Subscribe
Share
Share
Embed
The Expert Podcast brings you firsthand narratives from experts across diverse industries, including private investigators, general contractors and builders, insurance agencies, vehicle specialists, lawyers, and many others.
If you're an executive in a large company, you may be finding that there are more and more instances where cyber liability insurance is more frequently required. By whom? Well, maybe you're bored; maybe your executive committee; maybe it's a contract you're entering into with another company. If you're a small business owner, you may find that there are more and more instances where cyber liability insurance is required by a counterparty or by a government agency. Many government agencies are requiring that vendors have cyber insurance. Why is it more frequently required? And even if it hasn't been demanded from you as a business, knowing why it is might give you some insight into what's going on in the marketplace.
So it starts out with the realization that more organizations are growing their budgets to meet rising cyber premiums. And here's the subheadline: three quarters of organizations say that cyber insurance is required by their board, executive teams, or, in many cases, by a contract if you're doing a contract with some other third party. So companies are now starting to have to build this into their budgets. And if it's something that hasn't been part of your expenditures before, it's not good because now you have to add it in. Why is that? Well, part of the reason is that cyber insurance claims are spiking amid different kinds of fraud. And here's the subheadline: cyber insurance claims frequency increased by 12 percent in the first half of 2023. So in the first half of 2023, cyber claims went up 12 percent. That's not counting the second half. The second half goes up the same amount. That's a 25 percent increase. Claim severity increased by 42 percent. So even though the number of claims went up, how much they were worth went up even more. The average loss amount was $115,000. It may not seem like a lot, but when's the last time you had a $115,000 claim on your corporate insurance or your commercial lines insurance? When have you ever had a claim that's been in the six figures?
The frequency is increasing. It's very unlikely that, God forbid, you're going to have any kind of fire in your building or somebody's going to get hurt. It's more likely you're going to get hacked. So thinking ahead, board members, executive committees, and counterparties are saying, "Look, we better have something in place because if this company has a cyber attack, which is likely, and they don't have insurance, that means they're going to come out of their pocket, and it might affect us as a business." Remember, this frequency is only for cyber insurance claims. It doesn't count companies that did not have insurance that had an expense for which there was no insurance coverage. The average loss is $115,000. So if you don't have insurance and you have a loss of $115,000, that's out of pocket. The other thing about cyber claims going up is that's probably an artificially low number. Here's why: Most cyber policies have what's called active protection. What that means is that when you buy a cyber liability policy from a company, that company, the insurance company, will also put some active monitoring on your system. They put little pieces of code on your computer that will monitor for these types of intrusions and hacks. Many times, the hacker will break into your system and not do anything for weeks or months while they monitor and collect information before they attack. If you catch it early, you can actually shut it down before it even happens. So if claims frequency went up 12 percent, uninsured events probably went up even more than that. So if you're not an insured company for cyber, you might have more vulnerability.
And you might say, "Well, I think my policy has cyber." It might. Many commercial lines of insurance policies, like general liability, professional liability, and E&O, have a cyber endorsement. And you might think, "Well, I have cyber. It's in my policy." Those types of coverages, those endorsements, as they're called, are not a separate, standalone policy. And they may have like a $20,000 cyber policy or $50,000. You might think, "Well, that's a lot. That's good." Well, the average loss is $115,000. So a lot of them are more than that, plus they only cover certain types of cyber events. They only cover you as a loss if one of your vendors or your customers has damages that you have to pay for. Doesn't cover that. There are a lot of exclusions. So make sure you look at the two.
What happens if you play chicken without having cyber? Well, Caesar's and MGM, you heard the big news this week where their hotels and casinos were shut down for two to five days because they lost their cybersecurity gambles, right? To play on words because they're casinos. Despite the staggering, well-documented rise in cybercrime, they did not have tech expertise requirements. Two recent cyber attacks on prominent casino chains offer clear and compelling examples of the risk of poor boardroom digital readiness. So if you're a large company and you are not putting in place cyber defense, cyber insurance, and cyber coverage, then you might be setting yourself up for failure. And you might have consequences—not only the loss but liability—because it's staggering and well-documented.
