According to the National Association of Insurance Commissioners, there are around 6,120 insurance companies in the U.S., offering dozens of different kinds of insurance. From the commonplace auto collision policy to the more obscure protection against mudslides, insurance is big business. One type fairly new to the marketplace, but for which demand is growing quickly, is cyber insurance. These policies offer products and services aimed at protecting businesses from internet-based risks. Also referred to as media liability coverage, information security coverage, or privacy coverage, almost 60 percent of organizations now incorporate cyber insurance into their strategic plans.
Recent Cyber Attacks on U.S. Companies
Target – 110 million accounts affected, 1/2014
J.P. Morgan Chase – 83 million accounts affected, 8/2014
Anthem Healthcare – 78.8 million accounts affected, 3/2015
Home Depot – 56 million accounts affected, 9/2014
Ashley Madison – 37 million accounts affected, 7/2015
Experian/T-Mobile – 15 million accounts affected, 10/2015
Online transactions fuel today’s global economy and, along with virtual recordkeeping, leave few industries that don’t carry steep cybersecurity liability risks. A recent report found that companies of various sizes and located in diverse geographic regions are equally at risk of being the target of a cyberattack. The average total cost of a breach now stands at $4 million, while the average cost per stolen record is at an all-time high of $158. While there is no standard form for a cyber insurance policy, most policies are a combination of first-party coverage protecting against direct losses suffered by the company and traditional liability coverage protecting the company against third-party claims. This financial coverage is bolstered by risk management and post-breach services.
As critical consumer information is increasingly stored in electronic format, the threat of cyber attacks and data breaches is an operational hazard that businesses have to address. Cyber risks include:
- Identity theft as a result of security breaches
- Business interruption from a hacker shutting down a network or launching a denial-of-service attack
- Damage to the company’s professional reputation
- Damage to or loss of data records caused by a hacker
- Theft of valuable digital assets such as customer lists, business trade secrets, and pending patents
- Introduction of malicious computer code such as viruses, worms, ransomware, adware, and spyware
- Human error leading to inadvertent disclosure of sensitive information
- The cost of credit-monitoring services for people impacted by a security breach.
As cyber attacks grow more sophisticated and costly, insurance is becoming a must-have component that may be bundled along with IT security services. As with any policy, cyber insurance policyholders have a right to expect insurance companies will accurately assess the damage and pay the full extent of the claim. When that doesn’t happen and the individual or commercial policyholder has trouble receiving the proper amount of compensation from the insurance carrier, it can be best to speak with an attorney. Other examples of bad faith that should be discussed with a lawyer include insurers who fail to acknowledge a claim, affirm or deny coverage within a reasonable time, use fraudulent investigative methods, or cancel a policy as a result of making a claim.
As one of South Florida's most respected and oldest law firms, Stabinski & Funt, P.A. has helped many clients sort out their legal rights, responsibilities and remedies. We are highly experienced in handling insurance loss claims and, in many cases, we can do so without cost to you. Fees and expenses are frequently paid by the insurance company, so nothing comes out of your recovery. We also work on a contingency basis, which means that if there is no recovery, there is no fee or cost to you. If you wish to learn more about how our firm can be of assistance to you, we encourage you to contact us for a free consultation by calling 305-643-3100 or filling out a case evaluation form.