1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: cyber insurance

Six Things Successful Cyber Brokers Know

The case for cyber insurance gets stronger by the day, as cyber incidents grow in cost, cyber attacks become more frequent and cyber policies offer more innovative and effective services. But cyber is still a new market. Businesses often aren’t aware of their cyber risk or the role cyber insurance can play in protecting them. So how can you educate your customers about cyber?

CFC sat down with some of their top-performing cyber brokers to discover their secrets to success. Here are six things they say every broker selling cyber should know:

  1. How to explain cyber exposure simplySince lots of businesses are new to cyber, jumping straight into granular detail can feel unrelatable and unconvincing. Businesses don’t need to know the difference between the Cobalt Strike infection and the Log4Shell vulnerability. They care about how they’re at risk, the potential consequences of that risk and how they can prevent it. So stick to the basics and avoid unnecessary jargon.

    It helps to ask the right questions. What cyber security practices do you have in place? Do you consider data privacy? Have you been impacted by a cyber attack before? Your client’s answers will paint a picture of their cyber exposure, so they can understand their risk and how cyber insurance is here to help.

    And there’s nothing better than a strong statistic to back up your points—did you know 72% of businesses worldwide have been impacted by ransomware in 2023?

  2. Key factors that influence the priceCyber insurance provides great value for businesses big and small, but in many circles its cost is a topic of discussion. Those new to cyber may point to the price of cyber insurance coming close to more traditional lines, so it helps to know the three big factors that influence the cost:

    1.    Cyber incidents, particularly against SMBs, are the top business risk for the fifth year running
    2.    The average cost of a cyber claim is significant
    3.    Today’s cyber policies offer sophisticated technical services that would be too pricey for SMBs to get on their own

    Learn more about why cyber insurance is a great investment for any business, plus a breakdown of cyber incident costs, in this quick read.

  3. How to handle these top objections“I already invest in cyber security.”
    Cyber insurance provides a different service to cyber security, it’s not a question of either/or. Good policies will support the business’s internal IT team or external managed service provider with an expert incident response and business recovery team, while being there to cover financial loss if the worst happens.

    “Cyber attacks only affect big businesses.”
    While it’s attacks on household names that make the news, any business can find itself hit by a cybercriminal. And since smaller businesses tend to have less mature cyber security practices in place, cybercriminals often see them as the more attractive target.

    “We don’t collect sensitive data.”
    Two of the most common and costly cyber attacks we see are actually ransomware and funds transfer fraud, which aren’t necessarily aimed at stealing data. The cost to contain threats, repair networks and restore business operations—or to recover stolen funds—are the insured’s biggest worry. Thankfully, both types of incident are covered under CFC’s cyber policy.

    Use this checklist to find answers for more common objections.

  4. Security assessments don’t tell the full storyBusinesses often use third-party risk reports and vulnerability scans to evaluate their cyber risk. While these assessments give a good snapshot of network health at a specific time, IT environments can change any day. This means assessments don’t reveal much around the level of security across a network, potentially presenting a far more positive picture than is the case.

    Fully understanding when and how risk reports are beneficial will help your clients understand their risk and purchase the correct coverage. We explain risk reports in more depth here.

  5. Good policies offer proactive and reactive servicesCyber insurance doesn’t just cover financial loss when an incident occurs. A good policy offers proactive protection to stop attacks from happening in the first place, and reactive support to respond to the incident efficiently and effectively.

    From the moment a CFC cyber policy is bound, their global team of cyber experts works around the clock to detect and alert their customers to cyber threats targeting their business. If they discover a cyber security issue, their team notifies the impacted business though their Response app, and takes steps to remediate the threat before it escalates.

    The value these services offer to small businesses in particular might just be the greatest benefit a cyber policy can provide.

  6. The perfect analogy that shows the true value of cyberTaking out property insurance in case of a fire is seen as standard practice. Alarms and sprinklers can reduce fire damage, but they can’t remove the possibility of you facing a costly bill and business interruption. It’s the same principle for cyber.

    The most advanced cyber security available can still get caught out by a new vulnerability or threat. Without cover, the impacted business won’t receive support in their incident response and recovery, and it’ll bear the financial burden alone.

    CFC’s cyber policy is the full package. For a smoke alarm they offer proactive cyber attack prevention, for a sprinkler system the largest in-house team of incident responders in market. And at the end they cover any damage and loss of income, helping policyholders get back on their feet.

With today’s cyber policies broadening their cover and protection, and cyber risk escalating at an alarming rate, cyber insurance is set to play a bigger role than ever before. By helping your clients to understand their cyber risk- and how cyber insurance is such a gamechanger – you and CFC can help protect businesses and perhaps even turn the tide on cybercrime.

See how you can best speak to your clients about cyber risk and insurance in CFC’s on-demand webinar.

Source: www.cfcunderwriting.com

Is Cyber Insurance Right for Your Business?

Have you considered cyber insurance for your business? Here are a few reasons why it might be smart to do so.

