If 2015’s headline stories in cybercrime were around massive breaches to large corporations, such as Target and T Mobile, the takeaway story from 2016 was mainly surrounding ransomware incidents. Rather than the loss of personally identifiable or sensitive information, many more insureds, especially small businesses, were forced to deal with business interruption issues caused by malware and ransomware.
“We also saw an increase in the number of fraudulent wire transfers and many more cases of phony requests for transfers of funds,” says Jeremy Barnett, Senior Vice President of Marketing at
NAS Insurance. “Those types of scams were mainly as a result of social engineering or some type of phishing scam, and are more significant than the misplacing of information or someone hacking into a healthcare data system to steal data.”
Barnett has also noticed progress being made on the risk management side of cybercrime as carriers and their partners start to roll out education and prevention as a service. “Services that come with an insurance policy are more valued than they were in the past. The idea of cyber risk management is now an important part of a strategic decision for a company,” Barnett says. “Public companies need to make sure they have effective data security protocols and incident response plans because they come under greater scrutiny if they have a breach. Companies are being investigated to see whether or not they have safe data practices.”
“So, therefore, the whole cyber risk management side of the equation, preparedness, is much more front and center than it’s been in the past.”
Although most cyber policies already provide coverage for business interruption and the costs associated with first party costs like bringing in a breach coach and a forensics firm, Barnett believes one of the main trends in the cyber insurance space in 2017 will be around claims in what he calls “dependent business interruption”.
Many small and medium sized businesses depend on a third party to manage key parts of their business operations, like payroll, web hosting and HR systems. If that third party gets impacted by a breach or ransomware incident, the insured is suddenly out of business. “It’s helpful for smaller organizations to know that even if someone they rely on goes down they still have coverage for business interruption,” Barnett says. “There are lots of technology based third party services that people rely on beyond ecommerce that, if the go dark for whatever reason, the insured will be seriously affected.”
Related stories:
Fraud is easy in the digital age: Fintech VP
AIG and Berkshire Hathaway strike $9.8 billion pact