A few insights from a recent IT security event are noted below, including some interesting trends relating to Cyber Risk Insurance claims.
- Vendors are an increasing source of claims, with third party and even fourth party claims challenging insureds. It is common to utilize vendors that have access to data, but it is hard to ensure that vendor’s systems are secure. Vendors are increasingly being required to purchase Cyber Risk Insurance.
- Classes that are seeing higher rates of attack include education, accountants, healthcare and real estate.
- In the small and midsize business segment, it is not just data breach that is the issue. Ransomware, often followed by a business interruption, and cybercrime are driving claims. For one insurer, breach claims are about a third of all claims, and ransomware and crime claims total over half of all claims. In addition, ransomware severity is on the rise.
- Law firms purchase Cyber Risk Insurance at a lower rate than other professionals, but this is beginning to change as they realize that their E&O insurance policy does not provide comprehensive cyber risk protection.
- Ransomware is the big story, and very hard to prevent. New versions of ransomware are more sophisticated and damaging, and extortion demand amounts are increasing. Healthcare is particularly vulnerable and is often a target. Ransomware frequency is trending up, and severity has jumped from a year ago with resulting business interruption losses driving severity.
- Most claims can be prevented, and employee awareness training is the number one recommended step to increase protection.
- Cyber Risk Insurance policy forms are not all the same, and many are not comprehensive. A comprehensive form is critical to ensure that coverage is available for the entire range of exposures.
- When a cyber event occurs, the first (immediate) call is to the Cyber Risk insurer. Not only do the Cyber Risk insurers provide the coverage, their incident response teams have experience with all types of cyber events and have access to IT, forensic and legal experts. And some mitigation expenses may not be covered if they are not handled through the Cyber Risk insurer.
- IT security is important, but there is a limit. One underwriter’s perspective: The law of diminishing returns applies to IT security – companies need to spend a baseline amount on IT security, but there will be a point where additional spend is probably not worth the investment.
In addition to strong IT security, Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage) is an important financial protection against data breach, ransomware and cyber crime attacks. Coverages vary widely, but comprehensive Cyber Risk Insurance policy forms are available.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability and specialty insurance (E&O, D&O, EPL, Cyber Risk, Specialty). Cyber Risk Insurance is our specialty, and we excel at hard to place accounts. Review our expectations here.
Specialty Insurance Expertise: Tennant Risk Services
Content © Tennant Risk Services Insurance Agency, LLC, 2005 - 2017 | All Rights Reserved.