There is not a week that goes by that I do not hear of a new cyber incident and frankly, it is not surprising. Given the mass use of technology throughout the world, criminals, whether novices or experienced, as well as rogue governments, amongst others, are all getting involved in manipulating and using the “internet of things” to earn a quick buck or commit some other form of harm on individuals and organizations. No one is immune to this activity. In a recent course I took on cyber liability, a study was cited in which it claimed that a hacking occurred around the world every few seconds. Big organizations are certainly not immune as evidenced by news reports of massive hacking of organizations from retail outlets such as Home Depot, Target and TJ Maxx to service-oriented companies such as Uber and Equifax. Medical facilities, schools and social service organizations are some of the hottest targets of hackers given the wealth of personal information they store.
There is a common misconception among smaller organizations that hackers are not interested in pursuing them, but they are sorely mistaken. Given budgetary constraints, smaller organizations generally don’t possess the resources to adequately invest in their own cyber security and are thus, viewed as easy targets by cyber criminals. As such, cyber criminals looking to make some quick money without raising the attention of law enforcement agencies, will often pursue smaller organizations. It is not uncommon for smaller companies to be held hostage by extortion demands whereby a hacker will freeze the computer system of the company and not release it until money is wired to them. Oftentimes companies cannot function and survive without access to their computer systems for extended periods of time and will relent to the hacker’s demand without much opposition.
The insurance industry has been on top of the technology boom and has been selling cyber liability policies for years now that provide ample coverage for organizations to enable them to continue to operate without much interruption. There are approximately eighty carriers writing cyber liability coverage and that number continues to increase given the exposure almost every company has to cyber-attacks. Due to the growth of the cyber insurance industry and the continued increase of exposure to cyber events, pricing continues to remain competitive and relatively cheap. As more claims materialize and overall claims experience matures, pricing can potentially increase. But for now, it would be a wise investment for any company, no matter its size, to invest in a cyber insurance policy. Policies can be tailored to each company’s exposures to cyber risk as almost every insurance carrier has their own cyber forms and most are willing to customize it according to the exposure and operations of each insured. If company executives want to sleep at night without having to worry about potential interruptions in operations, cyber insurance affords them that peace of mind.
In future posts, we will examine some of the common coverages and some potential gaps in coverage that insurance carriers have yet to adequately address.