Organizations may have yet to find a reliable way to prevent an attack on their information systems that leads to a breach of internal and customer information, but they are increasingly turning to the insurance industry to provide a “safety net” for breach costs.
In an article in The Hill, Bob Parisi, cyber risk product leader for insurance broker Marsh, described the recent uptick in cyber risk insurance demand as “off the charts.” The pace of demand has been “doubling, even tripling,” Parisi said, in the wake of the massive data breaches at Target, Home Depot and, more recently, Anthem, Inc.
In an area that seems to change almost weekly, the insurance industry may revisit the cyber risk market in a larger way after President Obama releases the text of his proposed Executive Order on sharing of cyber threats and regulations to implement that Order are issues.
As demand rises and cyber risk claims increase when organizations look to their insurers for coverage of expenses connected with a breach, the cost of this insurance will undoubtedly rise. Yet, organizations can mitigate those cost increases to a certain extent by risk assessments, in which they review their insurance needs with financial and legal assistance, and take proactive steps to reduce their risk profiles.
To start, what is the organization’s cyber risk profile? The answer to that will help ascertain the limits and scope of coverage required. Next, the entity should review and, if necessary, revise its internal information security policies and procedures, which may help the organization receive a more favorable premium quote after underwriting.
Finally, counsel should review any proposed cyber risk insurance policy. These policies may, through the Definitions and Exclusions sections, narrow the coverage available. Also, standard cyber risk policies exclude regulatory agency defense, such as defense actions brought by federal agencies such as the Federal Trade Commission, or state agencies. This coverage, recommended for organizations in highly regulated industries such as healthcare and financial services, is often available as an Endorsement, at additional cost.
If you have questions about cyber risk insurance and cybersecurity controls, please contact Kenneth N. Rashbaum.