Cyber insurance is finding its way onto the agendas of businesses everywhere, but it’s still a relatively misunderstood class of insurance. Because of this, many companies find themselves confused about how cyber insurance actually works and are skeptical about whether it makes sense for their business to purchase a policy. We hear you. In an effort to answer some of your big questions and put your concerns to rest, here are six big reasons why buying a standalone cyber policy may be a smart decision for your business.

  1. You get cybersecurity tools and support, for freeFor most small-to-medium sized businesses, having a robust in-house IT security team isn’t always possible, or even necessary. But this can leave you without a place to turn in the event that the worst does happen. Would you know what to do if you walked into the office one morning and your systems had been disabled? Cyber insurance is a highly cost-effective way to gain access to the support you need in order to both prevent and respond to cyber events.Most cyber policies come with a number of proactive risk management tools, such as employee cybersecurity training programs, which help reduce successful phishing attacks, and dark web monitoring, which scans the dark web for signs that data relating to your business has been compromised. Most importantly, when it comes to responding to a cyber event, a good policy will give you access to IT experts, forensic specialists, PR firms, lawyers, and more, and often with a nil deductible.
  2. Over half of all cyberattacks are aimed at small-to-medium sized businessesWhile the headlines focus on major security breaches at major companies, over half* of all cyber attacks are aimed at small businesses. What you don’t often hear about is the local law firm that mistakenly transfers $100,000 to a fraudster after being duped by a social engineering scam or the doctor’s office unable to use their computer systems for days because of a destructive malware attack. Just because events like these aren’t reported in the mainstream media doesn’t mean they aren’t happening.Cybercriminals see smaller organizations as low hanging fruit because they often lack the resources necessary to invest in IT security or provide cybersecurity training for their staff, making them an easier target.
  3. Your employees will probably click on something they shouldn’tApproximately three quarters of the cyber claims we deal with involve some kind of easily-preventable human error. Theft of funds, ransomware, extortion and non-malicious data breaches usually start with a human error or oversight such as clicking on a phishing link, which then allows cybercriminals to access your systems from the inside.The fact remains that humans are the weakest link in the cybersecurity chain no matter how hard we try. Cyber insurance is a cost-effective way to not only get access to risk management tools like phishing-focused employee training programs, but also to cover the financial loss if someone makes a mistake.
  4. You aren’t covered under other lines of insuranceCyber cover in traditional lines of insurance often falls very short of the cover found in a standalone cyber policy. Property policies were designed to cover your bricks and mortar, not your digital assets; crime policies rarely cover social engineering scams – a huge source of financial losses for businesses of all sizes – without onerous terms and conditions; and professional liability policies generally don’t cover the first party costs associated with responding to a cyber event.So, while there may be elements of cyber cover existing within traditional insurance policies, it tends to be only partial cover at best. A good standalone cyber policy, on the other hand, is designed to cover the gaps left by traditional insurance policies, and importantly, comes with access to expert cyber claims handlers who are trained to get your business back on track with minimum disruption and financial impact.
  5. Cyber insurance covers far more than just data privacyTwo of the most common sources of cyber claims we see aren’t related to privacy at all – funds transfer fraud is often carried out by criminals using fraudulent emails to divert the transfer of funds from a legitimate account to their own, while ransomware can cripple any organization by freezing or damaging business-critical computer systems. Neither of these types of incidents would be considered a data breach, but both can lead to severe financial damage and are insurable under a cyber policy.Many businesses think that cyber insurance won’t be useful to them because they don’t collect sensitive data. However, more than 50% of our cyber claims come from events unrelated to breaches of privacy, and any business that uses technology to operate will have a range of other cyber exposures which a cyber policy can address.
  6. Cyber insurance pays more claims than any other type of insuranceCFC has paid more than 1,500 cyber claims in the last 12 months, a number that eclipses previous years and is steadily growing, and the vast majority of these are from small and medium sized business. The industry as a whole is showing similar trends and low declinature rates. In fact, it was recently revealed that 99% of cyber insurance claims were paid in 2018, which means cyber has one of the highest claims acceptance rates across all insurance products.**Information like this shows that cyber policies are doing what they set out to do, which is provide broad coverage for a range of technology and privacy-related risks affecting modern businesses, all backed up by proactive risk management and expert incident response and claims handling.

Benefits of Cyber Liability Insurance

As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.

In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.

Claims Scenario: Outsourcing Gone Wrong

The company: A national construction company that outsources some of its cyber security protections

The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.

As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.

Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.

What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.

Claims Scenario: Pardon the Interruption

The company: An online retail store that relies heavily on e-commerce

The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.

Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.

Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.

Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.

Benefits of Cyber Liability Insurance

  • Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
  • Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
  • Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
  • Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.

Learn More About Cyber Liability Insurance

When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.

Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact your insurance broker today.

© Zywave, Inc. All rights reserved

What to Expect When Applying for Cyber Insurance

Every insurance policy starts with an application, and cyber liability insurance is no different. While the underwriting process in long-established insurance lines is streamlined, this is not the case for cyber liability insurance. Currently, application forms for cyber insurance are not standard and can be complex—often consisting of dozens of pages.

