Cyber liability insurance, once a primarily surplus lines product, has become more mainstream as the awareness and risk of data breaches and cyber attacks have increased. In 2018, the National Association of Insurance Commissioners reported more than 500 insurers provide standalone and package cyber products totaling more than $3.6 billion in written premiums. 2019 was marked by increasing data privacy and data breach regulations, coupled with more sophisticated ransomware attacks – resulting in an increase in cyber insurance rates by as much as 25%.
With her BOP coming up for renewal, a small business owner asked her independent insurance agent whether her policy included cyber coverage. When the agent told her she had a $10,000 limit for data breach coverage and $25,000 for cyber liability, she believed it was adequate, especially since she didn’t think small businesses were frequent targets of cyberattacks. She didn’t pursue it further. Neither did her agent.
Similar scenarios are playing out across the country. While the answer to “what limit of insurance is right?” will depend on many factors including the type and amount of data records stored (and how), and what the business stands to lose in the event of a breach, these conversations are an opportunity for agents to provide simple solutions that can move their small business clients toward stronger security and sufficient cyber liability insurance. The Ponemon Institute’s 2018 Cost of a Data Breach Study found that globally the average cost of a data breach was $3.86 million, a 6.4% increase over 2017. The report found that the average cost per lost and stolen record was $148.
For independent agents who become educated on the risks, security strategies and available coverages, cyber insurance is a growing commercial lines market. These agents can remove the mystery behind cybersecurity and coverage for their clients and in the process improve their income and build a niche.
This process starts by having a discussion with clients and educating them about the facts of their risks: An estimated 43 percent of cyber-attacks target small businesses, according to the Verizon 2019 Data Breach Investigations Report. It has also been estimated that nearly half of data breaches occur because of the negligence of employees or contractors.
These risks point to the need for businesses to create a cyber security policy and provide staff training so everyone understands what cyber risk is and what common attacks look like. These are simple facts that independent agents — as trusted advisors — can discuss with their small business clients.
Finally, independent agents should educate their small business clients on how to purchase the best cyber liability insurance while meeting the list of state-specific compliance regulations and requirements. Agents need to be aware of the compliance requirements of each of their carriers and brokerage contracts due to their status as an affiliate of the carrier or brokerage as well.
The cyber liability insurance market will continue to grow, and independent agents should be ready to proactively advise clients to implement cybersecurity measures and protect themselves with stand-alone cyber liability coverage to ensure the long-term health of their businesses.