Cyber threats have gotten the attention of regulators, and regulators are recommending Cyber Risk Insurance as one method for reducing risk. In June of this year, Commissioner Luis Aguilar gave a speech on cyber risks (here), noting both the increasing frequency and costs of attacks. In addition, he made the following comments:
- The threats are a particular concern because of the widespread and severe impact that cyber-attacks could have on the integrity of the capital markets infrastructure and on public companies and investors.
- Ensuring the adequacy of a company’s cybersecurity measures needs to be a critical part of a board of director’s risk oversight responsibilities.
- One conceptual roadmap boards should consider is the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology (“NIST” – see here) in February 2014…some commentators have already suggested that it will likely become a baseline for best practices by companies, including in assessing legal or regulatory exposure to these issues or for insurance purposes.
This was followed by a speech in December of this year by Sarah Bloom Raskin, deputy secretary at the Treasury (see here), where she discussed the positive impact of Cyber Risk Insurance as a means of reducing risk from cyber threats.
- Some form of cyber coverage exists for organizations of all sizes, from small, family-owned shops to Fortune 500 companies. Policyholders can now find coverage to match a broad array of cyber risks, ranging from liability and costs associated with data breaches to business interruption losses and even tangible property damage caused by cyber events.
- What cyber risk insurance can do is provide some measure of financial support in case of a data breach or cyber incident. And, significantly, cyber risk insurance and the associated underwriting processes can also help bolster your other cybersecurity controls. Qualifying for cyber risk insurance can provide useful information for assessing your bank’s risk level and identifying cybersecurity tools and best practices that you may be lacking.
- Ideally, we can imagine the growth of the cyber insurance market as a mechanism that bolsters cyber hygiene for banks across the board.
Cyber Risk Insurance is an essential coverage for business of all sizes for protection from both criminal attacks and employee error; it should not be optional. Coverages vary widely and can be tailored to cover the cost of breaches, forensics, business interruption, crisis management and PCI assessments.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). We excel at cyber risk insurance for all types of accounts.