[BreachExchange] How is cyber coverage evolving?

[Audrey McNeil]

http://www.ibamag.com/us/news/cyber/how-is-cyber-coverage-
evolving-49222.aspx

If 2015’s headline stories in cybercrime were around massive breaches to
large corporations, such as Target and T Mobile, the takeaway story from
2016 was mainly surrounding ransomware incidents. Rather than the loss of
personally identifiable or sensitive information, many more insureds,
especially small businesses, were forced to deal with business interruption
issues caused by malware and ransomware.

“We also saw an increase in the number of fraudulent wire transfers and
many more cases of phony requests for transfers of funds,” says Jeremy
Barnett, ‎Senior Vice President of Marketing at NAS Insurance. “Those types
of scams were mainly as a result of social engineering or some type of
phishing scam, and are more significant than the misplacing of information
or someone hacking into a healthcare data system to steal data.”

Barnett has also noticed progress being made on the risk management side of
cybercrime as carriers and their partners start to roll out education and
prevention as a service. “Services that come with an insurance policy are
more valued than they were in the past. The idea of cyber risk management
is now an important part of a strategic decision for a company,” Barnett
says. “Public companies need to make sure they have effective data security
protocols and incident response plans because they come under greater
scrutiny if they have a breach. Companies are being investigated to see
whether or not they have safe data practices.”

“So, therefore, the whole cyber risk management side of the equation,
preparedness, is much more front and center than it’s been in the past.”

Although most cyber policies already provide coverage for business
interruption and the costs associated with first party costs like bringing
in a breach coach and a forensics firm, Barnett believes one of the main
trends in the cyber insurance space in 2017 will be around claims in what
he calls “dependent business interruption”.

Many small and medium sized businesses depend on a third party to manage
key parts of their business operations, like payroll, web hosting and HR
systems. If that third party gets impacted by a breach or ransomware
incident, the insured is suddenly out of business. “It’s helpful for
smaller organizations to know that even if someone they rely on goes down
they still have coverage for business interruption,” Barnett says. “There
are lots of technology based third party services that people rely on
beyond ecommerce that, if the go dark for whatever reason, the insured will
be seriously affected.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170123/d9c5d20c/attachment.html>