Most agents and brokers have had some opportunity to sell or speak to clients and prospects about Network Security and Privacy Coverage (Cyber). After over a decade of selling cyber coverage, a pattern of obstacles to the sale and the typical order in which they occur have emerged. Over the next few weeks, we will tackle the five main reasons potential insureds give when considering remaining uncovered.
The first objection is, “A breach won’t happen to us.” But no company is immune to a hacking attack. It is now common knowledge what is happening with regard to data breaches, because they are in the news daily. The most notable are the massive Target and Niemen Marcus security breach losses which occurred December of last year, with over 110,000,000+ combined records compromised.
More recently, in February 2014, St. Joseph Health System in Georgia and Texas had over 400,000 records potentially compromised. The information in this case was accessed through a single server by hackers from China and other locations.
There are a number of sites where detailed information can be obtained on publicly-known breaches. Among them are:
DATALOSSdb, a world-wide breach database sponsored by Risk Based Security, one of INSUREtrust’s IT security service provider partners.
Privacy Rights Clearinghouse, which has every reported breach since 2005, sortable by industry and type of breach.
Verizon 2013 Data Breach Investigations Report, which analyzes numerous metrics of breaches.
The pervasiveness and frequency of data breaches is shocking. Over 600,000,000 personal records are known to have been compromised since 2005, according to the Privacy Rights Clearinghouse. This is nearly twice the population of the entire United States. Although breaches against large companies receive media coverage, they are occurring with regularity in small and medium-sized businesses (SMBs) too.
A cyber attack can be particular problematic for SMBs – one study by the National Cyber Security Alliance found that 60% of small companies go out of business within six months of a breach.
Most information security specialists are now saying, “It is not ‘if’ a breach will occur, but rather ‘when’ a breach will occur.”
You can use the resources mentioned above to educate your clients to the frequency, severity, and industry segmentation of known breaches, as well as to help estimate the potential financial impact. This would be a good practice to use in overcoming the “It can’t happen to us” objection.
Brian Brown is a guest author for INSUREtrust. He is an expert in cyber liability coverage, and has held a number of senior positions in the insurance industry for over a decade. He may be contacted by email at [email protected] or by phone at 404-849-3004.