INSURANCE INFORMATION INSTITUTE
Contact: Press Offices
New York: 212-346-5500; firstname.lastname@example.org
Washington, D.C.: 202-833-1580
NEW YORK, February 23, 2009 — A weakening economy has exacerbated the problem of cyber-related crimes, causing millions of dollars in losses to businesses. Spamming, hacking, pinging and denial of service are just a few of the fraudulent cyber attacks that can cripple a business. Reliance on traditional insurance and information security to deal with these ever evolving risks is not enough, making cyber insurance critical to protecting businesses, according to the Insurance Information Institute (I.I.I.).
“The surge in cyber crimes is enormous,” said Loretta Worters, vice president of communications with the I.I.I. “From email phishing scams, which attempt to trick a consumer into providing sensitive data to fake Web sites, to cyber hijacking, in which crooks use stolen usernames and passwords to filch online accounts, these schemes damage networks, data and computer systems as well as expose businesses to third-party claims.”
The insurance industry has developed cyber insurance products to help businesses confront the growing number of network security risks that have the potential to shut down a network, destroy vital data or steal customer information. As the public becomes more concerned about privacy, businesses have become more aware that they are liable in the event the personal information of their customers is compromised. However, not enough businesses are properly insured.
According to a recent Ernst & Young survey of 1,400 organizations in its 2008 Global Information Security Survey, only 13 percent of survey respondents currently have insurance coverage for the losses resulting from a cyber attack. In addition, only 20 percent of respondents have a documented strategy for information security and less than half perform formal risk analyses to direct information security activity.
Losses from cyber crimes can be considerable and are on the rise. The 2007 Computer Security Institute’s Computer Crime and Security Survey noted that 46 percent of companies had experienced one or more security incidents in the past 12 months; the average reported loss increased to $350,424 from $168,000 the previous year.
“Regardless of product line or service, virtually all major businesses today rely on computer networks to function," said Worters. “But they need to recognize that network security risks are fundamentally different than traditional physical risks like fire. If a hacker or virus shuts down a network or destroys computer software or data, most businesses today have either limited or no coverage. Insurers have excluded these risks from standard commercial policies and are now offering stand-alone coverage. Whether your company conducts business over the Internet, stores customer data on servers or simply uses email, it is at risk.”
Specialized cyber-risk coverage is available primarily as a stand-alone policy. Each policy is tailored to the specific needs of a company, including the technology being used and the level of risk involved. Both first- and third-party coverages are available.
Types of Coverage
What Does Cyber Insurance Cost?
Depending on the policy, coverage can apply to both internally and externally launched attacks, as well as viruses that are specifically targeted against the insured or widely distributed across the Internet. Premiums can range from a few thousand dollars for base coverage for small businesses (less than $10 million in revenue) to several hundred thousand dollars for major corporations desiring comprehensive coverage. As part of the application process, some carriers offer an online and/or on-site security assessment free of charge regardless of whether the applicant purchases the insurance. This is helpful to the underwriting process and also provides extremely valuable analysis and information to the company’s chief technology officer, risk manager and other senior executives. “Companies spend billions of dollars annually setting up firewalls, buying anti-virus software but that’s not enough,” noted Worters. “Purchasing cyber insurance is another layer of protection to safeguard your business.”
The I.I.I. is a nonprofit, communications organization supported by the insurance industry.