So what happens if some type of cyber event hits your company and you don't have either cyber defense, cyber insurance, or some kind of coverage for that risk or protection? You could actually have additional liability beyond just what you lose in that attack because you did not take best-practice preventive measures in the face of staggering, well-documented events. It's not like it's a secret. This is not 2012 anymore. People know about this. Fortunately, many companies are taking advantage of the available options. Surplus line premiums jumped 19 percent. That is the area where cyber normally falls: the surplus line. So more and more people are taking advantage of it, and they're growing their budgets to make sure that they have that kind of coverage.
And the coverage is twofold. You want to have defense and protection, and you want to have insurance coverage if something happens. As an example, if your company has fire insurance, that doesn't mean you don't have fire extinguishers and you don't have preventive measures to make sure that it's less likely. You don't store gasoline next to the heater, right? You do things to prevent it, but you also have insurance. You don't just count on the fire department or the fire extinguishers in your company. You have protection. So it's a two-layered defense. However you do it, make sure that you're recognizing that these risks are increasing.
I get it. If you're a business owner or an executive, this is all new. You may not be aware of how probable and likely these things are. This risk kind of snuck up on everybody. Snuck on all of us to where the risk profile in 2023 is dramatically different from even four or five years ago, 2019, 2018. Sure, there were cyber attacks and there were cyber liability events that happened five years ago, but they weren't anywhere near as severe and as common as they are now. You know, one of the stories I've told before and you've heard us talk about this is, you know, any business owner that you know, ask them this series of questions. And you can ask yourself this too, but just to prove it's not just you, think about other people.
Let's say if you have a friend Joe, and Joe's an accountant and he has an accounting firm, and you say, "Joe, if you pulled into your parking lot of your business building on Monday morning and you turned around a corner and your building is burned to the ground, all ashes, God forbid, knock on wood, nobody gets hurt, right, but your building is burned to the ground, how fast could you be back in business?" Well, it'll be a struggle, but, you know, I could go to Walmart, buy some folding tables, I could get some computers from Amazon, and I could maybe rent some cheap office space just to get covered, and I could be back in business in a few days, log into your network, get your, right?
Okay, what happens if you pull into your parking lot on Monday morning and everything looks good, the building is there, you open the doors, you go in, turn on your computer, and it's blank, computer doesn't turn on, there's an error message, how fast could you be back in business if you got hacked? If ever, depending on what the hack is, you might never be able to get back in business. You might be starting from scratch. You have no access to your clients; you're paying clients that want to buy and do business with you; you have no access to the fulfillment of existing clients that maybe you've already collected money from that now you can't deliver. You might have to give that money back. Maybe you have accounts receivable. Think about what your accounts receivable are. Look at that number in your head.
What happens if that account receivable is uncollectible because you don't know who they are, you don't know how to build them for it, and you maybe can't fulfill what's still pending? What if you take that accounts receivable number—you know what that is—is it $100,000 or $500,000 and cut it in half and you lose that money? What if you have to pay fines to the government for consumers' information getting out? Those are all real. And now ask the last question to your colleague, your friend: which is more likely? Which would you bet is more probable to happen first? Your building is burning to the ground, or are you getting hacked?
And I'm sure that business has fire insurance. The question is, do they have any kind of protection? Look, I get it; we're biased; we are a cyber insurance company; you can see the link below, but chances are, whoever's watching this, you're not going to buy it from us because you probably already have insurance. Either way you get it, look into cyber insurance because, unlike every other type of insurance, you have additional benefits from it. And that benefit is, it's kind of like if you buy fire insurance, having a fire truck parked out front every day because when you buy cyber insurance, most policies will also include active monitoring and active protection. So they see something before you do. More importantly, they also have an immediate response, meaning that if you have some type of event, some type of cyber hack, some type of intrusion, or you pick up the phone and call your insurer, they have teams of people that know how to deal with this. It's like having a private fire company for a fire event. They can jump right in. You probably have IT people, cyber defense people, and cyber insurance people on your payroll, but these insurance companies deal with this all the time. They know what the current up-to-date cutting-edge hacks are, or your IT people may not know that last week the hackers invented a new way to get into your system, and it might take weeks to find that out. So those are the advantages of that type of insurance that may not exist with others.
Again, I get it; we're biased, we're selfish; this is what we do. It doesn't mean it's not true; it doesn't mean it's not worth consideration. So much appreciated if you have questions or comments, put them below, glad to answer any questions you have, and best of success for your business development and operations.