It's time to start taking cyber liability coverage seriously: part ii By: Richard edwards
" In December 2013, Target discovered that it was the victim of a massive data breach affecting “approximately 40 million credit and debit card accounts,” according to a press release issued by the corporation. For businesses of all sizes, the Target breach signaled the need for a renewed focus on cyber security. After all, if a large corporation like Target could fall victim to a massive cyber attack, is anybody really safe? Realistically, the answer is probably “no.” What businesses can control, however, is how quickly and efficiently they are able to respond to the attack and mitigate their risk. So the question then becomes, “How much of our free cash flow will we have to burn through in response to a malicious cyber attack?”
"This is where cyber liability coverage comes in. If you read Part I of this series, you probably grasp the important role cyber liability coverage plays in ensuring a business will have the financial means to respond effectively to a breach. The next step is determining how much cyber liability coverage your business needs."
Breaking Down Costs Associated with a Cyber Attack
"During a recent event in Milwaukee, I listened to a speaker who represented an accounting firm speak about the importance of the forensic work that follows a cyber attack. It is often only through forensic investigation that organizations can understand with certainty how a data breach occurred and how to prevent a breach from happening in the future. As you can imagine, however, hiring a forensic expert isn’t cheap—and this is just one example of a cost associated with a data breach! Some additional costs could include:
The actual hard costs your business will incur as the result of a malicious cyber attack will vary based upon the type of business you are in, how technology-dependent your operations are, how your customers pay your for your goods and services, and the number of confidential records (e.g., POS cardholder data, medical records, banking information, customer data, etc.) you keep on hand that could be exposed during a breach. The Ponemon Institute’s 2016 Cost of Data Breach Study found that on average, the total organizational cost of a data breach in the US is about $7,000,000, or about $221 per record. While relying on an average cost per record isn’t the most reliable way to calculate the amount of coverage your business needs, the data illustrates how the quantity of the confidential records that your organization keeps on hand drives your overall financial exposure."
I have Cyber Liability Coverage. Is it sufficient? "Many small and medium-sized businesses have adopted a modest cyber program, typically by way of ‘throw-in’ coverage provided by a carrier as an extension of their commercial insurance program. Costs for these offerings are typically minimal based upon the type of cyber perils covered and limit provided, typically ranging from $25,000 to $50,000 (i.e., nowhere near the average cost of a data breach in the US). Moreover, these programs typically exclude coverage on the most common threats: Ransomware & Social Engineering (for an explanation of these terms, see Part I of this article series). Taken together, these limitations mean that many companies are left with minimal coverage limits on programs that exclude the problems that are most likely to cause a financial loss in the event of a cyber attack."
The Bottom Line
"The bottom line is that there is no one-size-fits-all cyber liability coverage program. You can protect your organization against this growing threat by taking coverage seriously: pay attention to exclusions in your coverage, and consult your insurance broker to assess your coverage needs and identify a program that is a good fit for your business."
Author: "Richard Edwards: Richard joins the Integrated Risk Team with more than 10 years of account management experience in distribution and large national accounts, where he led nationwide sales and marketing efforts. He is dedicated to building long term strategic partnerships with our clients and providing them with the highest level of service."