All posts by Jeff Dunsavage

Cyberattacks on Health Facilities: A Rising Danger

By Max Dorfman, Research Writer, Triple-I

As cyberattacks have increased in recent years, one area of particular concern has been those that target hospitals and health systems. These attacks have affected not only private information but also threatened the lives and well-being of patients.

A major shift

Hospitals rely more than ever on computerized systems to manage their information and systems. With the added complications related to the COVID-19 pandemic, the dangers associated with cyberattacks have only worsened.

“It’s part of a trend we’ve seen building over the last couple years, even before the pandemic,” said Scott Shackelford, chairman of the IU Cybersecurity Risk Management Program. Unfortunately, health-care providers are very much in the crosshairs. Not only do they often have insurance and deep pockets, but doctors need access to patient information to perform procedures and provide required services.

Because of this vulnerability and urgency, Shackelford said, “They are more likely to pay up.”

“If you look at the surveys that have been done, about one-in-three health providers have been hit by ransomware attacks just since 2020, and there’s been a 45 percent uptick in that rate since last December,” Shackelford added.

One recent attack, on Johnson Memorial Health in Franklin, Indiana, disabled its computer system. Although the hospital said it could still manage its patient intake, the loss of computer capabilities slowed operations down dramatically.

“We’re used to sending lab orders via computer, sending prescriptions to pharmacies via computer, so we’re going back to a real reliance on paper again,” Johnson Memorial President and CEO David Dunkle said. “We’re using more human runners, people taking lab recs between the ER and the lab.”

Hospitals have been slow to respond

Although there have been major technological advancements in the medical field, not all health systems have provided robust IT teams or thorough safety protocols. One area of note is with new medical devices, which take years to earn FDA approval and can come with outmoded software and operating systems without the latest security mechanisms.

This has given hackers the ability to disable medical imaging devices like MRIs. They can then shut down or interfere with machines.  A recent study by McAfeeEnterprise’s Advanced Threat Research Team uncovered that an IV pump created by German medical manufacturer B. Braun possessed a susceptibility that would allow hackers to change medicine doses remotely.

And while traditional phishing attacks require a user to open a corrupted file — a trend that is now on the decline — new attacks can use so-called Zero Click malware, which can infect a system merely through receiving a text or email.

Additionally, sensitive data that health systems possess gives hackers the opportunity to sell this information online — or threaten to — with demands rising into the millions of dollars. After a 2009 U.S. law was passed that required Medicare and Medicaid providers to implement electronic health records, these risks have only accelerated.

Life and death circumstances

Hospitals are now not only seeing the financial risks with cyberattacks, but the threat to their patients’ lives.

In July 2019, Springhill Medical Center faced a massive ransomware attack that disabled its electronic devices. This failure created dire circumstances for one infant, causing doctors to be unable to monitor the child’s condition during delivery. The infant died, and the hospital is being sued by the mother for malpractice—a charge Springhill denies.

Another attack in Düsseldorf, Germany in 2020 saw the death of a 78-year-old woman from an aortic aneurysm. What was supposed to be a routine pick-up turned into a nightmare, when the local hospital’s system was disabled by a ransomware attack, forcing the emergency department to turn away the woman and causing the ambulance to travel much farther. During this time, the patient’s condition worsened, and she eventually died.

How much worse can it get?

By the middle of August of 2021, 38 attacks on health-care providers or systems had interrupted care at approximately 963 U.S. locations. For all of 2020, only 560 sites were affected in 80 separate incidents, according to Brett Callow, a threat analyst at security firm Emsisoft.

With the vast amount of data and equipment at each of these health facilities—as well as the linked networks of many systems—the threat of cyberattacks in health care will only continue to grow unless more action is taken.

Insuretech Connect: Showcasing Innovation

Sean Kevelighan leads Climate Risk and Resilience panel. (Photo/videos by Scott Holeman,
Media Relations Director, Triple-I)

By Loretta Worters, Vice President, Media Relations, Triple-I

Insuretech Connect – the world’s largest gathering of insurance leaders and innovators – last week brought together insurance technology stakeholders to network, share insights, and learn about leading-edge technology across all insurance lines.

Conference participants included Pete Miller, president and CEO of The Institutes, who discussed risk mitigation through new technology. 

