2018 CYBER CLAIMS ACTIVITY

In 2018, there was an uptick in cyber claims activity with the number of closed claims reaching almost 1,800, up over 15% from 2017, according to NAS 2019 Cyber Claims Digest. The causes of the 2018 claims were broken down into 2 major segments: healthcare and non-healthcare.

• In 2017 and 2018, the two top causes of a healthcare claim were employee negligence and ransomware, with the third cause changing in 2018 from physical theft to rogue employee.
• In 2017 and 2018, the two most common causes for non-healthcare claims were hacking and ransomware. phishing attacks replaced physical theft in 2018.

Net Diligence’s 2018 report says that 80% of the claims were caused by hackers, ransomware, malware/virus, lost or stolen device. The average number of records exposed were 1.6M and the average cost per record was $308. It turns out that recovery from a cyber event is also complex and expensive.

Why cyberattacks are not taken more seriously remains a puzzle. Numerous organizations, including FICO (originally Fair, Isaac and Company), a data analytics company focused on credit scoring services, cite some possible reasons for this disconnect:

1. SMEs are too small to attract cyber criminals.
2. Budgets are too tight to accommodate increased spending on cybersecurity.
3. There’s a lack of knowledge – or education - about what a cybersecurity insurance policy is all about, including what they cover and what they cost.

A company’s network and data are vulnerable to all types of cyberattacks from denial-of-service attacks to accidental leaks and cyber criminals. One of these attacks could take down a company’s website, leaving the company unable to make and receive payments. Accidental sharing of information results in lawsuits and legal fees ranging from a few thousand to millions of dollars. And, now with the European Union’s (EU) General Data Protection Regulation (GDPR) in effect, a data breach could sink even a financially solvent company because of steep fines.

BOTTOM LINE

Cyber liability insurance is available to help insureds mitigate these risks. It offsets costs involved with recovery after a cyber-related security breach or similar event. Coverage may include data destruction and restoration, extortion, theft, hacking and denial of service attacks. Some liability coverage is available for losses to others caused by errors and omissions or failure to safeguard data or defamation. Other benefits include regular security audits, post-incident public relations and investigative expenses, legal fees and more. Policy premiums are affordable due to competition among insurers, but prices depend on the industry, services, type of sensitive data, risks and exposures, along with other factors.

From crypto-mining to malware, phishing attacks, ransomware and IoT (Internet of Things) incidents, no industry is immune. It’s not a matter of if but a matter of when a business will face a cyberattack. CRC Group has experienced professionals to ensure your clients are covered.

Contact your CRC Group Producer for more information.

ENDNOTES:

Net Diligence Diligence’s 2018 Cyber Claims Study

Chubb’s “Cyber Criminals Increasingly Target Small Businesses” and 2019 Cyber Claims Digest, Chubb’s “Cyber Criminals Increasingly Target Small Business”

Chubb’s Cyber Attack Inevitability: The Threat Small & Midsize Businesses Cannot Ignore

Chubb “What we Have Paid Lately, Cyber Claims Scenarios

Cisco Cybersecurity Special Report, “Small and the Mighty”

NAS Insurance 2019 Cyber Claims Digest Analysis of 2018 Cyber Claims Data