Making Sense of Cyber Insurance
Few corporate risks are as amorphous as cyber liability, and few insurance products are as complex as cyber insurance. Small wonder why so many different insurance policies present a modicum of cyber coverage, but none offer comprehensive protection.
The problem can be traced to the word “cyber,” so broad that it encompasses a multitude of financial exposures, from denial of service attacks to computer viruses to a cup of coffee destroying a laptop. Other cyber risks include stolen or corrupted digital information, Internet-based libel and slander, and even such extraordinary hazards as an office building’s computer-operated HVAC system shut down by a hacker.
Building the Customer Base
Insurance broker Marsh estimates that the market penetration for cyber liability insurance across all industries is about 25 percent to 35 percent, “give or take a 5 percent deviation,” according to Bob Parisi, network security and privacy practice leader. “We expect this to change now that many carriers are streamlining the underwriting process, providing truncated insurance policies and turnkey solutions to enterprises where interest has been less than robust.”
Hopping on the Bandwagon
Making the decision to buy cyber liability insurance recently is Concordia University in Montreal, which tallies more than 7,000 employees and 45,000 students, all potentially vulnerable to identity theft. “We have private, personal information on every single student and employee, including bank account numbers in some cases,” said Jean-Francois Baril, the university’s corporate risk manager.
Some businesses like The Lincoln Electric Company continue to mull the purchase of cyber liability insurance, but find it too expensive. “We’ve given it a close look the last three years as we evaluated our cyber exposures, and determined to self-insure the risk for the time being,” said John Hach, risk manager of the Euclid, Ohio-based $3 billion manufacturer of welding products, arc welding equipment, welding consumables, and robotic welding systems.
The company’s risk evaluation included the creation of a model pinpointing the financial and reputational impact of a data breach. “The findings indicated that the average cost to rectify data breach losses of victims was roughly the same as the deductible offered by the insurer,” Hach said. “Consequently, it made no sense to buy the insurance. Rather, we’re managing the risks by investing in our IT infrastructure. For instance, we recently went through an `ethical hacking’ of our system to assess if there were any holes.”
Originally published on PropertyCasualty360. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.