Cybersecurity Insurance – How Well Are You Covered?

After hearing of the cyberattacks and data breaches in the financial services industry in recent years, you may have purchased insurance to cover losses your company may experience. If it’s been some time since the purchase, take a moment to review your policy. As systems become more advanced, so do those who infiltrate them. Before reviewing your policy, complete a cybersecurity assessment tool to identify possible gaps in coverage. There are several free online versions. Choose one that best fits your industry.

After completing the tool and analyzing risk-mitigating controls, you may find residual risks that could hedge against your insurance policy. Depending on the provider, there may be coverage against losses such as data destruction, extortion, theft, hacking and denial-of-service attacks.

Cybersecurity insurance is included in the financial bond policy or a separate addendum. Either way, consult with your agent as to whether certain events are covered and discuss any exclusions. For more information, the Financial Services Information Sharing and Analysis Center (FS-ISAC) boards are a good resource.

In the end, a company’s leadership determines its need for cyber insurance. Cyberattacks are expected to increase and evolve. Below are some statistics from Symantec’s 2016 Internet Security Threat Report:

  • Symantec identified 430 million new unique malware in 2015, up 36 percent.
  • In 2015, 191 million records were exposed in the largest data breach ever publicly reported—one of 318 breaches and nine mega-breaches (a mega-breach is a breach of more than 10 million records).
  • Spear phishing is up 55 percent.
  • Ransomware is up 35 percent.

It’s not a matter of when an attack will occur, but what the effect will be on your company. We recommend being proactive and advise management to regularly review their policies and risk assessments, analyze mitigation factors for effectiveness and evaluate the adequacy of insurance policies.

Print Friendly, PDF & Email
The following two tabs change content below.

Jeff Pauls

As a member of BKD National Financial Services Group, Jeff brings more than 14 years auditing and technology experience to the clients he serves. Before joining BKD, Jeff was an IT auditor for the Federal Reserve Bank of St. Louis.

Latest posts by Jeff Pauls (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *