Data Breach Response and Cyber Insurance for Small Businesses: Matching Product to Need
February 26, 2015| Von Mindy Pollack
While Target, Home Depot, Staples and Sony are front page news, many small business breaches are quietly shaping Cyber statistics. Restaurants, building contractors, medical offices and landlords have also appeared in breach reports filed with regulators.
You may not have read about the landlord whose back-up tapes were lost in transit, the contractor whose laptop was stolen, or the pizza restaurant that fell victim to a point of sale attack resulting in the theft of customer credit card numbers. If you visit the websites tracking these incidents, you will find these breaches and many more affecting Main Street businesses.
How do these breaches happen and what do they cost? The answers are particularly useful for insurers developing and selling Data Breach and Cyber Liability products in the small business space.
- Malware and hacking account for 51% of all records breached from 2005-2014.
- Misdirected email/faxes and paper loss are the most common causes of breaches.
- Malware is the fastest growing cause of breaches.
How can this data help insurers build the best offerings for their insureds?
First, the data helps us identify the right coverage and breach service providers. If malware is causing more complex breaches for small as well as large companies, insurers need providers with expertise to handle those responses and the forms to cover the costs. For example, is there a full limit or low sublimit on forensic and legal fees? Does the breach vendor/service provider have a track record of responding to malware and other complex breach scenarios?
Knowing the average costs can help carriers select the most appropriate policy limits to offer small businesses. The local restaurant, contractor, doctor's office or landlord does not need the multi-million dollar policies bought (or that should be bought) by Fortune 1000 companies. NetDiligence cost studies are helpful here, along with insurance company and vendor actual claim experience.
As with any new insurance product, the goal is to align coverage and service with the needs of your customers. That is how Gen Re approaches product development and client discussions in Data Breach Response/Cyber, EPLI and other lines. How does your Data Breach Response/Cyber Liability insurance product or specifications match up?