New exposures for SMBs spurs new need for cyber liability insurance

To effectively manage breach response, companies and vendors require coverage

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

It’s simple to grasp how a fire or an earthquake or even a customer slipping on company property and breaking a leg translates into a commercial liability exposure.

But what about liabilities stemming from a data breach, a ransomware attack or a denial of service bombardment? It’s fair to say that the vast majority of businesses, especially small- and medium-size companies, are just waking up to the exposures presented by cyber attacks.

Jeremy Ong, Great American Insurance Co. divisional vice president
Jeremy Ong, Great American Insurance Co. divisional vice president

ThirdCertainty asked Jeremy Ong, divisional vice president at Great American Insurance Co., about the rapidly developing market for cyber liability insurance. (Answers edited for clarity and length.)

Upcoming webinar: Navigating Identity Theft: How to Educate and Protect Your Employees and Clients

3C: How should SMBs think about the exposures they face in the Internet Age?

Ong: A lot of clients don’t think twice about buying fire insurance or theft insurance for their business, and cyber should be right there alongside those kinds of insurance products because the exposures are real. Cyber losses can potentially be a balance sheet killer for a lot of clients, so purchasing a cyber policy certainly would help them withstand that type of financial loss.

We’re now at a point where there is a wide range of pricing and a wide range of insurance products. There are plenty of products now out there that can address the cyber exposures of a wide range of sizes of businesses.

3C: What kind of exposures does a typical cyber policy address?

Ong: A basic cyber policy should cover the cost of notifying the impacted parties of a data breach. It should cover the cost of offering credit and fraud monitoring services. I call those damage control expenses. Potentially, it could even cover public relations-related expenses to help restore the tarnished reputation of the business. And it also covers expenses in case you have a breach and the victims sue you.

3C: How much of this is driven by 47 states enacting data breach disclosure laws?

Ong: For average business owners there’s no way for them to even know what to do. And so by buying an insurance product it will tie them into a service component, as far as providing the pre-breach and post-breach services. It helps our policyholders to be able to remediate their loss.

Related: California tightens data loss disclosure rules

3C: How do you see the market evolving going forward the next year or two?

Ong: One of the biggest motivating factors for clients to buy cyber insurance now is public entities and larger corporations starting to ask vendors to carry certain cyber insurance coverage and limits, making it a contractual requirement. So that often is a driver now. And I would say that there is going to be a continued increase in contractual requirements for cyber insurance. In other words, you won’t get the job if you don’t carry the cyber insurance coverage.

Three-part series on cyber insurance:
Not all cyber insurance is created equal: Tips for businesses shopping for coverage
Despite barriers, cyber insurance catches on in key sectors
Cyber insurance rises to meet increasing security challenges