“Capturing data about the things we do and then allowing us to mitigate risk before we even get to the insurance function, that’s really where I think this industry is going,” he said.

One panel, Climate Risk and Resilience, focused on the importance of Insurtech and innovation to the success and sustainability of the industry. Moderated by Triple-I CEO Sean Kevelighan, the panel included Sean Ringsted, chief digital officer at Chubb; Christie McNeill, associate partner with McKinsey & Company and leader of ESG and Climate Change for the Insurance Practice in North America; Alisa Valderrama, CEO and co-founder of FutureProof Technologies, a venture-backed financial analytics software company specializing in climate risk; and Susan Holliday, Triple-I nonresident scholar and senior advisor to the International Finance Corporation (IFC) and the World Bank, where she focuses on insurance and Insuretech.

“Insurers are no stranger to climate and extreme weather,” Kevelighan said. “They have had a financial stake in it for decades.”

He noted that insured losses caused by natural disasters have grown by nearly 700 percent since the 1980s and four of the five costliest natural disasters in U.S. history have occurred over the past decade.

U.S. insurers paid out $67 billion in 2020 due to natural disasters. The insured losses emerged in part as the result of 13 hurricanes, five of the six largest wildfires in California’s history, and a derecho that caused significant damage in Iowa. 

This year’s Hurricane Ida is expected to cost insurers at least $31 billion and to push Hurricane Andrew out of the top five damaging storms. 2021 has been another record year for wildfires. January 1 to September 19, 2021 there were 45,118 wildfires, compared with 43,556 in the same period in 2020. 

The panelists talked about how insurers have long been aware of climate risk and – to the extent that existing data-gathering and modeling technologies allowed – considered it in risk pricing and reserving. As information storage and processing have vastly improved, the industry has not only gotten better at underwriting and reserving for these risks – it has identified opportunities in areas it once could only view as problems.

Improved modeling, for example, has increased insurers’ comfort with and appetite for writing flood coverage and spurred the development of new products. 

“Insurers are and always will be financial first responders, but there’s a growing realization that risk transfer alone isn’t enough,” Kevelighan said.  “Insurance is one important step toward resilience.  It’s well documented that better-insured communities recover faster from disasters.  But more is required to address increasingly complex global risks.”

Building a Robust
Cyber Insurance Market
Is Focus of Oct. 13 Panel

Triple-I CEO Sean Kevelighan will join a virtual panel on Wednesday, Oct. 13, at 11 a.m., ET, to brief public policymakers on ways to build a robust cyber risk insurance market.

“To allow businesses to operate safely in an increasingly interconnected world, insurers are working closely with their commercial customers to mitigate cyber risks and to make sure businesses have the right types, and amounts, of cyber insurance,” Kevelighan said.  “However, as we are seeing increasing uncertainty in the extensiveness of cyber risk, it is also essential that we better understand the role government needs to play in particular around law enforcement and international diplomacy.”

As previously noted in The Triple-I Blog, some in the national security world have compared U.S. cybersecurity preparedness today to its readiness for large terrorist acts prior to 9/11. Before those attacks, terrorism coverage was included in most commercial property policies as a “silent” peril – not specifically excluded, therefore covered. Afterward, insurers began excluding terrorist acts from policies, and the U.S. government established the Terrorism Risk Insurance Act to stabilize the market.

“A balanced public-private partnership that recognizes where insurance can be a helpful financial responder, and how government is an essential preventative tool, will be critical to helping mitigate the ever-increasing cyber risks we are facing in the world,” Kevelighan said.

Presented by Indiana University’s Ostrom Workshop and Cybersecurity Risk Management Program in collaboration with The Institutes Griffith Insurance Education Foundation, the discussion can be viewed free of charge by public policymakers who register online in advance. It is one of three Cybersecurity Policy Bootcamp sessions the two organizations are co-hosting in October as part of Cyber Security Awareness Month.

The one-hour session will focus on Deepening Partnerships Between States, the Federal Government, the Private Sector, and Academia to Build a Robust Cyber Risk Insurance Market.

