A bead of sweat rolls down the CEO’s forehead as her computer screen flashes red. An alert warns her that IT sensors have detected a cyber-attack against her company.
She and her team have to quickly figure out how to block the attack. The CEO’s mind races. Will the security systems the company put in place keep the criminals at bay? She watches with her executive team as the attackers repeatedly try to penetrate the company’s cyber defenses.
To their relief, each attack comes up on the screen as denied. In a last-ditch effort, the criminals attempt to launch ransomware against the company. The CEO and her team reverse-engineer the malware and defeat their adversaries!
The above scenario can be found in the pages of a recent PricewaterhouseCoopers report on the state of cyber risks and what insurance companies can and should be doing in the face of a growing threat.
By now, after the breaches at Yahoo, Target, AT&T and countless others, the idea of insuring against cyber hacks is old hat, especially among larger companies. Unfortunately, many small and mid-market corporations are still going without.
Cyber criminals, as we all know, are constantly probing for weaknesses and adapting their tactics. Despite the best efforts of experts across all industries, cybercrime remains costly, hard to detect and difficult to combat.
“From an insurance perspective, while analogies are often made with terrorism or catastrophe risks, cyber risk is in many ways a risk like no other,” PwC said.
It’s not hard to see why the buyers of cyber insurance are still predominately larger companies.
Cost is part of the issue. Insurers charge more for cyber coverage compared to other types of liability coverage. They do that in part to cushion some of the uncertainty over losses, but also because there are still a limited number of insurers in the cyber market.
More alarmingly, there’s also the erroneous belief that an attack is no worse than having a website go down for a few hours.
Here are a few statistics gathered by PwC that should help put things into sharp relief:
In other words, the problem is big and getting bigger.
We’ve said this before but it bears repeating:
Not all cyber-security insurance policies are created equally, so it pays to be extra careful about what you’re buying.
There are “first-party” and “third-party” risks associated with data breaches and cyber risks. Coverage of first-party risks would include loss of a policyholder’s own data, while third-party coverage addresses liability to clients or government entities.
The better policies allow companies to tap into a built-in network of IT experts, PR firms and “breach coaches” who are experienced in responding to cyber-security matters and whose rates the insurance carrier has already negotiated.
Beyond covering the theft or destruction of confidential information, more robust cyber policies typically also include:
In today’s world, the idea that a data breach will never happen to you just sounds increasingly naive. Anyone with a bank account can find themselves targeted. Cyber coverage will put you back on your feet and get your company moving again.
Scott Carlson is an Assistant Vice President at CCIG. Let him know if you have questions or concerns. Reach him at ScottC@thinkccig.com or 720-330-7925.