E&O Risks to Agents Extend to Cyber

February 22, 2021 by

Agents are bracing for errors and omissions (E&O) claims stemming from the pandemic when insureds discover they carry inadequate coverage or none at all. Regrettably, agents likely face a similar scenario in cyber coverage unless they take steps to prevent it.

“Make no mistake, cybercrime is on the rise, sharply,” says Lisa Doherty, a founder and CEO of Business Risk Partners. “We have not yet seen E&O claims stemming from cybercrime, but we certainly expect it soon and have taken steps to address it, including new standalone coverage now in development that meets this serious need. Understandably, the pandemic has dominated the headlines for some time, however mitigating cybercrime, including making adequate coverages available, is absolutely critical.”

Cybercrime has been well-publicized as has many attack techniques, including ransomware, funds transfer fraud, spoofing and phishing. What is new are two challenges agents must address to protect themselves and their clients.

First, consumers distrust how businesses protect data and are more than willing to penalize those same businesses when they fail to do so.

Second, agencies must better understand the rapidly growing cybercrime threats and the need to alert clients to take these threats seriously and guide them to better mitigate them. Put simply, insureds who are hacked or whose data is otherwise compromised will file claims if they discover they are either seriously underinsured or not insured at all.

Pew Research Center conducted a major survey in 2019 on online privacy and security and reported that 52% of U.S. adults said they decided recently not to use a product or service because they were worried about how much personal information would be collected about them.

Responses varied based on whether they experienced a data breach. Sixty-four percent of respondents who said someone attempted to open a line of credit or apply for a loan using their name were more likely to decline using a product or service as compared with 51% who would decline otherwise.

Similarly, 63% of respondents who said someone took over their social media or email account without their permission would decline using a product or service while only 51% of those who did not experience a hack would decline.

Agents have told me many of their clients do not ask about cyber insurance coverage, and they do not push the issue. Business owners, regardless of size, should understand the consequences of a data breach to accurately assess their risk. Small businesses especially believe that they are too small to be a target.

“Small businesses are not immune to cyber attacks and data breaches and are often targeted specifically because they often fail to prioritize security.” says Paul Lipman, CEO of Bullguard, a cybersecurity firm. “Many small business owners may be inclined to skip cybersecurity. It only takes one attack, however, to bring a business to its knees.”

Dara Gibson, a cybersecurity consultant who’s worked with insurers and agents, says “cyber coverages are no longer a luxury, but a necessity for small business owners.”

She points out that the Federal Trade Commission (FTC) and the National Association of Insurance Commissioners (NAIC) suggest that coverage should include both first-party and third-party protection.

She cautions, however, that coverage is no substitute for the best cyber protection practices, including strong cybersecurity strategies and tools to mitigate the risk.

Wetzel is CEO of Thomas H. Wetzel & Associates, an insurance marketing firm for independent agents whose signature services include the Wetzel Digital RoadmapĀ©, website design and content creation. Website: www.wetzelandassociates.com. Email: twetzel@wetzelandassociates.com.