Along with Kevelighan on the panel will be three other subject matter experts:

  • Elizabeth Kelleher Dwyer, Esq., superintendent of Financial Services for Rhode Island Department of Business Regulation;
  • Scott J. Shackelford, JD, PhD, chair of the Cybersecurity Program at Indiana University, Bloomington; and
  • Douglas Swetnam, section chief for Data Privacy & Identity Theft in the Indiana Attorney General’s Office

Frank Tomasello, executive director for the Institutes Griffith Insurance Education Foundation, will be the panel’s moderator.

Learn More:

Article:                 Cyber Liability Risks

Video:                  Seven Cybersecurity Tips to Safeguard Your Business

Triple-I Blog:  

 Cyber Insurance’s “Perfect Storm”

 “Silent” Echoes Of 9/11 in Today’s Management of Cyber Risks

 Brokers, Policyholders Need Greater Clarity on Cyber Coverage

  Cyber Risk Gets Real, Demands New Approaches

IRC Releases State-by-State Auto Insurance Affordability Rankings

Louisiana, Florida, and Michigan remain the least affordable states for auto insurance, while Iowa remains the most affordable, according to a new study from the Insurance Research Council (IRC). 

The report, Auto Insurance Affordability: Countrywide Trends and State Comparisons, looks at auto insurance expenditures as a share of median household income. The IRC affordability index ranges from a low of 1.02 percent in Iowa to a high of 3.09 percent in Louisiana. A higher ratio indicates less affordable insurance in the state.

The index uses median household income data from the U.S. Census Bureau and auto insurance expenditure data published by the National Association of Insurance Commissioners (NAIC).  The rankings are based on 2018 data (the most recent available). Since 2018, Michigan has enacted reforms aimed at lowering auto insurance expenditures for Michigan’s drivers.

Some affordability studies estimate insurance costs by gathering quotes for minimum coverage.  The NAIC measure, by contrast, provides an estimate of what consumers actually spend per insured vehicle.  The index isn’t intended to serve as an absolute threshold for when auto insurance becomes affordable. This would be entirely subjective, as different parties can reasonably disagree about what constitutes affordable insurance. Rather, it’s a tool to compare auto insurance affordability over time and across jurisdictions.

Underserved communities not directly addressed

The index also does not address the important issue of affordability among underserved populations, which would require more granular data than used for this analysis. It is important to note that affordability for traditionally underserved consumers is determined by underlying costs, just as it is for the overall population.

A recent analysis of NAIC data showed that the higher premiums in lower-income ZIP codes were in line with the higher claim costs in those areas. Efforts to improve auto insurance affordability in those areas must address these higher costs.

While state-level data cannot directly address affordability among these populations, collaborative efforts to reduce the following key cost drivers can improve affordability for all consumers:

  • Accident frequency related to traffic density, road conditions, and other factors that lead to more frequent accidents in some states.
  • Repair costs, which vary widely by state.
  • Tendency to file injury claims, which tends to be higher in less affordable states.
  • Injury claim costs.
  • Attorney involvement, which is associated with higher claim costs and delays in settlement.
  • Claim abuse – Insurance fraud is a factor in the high cost of insurance. 

In a letter responding to a federal request for information, Triple-I earlier this year said U.S. auto insurers accurately price their policies by using a wide variety of rating factors.  All these factors must conform to the laws and regulations of the state in which the auto insurance policies are sold.

“Lower-risk drivers should pay less for auto insurance, and premiums have closely tracked broader U.S. economic trends for decades,” Triple-I told the U.S. Treasury Department’s Federal Insurance Office (FIO) in its letter.

The letter also said the rating factors U.S. auto insurers use to price their policies not only serve their purpose but are constantly retested to ensure their accuracy and reliability.

Learn More From the Triple-I Blog

Triple-I: Rating-Factor Variety Drives Accuracy of Auto Insurance Pricing

Here’s What’s Happening to Your Auto Insurance Costs

Auto Insurance Premiums Face Downward Pressure Due to COVID-19

Nevada Class Actions Against Auto Insurers Risk Hurting Policyholders

Policyholder Dividends Soar as Auto Insurers Respond to Pandemic

Auto Insurance Rates Decline Across U.S.

Auto Damage Claims Growing Twice as Fast as Inflation: IRC Study

Pandemic Drives
Life Insurance Sales, Especially Among
Young Consumers

By Maria Sassian, Triple-I consultant

The COVID-19 pandemic contributed to a decrease in life expectancy in the United States for the first time in decades, according to the Centers for Disease Control and Prevention (CDC).  After climbing steadily for many years, life expectancy fell by 1.5 years from 2019 to 2020 – the largest one-year dip since World War II, when it declined by 2.9 years between 1942 and 1943.

