Cyber liability front and center as 2017 insurance issue
Brave new world, anyone? Lately, cyber threats are in the headlines every day and no organizations are impervious to the risk. Even international governments are grappling with privacy, data security and the integrity of vital infrastructure systems.
How does the Main street business adjust to this reality? In Cyber Insurance Now Critical as Data Breaches Wreak Havoc, Jef Cozza of CIO Today reports on how the insurance industry is stepping up to meet the challenge:
"According to the Insurance Information Institute, more than 60 different insurance companies are now offering standalone cyber insurance policies, with an estimated U.S. market of more than $3.25 billion in gross written premiums this year.
That figure is the direct result of two related trends. First, data breaches are becoming more expensive for enterprises, with the average breach in 2016 costing $7 million and representing the third-costliest business risk this year. That increase has given rise to the second trend, which is that businesses are becoming much more concerned about protecting themselves against potential financial losses as the result of hacks that are becoming almost inevitable. "
He notes that cybercrime is a new risk with a shallow history, posing a challenge for actuaries. It's also dynamic. As technology evolves at break-neck speed, emerging risks are keeping pace. Just as insurers grapple with shaping its coverage offerings, we are beginning to see some exclusions. In Insurance Journal, Elizabeth Blosfield talks about one of those areas in her article, How to Help Insureds Manage Customer Privacy Risk. She notes that insurers are increasingly looking for information about data collection practices when they write policies; many are excluding "wrongful collection of data" from standalone cyber liability policies entirely, making it available as an endorsement.
"Some carriers say flat out they don’t want to cover wrongful collection because they don’t want to get into a dispute about whether the insured did this intentionally or negligently,” Coletti said.
This is because increased technological connectivity can impact the exposures both policyholders and insurers face, said Laurie Kamaiko, partner at Sedgwick Law.
"Insurance companies have the challenge of being very much on top of their own exposures, but also on top of the exposures presented to them through the lines of insurance they write," she said.
She explains that the reasons for poor data practices are many: some companies are unaware they are doing anything wrong and are not informed about regulatory requirements around privacy; some are data hoarders, storing way too much data, without any immediate purpose; still others have malicious intent.
Her article is an example of keeping informed about emerging trends in cybercrime, cyber insurance, and data management so that we can keep clients and insureds informed. To help you stay ahead of emerging cyber threats, Thor Olavsund of CIO magazine talks about five key data breach trends that you should anticipate in 2017. Be warned, they might keep you up at night. He notes that threats are rapidly evolving. He discusses threats as gleaned from the fourth annual Data Breach Industry Forecast Experian Data Breach Resolution. You can see a summary of the threats below, but to learn more about each, check out Olavsund’s article.
- Aftershock password breaches will expedite the death of the password
- Nation-state cyber-attacks will move from espionage to war
- Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging
- Criminals will focus on payment-based attacks despite the EMV shift that took place more than a year ago
- International data breaches will cause big headaches for multinational companies