Cyberattacks: How Can Agents Stop Business Owners’ False Sense Of Security?
Cyber insurance: if you’re a consumer looking at the current state of retail, then you’re probably wondering if you’ll ever be safe again. First, the Target breach that began in December grew from 40 million customers affected to 60 and now seems to have rested at 110 million.
That was followed by an announcement last week from Neiman-Marcus that the personal information of 1.1 million customers may have been taken in a three-month breach of its security systems. Now craft store giant Michael’s out of Irving, Texas, is alerting customers of a “possible” data breach that is currently being investigated by the Secret Service. http://wapo.st/1e32HKm
Michaels issued a statement on Saturday saying it had “not yet confirmed any compromise to its systems, but believed it was best to tell its customers about the issue quickly,” according to the Washington Post. Secret Service spokesman Brian Leary also confirmed an investigation was underway.
Michaels is encouraging customers to review payment information to check for unauthorized charges. Unlike in the Neiman-Marcus and Target cases, an estimated number of affected customers has not been released at this time.
This trio of data breaches are stark reminders of the gaps that exist in business coverage. Anti-virus software, firewalls, and other security systems, are all easily circumvented by the right hacker. Neither maintaining a network onsite nor outsourcing to other companies offer adequate protection.
In fact, when data is outsourced to a cloud provider, as it commonly is nowadays, companies are not only open to having their own businesses attacked, but they’re also vulnerable in the event their outsourced provider is attacked.
Sean Mayer, account executive at South Dakota-based Holmes Murphy & Associates, urges buyers, when dealing with a cyber insurance policy, to find out “whether it extends to information in the custody and control of a third party.”
“A good example of this is cloud service providers,” he explained. “Would you expect your company to be protected if a cloud vendor’s network security failed, resulting in liability for your company because of the breach of private data? If so, you will want to be diligent about selecting an insurance company and coverage because many policies do not include this risk. Cyber policies should be clear about the coverage they provide for data managed by third parties such as cloud vendors.”
Mayer continued: “Another component to consider is coverage if your company were to suffer a loss of data arising from a cloud provider’s network security failure. This could result in a business interruption loss arising from the inability to access the data that is stored on the cloud provider’s system.”
While Mayer’s words are aimed more at the buyer end of the market, there’s a meaty lesson here that insurance agents should keep in mind when selling these types of policies:
Cyber Insurance Is Still A Mystery To A Lot Of People Who Should Be Buying It.
The heavy hitters like Michaels, Neiman-Marcus, and Target, will feel the heat from a cyberattack, but they’re usually mindful enough to have significant protections in place so that it doesn’t sink their business.
(Although that Target breach is a big deal.)
Smaller businesses don’t wear as big of a target, and so there’s a chance they’ve been lulled in to a false sense of security regarding cyber insurance when one attack like the kind the aforementioned “Unlucky Three” have experienced, would close their doors overnight.
Small businesses that are mindful of the cyber threat may also be experiencing a false sense of security because they’re outsourcing data storage. They assume their info is secure and their business is free from liability simply because “someone else is handling it.”
How do they know they need the help if they think they’re already covered when they’re not?
These are challenges that insurers must overcome when selling cyber policies, but they also offer incredible opportunities for what is still an underserved portion of the industry.
Expect buyer interest to improve in the coming months in light of the frequent plundering of data. More people will be receptive and ready to buy, but they’re going to need education on what a cyber insurance policy can do for them (as well as what it can’t). The successful agent in this market will be a successful educator.