Given the many high-profile cyber security attacks last year, cyber insurance is no doubt on the mind of many corporate leaders. According to one source, cyber insurance policy sales were up 20% last year over 2012. Companies without cyber insurance are likely taking a fresh look at it.
That’s not at all surprising considering that 2013 was the year of the major Target breach affecting as many as 110 million people and counting and Neiman Marcus, with approximately 1.1 million customer cards that were breached. There are numerous other investigations ongoing, and fresh breaches are already popping up this year, including a just-announced breach at the University of Maryland. It has been widely reported that Target had $100 million worth of cyber insurance in place. Whether that will be enough to cover actual losses remains to be seen, especially in light of several class action lawsuits that have surfaced.
Benefits of Cyber Insurance
Cyber insurance provides benefits including an increase in information security since insurance companies will require the adoption of best practices as a qualifying condition for insurance coverage. Since cyber-losses will have to be paid out, insurance companies have a vested interest in promoting an increase in IT security. At the same time, improvements in cyber security will often result in lower cyber insurance rates to for companies.
Cyber Insurance Coverage
Consider buying first and third-party cyber Insurance coverage. First-party expenses are those that directly cost the enterprise (such as lost revenues, forensics experts, etc.) while third-party expenses are those that are incurred from claims brought by those whose data was breached (class-action lawsuits).
Many insurance companies offer cyber insurance policies including:
-
AIG
-
ACE Group
-
Chubb Insurance Group
-
Travelers
Carefully review your policy to understand exactly what is covered, and what is not. For example, bringing your own device (BYOD) poses risks that some cyber security insurance policies do not cover.