Life expectancy at birth for the total population declined from 78.8 years in 2019 to 77.3 years in 2020.  The grim prospect of mortality, as well as the financial havoc wrought by the pandemic, has led many people to consider protecting their loved ones with life insurance.  

A survey by Life Happens and LIMRA published in April 2021 found that about 31 percent of consumers said they are more likely to buy life insurance because of the pandemic. And the latest data show they followed through on that intention. Total U.S. life insurance premium increased 21 percent in the second quarter 2021, the largest year-over-year increase since third quarter 1987. For the first half of 2021, total premium increased 18 percent, compared with the first six months of 2020, LIMRA reports.

Life insurance is now attracting younger customers. LIMRA’s survey shows that 45 percent of millennials said they are more likely to buy life insurance because of COVID-19.  This increased interest could be explained by the fact that younger people are more likely to have children who are minors and higher amounts of outstanding mortgage debt to cover if they died.  Younger workers also faced higher unemployment rates throughout the pandemic compared to older workers, so they may have purchased individual coverage to make up for the loss of employer-sponsored policies.

Decisions about buying a policy or increasing coverage also vary by race. Deloitte research found that underinsured Hispanic/Latino buyers were most interested in increasing life insurance coverage as a response to the pandemic, followed most closely by Black buyers. Deloitte speculates that this is due to the higher unemployment rates among Black and Hispanic/Latino people during the pandemic, which resulted in the loss of employer-sponsored life coverage. Overall, Black and Hispanic/Latino people were disproportionately affected by COVID-19.

September is Life Insurance Awareness month, and now turns out to be a good time to get the coverage. Insurers have made it easier to buy policies during the pandemic. Many companies are temporarily waving in-person medical exams and streamlining the buying process with simplified underwriting.

Companies with the strongest digital capabilities are benefitting from a 30 percent to 50 percent increase in online life insurance sales since January 2020, according to Deloitte.  Consumers like shopping online, and interest in agent-driven sales is decreasing, with just 41 percent of consumers saying they prefer to buy in-person in 2020 – down from 64 percent in 2011.

People who get life insurance don’t tend to regret it. In fact, LIMRA reports that that almost 40 percent said they wished they had purchased it at a younger age. And while many people believe life insurance is too expensive, most overestimate the cost. LIMRA found that 44 percent of Millennials thought the cost of  term life insurance was more than $1,000 a year, when it’s closer to $160 for a healthy 30-year-old to own a $250,000 level term life insurance policy.

Related links:
Triple-I’s Life Insurance Basics
Facts & Statistics: Life insurance

Flood: An Insurable Peril That’s Underinsured

By John Novaria, Managing Director, Amplify

This year’s hurricanes have served as a wakeup call about the importance of flood insurance and the fact that not enough people have it. Only 1 in 6 homes in the United States is insured against flood, yet 90 percent of natural catastrophes in the country involve flooding.

More of the population is moving into flood-prone areas. Not only does this increased residential and commercial development put more people in harm’s way, it reduces the amount of land available to absorb excess water. This means more homes and businesses inundated, more contents damaged or destroyed, and more vehicles immersed.

Nowadays, flooding tends to cause more costly damage than wind. An average storm year will generate uninsured losses of $10 billion due to flooding, compared to insured losses of $5 billion.

“One of the most frustrating things for our industry related to flood is that this is actually an insurable peril and it’s broadly uninsured,” said Keith Wolfe, president of U.S. property & casualty insurance at Swiss Re. Wolf recently spoke with Triple-I CEO Sean Kevelighan, in the latest edition of Triple-I’s Executive Exchange, about closing the flood-protection gap.

That’s changing, however, as the public and private sectors work together to improve consumer behavior and harden communities. The private market is slowly but surely closing the flood protection gap as it emerges as a viable complement to the National Flood Insurance Program.

Improvements in modeling are making this peril more insurable, and private companies are recognizing the flood-insurance opportunity and entering the market. According to Swiss Re, flood represents a $1.1 billion growth opportunity for insurers.

