understand which risk your clients are exposed to and how best to combat that risk. Insureds need guidance on knowing their own risks - they don't know what they don't know. This is where an educated agent can become a trusted advisor in helping them discover their risks. Here are two really good resources that provide insight into exposing risks, the purchase process, and tips on selling it.
There are two sides to selling cyber coverage: packaged policies versus standalone policies. Review these three resources to understand the difference and the process involved with the selection of effective cyber insurance coverage.
Packaged (Unbrokerage) Some, like Unbrokerage, believe packaging your technology E&O and cyber liability insurance policies offers better coverage, especially when it involves both a services failure and a data breach.
Standalone Policies (Insurance Journal) A.M. Best says that top insurance writers are shifting their approach to standalone policies because “this transition to standalone cyber policies may contribute to better pricing and reserving methods, which may ultimately lead to refinements in modeling tools and contribute to more accurate understanding of risk aggregation,”
Where to Find the Best Possible Cyber Coverage (Insurance Journal)
One of the most effective ways to become an expert at something new is to experience the process yourself. Consider going through the exercise of evaluating your own agency’s exposure to cyber risk and the types of cyber coverage needed to protect those risks. Even if you decide not to purchase right now, you will gain first-hand knowledge of how best to sell insurance to your clients.
Check with your state insurance associations to see if they offer security and privacy coverage training programs like that of Ohio Insurance Agents. Their program offers member agencies pre-qualification to enroll in a holistic risk management process that trains agency employees privacy compliance in addition to handling data breach notification and third-party suits.
“Cyber insurance can not only help mitigate the risk on the back-end, but it can also ramp up cybersecurity practices on the front-end due to employee training opportunities and mandatory cybersecurity requirements. While it is important that organizations of all sizes strive to protect their data and stop a breach before it occurs, a cyber liability policy can at the very least, help hedge the costs of a data breach if one were to occur.”
The Council of Insurance Agents & Brokers
We invite you to comment and discuss our blog and the issues of cyber liability in the Comment Section below. We can all benefit from hearing others' experiences in this new and fast growing market of cyber insurance. Feel free to borrow our materials and/or graphics to assist with your client education journey; all we ask in return is a link back to our article and HawkSoft listed as the source.