In today’s ominous cyber environment, if you’re not offering cyber insurance to every commercial client in your book—and that means every client—you’re making a big mistake.
“We used to say if you have data, if you have employees, you have a risk and you should buy cyber insurance. But now, with the expansion of business interruption coverage, it’s more than just if you have data,” says Dan Burke, cyber and technology product head at Hiscox USA. “If you are relying on technology to operate your business, you’ve got a cyber exposure, and you can transfer that risk to an insurance carrier.”
“The one overarching theme when you talk to clients is, ‘What is your most critical asset?’ It doesn’t have to be a credit card number or a social security number. That critical asset could be operations that are based on an online environment,” agrees Anthony Dagostino, global head of cyber at Willis Towers Watson. “It’s a client-by-client conversation. Talk about their most prized assets, and then talk about whether they’re protecting it the right way.”
At a time when “more and more companies are facing cyber insurance requirements at high limits,” according to Alex Wayne, president & CEO of A.J. Wayne & Associates, Inc. in Chicago, “that’s an opportunity for a little bit more consultation on the part of the agent or the broker as they’re sitting there with an insured,” says Eric Cernak, vice president at Hartford Steam Boiler.
Consider an engineering firm. “They may not have a lot of traditional data like credit card numbers or health care information. But they have confidential information, whether that’s corporate business information or personnel information, and they might have access to third-party systems where they’re being required by contract to carry cyber,” explains Brian Thornton, president of ProWriters.
And many cyber exposures are likely to come in a form that might not even cross your mind. For example, Willis Towers Watson has observed an increase in corporate espionage among engineering firms, where cybercriminals infiltrate a business in order to steal design specs. “That gets into a pretty scary security or national safety issue,” Dagostino says.
Surprisingly, though, manufacturing is currently the hottest industry to chase for a cyber sale. “A manufacturer may not house a lot of personal information, so four or five years ago, they would say, ‘I don’t really need cyber insurance—I’m at the lower risk threshold,’” says Matt Cullina, CEO of CyberScout, an ID theft resolution and data breach management firm.
But in today’s ransomware-ridden environment, “what if the manufacturer facility’s systems were locked up and they couldn’t manufacture their products?” Cullina points out. “It’s gone beyond a privacy consideration to just being able to do business.”
And because many manufacturers have higher revenues than your average commercial client, “they might have a business interruption exposure that’s more significant than other companies,” Wayne explains. “If they’re providing a part that’s required for a third-party process, and they get shut down by a cyber claim, they may even need coverage for contingent business interruption.”
That’s an open-and-shut case to present to a reluctant client, Cullina says: “Now you can ask that manufacturer, ‘What would it look like if you couldn’t manufacture your product for two weeks? What kind of impact would that have on your business? Do you have protocols in place if that were to happen, and do you have enough cash in the bank to hold you over if you had to lose profits for that period of time?’”
Jacquelyn Connelly is IA senior editor.