Looking back six years ago when I founded Cyber Data Risk Managers and decided to focus all of my time and energy on cyber insurance, data breaches and cyber attacks were few and far between. Oddly enough, for me, at that time, it was a “sixth sense” moment that possessed me to strip myself from offering traditional business insurance coverages and focus exclusively on cyber/data breach insurance.
Since as far back as I can remember, I’m a self-professed technology geek. You see, I was the type of kid that spent hours programming code and was fascinated by creating input and then sitting back and admiring how the computer brought my code to life. At risk of dating myself, I spent hours and hours doing just that back in the days of the Commodore 64 and Texas Instrument computers. Yes, the simple olden days when cyber security nor cyber insurance even existed.
Perhaps it was my fascination of programming code that has helped me to understand the motives of hackers and at the same time grasp and recognize six years ago the huge problem we would all need to address when companies started going digital, becoming paperless and operating in interconnected environments. It was that “aha!” moment that led me to focus exclusively on cyber/data breach insurance. At that time, most companies did not even know cyber insurance existed and when they found out, they often asked why would they bother buying insurance coverage for something that could never possibly happen to their company? In addition, many asked why would they waste their money when if it did happen to them, they would just worry about it then? Indeed, it is now 2017, and many, many companies since then have had their own “aha!” moments, and now get why cyber insurance exists. Nonetheless, my journey along the past six years can be related to the Story of the Engine that Thought It Could that has never stopped running as I’ve had the great privilege over the years of continuing to work with many companies, of all sizes and industries. Indeed, cyber insurance has become top of mind for just about every company and Board of Directors today, and so many more.
Fast forward to 2017, and cyber insurance and today’s risk environment is quite different from five years or even a decade ago. Fortunately, cyber insurance has come a long way over the years and continues to evolve along with today’s evolving threat landscape, and what has become known as today’s new normal.
Looking back at 2016, it was the year in which many new records were set. According to the Risk Based Security team’s recent DataBreach Quick View Report of 2016, some highlights of the report findings show:
- There were 4,149 breaches reported during 2016 exposing over 4.2 billion records – approximately 3.2 billion more records than the previous all time high exposed in 2013. This is significant and should be an eye opener for all companies, regardless of size or industry.
- Top 10 breaches (9 Hacks and 1 Web) exposed a combined 3 billion records. Read that again, 10 breaches out of the 4,149 breaches reported during 2016 exposed 3 billion records out of the 4.2 billion records breached. That should unsettle companies with large volumes of data, as well as companies that have smaller data volumes. It shows that regardless of your company’s size, security systems and annual dollars spent on security, incidents still continue to happen.
- The Business sector accounted for 80.9% of the number of records exposed, followed by Unknown (13.1%), Government (5.6%), Medical (.3%), and Education < .1%. Today, when a record is exposed, a business has steps that must be followed and most likely a computer forensics investigation will be needed. This can be quite costly. Just take a look at the Presidential election, and one can only imagine how costly that forensics investigation became, both in financial and reputational damages. Cyber insurance can help pay for a computer forensics investigation, and in addition, some insurers are even providing reputational damage coverage.
These statistics are real, and appear to be trending upward, with no end in sight.
What’s even more alarming is that security is not 100% foolproof regardless of how much of a security budget companies have or how many security systems are in place. Nevertheless, this does not mean that your company should freeze its security budget, or unlock all of its endpoints and let its data run wild and unprotected.
With cyber insurance at the forefront of many company’s agendas, an experienced cyber insurance broker should be mandatory when your company is purchasing cyber insurance for the first time and/or renewing an existing cyber insurance policy. Cyber insurance is quite complex. Today, it is important for companies to work with an insurance broker that has extensive cyber insurance experience, expertise and focused cyber insurance specialization. These are crucial components that are needed due to the complexities and the myriad of cyber insurance policies that are available today.
For help with your company’s cyber insurance, please complete our cyber insurance quote request form or give us a call at 855.CUT.RISK (288-7475).