The threat of cyber hacking is now so great that US businesses are rushing to buy business insurance coverage against the expense of being hacked, or losing sensitive customer information.
One in three companies now has insurance to specifically protect against such losses. Last year, cyber insurance policies sold to retailers, hospitals, banks, and other businesses jumped 20% percent, according to an insurance brokerage firm that tracks the market.
Ultimately, the costs of these insurance policies are picked up by consumers.
A decade since it was first introduced, cyber insurance has graduated from a splurge to a necessity propelled by a series of high-profile data breaches that have cost companies many millions of dollars.
A Hospital on the east coast purchased its first cyber insurance policy shortly after a data breach put the names, Social Security numbers, and health histories of its 800,000 patients at risk in 2010.
‘Cyber risk and cyber insurance has really got the attention of the board room these days. It’s become less a discretionary purchase.’
But many businesses still do not think of cyber insurance. It’s such a new coverage to have to have.
Target’s disclosure recently that hackers had stolen the debit and credit cards of 40 million customers and the PIN numbers, e-mails, and addresses of 70 million people has prompted even greater interest in cyber insurance. These policies cover the costs of a data loss, from hiring investigators to find the source of the breach to providing credit monitoring for customers to enlisting public relations experts to help salvage the company’s reputation.
The Target data theft prompted executives who were debating whether to buy coverage to make the commitment and sign policies.
Several years ago, business executives were more focused on buying insurance to cover losses if a fire destroyed their manufacturing plant or thieves broke into an office and stole computer equipment. But increasingly, companies find that the information they have on those computers, from customer health records to credit card data, is just as valuable and could be just as costly to the bottom line if lost.
The average cost of a data theft in 2012 was $188 per customer account, according to a recent study. While the mega-breaches tend to grab headlines, more common data losses involve fewer than 100,000 customer records. But even these smaller breaches can be costly, averaging $5.4 million in 2012.
At the same time, insurance companies are starting to specifically exclude electronic data losses from traditional corporate policies, forcing businesses to buy additional coverage.
Businesses should be aware of the type and extent of the coverage of the cyber insurance they’re buying. Many policies may not cover all the risks a company faces.
For more information, contact TriState Business Insurance.