How is the Cyber Insurance Market Affected By Data Breaches?
Cyber insurance is a relatively new insurance market. It has seen exponential growth over the last few years, expanding rapidly both in the US and internationally. The total premiums collected in the US are predicted to reach $7.5 billion by 2020.
When insurance carriers determine their underwriting strategy, they use the data from past losses to predict the future. This allows the insurer to diversify their risk, determine rates and as a result to stay profitable and have enough money in reserves to pay claims.
However, this model is proving increasingly tricky with cyber risk, as no two incidents are the same. Every day criminals work tirelessly to come up with new ways to circumvent technical countermeasures. Cyber attacks are constantly evolving, making it harder for insurers to quantify and predict the risk, and making it necessary to constantly reassess strategies and coverages offered.
Because of this, any court decision regarding a case involving a cyber loss has an immediate effect on the pending claims other insurers have, impacting their insured.
What to Do You Need to Do After a Suspected Cyber Attack?
If you suspect, that your computer systems have been compromised, it’s essential to contact your insurance carrier claim representative immediately. Actually, not doing so may jeopardize coverage. The longer that you wait to contain the breach, the more systems are compromised.
Once notified, each insurer will work with you to formulate a response plan on the best way to secure your systems and prevent further intrusion.
Some of the factors that come into play when deciding on the strategy with your claim specialist:
- the coverages, endorsements, and exclusions of the policy
- type of incident that occurred
- the amount of potentially compromised individuals
Your response plan will contain the ways the breach will be handled, depending on the type of data that was compromised – PII (Personal Identifiable Data), PCI (Personal Credit Information) or HIPPA (the Health Insurance Portability and Accountability Act).
The plan will include such critical post-breach measures as notification of the affected and potentially affected individuals; credit monitoring; implementation of countermeasures and securing your systems.
If you are likely to be involved in a lawsuit due to the claim such as settlement negotiation, legal battle, etc., the insurance company will provide a list of approved defense attorneys. If you want to use an attorney, not on the list, you will need to get approval from the carrier before retaining them. Make sure that they have experience working on cyber-related claims.
Experiencing a cyber attack is disruptive to your business and is sure to be a challenging time. Notifying the insurer promptly, shutting the breach down as soon as possible and working with the insurer in creating a swift response will help contain the damage.
If your small business is not covered by a cyber insurance policy, then you need one today. Contact us now to get started on finding the right policy for you.