Selling cyber insurance is a huge growth opportunity for brokers right now, and a policy coverage that brokers may consider purchasing themselves.
Cyber coverage is still a relatively new form of insurance, and so the pricing for the product is currently very competitive in the Canadian marketplace, said Gary Hirst, national director of Burns & Wilcox Canada.
Insurance companies have kept pricing for the product low in part to help promote the public profile – and therefore take-up – of the product, making it easier for brokers to sell. “It’s almost a case of sell low, buy high,” Hirst quipped.
A Marsh Canada report pegged cyber insurance as a growing segment in Canada. “Throughout 2012, a growing number of companies were looking for standalone cyber/privacy coverage, and this trend is expected to continue in 2013.”
Fox Business reported that cyber insurance is currently a $1-billion industry in North America. David Derigiotis, assistant vice president with Burns & Wilcox, indicated the product has experienced “double-digit growth” year over year.
An emerging issue may provide brokers yet another new angle for selling the product.
Given the increased use of mobile devices in Canada, cyber-attacks in the mobile space are increasing. According to the 2012 Risk Report from Hewlett-Packard, the last five years have seen a 787% increase in mobile application vulnerability disclosures.
Security for Wi-Fi connections is “still not 100%,” said Hirst, and this may be a means for hackers to steal private information. Rogue employees with remote access to their companies through mobile devices may represent a cyber-exposure. In addition, developers of mobile applications, for which security is not failsafe, should be considering cyber insurance protection.
Curiously, insurers and large brokers in Canada do not seem to be buying the coverage themselves. Hirst said the product is designed for any company that collects and stores private data and information from consumers electronically, and certainly insurance companies and brokers would be among them.
Derigiotis suggested that financial services companies in the United States – including insurers – are “ahead of the curve” when it comes to protecting themselves through the purchase of cyber insurance.
“We’ve seen tremendous growth in this segment, particularly within in the insurance industry,” he said. “People are becoming much more aware of the risk their businesses face. Every business has an exposure.”
A Hewlitt-Packard report says companies paid out $9 million in 2012 to pay costs to repair the breach and notify customers about their private information being compromised. The costs typically involve:
- The time it takes for tech experts to identify the vulnerability and the extent of the breach;
- Productivity lost as a result of system downtime; and
- Costs related to notifying customers that their private information has been compromised, including the creation of letters to consumers and establishing call centers to handle consumer inquiries once they get the letters.
Brokers can help clients understand that emergency preparedness is a critical step in any business plan, Hirst said. Cybersecurity insurance can protect a business in the event of the following types of situations:
- Coverage for civil liability resulting from data breaches
- Contractual fines coverage, including credit card company fines, arising from privacy breaches;
- Coverage for your own costs to notify individuals in the event of a privacy breach where required by law and the cost of actions taken to mitigate a larger liability claim;
- System repair and restoration coverage in the event of accidental damage to data, including a computer virus or hack attack; and
- Coverage for your lost revenue arising from system downtime after a computer virus or hack attack.