The average American household has six devices connected to the internet, such as a security camera, smart home assistant, smart TV or baby monitor, according to a recent study by Grange.
Any device connected to the internet is at risk of being hacked, so perhaps it’s no surprise that about one in four individuals have been victims of a cyberattack, Grange reports. But that number becomes more startling when you consider that three of four people who have experienced a cyberattack had previously taken safety measures to prevent the attack, like installing security software.
While 77% of people are at least somewhat concerned about the risks of accessing the internet from their devices, only 10% would go to a property-casualty insurance company for advice about cyber protection, according to Grange.
“Cyber is something consumers still aren’t taking seriously,” says Lisa Lindsay, executive director, trustee and founding member of the Private Risk Management Association. “People are still using password123 as a password, they’re still using their children’s names—what we’re seeing is a need to continue to educate and have that cyber conversation with clients so they take cybersecurity as seriously as they take the physical security of their home.”
Cyber endorsements have been available in the high net-worth market for several years, but insurers have not been as quick to respond with coverage developments for the standard personal lines space.
Why? Perhaps the greatest deterrent is that cyber risk is evolving faster than most insurers can develop protection against it, even in the commercial market. “Insurance companies are slow to move as a group,” says Jerry Hourihan, president, AIG Private Client Group. “But as new needs emerge, new products become available, and oftentimes they do get embedded into more mass-market type of products.”
Todd Rockefeller, principal of Private Client Services for BNC Insurance & Risk Advisors in Rye Brook, New York, agrees that personal lines carriers will “absolutely trickle this down” from the high net-worth market to their standard clientele—eventually.
“As you get down to the middle market, they’ll charge a fair price for it, and because of that huge spread of risk, they’ll make money on this,” Rockefeller says. “The industry sells on fear. We’re all scared of prying eyes and ransom and people messing around with our data, so protection against that is going to be very valuable.”
Personal lines carriers like Grange and Cincinnati have already developed cyber endorsements for the standard homeowners client. “We are rolling out cyber solutions for both the high net-worth and standard personal lines customer segments, just with lower limits for the latter,” explains Will Van Den Heuvel, senior vice president, personal lines, The Cincinnati Insurance Companies. “We think that exposure will be hitting all segments of the population.”
In an immature market, Hourihan warns agents to watch out for policies that are more fluff than substance. “Don’t be fooled by the bells and whistles and marketing around some of these coverages,” he cautions. “Many offer very limited reimbursement or very limited services, yet they’re touted as something that might really solve cyber issues.”
As the coverage becomes more mainstream, “that will raise education levels, but also raise awareness among clients who might be buying the wrong thing,” Hourihan adds.
In the meantime, you can help your personal lines clients be more aware of their cyber risk by encouraging them to take a few risk management precautions with their private data, says Fran O’Brien, division president, Chubb Personal Risk Services.
For starters, be alert to ransomware—an attack on a computer or network that locks up or encrypts data, holding it hostage until the hacker is paid a ransom. “Cybercriminals can easily crack a home Wi-Fi network to gain access to personal data,” O’Brien explains.
Similarly, watch out for phishing scams, which often start from email. “To defend against them, individuals should not click on emails or links within an email if the message seems urgent for no reason,” O’Brien says. “If it’s coming from an unknown sender or if seemingly from a well-known company and is somehow out of the ordinary, sloppy or poorly worded, it’s likely a scam.”
Note, too, however, that phishing emails “are becoming increasingly sophisticated,” O’Brien adds. “If in doubt, call the company and ask if they are trying to contact you regarding your account.”
To prevent access through Internet of Things-enabled devices, consider “turning off internet-connected toys when not in use and never discussing anything private in front of home voice-activated smart speakers,” O’Brien says.
Finally, insist your clients adhere to a number of simple, easy-to-follow best practices, including regularly changing passwords; using two-step verifications; restricting the information they must share to download the latest app or software update; and backing up their data on a regular basis.
“Cyber is a risk that affects everyone,” Lindsay says. “If we think about homeowners insurance and how it’s evolved over the years, cyber is something we’ve got to see eventually become part of every policy. The threat is out there, it’s real, and it’s going to become even more and more sophisticated as time goes on.”
Jacquelyn Connelly is IA senior editor.