When the original property insurance policies were created in the late 1600's, they only covered fire. Why fire? In 1666, the Great London Fire destroyed more than 13,000 houses. Accident and Liability Insurance policies weren't readily available until after the railroad companies decided they needed to do something in response to the daily injuries and deaths associated with railway accidents in the 1880's. Workers Compensation Insurance didn't exist in America until the uproar that followed Upton Sinclair's 1906 novel The Jungle, which depicted the horrible working conditions in the Chicago slaughterhouses.
See the trend here? Insurance policies, by nature, are the result. They are meant to reimburse the policy holder after a large and unexpected loss. But insurance policies and coverages don't exist until there is a large enough concern where the market is searching for someone to transfer the risk to.
We are in the early stages of our generations call to action as the insurance marketplace react to the newest threat - cybercrime.
The first Cyber Liability policy was written in 1997 by AIG and simply called a "hacker policy". Since that time, global Internet use by population has grown from 1.7 percent to over 40 percent in 2014 And cyber related crime costs the global economy an estimated $445 billion annually. Billion! With a B!
Today' smart business owners carry Property, General Liability and Workers Compensation Insurance to protect them from a loss. Fast forward 50 years, and Cyber Liability will be the same. But do you have to wait to learn the hard lessons to protect our businesses? What can you reasonably do to be proactive?
In my opinion, the greatest obstacle facing businesses and even the individual consumer regarding the cyber threat is the failure to accept the risk exists. In a recent Manta survey of 1,400 small business owners, 87% said they do not believe they are at risk for a data breach.
If I conducted that survey, I would follow up to the 87% of small business owners and ask them if they could explain to me how a cybercrime happens. Do they know what kind of information cyber criminals are targeting? What kind of technology are they using to infiltrate your system? I'd go out on a limb and say most wouldn't be able to answer any of those questions. They are concerned with making payroll, keeping their best clients happy and fighting off competition. And rightfully so. The conversation around any risk management and where it falls on the list of priorities is always a challenge. But the cost of not having the conversation is too great. As Benjamin Franklin said, "An ounce of prevention is worth a pound of cure." And yes, I quote him a lot. But I can't help but think that one of the founding fathers of the greatest country in the history of the world might have been a pretty smart guy.
The answer isn't to just go out and buy millions of dollars in cyber liability limits as soon as possible. It might be, but probably is not. If you have a computer and conduct business via email and log data on a network, you need to set aside the time to understand your cyber exposure and what kind of protection you need. Take the time to see what is reasonable for your business to undertake to combat those risks. And when appropriate, transfer to an insurance company in the form of a cyber liability. It doesn't mean you need to become an IT geek. But you do need to understand where you can and can't expect insurance to reimburse you after a loss so you can make the best decisions for your company.
The old 17th century fire insurance policies developed over time to be the more comprehensive property coverage we have today. So will Cyber Liability. But we are not there quite yet. Today, we are in a place where insurance companies are trying to underwrite and create policies for a risk they don't yet fully understand. The exclusions and language of the policies in the market place vary and reflect these new threats and unknowns. For example, do you know the difference between social engineering, phishing and ransomware? Do you know how a cyber liability will respond to each of these losses? How does a cyber liability policy respond to cryptocurrency? The answers to those questions are very, very blurred right now depending on what company's policy you are looking at.
But it isn't all doom and gloom. The IT world and the insurance world are coming together to develop answers. The best answer for your business is out there, you just need to take some time with someone to help you figure out what you are looking for.
We're happy to help! Contact Ten Eyck Group for more information.