The rise in remote work environments has opened a Pandora’s box over the past few years, heavily contributing to the increase of cyberattacks and subsequent financial damages faced by organizations around the globe. In many cases, employees working from home simply don’t have the same network security and protection on their personal devices as they do in the workplace.
In addition to the financial loss that can accompany a cyberattack, there are many factors at play, including reputational risk, potential loss of market share or a dip in stock price, impact to brand trust and potential regulatory fines. The total business impact, including liabilities and threats that could jeopardize a business must be considered when developing a disaster recovery plan, not just the immediate impact to the physical infrastructure or network.
FNTS and its sister company FNIC, a trusted insurance advisor, are committed to helping organizations implement disaster recovery and risk management solutions. Cyber insurance is becoming a crucial part of disaster preparedness as it’s becoming more important for businesses to prevent hefty damages from large-scale attacks and protect customer data and personally identifiable information.
Cyber insurance, also referred to as cyber liability insurance, data breach insurance or simply hacker insurance, is an insurance product that covers the costs associated with hack attacks and data breaches. Cyber insurance covers the costs faced by a business after experiencing a hacker-prompted cyberattack.
While we recommend every organization have some form of cyber insurance, we realize it is becoming more strict, selective and expensive. Since 2019, premiums have increased 20-25%. Today, some premiums have increased in the range of 50-200%. Factors taken into consideration when determining premiums include the type of industry served, previous history of damages and the security controls the organization already has in place.
Some carriers may not even offer terms if the following security measures and controls are not in place:
At FNTS and FNIC, we recommend organizations implement the above measures to help ensure qualification for coverage. Additional measures organizations can enact to protect data and prevent incidents include:
Cyber insurance policies can provide organizations peace of mind that they’re covered and have guidance from cybersecurity and IT legal professionals should a covered loss occur. Incidents covered by cyber insurance can vary by carrier and policy. Below are commonly covered in a first-party coverage plan:
A few common misconceptions about cyber insurance is that everything is insurable and there will not be an out-of-pocket expense. Policies include premiums, deductibles and a potential waiting period before coverage kicks in.
When determining coverage, there are key steps organizations need to take when working with an insurance provider. These steps include measuring risk. The insured organization knows what their own risk is based on the measures and controls they have in place. In addition, they should have an understanding of what their potential loss could be. For example, when a ransomware attack occurs, hackers usually get into a company’s system and stay latent for 90-180 days, monitoring activity, financial transactions, etc. Attackers gain an understanding of the annual gross revenue for that business. Then, they take the system down and ask for a ransom payment that is usually 4-6% of the business total gross revenue.
Cyber insurance coverage may be purchased separately or as a rider to your current business insurance policy. Comparing insurance providers can give an organization a better understanding of coverages and costs. The underwriting process is fairly straightforward and begins with an application. The organization would also need to provide proof that has proper security measures and controls in place. That is then taken to the marketplace by their agent to obtain terms for review. Costs are calculated by factoring the organization’s industry type, total revenue and existing security measures and controls.
It’s uncertain if cyber insurance will be mandated for organizations. It is more likely to be mandated in industries that hold a lot of sensitive personal information such as dates of birth, social security numbers, driver’s license information, medical history, credit card information, etc. Consumer-based services that society relies on such as utility providers and manufacturers also could be impacted in the future.
To learn more about cyber insurance and protecting your organizational assets, contact FNTS (800-820-6924) or FNIC (402-861-7000).
This blog was written by Don Pecha, Senior Director of Information Security at FNTS and Trevor Fiala, Sales Executive, Commercial Insurance with FNIC.
Trevor enjoys building relationships and helping others. He’s been in the insurance industry since 1998 when he started working at his uncle’s agency in Los Angeles, CA. Trevor likes to stay busy and working efficiently for his clients. He takes the time to understand their business because he knows the impact risk management has on a company’s business goals.
Before joining The Koch Co. in 2019, Trevor was with PJ Ramaekers. During his time with the agency, he earned GEM Agency Distinction three times and was named one of three top insurance agents in Omaha by the readers of the Omaha World-Herald as part of their 2017 Omaha’s Choice Awards.
Outside of the office, Trevor serves as the President of VILA, a nonprofit landowners association in Sarpy County, NE. Its mission is devoted to preserving, protecting, and improving the property’s natural beauty, diverse natural habitats and the many recreational opportunities in the area. He also spends time with family and friends preferably by the river.