New exposures for SMBs spurs new need for cyber liability insurance

To effectively manage breach response, companies and vendors require coverage

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

It’s sim­ple to grasp how a fire or an earth­quake or even a cus­tomer slip­ping on com­pa­ny prop­er­ty and break­ing a leg trans­lates into a com­mer­cial lia­bil­i­ty expo­sure.

But what about lia­bil­i­ties stem­ming from a data breach, a ran­somware attack or a denial of ser­vice bom­bard­ment? It’s fair to say that the vast major­i­ty of busi­ness­es, espe­cial­ly small- and medi­um-size com­pa­nies, are just wak­ing up to the expo­sures pre­sent­ed by cyber attacks.

Jeremy Ong, Great American Insurance Co. divisional vice president
Jere­my Ong, Great Amer­i­can Insur­ance Co. divi­sion­al vice pres­i­dent

Third­Cer­tain­ty asked Jere­my Ong, divi­sion­al vice pres­i­dent at Great Amer­i­can Insur­ance Co., about the rapid­ly devel­op­ing mar­ket for cyber lia­bil­i­ty insur­ance. (Answers edit­ed for clar­i­ty and length.)

Upcom­ing webi­nar: Nav­i­gat­ing Iden­ti­ty Theft: How to Edu­cate and Pro­tect Your Employ­ees and Clients

3C: How should SMBs think about the expo­sures they face in the Inter­net Age?

Ong: A lot of clients don’t think twice about buy­ing fire insur­ance or theft insur­ance for their busi­ness, and cyber should be right there along­side those kinds of insur­ance prod­ucts because the expo­sures are real. Cyber loss­es can poten­tial­ly be a bal­ance sheet killer for a lot of clients, so pur­chas­ing a cyber pol­i­cy cer­tain­ly would help them with­stand that type of finan­cial loss.

We’re now at a point where there is a wide range of pric­ing and a wide range of insur­ance prod­ucts. There are plen­ty of prod­ucts now out there that can address the cyber expo­sures of a wide range of sizes of busi­ness­es.

3C: What kind of expo­sures does a typ­i­cal cyber pol­i­cy address?

Ong: A basic cyber pol­i­cy should cov­er the cost of noti­fy­ing the impact­ed par­ties of a data breach. It should cov­er the cost of offer­ing cred­it and fraud mon­i­tor­ing ser­vices. I call those dam­age con­trol expens­es. Poten­tial­ly, it could even cov­er pub­lic rela­tions-relat­ed expens­es to help restore the tar­nished rep­u­ta­tion of the busi­ness. And it also cov­ers expens­es in case you have a breach and the vic­tims sue you.

3C: How much of this is dri­ven by 47 states enact­ing data breach dis­clo­sure laws?

Ong: For aver­age busi­ness own­ers there’s no way for them to even know what to do. And so by buy­ing an insur­ance prod­uct it will tie them into a ser­vice com­po­nent, as far as pro­vid­ing the pre-breach and post-breach ser­vices. It helps our pol­i­cy­hold­ers to be able to reme­di­ate their loss.

Relat­ed: Cal­i­for­nia tight­ens data loss dis­clo­sure rules

3C: How do you see the mar­ket evolv­ing going for­ward the next year or two?

Ong: One of the biggest moti­vat­ing fac­tors for clients to buy cyber insur­ance now is pub­lic enti­ties and larg­er cor­po­ra­tions start­ing to ask ven­dors to car­ry cer­tain cyber insur­ance cov­er­age and lim­its, mak­ing it a con­trac­tu­al require­ment. So that often is a dri­ver now. And I would say that there is going to be a con­tin­ued increase in con­trac­tu­al require­ments for cyber insur­ance. In oth­er words, you won’t get the job if you don’t car­ry the cyber insur­ance cov­er­age.

Three-part series on cyber insur­ance:
Not all cyber insur­ance is cre­at­ed equal: Tips for busi­ness­es shop­ping for cov­er­age
Despite bar­ri­ers, cyber insur­ance catch­es on in key sec­tors
Cyber insur­ance ris­es to meet increas­ing secu­ri­ty chal­lenges