Cyber Security Insurance – Protect Your Data & Network from Criminals
Cyber security insurance is designed to mitigate losses from a variety of cyber incidents including: data breaches, business interruptions, and network damages. It is important to remember what is currently not covered in network security and privacy liability policies.
• Reputational harm.
• Loss of future revenue (for example, in the case of Target if sales were down due to customers staying away after data breach).
• Costs to improve internal technology systems.
• Lost value of your own intellectual property
These topics are continually being discussed by cyber liability brokers and insurers, and policies may continue to evolve.
Cyber Risk Assessment
1. Risk-management strategy. Cyber security insurance transfers some of the financial risk of a security breach to the insurer. First-party insurance typically covers damage to digital assets, business interruptions and, sometimes, reputational harm. Third-party insurance covers liability and the costs of forensic investigations, customer notification, credit monitoring, public relations, legal defense, compensation and regulatory fines.
2. American Market The cyber security insurance market is more mature in the U.S. than in the Europe., primarily because of U.S. states’ mandatory data-breach-notification laws. The U.S. market is growing about 30 percent per year. Many contracts are starting to require this coverage for partners and vendors.
3. Clear wording and know your risks. You need someone to help you investigate what risks you have and then help you insure that it is covered, because there may be overlaps with a cyber insurance policy and it can get confusing fast.
All businesses store, transmit or process private information with debit-credit cards and/or money – either electronically or in paper. There are Federal and 48 State Laws that require timely notification. When not appropriately handled there are fines and penalties or reputational damages to deal with.
Ransom Extortion is rampant and criminals don’t care if an organization is big or small. Ponemon (a data breach research organization) has indicated the average breach cost of 10,000 or less records is $1.9m and even less than 25,000 records costs $2.8m.
Cyber Data Security Insurance is tailored to address gaps left by other traditional forms of insurance. Coverage can include: Network Security & Privacy Liability, Media Liability, Tech E&O, PCI (payment card Industry), Fines & Penalties, Customer Notification & Public Relations, Cyber Extortion, Data Recovery Costs, Electronic Business Income, Consequential Reputational Loss, and Electronic Crime losses.
Organizations are exposed to criminals and human error like never before. A breach can put you out of business so it’s important to make sure you’re properly protected. We’re able to help you through the chaos of a breach. Here are some typical costs that may arise:
Common first-party costs when a security failure or data breach occurs include:
• Forensic investigation of the breach.
• Legal advice to determine your notification and regulatory obligations.
• Notification costs of communicating the breach.
• Offering credit monitoring to customers as a result.
• Public relations expenses.
• Loss of profits and extra expense during the time that your network is down (business interruption).
Common third-party costs include:
• Legal defense.
• Settlements, damages and judgments related to the breach.
• Liability to banks for re-issuing credit cards.
• Cost of responding to regulatory inquiries.
• Regulatory fines and penalties (including Payment Card Industry fines).
Gary is the Data Breach Practice Leader for cyber-data security-data breach coverage for Brown & Brown clients.
His daily activities involve explaining coverage options, giving claim scenario’s and reviewing contract requirements with CEO’s, CFO’s, COO’s, CIO’s Compliance Officers, IT and Attorneys. In addition, he tracks industry claims and newly released surveys; negotiates exclusive endorsements and manuscript forms.
Gary has over 30 years of insurance-risk management experience and has specialized in cyber-data security coverage for over 10 years. His other related specialties are Tech E&O and cyber crime.
In addition to being a CITRMS (Certified Identity Theft Risk Management Specialist) and cyRM (cyber Risk Manager) he also holds the following designations: CIC (Certified Insurance Counselor); ARM (Associate in Risk Management); CRIS (Construction Risk Insurance Specialists); ARM (Risk Management Advisor); and CLCS (Commercial Lines Coverage Specialist).
Gary is past President of the Independent Agents and Brokers of Oregon Association.