Wells Fargo Insurance has released a new study (see here & here), called the 2016 Network Security and Data Privacy Study: Are you prepared for a breach?, which includes some interesting and timely observations on the purchase of Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage).
First, some qualifiers. The study is based on a survey of 100 companies, all of which have more than $100 million in revenue. While the number or participants is low, the study went in depth to get a more detailed understanding of each’s participant’s perspective on Cyber Risk Insurance. The study may not be fully applicable to smaller companies because of its focus on companies with more than $100 million in revenue, but small businesses are still hacker targets (see here & here).
The study provides strong evidence that the market for Cyber Risk Insurance is evolving quickly. The study notes that 21% of participants, or 21 companies, have been the target of social engineering fraud (what they call imposter fraud, and the FBI calls business email compromise, or BEC – see here), which is a shift from data breaches. Social engineering fraud is a significant risk for small organizations, and we have seen significant social engineering fraud activity among smaller accounts and the need for Cyber Risk Insurance policies including coverage for this exposure. But we have not seen the same level of activity among companies with more than $100 million in revenues. See here & here for additional articles on social engineering fraud and here for suggestions on preventing social engineering fraud.
Other key points:
- Despite finding some significant financial losses from social engineering fraud, with one loss of nearly $100 million, the study found that 54% do not buy coverage for social engineering fraud
Our comment: Coverage for social engineering fraud is available, and this is an important coverage component
- Crime policies may not be the best source of social engineering fraud without a special endorsement:
A crime policy without a special endorsement may require either a direct theft by an employee or someone without authority initiating a fraudulent payment….neither of these circumstances applies [to a traditional crime policy]
- The insurance market for impostor fraud [social engineering fraud] coverage is evolving rapidly. Organizations should consult a broker regarding the options currently available.
- 22% reported a paper breach (A paper breach is an unintentional release of paper records – not exactly cyber, but still an important exposure.)
- The time to buy appears to be shortening, but 43% reported that it was difficult to find policies that fit our company’s needs
Our comment: It is a challenge, and it takes work, but comprehensive Cyber Risk Insurance policies are available. It is important for insurance agents & brokers to get it right for the client.
- The primary driver for purchasing coverage remains financial protection, but reputation protection is a close second
- Employee misuse of technology is a small but growing concern
- 20% reported a claim within the last 12 months
Our comment: this is obviously a significant claim frequency number, and not sustainable. However, we do not see anywhere near the same frequency for small accounts.
The Cyber Risk Insurance market is approximately $1 billion in premium in the US, and Cyber Risk Insurance is offered by approximately 120 insurers (see here). But there are very few fully comprehensive polices, and a simple data breach policy will not suffice for most insureds. Cyber Risk Insurance is (or should be) more than data breach coverage. A comprehensive policy is essential coverage for businesses of all sizes for protection from both criminal attacks and employee error.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). We excel at hard to place accounts.
Specialty Insurance Expertise: Tennant Risk Services
Content © Tennant Risk Services Insurance Agency, LLC, 2005 - 2018 | All Rights Reserved.