Over half—53%—of U.S. businesses reported a cyberattack between June 2018 and June 2019, compared to 38% the prior year, according to the Hiscox Cyber Readiness Report 2019™.
Worse, 45% of companies experienced three or more attacks in the last year, and the mean cost of U.S. cyber incidents was $119,000—but 27% still have no plans to purchase cyber insurance, and 5% aren’t even sure what cyber insurance is.
That’s a shame, considering the robust cyber insurance solutions that are available today for small to midsize businesses. “Cyber coverage continues to evolve positively to provide very broad solutions to cyber risk,” says James Proferes, global executive underwriting officer, professional liability, Markel Corporation. “Cyber claims trends are challenging, but capacity remains plentiful, and the product is broadening in the number of markets that are providing it.”
With the rise of creative new types of cyberattacks like social engineering and ransomware alongside the growing sophistication of technology solutions for businesses, “there is a technology dependency for almost every professional service business,” points out David Egosi, head of professional risks at Hiscox USA. “But cyber coverage has not necessarily been as well modeled for from a professional liability pricing perspective.”
When selecting the right type of cyber insurance for your professional liability clients, pay particularly close attention to the issue of silent versus affirmative cyber, Egosi emphasizes: “What happens when a cyber event triggers a third-party negligence claim for failure to perform professional services based on a first-party cyber event?”
With affirmative cyber coverage, “you’re buying first- and third-party cyber liability in the event of a cyber event,” Egosi explains. Silent cyber, by contrast, “is what happens when the intent of a professional liability policy is to cover negligence, and perhaps you have a privacy exclusion on the policy, but you don’t necessarily have a cyber event exclusion on the policy.”
The latter type of situation is generally not perceived to be commercially viable, Egosi cautions. “If the insured has a cyber event for which they do not have affirmative cyber coverage, and that cyber event prevents them from providing their professional services, they could face a third-party negligence claim,” he explains. “That’s an example of how there is a cyber exposure on professional liability policies almost like a backdoor, and these types of nuances are impacting and influencing the claims profile and experience within the professional liability space.”
Moving forward, Proferes expects these types of lines to become less blurry. “The industry globally continues to identify where cyber is intended to be covered,” he says. “There are areas where policyholders have sought coverage that was not the affirmative or the intended product outcome. Directionally, 2020 will continue to be a year of transition with insurers providing affirmative cyber products. And in areas where they did not believe the coverage existed, they will make it clearer.”
In the meantime, Proferes says his No. 1 piece of advice for any agent working in the professional liability space this year is to find a comprehensive professional liability insurance policy as well as standalone cyber coverage.
“In our economy, there is always the risk of a cyber event to the client,” Proferes stresses. “Any professional services provider could be found to have needed to take an extra level of diligence. To secure insurance in the form of errors, omissions and cyber coverage would be my highest priority if I was an independent agent.”
Jacquelyn Connelly is former IA senior editor.