Deepfake: A Real Hazard

By Maria Sassian, Triple-I consultant

Videos and voice recordings manipulated with previously unheard-of sophistication – known as “deepfakes“ – have proliferated and pose a growing threat to individuals, businesses, and national security, as Triple-I warned back in 2018.

Deepfake creators use machine-learning technology to manipulate existing images or recordings to make people appear to do and say things they never did. Deepfakes have the potential to disrupt elections and threaten foreign relations. Already, a suspected deepfake may have influenced an attempted coup in Gabon and a failed effort to discredit Malaysia’s economic affairs minister, according to Brookings Institution

Most deepfakes today are used to degrade, harass, and intimidate women. A recent study determined that up to 95 percent of the thousands of deepfakes on the internet were pornographic and up to 90 percent of those involved nonconsensual use of women’s images.

Businesses also can be harmed by deepfakes. In 2019, an executive at a U.K. energy company was tricked into transferring $243,000 to a secret account by what sounded like his boss’s voice on the phone but was later suspected to be thieves armed with deepfake software.

“The software was able to imitate the voice, and not only the voice: the tonality, the punctuation, the German accent,” said a spokesperson for Euler Hermes SA, the unnamed energy company’s insurer. Security firm Symantec said it is aware of several similar cases of CEO voice spoofing, which cost the victims millions of dollars.

A plausible – but still hypothetical – scenario involves manipulating video of executives to embarrass them or misrepresent market-moving news.

Insurance coverage still a question

Cyber insurance or crime insurance might provide some coverage for damage due to deepfakes, but it depends on whether and how those policies are triggered, according to Insurance Business.  While cyber insurance policies might include coverage for financial loss from reputational harm due to a breach, most policies require network penetration or a cyberattack before it will pay a claim. Such a breach isn’t typically present in a deepfake.

The theft of funds by using deepfakes to impersonate a company executive (what happened to the U.K. energy company) would likely be covered by a crime insurance policy.

Little legal recourse

Victims of deepfakes currently have little legal recourse. Kevin Carroll, security expert and Partner in Wiggin and Dana, a Washington D.C. law firm, said in an email: “The key to quickly proving that an image or especially an audio or video clip is a deepfake is having access to supercomputer time. So, you could try to legally prohibit deepfakes, but it would be very hard for an ordinary private litigant (as opposed to the U.S. government) to promptly pursue a successful court action against the maker of a deepfake, unless they could afford to rent that kind of computer horsepower and obtain expert witness testimony.”

An exception might be wealthy celebrities, Carroll said, but they could use existing defamation and intellectual property laws to combat, for example, deepfake pornography that uses their images commercially without the subject’s authorization.

A law banning deepfakes outright would run into First Amendment issues, Carroll said, because not all of them are created for nefarious purposes. Political parodies created by using deepfakes, for example, are First Amendment-protected speech.

It will be hard for private companies to protect themselves from the most sophisticated deepfakes, Carroll said, because “the really good ones will likely be generated by adversary state actors, who are difficult (although not impossible) to sue and recover from.”

Existing defamation and intellectual property laws are probably the best remedies, Carroll said.

Potential for insurance fraud

Insurers need to become better prepared to prevent and mitigate fraud that deepfakes are capable of aiding, as the industry relies heavily on customers submitting photos and video in self-service claims. Only 39 percent of insurers said they are either taking or planning steps to mitigate the risk of deepfakes, according to a survey by Attestiv.

Business owners and risk managers are advised to read and understand their policies and meet with their insurer, agent or broker to review the terms of their coverage.

Insurer Declined to Renew your Homeowners Policy? You Have Options

By Maria Sassian, Triple-I consultant

In high-risk areas like the West Coast with its wildfires and Florida with its hurricanes and floods, insurance non-renewals are on the rise as insurers attempt to limit their exposure to future losses. Homeowners insurance protects your most valuable possession, so the prospect of getting a notice that your policy will not be renewed can be nerve-racking.  

But don’t panic if that happens – you have options.

Know the difference between cancellation and non-renewal

There is a big difference between an insurance company canceling a policy and choosing not to renew it. Insurance companies can’t cancel a policy that has been in force for more than 60 days except when:

Nonrenewal is a different matter. Either you or your insurance company can decide not to renew the policy when it expires. Depending on the state you live in, your insurance company must give you a certain number of days’ notice and explain the reason for not renewing before it drops your policy.

