According to the Insurance Information Institutes, losses due to hacking amounted to $1.5 billion in 2016, making cyber threats the third-largest global business risk.
However, as hackers grow more intelligent and resourceful, so do their victims.
One of the latest trends in the insurance industry is cyber insurance. Cyber insurance deals with a different kind of commodity – information.
Today, both companies and individuals can get cyber insurance.
A brief history of cyber insurance
Cyber insurance has been around since the 80s, but only recently started gaining popularity.
Certain events, such as Y2K, and a general lack of awareness have been credited for stifling the demand for cyber insurance in the U.S. until the late 2000s.
In 2009 the Health Information Technology for Economic and Clinical Health (HITECH) Act was passed to promote health IT, including electronic health records and electronic health information exchanges.
With the modernization of health records came a need for increased cybersecurity. This was a significant stepping stone to the beginning of modern cyber insurance for all, not just health clinics.
Until recently, the majority of cyber insureds were small businesses and community banks.
However, due to large data breaches, such as the Equifax data breach and the recent Facebook data scandal, and ever-increasing threats from hackers, cyber insurance has grown into a multi-billion dollar industry and is expected to continue growing.
What does cyber insurance cover?
There are several different types of cyber insurance, including:
- Hacksurance (insurance against hacking)
- Theft and fraud
- Forensic investigation
- Business interruption
- Extortion
- Reputation
- Data loss and restoration
The different types of cyber insurance cover different things, but generally, they cover expenses and fees (legal, forensic, technological, etc.), lost income and physical damage.
Some types even notify a company’s customers about data breaches and help recover lost data.
What does cyber insurance NOT cover?
Currently, it cannot cover things like damage to a company’s reputation and future lost revenue.
Cyber insurance is also not guaranteed to cover Health Insurance Portability and Accountability Act (HIPAA) fines.
How does it work?
Companies must first complete an application process to be considered for coverage.
Applications generally ask for information about IT security, finances and legal protections. Insurance companies want to know how cyber attacks are prevented and managed once they do happen.
Some insurance companies will also conduct IT security evaluations and procedures to determine what steps a company takes to prevent attacks.
Cyber insurance is designed to work in collaboration with current IT security and protocol. Once a data breach is detected, the affected company can report it to their insurance agent.
The cyber insurance industry will most certainly continue to grow and evolve as more research is conducted and demand increases.