The role of cyber liability insurance in your risk management strategy
Cybercrime, particularly ransomware, has been on a steady upswing. Victimized companies face costly consequences, including lost dollars and staff time to resolve the matter and a tarnished reputation with customers and the public. In response, many firms are buying cyber liability insurance.
"Network security and privacy" is the general heading for the policies that property and casualty (P&C) carriers offer to cover cyberattacks. Here are some common coverage areas in a comprehensive policy:
- Third-party liability – This includes the cost of defending against litigation initiated by customers and employees claiming to have been damaged
- First-party (i.e., the insured) basic expenses – Examples include costs related to hiring cyber forensic experts to investigate and fix the source of the breach, and notifying impacted parties
- Additional first-party expenses – Data restoration expenses, lost revenue due to business interruption and costs related to external public relations services
- Extortion payment – In ransomware attacks, it's often necessary to pay a ransom, while at the same time identifying and minimizing or eliminating the vulnerability that led to the successful attack
- Liability for website content – A variety of liabilities arise from having a company website, including potential theft of proprietary content
- Health Insurance Portability and Accountability Act (HIPAA) defense and penalties – Exposure of protected private health care data, whether belonging to employees or others (in the case of a health care provider or insurer), can have costly consequences
- Payment Card Industry Data Security Standard (PCI DSS) penalties – Such costs can be incurred if procedures for processing customer credit and debit card payments don't satisfy PCI DSS requirements and cardholder accounts are compromised
Current annual premium revenue for cyber insurance is in the $3 billion to $4 billion range, but it is expected to reach $20 billion by 2025, according to the Financial Times.Footnote a
The cost of comprehensive cyber policies is generally competitive in today's market, with many new insurance carriers regularly entering the market as demand grows. Cyber policy premiums as a portion of a typical company's total P&C coverage expense will be small. However, costs vary not only by coverage limits but also by industry sector and "record count exposure"—the number of personally identifiable information files in corporate systems.
The daunting variety and complexity of cyber policies can be overcome by working with an experienced broker with expertise in this rapidly evolving field. Given the accelerating growth of cybercrime, taking the steps to be insurable and secure appropriate insurance protection is more critical than ever.
a "Cyber insurance market expected to grow after WannaCry attack," Financial Times, May 16, 2017.
Interested in more detail?
Want to explore more topics?
Traditional banking services are provided by Branch Banking and Trust Company, Member FDIC.
Only deposit products are FDIC insured.
Insurance products and services offered through McGriff Insurance Services, Inc., a subsidiary of BB&T Insurance Holdings, Inc., are not a deposit, not FDIC insured, not guaranteed by a bank, not insured by any federal government agency and may go down in value.
Investments and insurance products and services are: NOT A DEPOSIT • NOT FDIC-INSURED • NOT GUARANTEED BY THE BANK • NOT INSURED BY ANY STATE OR FEDERAL GOVERNMENT AGENCY • MAY GO DOWN IN VALUE
Branch Banking and Trust Company, Member FDIC.