By Sara Ametrano
The more we rely on technology in both our professional and personal lives, the more at risk we, as individuals and companies, are to be targeted by hackers.
Cyber-attacks can come in a variety of forms and steal all kinds of information if successful. Through panel discussions and presentations, April’s NetDiligence conference explored what the evolving nature of cyber can mean for the specialty insurance industry.
When cyber coverage first emerged, it centered around liability. As time passed, the cyber risk area expanded, and it included possible scenarios such as social engineering and extortion. And today, clients are at a higher risk than ever before.
Where property and casualty policies are created based on hundreds of years’ worth of information, cyber threats are new in comparison. Creating a sustainable cyber policy plan is proving to be a challenge for underwriters today due to the lack of data available and the ever-evolving nature of the industry.
One of the cyber areas seeing an increase in attack frequency and severity is ransomware. Beazley Breach Response Services reported that, in 2018, average ransomware demands were $116,000, compared to $15,000 just the year before. The report also revealed that the main targets of ransomware attacks are small to medium-sized business, absorbing 71% of the crimes.
These numbers stress the importance of the need of expertise in the field. Hackers have sharpened their skills to learn their target’s financial position so that they may determine the sum they will demand.
Where standalone cyber coverage does not exist, cyber and data breaches may fall under other policies, unbeknownst to insurers. This is what the industry refers to as “silent cyber.” Companies might not take these types of exposures into consideration, which can potentially expose their other policies that do not specifically exclude cyber/data breaches. At a glance, only 10% of silent cyber situations are clearly priced and defined, 40% have definitions but are not priced and the remaining 50% are neither defined nor priced.
So, now what?
The growing nature of technology and lack of data surrounding cyber makes it difficult to create a plan in the event an attack occurs. The conference provided tips on how to mitigate risk and minimize the confusion non-affirmative risk management can bring:
- Analyze policy language and claims;
- Collaborate with ethical hackers (the good guys) to better understand the motives behind these attacks and how they might appear in different scenarios;
- Continue to update policy wording as need be.
If you have any questions or would like to request a quote, please contact Trisura’s underwriting specialists.