Data Defense: Businesses Look to Cyber Insurance to Protect Against Attacks
It was for less-than-ideal reasons but almost mundane when Michigan State University made headlines in 2020 as the victim of a ransomware attack that threatened the release of university personal records and financial documents.
Cyberattacks targeting large corporations and institutions are seemingly becoming commonplace as each additional level of security created brings out more intense and refined techniques to find and exploit vulnerabilities.
Yet while it’s the recognized and familiar names that typically receive the lion’s share of media coverage, it’s the smaller businesses — and even individuals — that can suffer the most harm from malware hackers.
“If they’re uninsured, it can actually take someone right out of business,” said Pam Lambropoulos, owner of Great Lakes State Agency in Lansing. “They’ll take a computer and hold it ransom. I have a friend who owns a business. Her computer was held ransom, and it costs you a lot of money if you have to pay that ransom to get back into your computer. It can happen to a personal computer, too; but there’s a lot more information on a business computer, so the hackers are more apt to get the payout from a business.”
Having been in the insurance industry for 33 years, Lambropoulos has seen firsthand the growth in businesses seeking out cyber insurance as a form of protection.
Everyone from global organizations to mom-and-pop shops rely to some extent on technology to conduct day-to-day business, and a cyberattack can have tremendously negative ramifications on a company — not just financially from a ransom but also potential liability from the theft of third-party data, loss of customers and permanent damage to a brand’s reputation.
“Cyber insurance policies help cover the financial losses that result from cyber events and incidents,” according to an article in TechTarget. “In addition, cyber-risk coverage helps with the costs associated with remediation, including payment for the legal assistance, investigators, crisis communicators and customer credits or refunds.”
At Great Lakes State Agency, roughly 80% of commercial clients purchase cyber insurance and about 70% of individual clients opt for the coverage. In a way, Lambropoulos said, cyber insurance is an extension of the coverage for identity theft that has been available for decades — just kind of an updated version reflecting the growing reliance on technology.
“Identity theft on a homeowner’s policy has been an option since I started,” she said. “Most people didn’t add it because it wasn’t as easy to steal identity then. You didn’t use your phone for everything. You went into the bank and withdrew your money. So, identity theft wasn’t as prevalent as it is now with someone hacking into your computer or hacking into your cellphone.”
While the business side of cyber insurance is about protecting the information of both the business and the customers, there are additional reasons behind the coverage individuals seek out.
“When we talk to people on the personal side, if they have kids, that’s where they can get hit with cyberbullying or they may be logging in to unprotected websites and unprotected internet connections. … Cyberbullying is such as big thing now on social media and cyber protection on a home policy would cover for things like counseling if it’s needed, monitoring of the computer or relocation to a different school.”
The importance of being protected is definitely being recognized. According to a report from the U.S. Government Accountability Office, as cyberattacks nearly doubled between 2016 and 2020, so, too, did the number of insurance clients seeking cyber coverage, up from 26% in 2016 to 47% in 2020.
“In a survey of agents and brokers in late 2020, about three-quarters of them said they were seeing increasing demand for cyber coverage. … It seems likely that we will see continued increasing demand given the cyberattacks we’re seeing in the news almost every day,” John Pendleton, the GAO’s director of financial markets and community investments, said in a podcast.
Pendleton noted that the cost of coverage has been rising in recent years, but he added that may be due to the perceived risk also increasing. However, Lambropoulos said that, like any other type of insurance policy, it comes down to what you want covered. The question becomes: How much are you willing to risk losing what you have invested your life into building?
“If you’re a business that holds onto people’s information or enters people’s information into your system, you need to look into this,” Lambropoulos said. “Even if you just have a home computer, it’s something to consider. It seems minor, but people have all their photos on their computer. You don’t want to lose that. You don’t want to lose those memories. It sounds minute, but those are the things people don’t want to lose.”