Question the non-renewal

If you think the reason the insurance company provided for non-renewing is unfair or want a further explanation, call the company.  You may get an opportunity to keep your coverage by verifying that you’ve taken risk mitigation measures such as replacing the roof or removing flammable materials near your house.

If your policy isn’t renewed because of a failed inspection, making the proper updates could help you maintain coverage.

Shop around for another policy

If your insurer insists on non-renewing, shop around for a new policy. Here are some tips from Triple-I’s How to Save Money on Your Homeowners Insurance guide:

  • Ask friends and relatives for recommendations for insurers and then do your due diligence.
  • Contact the state insurance department to find out whether they make available consumer complaint ratios by company. If they do, check into the insurers you’re considering doing business with.
  • Check the financial health of prospective insurance companies by using ratings from independent rating agencies and consulting consumer magazines for reviews.
  • For price quotes, call companies directly or access information online. Your state insurance department may also provide comparisons of prices charged by major insurers.
  • Get quotes from at least three companies.
  • Don’t shop based on price alone. Remember, you’ll be dealing with this company in the event of an accident or other emergency. When you need to file a claim you’ll want an insurer that provides good customer service, so test that while you’re shopping, and choose a company whose representatives take the time to address your questions and concerns.

Explore your state’s shared market option

If you’ve shopped around and can’t find coverage, you may need to turn to the state-run shared market. Many states offer Fair Access to Insurance Requirements (FAIR) policies for high-risk homes, or beach and windstorm plans for coastal properties. These policies offer limited coverage and are often more expensive than a standard home policy from a private insurer.

For more comprehensive coverage, homeowners in California may purchase a “difference in conditions” policy that complements FAIR Plan coverage.

Look into surplus lines

The surplus lines market, which is comprised of highly specialized insurers, exists to provide coverage that is not available through licensed insurers in the standard market. Each state has surplus lines regulations and each surplus lines company is overseen for solvency by its home state.

Available surplus lines companies vary by state. Speak with an insurance agent or broker about surplus lines if you’ve been rejected by at least three other insurers.

Non-renewals in disaster-prone areas

 State regulators are pushing back against the non-renewal trend by placing moratoriums on non-renewals for certain zip codes, as happened in California recently, or for certain companies, as is the case in Louisiana.

Whether the decision not to renew is yours or your insurer’s, don’t put off shopping for a new policy. You don’t want coverage on your home to lapse.

Cyber Insurance’s “Perfect Storm”

Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

Increasing cybercrime incidents resulting in large losses – combined with some carriers retreating from writing the coverage – is driving cyber insurance premiums sharply higher.

Once a diversifying secondary line and another endorsement on a policy, cyber has become a primary component of any corporation’s risk-management and insurance-buying decisions. As a result, insurers need to review their appetite for the peril, risk controls, modeling, stress testing and pricing.

According to A.M. Best, the prospects for the cyber insurance market are “grim” for several reasons:

  • Rapid growth in exposure without adequate risk controls,
  • Growing sophistication of cyber criminals, and
  • The cascading effects of cyber risks and a lack of geographic or commercial boundaries.

While the industry is well capitalized, A.M. Best says individual insurers who venture into cyber without thoroughly understanding the market can put themselves in a vulnerable position.

“The cyber insurance industry is experiencing a perfect storm between widespread technology risk, increased regulations, increased criminal activity, and carriers pulling back coverage,” according to Joshua Motta, co-founder and CEO of Coalition, a San Francisco-based cyber insurance and security company. “We’ve seen many carriers sublimit ransomware coverage, add coinsurance, or add exclusions.”

Worsening since the pandemic

A recent Willis Towers Watson study found primary and excess cyber renewals averaging premium increases “well into the double digits.” One factor helping to drive these increases, Willis writes, is the sudden shift toward remote work on potentially less-secure networks and hardware during the pandemic, which has made organizations more vulnerable to phishing and hacking.

The average cost of a data breach rose year over year in 2021 from $3.86 million to $4.24 million, according to a recent report by IBM and the Ponemon Institute — the highest in the 17 years that this report has been published. Costs were highest in the United States, where the average cost of a data breach was $9.05 million, up from $8.64 million in 2020, driven by a complex regulatory landscape that can vary from state to state, especially for breach notification.

