The Expert Podcast

 What is Cyber Liability Insurance?
  • A unique type of risk coverage designed for businesses facing digital threats, including data breaches, hacking, and ransomware attacks.
History of Cyber Liability Insurance:
  • Launched in the 1990s to protect .com companies from data destruction, hacking, and viruses.
  • Early 2000s: Laws in some states, like California, required companies to notify customers if their data was breached, expanding the role of cyber liability insurance.
Evolution of Cyber Liability Insurance:
  • The biggest priority now is data protection and covering costs related to data breaches.
  • Introduction of ransomware: Hackers threaten to release or delete sensitive customer data unless a ransom is paid.
Challenges in Pricing and Predicting Losses:
  • Cyber insurance is different from traditional types like fire insurance due to its relatively short history (20-30 years).
  • Lack of historical data makes it hard for insurance companies to predict the cost of cyber losses.
Changing Types of Risks:
  • Exfiltration of data is becoming more common than just hacking or ransomware.
  • In 2019, cyber insurance had to adapt quickly to address the rise in ransomware attacks, which hold systems hostage until a ransom is paid.
How Cyber Insurance is Adapting:
  • Cyber insurers now require businesses to have specific cybersecurity protections like two-factor authentication and proper password management.
  • Insurance companies assist in reducing risks by sharing data on previous cyber losses, helping businesses mitigate future threats.
Proactive Measures to Lower Cyber Insurance Premiums:
  • Two-factor authentication and endpoint detection (EDR) are effective tools in preventing malware.
  • Insurance companies can use their data to help businesses reduce the frequency and severity of cyber attacks.
Cybercrime and the Growing Risk:
  • Unlike accidental damages (e.g., fires), cyber threats are intentional and profitable for hackers, making them more innovative.
  • Cyber insurers help businesses stay ahead by implementing preventive measures and offering guidance on keeping systems secure.
The Future of Cyber Insurance:
  • As the digital economy grows, cyber risks will continue to increase, but so will technologies to defend against them.
  • The cyber insurance market is projected to grow significantly, with premiums expected to reach $50 billion within the next decade.
Conclusion:
  • Cyber losses are inevitable, but proper insurance coverage and proactive measures can reduce the impact of a breach.
  • Businesses should work with a knowledgeable insurance agent to ensure they have the right coverage to match their needs.
Interested in Cyber Insurance?
  • Check out our website for more information, and consult with a qualified insurance agent to secure the best coverage for your business.
 

What is The Expert Podcast?

The Expert Podcast brings you firsthand narratives from experts across diverse industries, including private investigators, general contractors and builders, insurance agencies, vehicle specialists, lawyers, and many others.

Cyber liability insurance is a very interesting type of risk coverage. It's a little bit different from other insurances, so we'll take a look at what the current market is, how it's changing almost week to week, and what the history is. Cyber liability insurance was first launched in the 1990s. Originally, it was to cover the .com companies, and those companies were very vulnerable to things like destruction of data, hacking, people getting in and changing code, and even computer viruses. But what happened is in the early 2000s, some states like California passed laws that required companies to notify customers if their data was breached.

Let's say you're a major bank, and somebody hacks into your system and downloads all your customers' information—name, address, phone number, Social Security number, driver's license. Now, you have to notify all those consumers, and you may have some liability. You may have to cover the costs to give them credit protection or pay fees. Since that happened in the early 2000s, cyber liability insurance morphed into something that covered data protection and losses associated with breaches. This has remained the biggest priority for cyber liability insurance, even 20 years later. There have been more data protection laws, and now you also have ransomware. Hackers know these laws are in place, and they'll hack your system, get your customer data, and tell you that if you don't pay a ransom, they'll release it or delete it from your system.

Cyber insurance is different from other types of insurance like fire insurance, slip and fall insurance, or general liability insurance because it hasn't been around as long. Fire insurance has been around for 100 years, general liability insurance has been around for decades, but cyber liability insurance has only been around for maybe 20-30 years, depending on how you calculate it. There's a lack of historical data, so predicting the cost of losses is difficult for insurance companies. Therefore, coming up with the rates is also difficult. Even if you knew exactly what the losses were for the last two years, the risks and losses will change in the future as hackers and cyber protection continue to evolve every year.

For example, exfiltration of data is becoming more popular than just hacking and ransomware. Even as recently as three years ago, in 2019, cyber insurance had to scramble quickly to cover the reality of ransomware attacks. This was a version of malware that was different from just scrambling systems. It used to be that black hat hackers would go in and lock down a system or erase it just for fun. Now, they lock people out of their company's records until they pay a ransom, usually in digital currency so they aren't trackable as hackers. This raised the rates for cyber liability insurance initially because it was happening, but as smart cyber companies realized that they could mitigate these risks by requiring their insurers to have certain protections, they included those requirements in their underwriting.

If you're applying for a cyber policy, they'll ask about your cyber defense policies. Do you have two-factor authentication? Do you have proper password management and firewalls within your data? If you have those protections, you may be able to get more reasonable coverage and premiums. Insurance companies don’t want claims any more than you do, so they’ll help you, as an insured, reduce the frequency and severity of cyber attacks. They do this by sharing data from other insureds to help you put policies in place in your company to prevent claims in the first place. Two-factor authentication is one of those things, and another is called endpoint detection or EDR. This is a tool that detects and blocks malware before it gets into a network, verifying and matching data coming into your system.

With exfiltration, there’s also monitoring of large volumes of data being uploaded or downloaded from your system. Insurance companies have seen losses over the past 10-15 years, and they can use that data to help prevent future losses. As a company, you might never have seen a cyber loss, but the insurance company knows what’s out there and can help you prevent it. By putting those policies in place, you can avoid a loss and potentially get better rates.

The other thing to note is that cyber losses aren’t necessarily accidents. If you have a fire in your building or some other type of damage, or if a consumer sues you, those are usually accidents. The problem with hacking is that hackers are doing it on purpose. They’ve monetized cybercrime, and it makes them a lot of money. They are innovative and change to adapt to the prevention and defense measures against the threats. A good insurance company will help you see this and put things in place, sometimes even requiring new preventive measures annually or quarterly to maintain coverage.

The bottom line is that cyber losses and risks aren’t going away. Everything is going more digital, and the digital economy is expanding, meaning there will be more vulnerabilities, not fewer. However, there will also be more technologies to defend against it as the cyber defense and cyber insurance markets continue to evolve and help companies prevent losses. Your worst day will be when you have a loss. Even if you have insurance, you're still going to face a very challenging workflow for that day, week, or even months.

The fact that $10 billion in premiums for cyber insurance were written in the last 12-24 months is a big deal. They estimate that in the near future, there may be $50 billion in premiums written within the next decade. If you have questions about cyber insurance, you can check out our website. We’re glad to be of assistance. Remember to get with a good insurance agent or broker in your area who covers your business to get coverage that matches exactly what you want.