Jump to content

Tuesday Morning Insurance Tidbit - Cyber Liability


Recommended Posts

It’s Tuesday, It’s Tuesday, Woo, Woo!!!!!!!!!!!!!!!!

     Good morning my friends in ADI-land!  Do you ever have those days where you wake up and do your superhero work out (usually consisting of the dog running me, not the other way around), your weight training routine, and then have some wonderfully flavorful French press coffee and a luxurious breakfast and you just feel like the word is your oyster?!???!?!  Well, if you have had those mornings then you know how I am feeling.  All is right in Insuranceopolis and I am just in a hap-hap-happy mood.  I hope this post finds you feeling the same.

     In today’s installment of the TMIT I want to touch on a topic that we have never really spoke about here previously.  This is something that may concern some of you, and for others it may not be a big deal at all, it just depends on your operation.  Although insurance has a long history and is a concept almost as old as dirt, this coverage is one that actually did not even exist just a few decades ago.  What am I talking about????  Any guesses????

     CYBER LIABILITY!!!!!!!!!  Yes, siree Bob.  Cyber Liability actually came into existence well after the advent of computer technology, email, and quite honestly, a rather long time after the wide accessibility of the internet and shopping online.  As we have discussed previously, insurance is antiquated in many senses and big ships turn slow.  Although there was a need for this type of coverage prior to it being offered, this “late to the game” approach by the insurance industry is quite typical.  Often times this approach is born out of bureaucracy and red-tape, but more-often-than-not it is simply due to the fact that no one really knows what the true exposures are or how to underwrite or provide coverage for such a new threat. 

     We have been dealing with fires and lawsuits since the beginning of time so those are easily dealt with by insurance carriers.  There are specialized underwriting matrix that exist regarding property loss and liability that are backed by over a hundred years’ worth of data.  But cyber …  well that is something that simply did not exist previous to 1988.  Why 1988 you may ask?  Well, according to NATO International, the first documented attack on the cyber infrastructure occurred in 1988 and was called the Morris Worm.  This was a rather simplistic attack that took advantage of a weakness in the Unix system Noun 1 and slowed computes down, ultimately making them cease completely.  Oh, how far and much more nefarious have attacks progressed from then to now!!!!!!!!

     Realistically, cyber liability coverage can trace it’s roots back to somewhere in the 1990’s, but back then, as is mostly the case through today, no one really understood the need for this coverage and very few purchased it.  It was not until around the year 2000 that Lloyd’s of London launched the first Cyber Liability policy.  Fast-forward to 2019 and you may think that the percentage of companies that purchase this coverage would be HUGE due to the increase of cyber attacks.  Well dear reader, you would be very, very wrong.  Less than one-third (1/3) of all US based companies carry any type of Cyber Liability coverage.  SERIOUSLY!?!??!!  Everyone gets attacked at some point, right?!?!?!?!  Well … according to statista.com, not everyone is attacked.  In 2018 the annual number of data breaches was upwards of about 1,300 in the U.S.  Although that may not seem like as many as one would think, please keep in mind that the AVERAGE COST of a cyber breach at that time was $27,370,000!  Yes, that is twenty-seven MILLION DOLLARS!!!!!!!!!!!

     Now, obviously we are talking about some big-time companies here, hospitals, credit card companies, etc.  With that said though, smaller businesses get hit all the time and everything is relative, right??!?!  If a big corporation has a cyber liability loss of $27,000,000 it still is going to hurt their bottom line at the end of the year, just like if your business has a loss of maybe $270,000 it is going to hurt your bottom line, maybe even to the point of putting you out of business where as the “Big Boys” can absorb such a loss a bit easier and continue to operate.

     Ok, enough of the history lesson, although it was needed in order to set the table so that we can discuss this topic further.  So, what does Cyber Liability cover?  Well, that depends on the type of business, the size, what kind of records you keep, and quite honestly it depends on the carrier that you purchase the coverage though as they are all different.

     In a nutshell, Cyber provides coverage for financial losses that result from data breaches or other cyber type attacks.  As stated, different carriers offer different policies, but most do cover not only first-party (you and your business) coverage, but third-party coverage as well.  That means that a cyber policy can provide insurance for losses that you sustain due to a cyber attack that ruin your personal data records as well as anyone that is damaged due to your data being breached.  How about an example, eh?  You sell your product to John Smithe (pronounced “smYthe” 😊 , either on site at your location or via an internet sale, if that is legal where you are located), and you retain Mr. Smithe’s information in your database.  Maybe you have his name (duh!), address, phone number, etc.  … but here is where it gets scary … maybe you have also retained his date of birth for legal verification reasons, as well as his credit card number and other vital purchasing information.  If Mr. Smythe’s information is stolen due to a cyber-attack, UH-OH, you could be in serious trouble now.  In fact, there are multiple sites out there on the world-wide-interweb-thingy that offer “Data Breach Cost Calculators”, and according to one that I like the best, if you have been breached and exposed only 10 clients personal payment information or their personally identifiable information, that loss could cost you upwards of $180,000!!!!!!!!!!!  That is on 10 clients!!!!!!!  The average cost per record can be nearly $20,000.  That number should be an eye opener for sure!

     Now, just to be fair, that is a large amount of loss due to a data breach, don’t get me wrong but there may be a silver lining to all of this.  Let’s say you had 10,000 clients that were breached, who had their information stolen, the claim may not be extrapolated by the same per client cost that was previously mentioned.  Again, it depends on the type of loss and your coverage, but typically the majority of the expense comes in the way of incident investigation costs.  Those costs typically are the most expensive as the “investigation is the investigation” regardless of the number of clients, but the per client cost goes down dramatically as that is spread across all 10,000 which could essentially drive the per client average down to around $40 per client.  Hey, we are still talking about a loss of $380,000 though, and that is enough to put a sizeable dent in your profits and potentially put you out of business if you don’t carry this type of coverage.

     OK, now that I have your attention, I can hear you pondering the ultimate question that everyone inevitably will ask, “How much is this going to cost me?!?!?!?!”  Honestly, it is not as daunting as one may think.  The average cyber liability policy premium for a business ranges from about $1,000 annually up to $7,500.  It just all really depends on the size of your business, the type of records retained, and a myriad of other factors.  All-in-all it is not as much as one would think for such a viable and real threat in today’s world.

     I have heard many reasons from folks as to why they don’t want or need cyber liability.  From, “Well, we only use ‘Square’ and don’t keep any records of a personal nature”, to “We don’t have any records that are worth anything.”  I hear you and I understand, but …  Although payment services like “Square” and others take care of most of the PCI data compliance for you, maybe that is not your biggest exposure.  Do you keep records on employees, or maybe some “trade secret” data of your products, or your own payment and purchasing information?  Do you have a website that generates sales for you?  What if your website is hacked and you lose revenue?  Could this be an issue? Yes, yes it could and yes you do have these exposures!  We all do.  Let’s face it, everything in our life is all ones and zeros stored on an electronic device somewhere.  We don’t have piles of paper files clogging up valuable square-footage like in the olden days.  Well, that data has intrinsic value my friends, and without it, or if it is corrupted or stolen and held hostage, what are you going to do?  If you have a cyber liability policy in place the world becomes a lot less “gloom and doom” and more “sunshine and rainbows” knowing that you may not have to bear this burden alone since InsuranceMan 2.0!!! and the cyber liability insurance carrier will be there to save the day.  Do you want to know more or find out if you really have a need?  Then get in touch with me and I can assist you in the process, I am here to help.  Until next time …


Stay Vigilant,


Aaron Linden

a.k.a. InsuranceMan 2.0!!!



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...