For businesses attempting to acquire cyber insurance, the application process itself can be daunting. However, proper cyber liability insurance remains a vital risk-transfer tool for organizations of all sizes. To ensure your organization has the right level of insurance when it needs it most, it is critical to prepare for the application process itself.

What Type of Information is Reviewed?

An underwriter’s job is to assess risk and determine limits and pricing. Insurers depend on the detail contained in an organization’s application, and any vagueness or incorrect information can create issues if and when you file a claim. In order to properly determine your organization’s cyber risks, insurers will review information related to the following:

  • The basics. Insurers will want to know what industry your organization operates in, as well as how much and what types of information your organization stores, processes and transmits. In addition, underwriters will look to see how you manage data security and who is in charge of overseeing cyber-related matters.
  • Information security. When it comes to on-site security, underwriters want to know if you have a formal program in place to test and audit security controls. In addition, underwriters typically look to see if you have basic controls in place, including firewall technology, anti-virus software and intrusion detection software.
  • Breach history. During the application process, underwriters will take a closer look at your breach history. In general, they want to know if the data you house is particularly vulnerable and how effective your data security techniques are.
  • Data backup. Knowing how your organization handles data backup helps insurers better understand your level of data loss risk. Underwriters will want to know if you back up all of your valuable data on a regular basis, if you utilize a redundant network and if you have a disaster recovery plan in place.
  • Company policies and procedures. Communication is important when it comes to reducing your organization’s cyber risk. That’s why, during the underwriting process, insurers want to know what types of cyber security and incident response policies you have in place. In addition, it’s likely you will be asked how you handle password updates, the use of personal devices and revoking network access to former employees.
  • Compliance with legal and industry standards. Failing to comply with cyber-related legislation can be incredibly costly, and insurers will want to know how you handle compliance. Specifically, they will review whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware.

The more detailed and specific an organization can be during an initial underwriter review, the more likely it is that the organization will receive the proper amount of coverage and good terms.

Tips for Applying

For cyber coverage to be effective, it requires a high level of due diligence on the part of prospective policyholders. To get the most out of your policy, you will want to consider the following best practices when applying for cyber insurance:

  1. Gather accurate data. Before the application process, it’s critical to speak with your information technology (IT) management team and any vendors you utilize in order to collect accurate data. It’s important to quantify the data on your network. Above all, get a solid estimate on how much personally identifiable information you have, including employee data.
  2. Be honest. To complete the application process properly and get the best possible policy, honesty is important. When working with your insurer, be clear about your organizational setup, security protocols and breach history. Not only will this help in securing adequate coverage, but it will also reduce the risk of your policy being voided if carriers find out you were dishonest during the underwriting process.
  3. Don’t wait. Even if your organization hasn’t taken the appropriate steps to reduce its cyber risk, going through the cyber insurance application process can help identify exposures. Your insurer can work with you to get the best coverage possible today, leaving room to negotiate down the line when your data security methods are stronger.
  4. Involve the right people. The application process for cyber insurance can be complicated, and it’s important to have key personnel help you. In order to complete a cyber liability insurance application, an organization may need to work with their risk managers, IT professionals, HR department, financial officers, board of directors, executives, privacy officers, marketing team and legal professionals.
  5. Work with experienced brokers. Because cyber insurance is relatively new, some brokers are more experienced in the underwriting process than others. To get the most out of your policy, work with a carrier who can accurately assess your exposures and offer your organization the best protection. More experienced brokers can even provide details on how similar companies in your industry handle cyber security.

Taking all the above into account will not only prepare you for the cyber insurance underwriting process, but it can also improve data security up front.

Don’t Go in Unprepared

The application process for cyber insurance is both detailed and exhaustive. However, taking the proper steps before the application process for cyber insurance should reduce your data breach risk, making your organization more attractive to insurers and reducing your insurance costs overall.

When applying for cyber insurance, be sure to scrutinize policy terms, premiums and underwriting programs. Doing so can put you in a better position to secure the right coverage. For assistance applying for cyber liability insurance, contact your broker today.

© Zywave, Inc. All rights reserved

6 Considerations When Buying Cyber Insurance

As more and more companies have experienced data breaches in recent years, the market for cyber insurance has grown exponentially. However, unlike other forms of insurance, cyber insurance is not a one-size-fits-all approach.

Most cyber policies are offered a la carte, allowing policyholders to negotiate terms and conditions and purchase the coverage that fits their needs.

The level of coverage your business needs can vary depending on your range of exposure, and it’s important to work with a broker who can tailor a policy to match your business’s requirements.

The following are items to keep in mind when building the ideal coverage:

1.       Limits and sublimits

2.       Retroactive coverage

3.       Exclusions

4.       Panel provisions

5.       Consent provisions

6.       Vendor acts and omissions

Cyber insurance is a relatively new form of coverage—one that will continue to evolve alongside emerging cyber threats. As such, cyber insurance requires organizations to be proactive in assessing their risks and ensuring that their insurance coverages are in line with their specific business practices and exposures.

For more information on the items discussed above and how they may impact your policy, contact your insurance broker today.

© Zywave, Inc. All rights reserved



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn