As a consumer, your personal data—whether it be finance, health or otherwise—is increasingly being stored in electronic databases across the cloud universe. Businesses (from credit card companies to hospitals and everything in between) rely on accessing this information and protecting it to keep their customers happy, as well as safe. A number of recent, high-profile data breaches at the virtual hands of skilled hackers are, however, prompting regulators and business owners alike to consider the necessities of insuring against cyber risks. These risks may include customer identity theft, business interruption when a hacker successfully shuts down a company network, damage to a company’s reputation, injury to data records, theft of customer lists and trade secrets, the introduction of malware into computer code and so on. Most standard commercial insurance policies don’t protect against these threats.
That’s why the cyber risk insurance market is developing rapidly, as the size of global gross written premiums jumped from $850 million in 2012 to $2.5 billion in 2014. While that may sound like a good chunk of change, it’s nothing in comparison to the reported historical $445 billion total global losses as a result of cyber crimes as of June 2014.
Hacking is Unpredictable
Unlike other types of insurance, though, there isn’t yet a standard way in which insurers underwrite cyber coverage. Hacking threats vary from industry to industry and are difficult to measure and predict—as they often go undetected or aren’t publicly reported. Therefore, policies from different providers (often sold under the names of cyber risks, information security, privacy or media liability) aren’t yet uniform or consistent. Most Cyber Insurance, currently offered by only around 50 carriers in the United States, provides a combination of traditional liability coverage protecting against third-party claims and first-party coverage that insures against losses suffered by the insured.
Cyber risks are the Wild West of insurance—and everyone from the National Association of Insurance Commissioners (NAIC), to state insurance regulators, to interested parties inside Congress and the Obama Administration is organizing efforts to identify and control cybersecurity issues. In April of 2015, the NAIC published the Principles for Effective Cyber Security Insurance Regulatory Guidance for direct insurers; the next task is developing new reporting requirements for tracking Cyber Insurance policies issued in the marketplace.
The White House is working collaboratively on initiatives to protect the financial infrastructure of the U.S. insurance marketplace in the cyber arena, just as the NAIC completed and adopted a Cyber Security Consumer Bill of Rights on December 17, 2015, detailing what consumers should expect from their insurance companies after a data breach.
Know Your Rights and Protect Yourself in Business
If you’re a business owner—or have given out your personal information to a business as a customer, which frankly includes just about everyone—know your rights and how to protect yourself against cyber fraud. It’s an arena of insurance that’s evolving rapidly, so you’re best served to look into the unfolding details now and consider protecting your assets—personal or corporate.
Photo credit: Tactical Technology Collective // CC BY-SA 2.0
The information in this article was obtained from various sources. This content is offered for educational purposes only and does not represent contractual agreements. The definitions, terms, and coverage in a given policy may be different than those suggested here and such policy will be governed by the language contained therein. No warranty or appropriateness for a specific purpose is expressed or implied.