.png?width=159&height=76&name=AAIS%20Views%20color%20(web).png "American Association of Insurance Services")
Cyber insurance is a necessity for business owners. Cybercriminals are everywhere; they’re sophisticated and organized, have unlimited resources, and target businesses of every size searching for vulnerabilities. As part of our AAIS Webinar Series, AAIS participated in a virtual presentation on July 11, 2023, featuring AAIS Partner Hartford Steam Boiler (HSB), the leading engineering and technical risk insurer providing equipment breakdown and other specialty coverages, inspection services, and engineering consulting. Hosted by Stephanie Vasey, Product Manager of Commercial Lines and Inland Marine at AAIS, this free continuing education webinar led by Beth Ducker, Product Education Manager at HSB, and Mike Tischler, Client Engagement & Education Specialist at HSB, discussed the coverage elements of cyber insurance and ways to reduce the risk of data breaches and computer system attacks.
What Is Cyber Insurance and Why Does It Matter?
Data is a commodity because of its value to businesses and unfortunately, also to thieves. Information is considered the new oil, with some saying it is the most valuable commodity on Earth. “Businesses and organizations collect, store, analyze, use, and share all kinds of data on a regular basis,” said Tischler. “But if that data gets in the wrong hands, it can cause havoc for business… and data thieves no longer limit their activities to Wall Street. Instead, they find that many small businesses are easier targets.” Few businesses can afford the costs involved in losing crucial data, recreating that data, or perhaps needing an entirely new system due to a computer attack. “Small businesses are at a huge risk by underestimating the big impact a cyber-attack can have on their reputation,” Tischler stressed. “Without adequate protection, they are risking their future business growth and development.”
Cyber insurance is an insurance product that is used to protect businesses and individual users from internet-based risk and more generally, from risk relating to information technology, infrastructure, and activities. “Cyber insurance provides coverage to repair damages to the insurance, computer data, and their systems,” Ducker explained. “So, it provides a collection of coverages that enable an insured entity to actually respond effectively to either restore their data or their systems and get back to business when there's been a breach of personal information or a breach of their computer systems.”
Elements of Cyber Insurance Coverage
There are a lot of moving parts to a cyber insurance policy, made up of first-party and third-party coverages. One of the more important first-party coverages is data compromised response. Many people often receive a notification in the mail saying that their information might have been compromised by a business. “This happens all the time and is really where a lot of the information is taken,” Ducker shared. Another first-party coverage is computer attacks. This coverage is triggered by the damage an organization is going to suffer as a result of a computer attack that involves their own data or their operational systems. Cyber extortion is a real growing threat to businesses right now. “Cyber extortion coverage is first-party coverage that is designed to help an insured organization respond to a cyber extortion threat, including ransomware and denial of service attacks,” Tischler stated. Cyber extortion covers the cost of the negotiator or investigator retained by the business in connection with a cyber extortion threat. Another piece of cyber insurance coverage is misdirected payment fraud, which is commonly referred to as social engineering coverage. This coverage is triggered when an insurer or their financial institution is intentionally and criminally deceived into transferring funds fraudulently. The coverage pays for direct financial loss resulting from deception. The next coverage element is computer fraud. This coverage actually responds to the direct financial loss through an insurer when an amount is fraudulently obtained from the insured as a result of unauthorized access to the insurance's actual computer system. Identity recovery is first-party coverage that is designed to provide owners of the insured business with case management service and expense reimbursements to actually recover control of their identities after identity theft. “It combines identity theft insurance with services that help these victims restore their credit history and identity records to pre-theft status,” Ducker explained.
Moving on to third-party coverages, there are three that make up a cyber insurance policy. First is data compromised liability. This pays for defense and settlement costs associated with lawsuits arising from a data breach. Then there is electronic media liability, which pays for the cost that's associated with suits alleging that information posted on a company's website either violated privacy, infringed on a patent, or defamed another company or individual. The last piece of third-party coverage is network security liability. This coverage pays to defend the insured against claims that their negligent failure of their computer security caused damage to a third party.
Reducing the Risk of Data Breaches and Computer System Attacks
Cyber risks do not discriminate. Even businesses with the best security systems will not prevent all breaches and attacks; if cyber criminals want to get in, they're going to find a way. So, while there may not be a physical way to reduce these risks, proper planning is essential. “You're going to need some best practices in place, including creating an incident response plan, conducting cybersecurity assessments, training employees, and obtaining meaningful cyber risk insurance,” Tischler advised. “Remember, cyber coverage continually evolves. So, you'll need to look for comprehensive cyber insurance coverages that include both the third-party and first-party elements that we have discussed.”
If you would like to view the presentation again in its entirety, please click the video above.
Questions? Please don't hesitate to reach out to any of the featured speakers through the contact information below.
Stephanie Vasey
Product Manager of Commercial Lines and Inland Marine (AAIS)
Beth Ducker
Product Education Manager (HSB)
Mike Tischler
Client Engagement & Education Specialist (HSB)
