Cyber attacks are increasingly being recognized by CEOs and corporate boards as one of the most significant strategic risks their businesses face. According to the 2019 EY CEO Imperative Study, 51% of CEOs now rank cybersecurity as the leading global challenge threatening business growth over the next 5-10 years. The Ponemon Institute’s2019 Cost of a Data Breach Report notes that the average total cost of a U.S. data breach is now $8.19 million. That’s up from $3.54 million in 2006, a 130% increase.
While proactive steps to strengthen cyber security are more critical than ever, in the current environment no actions can guarantee invulnerability. And if an organization or municipality is hit, the costs of remediation and repair can balloon quickly. That’s where the value of cyber risk insurance for today’s organizations is coming into play.
Global broker Marsh reports that the number of clients purchasing cyber insurance has doubled over the past five years, with nearly 40% of customers now purchasing standalone policies. Marsh notes that cyber insurance “is a reliable, cost-effective way to transfer the risks companies face from the increasing use of data technology in business operations.”
But while a growing number of clients are opting for standalone cyber insurance policies, many others have yet to do so. In some cases, clients may have bundled robust cyber coverages within their traditional errors & omissions (E&O) insurance, but many others are simply going without. In part, some decision makers may remain skeptical about the need for standalone cyber policies based on a misreading of the degree of risk their organizations face, or a belief that current security measures are adequate. But, cyber risks are changing by the day, and a security protocol effective in 2018 may be seriously vulnerable in 2019
Additionally, some customers still believe that property and crime policies will respond to evolving cyber threats. But traditional insurance products did not anticipate the highly fluid and transformative risks today’s cyber criminals represent. A standard property policy may do an excellent job insuring against fire and other physical perils, but may not respond to cyber exposures.
Modern, dedicated cyber insurance policies provide a laser focus on technology-related risks. As a class, they offer broad and targeted protections that other policies simply do not. Among the coverages most cyber insurance policies include are:
- Privacy liability defense costs and damages relating to privacy breaches or for failure to disclose those breaches
- Event management expenses, including notifications and investigations of breaches, costs related to call centers and legal and forensic services
- Network security liability for failure of your security protocols to prevent a breach impacting customers and other users
- Regulatory expenses, such as local, state, federal or regional privacy directives
- Cyber extortion coverage, including payment of ransoms and investigative expenses
- Business interruption coverage to replace revenue lost due to an attack on a network, including contingent business interruption coverage when an external cyber event affects supply chains and extra expense coverage for added costs during the restoration period to help a company recover more quickly
- Information and data asset protection for the costs to recover and restore vital information
- Media liability for suits related to online slander, disparagement or copyright infringement
Some cyber insurance products also include professional network risk assessments and monitoring services. The goal is to identify and remediate intrusions that may already have occurred and to provide ongoing oversight to help prevent infection by the many new malware variants arising every quarter. For instance, Zurich’s Cyber Insurance Policy includes services automatically provided by an external cyber security firm with broad experience serving both the federal government and private industry.
Cyber risk insurance makes sense for any business, from Wall Street to Main Street and all in-between. Once again, the essential value of this product is that it is specifically designed to respond to the needs of businesses faced with a new and continuously evolving risk that is changing, and growing, by the day.
Learn more about the Zurich Cyber Insurance Policy and what it is designed to cover.