Catherine Smola, President & CEO | Canadian Underwriter insBlogs
According to digital security company Gemalto, at least 276,000 data breaches occurred in Canadian companies in 2014. I have written previously on the rise of cyber crime and cyber-security best practices, but sometimes, even with sound security in place, data breaches can occur. To mitigate the cost of a successful attack, more companies than ever are turning to a new type of policy for protection: cyber liability insurance.
First of all, what exactly is cyber liability insurance? This product provides coverage for liability and expenses arising from the theft or loss of data as well as from the breach of data security or privacy, particularly when companies regularly host client information such as usernames, passwords, credit card numbers or other personally identifiable information. There are two main types of cyber liability insurance:
- First-party cyber liability insurance covers the direct costs associated with responding to a privacy breach or security failure
- Third-party cyber liability insurance covers the stakeholders who are responsible for the safe storage of data, e.g., network security IT personnel
Customer uptake of cyber liability insurance has been low thus far – only 8% of companies have purchased cyber coverage, according to a recent ARC Group Canada seminar. However, this number is likely to grow as more companies realize that their standard commercial general liability (CGL) policy does not adequately cover data breaches. A typical CGL policy covers liability for physical damage to tangible rather than electronic property, like buildings, vehicles and equipment. For intangible property like data, a separate cyber liability policy or an endorsement to the CGL would come into play.
The Cost of a Data Breach
According to a recent Agents Council for Technology (ACT) webinar, the cost of a data breach is approximately $217 per file, which can add up very quickly when large volumes of data are compromised by a cyber attack. There are many costs associated with a data breach, including:
- Identify theft reparation
- Regulatory fines and lawsuit
- Disruptions in normal business operations (i.e., lost business)
- Long-term damage to brand reputation
The accumulated costs of a single breach can be enormous. In a recent U.S. Securities and Exchange Commission (SEC) filing, Home Depot reported that the cost of a data breach in which millions of its customers’ credit card numbers were stolen was $43 million in the third quarter of 2014 alone.
Data Standards for Cyber Liability
The Canadian P&C industry has moved to provide cyber liability insurance, with close to 30 companies offering some form of coverage as of 2012. The need for a swift and secure means of transmitting policy information, however, is crucial to enabling efficient and, of course, safe broker-insurer business transactions.
Towards that end, in July CSIO released an update to its Data Standard, incorporating a Cyber Liability Message and Coverage Code (developed by ACORD, the US-based insurance standards organization). With this update, members can streamline how they help protect customers against risks to their data and information systems by automatically sending cyber policy data through secure, electronic channels.
The latest XML standards release (version 1.29) is available for insurer and vendor members to download on CSIO.com. With this standard, the broker channel is well positioned to meet the rising demand for cyber liability insurance while delivering the highest levels of security and customer service.