As companies become wholly dependent on technology and the Internet for day-to-day business, the risk of cyber-attacks and data breaches are ever-present. These risks are largely unavoidable and are a part of doing business in today’s world. Companies are increasingly turning to insurance companies to obtain cyber insurance policies to protect against these mounting risks.
KEY INDUSTRIES SEEKING CYBER-SPECIFIC POLICIES
A recent report released by insurance brokerage Marsh indicated that it experienced a twenty-seven percent increase in sales of cyber insurance policies to its clients between 2014 to 2015. The report further stated that since 2012, the demand for cyber-specific policies from its clients grew between twenty and thirty percent each year.
The industries with the highest demand for cyber insurance include communications, manufacturing, and technology. Furthermore, other key industries such as healthcare, transportation, and energy are also beginning to seek cyber-specific policies as the reality sets in that the damage caused by cyberattacks often amount to much more than the costs associated with data breach notifications.
COVERAGE UNDER CYBER INSURANCE POLICIES
Cyber insurers are offering both first and third-party insurance coverage for cyber losses.
First-party coverage provides insurance for harm to the policyholder’s business, lost income, or losses of personal data caused by a cyberattack or data breach. Available first-party coverage can include costs associated with the following: theft and fraud, computer data loss and restoration, business interruption, extortion, and forensic investigation.
Third-party coverage provides the policyholder insurance for liability to third parties resulting from a data breach or cyberattack, including potential liability to the policyholder’s own clients and/or to governmental agencies. Third-party coverages can include the costs associated with any and all of the following resulting from a data breach or cyberattack: litigation, regulatory response, notification costs, privacy liability, credit monitoring, media liability, and crisis management.
Cyber insurance policies are now expanding to cover more than just costs associated with data breaches; for example, policies can now be tailored to cover specific challenges such as disruptions of supervisory control systems, inability to supply energy services, and losses resulting from business interruption following a cyberattack. More frequently, cyber insurers are offering additional sublimits (limitations in an insurance policy on the amount of coverage available to cover a specific type of loss) for coverage for things like crisis-management expenses, data breach notification costs, and regulatory investigations and compliance expenses.
RISING POLICY LIMITS
Policy limits for cyber insurance continue to rise alongside the increased demand for cyber-specific policies. In 2015, the policy limits averaged $16.9 million for policies issued across all industries and to companies of all sizes, which was an increase from $14.7 million in 2014, according to the recent report by insurance brokerage Marsh. The uppermost average policy limit, $86.7 million, was for policies issued to large communications, media and technology companies.
CYBER INSURANCE ISSUES FACED UNDER TRADITIONAL POLICIES
At this point in time, very few, if any, major insurers have entered the cyber insurance market. However, traditional insurers must remain abreast of cyber insurance coverage issues and how they potentially relate to or implicate coverage under traditional policies.
Often times, traditional policies are silent or ambiguous as to cyber coverage. This can leave the question of whether the general policy extends coverage to losses stemming from cyberattacks open to interpretation. Traditional policies can also contain ambiguities regarding whether an event caused by a cyberattack is a covered peril that would require an insurer to pay cyber-related property damage. Thus, it is advisable for insurance carriers to reassess their current policy language in light of the rise of cyberattacks and cyber-related losses in order to clarify whether or not these types of losses are covered under existing policies.
Cyber insurance is one of the most rapidly growing types of coverage and it is now as essential for most businesses as having car insurance or home insurance is for most individuals. As the risks continue to grow, so does the need for comprehensive and adaptive insurance coverage to protect against them.