Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage.
Losses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online report. When it comes to a data breach, there are often related losses such as reputational damage and loss of customer loyalty that are harder to quantify.
Add to this the fact that underwriters don’t yet have sufficient data to estimate the likeliness or cost of an attack; most breaches get missed or aren’t reported publicly.
While an insurance company can tell you the precise odds of a major city office building burning down, nobody knows when the next giant retailer will be hacked. Statistics on hacking risks aren’t constant due to the continuous evolution of cyber crimes.
According to New York Times estimates, companies seeking coverage can only hope for, at best, a $300 million policy, peanuts compared to the billions devoted to property protection. Though this still sounds generous, the cost of a major breach can easily exceed it. Target’s situation is on course for just that, says the New York Times online article. The 2011 Sony breach has already exceeded $2 billion in fallout.
The best policies cover costs associated with alerting customers, plus forensics, call center setups, consumer identity monitoring, legal fees and a crisis management firm. But that may only dent the disaster. Policies don’t address loss in profits due to customers jumping ship. A policy can’t prevent a marred brand reputation. “Although a solid cyber policy will cover notification, crisis management expenses, defense costs, damages and the costs associated with regulatory action, it would not cover other, potentially much larger losses, such as reputational injury and loss of brand and market share,” says Roberta Anderson, an insurance coverage and cybersecurity attorney with the law firm of K&L Gates, LLP. “Those losses are difficult to value and remain uninsurable in the market today.”
Expect the cyber insurance industry to continue swelling while cyber crime continues to remain several steps ahead of businesses and security systems.
Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.