Five Things to Consider When Evaluating Your Cyber Risk
Jennifer Dumont | February 07, 2019
2018 was a banner year for big data breaches. Some of the biggest include Facebook, T-Mobile, Marriott and Ticketfly, just to name a few. Millions of people had their personal data compromised, including locations, contacts, device information, addresses, phone numbers, and credit card information.
We have all heard about these large cyber hacks, some of which may have even affected you personally. But what most do not hear about are the small, everyday businesses that fall victim to data breaches--and the effects are devastating.
Whether a company is private, non-profit or public, all types of businesses are at risk. Here are some basic tips you can share with your clients on how to evaluate their company's cyber exposure.
1. Identify your exposures. When we think of cyber risk, network security and privacy incident come to mind. By identifying your exposures to the risk, you can develop a plan of action. Exposures can include employees, clients, company and confidential information. How is this private information handled in your firm? Another potential exposure source is your website. What content do you store there? All this information is subject to a breach with consequences. Can an employee log in to your system from everywhere? Could a rogue employee hack into your system after termination and steal or compromise sensitive company information? What about clients who have access to enter your system? All these situations are considered exposures that could contribute to a breach.
2. Examine your data storage system. Once you have identified sources of exposure for a breach, consider how you store information from your site and captured information. Do you operate your network or outsource this to a vendor? Remember, a data breach can also include physical paper documents that have been exposed. We’ve all heard about the typical scenario of a data breach from hackers who are never identified or caught. Cyber thieves can try to extort information by holding systems for ransom and shutting down operations until payment is made. They may steal private personal information, which means you must follow the protocols for notification of a breach. Small businesses are affected every day by these hacks which never make the news.
3. Evaluate your current cyber insurance policy. Take a close look at your cyber insurance policy and determine the triggers for coverage to apply. If you do not have a cyber policy in place, consider the costs to mitigate a claim versus transferring this risk through an insurance policy. With this understanding of cyber risk, what should you look for in a comprehensive cyber policy provided by your insurance professional? You should be looking for policy wording that includes responding on a discovery basis with no retroactive date. Consider deeming your cyber policy as primary to respond should you have a sublimit of cyber on your BOP policy where coverage is minimal, due to the “other insurance” clause. Is the insurance carrier able to manuscript endorsements as unique situations to your company arise? Also, is policy language providing knowledge limited to the executive officers—the preferred wording-- as well as a carve-back of coverage for the rogue employee?
4. Consider your risk management processes. Cyber risk consists of network security and privacy incident. In a security failure, your company failed to protect its system, leaving it open to attack by a virus, code or ransomware. In a privacy incident, your company failed to protect your computer systems, private information, or both. In addition to the actual coverage of a cyber policy, what risk management services are offered to help prevent and strategize against a breach? Do you have a plan in place to respond to a network or data breach incident? Do you have access to qualified pre-breach expert consultants with tools such as notification guides and white papers?
5. Be aware of breach notification requirements. If you’re struck by a data breach, you will need to hire forensic investigators, legal counsel and a public relations firm to determine your liability and notify those affected of a breach. Class-action lawsuits by customers whose information you have compromised, as well as regulatory investigations for violations of the law, also need to be taken into consideration. Additionally, specific definitions in cyber policies do not translate the same in other cyber policies, so you’ll need to carefully evaluate terms and coverage. That’s why it’s best to review all these items with your insurance professional to initiate a plan of action of evaluate your current one.
Every day we hear about another company that’s been hit by a cyber breach. How have your clients planned to handle the expenses their company could sustain from a cyber incident? Do they have the funds to contain a network security failure or privacy incident or have they transferred this risk to a cyber liability policy? Now is the perfect time to sit down with your clients and help evaluate and protect their liability exposure in the world of cyber.
Jennifer Dumont, RPLU, CIC is a Senior Vice President with Atlantic Risk Specialists, a full-service wholesaler and managing general agent with offices in NJ, NY and FL that specializes in brokerage, professional lines, workers compensation and programs. She has over 25 years industry experience and specializes in professional lines placements and consulting. She can be reached at 941-962-9968 or firstname.lastname@example.org.
- Take a Business-Driven Approach to Continuous Improvement for Core Systems and Processes
- Electronic Chat with Ron Glozman
- Guidewire’s Data Guru Mike Byam on How Insurers are Using Internal and Third-Party Data
- Electronic Chat with Russ Bostick
- Electronic Chat with Rock Schindler
- Electronic Chat with John Siegman
- Electronic Chat with Martin Burlingame
- Insurtech Landscape 2019: Top 5 Takeaways
- Grinnell Mutual Tackles Massive Transformation -- in Stride
- A Candid Conversation with Paul Mang
- SageSure Insurance Managers Improved Competitiveness by Consolidating Payments to a Single Digital Platform
- Digital Does Matter in Insurance-- And Insurers are Missing the Mark
- The 22nd-Century Insurer: Taking a Cloud-First IT Approach
- The September/October 2019 issue of ITA PRO magazine is now available in digital format here:
- ITA Pro Magazine May/June 2019
- Spotlight on the 2019 IASA Conference
- ValueMomentum Selects Erie as Site of Regional Development Center
- Capgemini and Majesco Become Alliance Partners
- Electronic Chat with Dr. Dan Shoham
- Electronic Chat with Todd Greenbaum
- Martha Notaras: The “Outsider” with an Amazing Inside View
- Electronic Chat with Larissa Tosch
- Martha Notaras Will Join ITA LIVE 2019 as a Keynote Speaker
- Five Things to Consider When Evaluating Your Cyber Risk
- ITA Pro Magazine, January/February 2019
- Synergy Between Insurers' IT and Analytics Teams Key to Operationalizing Insights, Says Novarica
- Major Ransomware Attack Could Hit U.S. with $89B In Economic Damages
- ITA Announces 1st of Three Keynote Speakers at ITA LIVE 2019
- Electronic Chat with Jeroen Morrenhof
- Legacy Systems Are Dead. Really? Don't Count On It.
- Now Accepting Nominations for the 2019 ITA Bridge Awards
- It's time to register for ITA LIVE!
- Registration is Now Open for ITA LIVE 2019!
- What to Expect from a Digital Experience Platform Implementation
- ITA Pro Magazine September Edition is Now Available
- It's National IT Professionals Day
- Save the Date for ITA-LIVE 2019
- OneShield Software and UrbanStat Work Together to Improve Real-Time Analytics and Risk Decision-Making
- ITA LIVE 2019 - SAVE THE DATE!
- Insurance Technology Association Announces New Editor-in-Chief
- August 2018 Edition ITA Pro Magazine is Now Available
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- SDRefinery Rebrands to Reflect Evolving Business Model and Announces New Appointments
- Zywave Acquires Data Analytics Provider miEdge
- Trov Launches White-Label Renters Insurance Application in Partnership with Lloyds Banking Group
- Bestow Announces Executive Hires
- OCTO Acquires Nebula Systems, Reinforcing Leadership in Intelligent Vehicle Diagnostics
- Eastern Alliance Insurance Group Selects Insurity’s Cloud-hosted “Workers’ CompXPress Suite”
- SageSure Insurance Managers Appoints Paul VanderMarck to Accelerate Innovation
- The Commonwell Mutual Insurance Group Deploys Guidewire InsurancePlatform in Deloitte’s InsurCloud
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA LIVE 2020
ITA LIVE 2020 –SAVE THE DATE!
April 5th – 7th, 2020
The Diplomat Resort
Become a member today to receive updates – www.itapro.org/MR
BLOGS AND COLUMNS
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE