In June of last year, a malicious ransomware attack known as “Petya” brought business to a halt at many of the U.S. and Europe’s largest organizations. Just a month before that, a similar attack called “WannaCry” took hostage of over 230,000 computers around the world. It crippled operations at enormous organizations, including Britain’s National Health Service, a phone company in Spain, and a railway system in Germany.
Ransomware is a nasty type of malware that seizes a computer’s data and literally holds it for ransom. You don’t get your data back until you pay up.
Those two cyber attacks got the most attention in 2017, but global ransomware damage costs are predicted to exceed $5 billion for the entire year. That’s up from $325 million just 2 years ago. And the damage is only growing. By 2019, we may be seeing businesses falling victim to cybercrime once every 14 seconds.
What does this mean for the insurance industry?
Cybercrime rates have exploded over just the past few years. And with them, demand for cyber liability insurance has gone up as well. Less than a decade ago, cyber insurance was a tiny, specialized slice of the industry. Today, more than 130 property/casualty insurers write cyber policies.
Since the industry is so new, insurers don’t have a history of credible actuarial data to estimate risk. On top of that, cybercrime itself is changing rapidly. Hackers can do more than just steal data. There are “cyber-physical” attacks, where computer systems can be seized to cause physical damage, like a fire or a flood. The risks are changing too fast for insurers to keep up.
Together, all of this means that cyber insurance coverage can have huge premiums, a long list of exclusions, or both. Cyber liability insurance is one of the most complex and confusing products on the market. And brokers have to evaluate and explain these policies to clients.
At Zywave, we are proud that our brokers provide their clients with top-notch policy expertise. And we are happy that we are able to give our brokers the property & casualty insurance software they need to stay on top of their game.
So what is it that sets expert brokers apart when it comes to cyber liability insurance? They always read the fine print.
5 Important Questions to Ask about Cyber Insurance
- What are the exclusions? In particular, look for exclusions based on war and terrorism. These could eliminate coverage for cyber attacks from outside the country, especially if there is political, religious or social motivation. Some policies even exclude attacks committed for personal gain.
- Is there a “retroactive date”? Some policies eliminate coverage for cyber attacks which occur before a particular date. You can negotiate with the carrier to have this backdated as far as possible.
- What about a suspected breach? Let’s say your client has a reasonable suspicion that a breach has occurred. For example, they may have noticed suspicious activity on their systems. Or perhaps the police have contacted them. They will need to hire a computer forensics expert to investigate. But suppose the expert finds that there was no breach? Will the cost of the investigation be covered? Your clients will probably expect it to be. But often, the answer is no.
- What is the period of coverage for business interruption? Recovery from a cyber-attack takes time. And in that time, the business is usually unable to operate normally. Most cyber policies cover this business interruption period for up to a maximum of 180 days. But brokers should also look for the trigger for coverage to stop. Often, coverage ends when the systems are restored. This may seem logical, but for many businesses, this causes a problem. Their business may not return to normal immediately after their systems are up and running. Brokers should look for an extended period of indemnity coverage so that your clients are covered until their businesses catch back up.
- What services are available with the coverage? The best cyber liability policies include services to help businesses navigate all the post-attack cleanup. For example, many carriers offer access to a “breach coach,” as well as any number of forensics and cybersecurity experts.
The world of cyber liability insurance coverage is confusing and tricky. That’s why your clients are counting on you to be the expert.
1 The Guardian, Jun 28, 2017, “‘Petya’ Ransomware Attack: What Is It and How Can It Be Stopped?”
2 Morgan, Steve, Oct 19, 2017, Cyber Security Business Report, “Top 5 Cyber Security Facts, Figures, and Statistics for 2017.”
3 Insurance Journal, Jun 23, 2017, “Cyber Insurance Premium Volume Grew 35% to $1.3 Billion in 2016.”