After hearing of the cyberattacks and data breaches in the financial services industry in recent years, you may have purchased insurance to cover losses your company may experience. If it’s been some time since the purchase, take a moment to review your policy. As systems become more advanced, so do those who infiltrate them. Before reviewing your policy, complete a cybersecurity assessment tool to identify possible gaps in coverage. There are several free online versions. Choose one that best fits your industry.
After completing the tool and analyzing risk-mitigating controls, you may find residual risks that could hedge against your insurance policy. Depending on the provider, there may be coverage against losses such as data destruction, extortion, theft, hacking and denial-of-service attacks.
Cybersecurity insurance is included in the financial bond policy or a separate addendum. Either way, consult with your agent as to whether certain events are covered and discuss any exclusions. For more information, the Financial Services Information Sharing and Analysis Center (FS-ISAC) boards are a good resource.
In the end, a company’s leadership determines its need for cyber insurance. Cyberattacks are expected to increase and evolve. Below are some statistics from Symantec’s 2016 Internet Security Threat Report:
- Symantec identified 430 million new unique malware in 2015, up 36 percent.
- In 2015, 191 million records were exposed in the largest data breach ever publicly reported—one of 318 breaches and nine mega-breaches (a mega-breach is a breach of more than 10 million records).
- Spear phishing is up 55 percent.
- Ransomware is up 35 percent.
It’s not a matter of when an attack will occur, but what the effect will be on your company. We recommend being proactive and advise management to regularly review their policies and risk assessments, analyze mitigation factors for effectiveness and evaluate the adequacy of insurance policies.
Latest posts by Jeff Pauls (see all)
- Cybersecurity Insurance – How Well Are You Covered? - September 6, 2016
- Creating a Cybersecurity Risk Assessment - July 22, 2015