The top five industries for average total cost were:

  • Health care
  • Financial
  • Pharmaceuticals
  • Technology
  • Energy

For the health care sector, the average total cost rose 29.5 percent, from $7.13 million in 2020 to $9.23 million in 2021.

Since the start of the year, cyber insurance rates have increased 7 percent for small businesses, according to AdvisorSmith Solutions. For midsize and large businesses, AdvisorSmith said,  those increases were closer to 20 percent.

Insurers’ reactions

AIG last month said it is tightening terms of its cyber insurance, noting that its own premium prices are up nearly 40 percent globally, with the largest increase in North America.

“We continue to carefully reduce cyber limits and are obtaining tighter terms and conditions to address increasing cyber loss trends, the rising threat associated with ransomware and the systemic nature of cyber risk generally,” CEO Peter Zaffino said on a conference call with analysts.

In May, AXA said it would stop writing cyber policies in France that reimburse customers for extortion payments made to ransomware criminals. In a ransomware attack, hackers use software to block access to the victim’s own data and demand payment to regain access.

The FBI warns against paying ransoms, but studies have shown that business leaders today pay a lot in the hope of getting their data back.  An IBM survey of 600 U.S. business leaders found that 70 percent had paid a ransom to regain access to their business files. Of the companies responding, nearly half have paid more than $10,000, and 20 percent paid more than $40,000. 

Two advisories last year from U.S. Treasury agencies –  the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) – indicated that companies paying ransom or facilitating such payments could be subject to federal penalties. These notices underscore businesses’ need to consult with knowledgeable, reputable professionals long before an attack occurs and before making any payments. 

More like terror than flood

Cyber risk is unlike flood and fire, for which insurers have decades of data to help them accurately measure and price policies. Cyber threats are comparatively new and constantly evolving. The presence of malicious intent results in their having more in common with terrorism than with natural catastrophes.

Insurers and policyholders need to be partners in mitigating these risks through continuously improving data hygiene, sharing of intelligence, and clarity as to coverage and its limits.

Relocated Due to Ida?
You Might Be Covered
for Additional Living Expenses

Standard homeowners and renters insurance policies include additional living expenses (ALE) coverage. ALE pays the costs of living away from home—above and beyond your customary expenses— if you cannot live at home due to damage caused by an insured event that makes the home temporarily uninhabitable.

What expenses are typically covered by ALE?

ALE covers living expenses incurred by you so your household can maintain its normal standard of living.  These expenses could include:

  • Temporary housing
  • Moving costs
  • Grocery or restaurant bills 
  • Storage costs
  • Laundry expenses
  • Transportation (e.g., if your temporary home requires a longer commute)
  • Parking fees
  • Pet boarding

Your homeowners policy’s ALE coverage is usually equal to 20 percent of your home’s insured value—a home insured for $200,000, for instance, may have ALE coverage of up to $40,000—or limited to a certain timeframe (e.g., no more than 12 months).

What about Damage from Hurricane Ida?

Standard ALE coverage should be triggered if damage from a covered peril (e.g., wind and rain) caused the home to be uninhabitable. In addition, some companies provide ALE coverage when policyholders leave their home or apartment due to mandatory evacuation orders. Policyholders should speak with their insurance professional to confirm whether their policy provides ALE coverage for their situation.

As a reminder, standard homeowners insurance policies typically do not provide coverage for flood damage. The National Flood Insurance Program (NFIP) covers physical damage from flood but does not include ALE. Some privately sold flood policies offer ALE following flood losses. 

What Other Help Is Available?

Federal assistance has been made available through the Federal Emergency Management Agency (FEMA). On September 2, FEMA announced they will cover hotel expenses for survivors of Hurricane Ida with damaged homes or dwellings in 25 parishes in southeast Louisiana.

The program, known as Transitional Sheltering Assistance, will provide survivors with short-term housing free-of-charge as they recover from the Category 4 storm. Survivors must first register with FEMA at disasterassistance.gov or by calling the FEMA helpline at 800-621-3362. Those wishing to take advantage of the program must find and book their own hotel rooms. Participating hotels are listed at www.femaevachotels.com.