Cyber Insurance continues to evolve as the insurers try to keep up with rapidly changing technology and the growth of cyber crime. For a variety of reasons, including this evolution, Cyber Insurance policies are not all the same.
KrebsonSecurity notes that an insured is suing its Cyber insurer for failing to cover a cyber crime loss (see here). It appears that the policy in question is actually a Crime policy, not a Cyber Insurance policy. But the situation is a good example of the challenges of obtaining proper Cyber coverage. We are not surprised by the suit and expect more of these situations. Why:
Exposures are changing: Until recently, the primary cyber exposure was first party expenses relating to a breach of information. Cyber exposures are changing rapidly, particularly cyber crime exposures, as criminals continue to be resourceful and are focused on the money. So the types of cyber claims have changed and include a wide range of theft and fraud.
Policies are not all the same: As we have pointed out (see here), Cyber Insurance policies are not all the same – some are broad and some are restrictive. Insureds and their insurance agents/brokers need to take the time to understand the coverage they are buying.
Underwriters are limiting the scope of coverage: In a fast changing technological environment (see our prior posts here & here), underwriters are reassessing exposures, underwriting guidelines, pricing and coverage. So some policies are not keeping up with changing exposures, and some underwriters have decided that they will not include coverage for certain types of exposures, particularly cyber crime.
Businesses do not have the same exposures: Exposures vary significantly by insured, so no one policy is best for all insureds.
What happened? According to Krebs – see here – cyber criminals impersonated the firm’s CEO and convinced the firm’s CFO to wire $480,000 to a Chinese bank. In this case the insurer denied coverage because email piracy, or business email compromise (BEC), is not covered. For insurance experts, note that the policy referred to by Krebs appears to be a crime policy, not a Cyber Insurance policy.
Consider another recent cyber claim: A firm issued a check to a client for a large amount, then received email instructions from two separate parties to stop payment and wire the money instead. After verballing confirming the instructions, which appeared to be legitimate, the money was wired - and is now gone. This claim has been reported to the Cyber insurer and we anticipate that coverage will apply.
As noted in our prior posts here and here, email piracy, or business email compromise (BEC) is a significant and growing exposure for small and medium sized businesses. We have seen numerous other scenarios where the cyber criminal poses as a client, business partner, vendor or fellow employee. Also, they aren’t necessarily looking for big-ticket theft - they also try for small amounts which are often easier when targeting smaller organizations. We have previously posted some tips for preventing email piracy (see here), but proper insurance coverage is important.
It is possible to get coverage for this exposure for most businesses (but not all). However, we are concerned that the window for cyber crime coverage may be closing as claims increase and underwriters become increasingly skittish. Rates are increasing and availability of comprehensive coverage is decreasing, so businesses should consider buying the coverage sooner rather than later.
Cyber Insurance is an essential coverage for businesses of all sizes; it should be mandatory. As noted above, policy forms vary and must be matched to the insured’s needs. Coverage for many types of companies can be tailored to cover the cost of breaches, forensics, business interruption, EMV Liability, PCI assessments and crisis management. And for cyber crime.
eSpecialty Insurance is your specialty insurance expert. We have developed a streamlined marketplace to provide multiple proposals from a range of competitive insurers, along with expertise to help you evaluate your exposures and choose the best combination of comprehensive coverage and price. We look forward to working with you.
Nice article.Thanks for sharing valuable information with us.
Posted by: Insurance | February 04, 2016 at 05:19 AM