“Cyber Liability… What is that, exactly? Do you mean data breach insurance? That has something to do with technology, right? Like, internet insurance?” These were some of the questions we saw in the early years of cyber liability products. Today though, the questions have changed. High profile breaches at Target, Home Depot, Sony, and many others are in the news on a regular basis.
It’s no longer a matter of bringing up the conversation in our meetings with clients. Now it’s the media that’s providing us with the conversation starter. Okay, so combine the fact that everyone now knows the coverage exists with the obvious black cloud of fear it has placed in business owners, and the result must be that everyone is purchasing, right? Well, no. As most independent agents are painfully aware, this is simply not the case.
So if the hackers are winning the war, and any and all companies are vulnerable to a breach, what is the pushback from insureds? We’re observing a combination of insured misconceptions about cyber dangers and their potential solutions that are leading them to go without coverage:
- Inability to recognize their company’s exposures to cyber incidents.
- Failing to understand the breadth of coverage in a state-of-the-art cyber policy.
- Mistakenly believing that strong IT security is all their business needs.
You’ve probably heard a client say something like:
“I don’t have any valuable data.”
“But my data is stored in a hosting facility.”
“I’m not Target, hackers aren’t interested in me.”
“I don’t sell products online.
“When I do take credit cards, they are handled by someone else.”
Let’s take a closer look at the first objection: “I don’t have any valuable data.” For virtually any business, this is simply not the case. For example, a general contracting firm, which usually has very little personally identifiable information (PII) or credit card information on its network, still has data exposure. Their email probably contains all sorts of privileged and confidential information. Email can be hacked.
The contractor also likely has employee records on file, containing Social Security numbers, salary information, addresses, etc. OK, so big deal, right? What if a disgruntled employee or outside hacker breaks in and publishes this data? Does anyone care that Jenny makes more than Johnny? What if Jenny was hired last month, and Johnny has been with the company for 10 years?
No doubt, there is digital data with sensitive corporate information: Strategic plans, customer lists, and other valuable files that needs to stay out of the hands of the competition.
Though unlikely, for the sake of argument, let’s assume the contractor has some important documents such as architectural plans only in paper form. They are sitting in files in the office. Even these paper files are covered by a strong policy. What happens when Johnny misplaces the files and work stops, or if the customer needs specific data in the files and no one can locate them?
As you can see, sensitive data extends far beyond credit cards and Social Security numbers. It’s important to help your clients understand their digital vulnerabilities. Clients have real exposure, and need real protection.
The good news is that it’s a buyer’s market, and cyber policy premiums are competitive.
In the next article, we’ll discuss other objections to cyber coverage.