Cyber Insurance: A Necessity for Every Agency
An employee clicks an unsuspecting email link encrypting your files which can only be opened by paying a ransom for the key. Someone uses information on social media to pose as the agency principal and authorize the transfer of a significant sum of money to a fictitious new vendor. Your agency management system provider experiences a data breach and hundreds of your clients have their information compromised. Today, threats can come in many forms. Is your agency prepared?
While large corporations experience cyberattacks, small businesses are often more susceptible because they don’t have the same robust technology infrastructures that big companies have. According to Verizon’s 2021 Data Breach Investigation Report, 61% of small businesses reported at least one cyberattack during the previous year.
A cyberattack can be catastrophic for small businesses like insurance agencies. Data breaches can cost nearly $150-plus per compromised record to correct. That’s not including defense, settlement or judgment costs, or the impact of diminished consumer trust. And that’s just one type of threat. But there is a step agencies can take to protect themselves: cyber insurance.
Some say, “I have an endorsement for that.” But endorsements often aren’t enough. Standalone cyber coverage is necessary to have complete protection. Some agencies might be hesitant because social or geopolitical tensions have caused cyber premiums to rise. But this shouldn’t be a reason to put off coverage, as these tensions also lead to increased cyber risk.
When thinking about insurance coverage, agencies should focus on cyber risks similar to how they consider all risks to the business property, and errors and omissions.
Identifying the right cyber coverage can be challenging. Cyber plans are not standardized and can vary widely, and the space continues to evolve. While most policies cover common cyber risks such as theft and destruction of data and breaches, issues such as denial of service attacks or ransomware are not covered by all. Agencies need to examine their risks to make sure they get the right protection.
When deciding on cyber coverage for your agency, it can help to remember the 3Es: educate, evaluate and engage.
Educate on the risks. Agencies should be aware of the different cyberbreaches and their impact. While you might be familiar with some risks, others might be completely new like fraudulent fund transfers, social engineering, and cyber business interruption.
Evaluate your risk exposure. After becoming familiar with the different threats, determine which are most likely to impact your agency. Ask yourself: Do you host a public website that customers interact with? Do you use third party applications in the cloud? Do you enable your employees to bring their own devices and connect them to the agency network? Do you have employees working remotely? What would the impact of a disruption to your business look like? Is having a good reputation in your community or market important to your business? Have you read your vendor contracts and do you understand the data security responsibilities?
Engage with insurers. Work with insurers or MGAs you trust that offer cyber coverage. Weigh the options. Don’t just look at the premium but understand what is included. Are the cyberattacks that are most likely to impact your business covered? Would you have access to outside cyber experts who can help mitigate an attack? What are the exclusions? Read the proposals to understand how they work and compare them to each other.
While getting cyber coverage for the agency is important, if your agency works with small business customers, make sure to include cyber coverage when you talk with them about more traditional policies. If you are not talking about cyber with your clients, another agency will. Take your clients through the above steps to bring them up to speed on the threats to their business and determine what attacks they are most likely to experience. Walk them through the different policies so they can fully understand their coverage options.
Unfortunately, cyberattacks are not an if, but rather a when situation. Cyber coverage is an option that should no longer be considered optional. With the right coverage, agents can come out on the other side of an attack and continue to provide great service to their community.