Cyber Risk Coverage a Must in Enterprise Risk Management

Identity theft continues to plague both individuals and businesses. Technology consultants estimate as much as 70 percent of a company’s assets are tied to its information resources. Whether your business is large or small, it is critical that you protect those assets.

Digital risk includes unauthorized access by both employees and/or outsiders to your company data. This includes the theft of proprietary information such as your customer’s credit card information, financial fraud, network sabotage, software piracy or hardware theft including the loss of laptops, frequently in the news.

Human error is a frequent cause of digital disruptions. This could include lax security allowing unauthorized personnel access to proprietary information or the hijacking of your website. In an FBI 2005 crime survey, 95 percent of respondents reported ten or more incidents of hacking on their websites. Malicious viruses are the source of many financial losses, and average, according to the FBI survey, $66,000 per incident.

But beyond the costs to fix the problems—the tangible costs—lies the intangible costs of digital risk exposures. These include the loss of business due to a security breach; lost productivity from both your information technology (IT) and non-technical staff due to computer problems; increased labor costs including the hiring of IT specialists; defense and indemnity costs for any suits that may arise including premium increases at renewal or possible professional liability cancellation; and the loss of customer goodwill from adverse publicity when consumers are impacted by digital theft, even indirectly.

Who is at risk for digital fraud?  Any organization that uses computer systems has an exposure to digital risk, not solely companies with an on-line sales presence. Will your business insurance protect you against this growing risk?  According to a recent white paper written by Anne De Vries, a managing director with Digital Risk Managers, probably not without special cyber risk coverage. Property coverage or fidelity/crime policies generally require direct physical loss to afford coverage, while general liability coverage may not cover you if losses occur in remote locations. There may also be exclusions in your coverage for intentional acts or for the negligent acts of outside vendors you hire.

Cyber risk coverage offers protection from both internal and external security breaches and can provide coverage for the costly restoration process ensuing after a computer loss. Coverage is available through a variety of insurance agents and brokers. However, your company must meet minimum security standards and have a strong response plan should a computer attack occur.

Risk management means proactively meeting the challenges of the current business environment, so a cyber risk security assessment may be the best place to start. “Many of the carriers who write this coverage require either an on-site or remote assessment as part of the underwriting process. On every policy we write, we require a post-binding security assessment,” Ms. De Vries said. “The assessment showcases your strengths and weaknesses as respects your network security posture. This shows your customers and business partners that you are serious about prudent and reasonable safeguards. But assessments are only part of the process.  Digital risk should be part of an enterprise-wide risk management strategy which includes risk assessments, the establishment of network security and privacy-related policies and procedures, and employee training. The best approach to mitigating digital risk includes a combination of loss control (assessments), contract language, risk retention and finally transfer to a cyber risk insurance policy.”

The cost of a policy depends on the size of the organization and its exposures. “For larger organizations with significant consumer privacy exposures, such as health care, retail or financial services,” Ms. DeVries said, “expect to pay between $15,000 and $25,000 annually for a million in coverage.