By: Marsh & Mclennan Agency
The threat of a cyber-attack is no longer a case of IF it will happen but WHEN it will happen
How can you protect your organization?
A cyberattack can include a computer virus, phishing, Trojan horse, hacking, ransomware, and unauthorized access to company and customer information. Cyber liability coverage protects your organization from claims by other individuals or organizations because of a cybercrime. The policy provides support if there are lawsuits against an organization for failing to protect the confidential information of others. This coverage could be essential. According to the 2016 Verizon Data Breach Report, the global cost of cybercrime will reach $2 trillion by 2019, a three-fold increase from the 2015 estimate of $500 billion.
An organization may purchase cyber liability coverage for a number of reasons:
- The organization will only have to make one call to their insurance carrier if they believe a cyber breach has occurred. The carrier will manage the breach investigation (invaluable as many companies will not have the resources to manage the breach).
- Cyber coverage can also cover the theft of information in paper files (important as companies store years of information both on- and off-site).
- ERISA plan fiduciaries may have increased liability. Fiduciaries should review their TPA’s protection of electronic plan data.
- Directors and Officers can have personal liability for failing to implement systems and controls to protect their organization’s data.
- There is an increase in cyber coverage requirements for an organization’s contractual obligations with customers.
What may be the most important feature of a cyber liability policy is the support it will provide. Most cyber liability carriers will hire a forensic specialist to determine if a breach occurred, help determine the scope of the breach, and identify who must receive notification of the breach.
The cyber coverage included in most package policies will not include the scope of coverage that is needed. It is important to understand not all cyber policies are the same. Cyber liability coverage should be reviewed along with all liability coverage associated with the organization.
What are other organizations doing to protect themselves?
There is relatively little data on what cyber issues small and midsize organizations have been faced with and what things they are doing to protect themselves. For the last two years, Marsh & McLennan Agency has conducted a cyber survey focusing on small and midsize employers. This year they are partnering with Marsh and Microsoft to launch its third annual survey. The intent of the survey is to better understand how they compare to their peers around the country in the areas of cyber exposure, adoption of risk management techniques, and their overall understanding of the risk they face.
In the Marsh & McLennan Agency 2015/2016 cyber survey, they found that 60% of all cyber-attacks struck small to medium-sized businesses because even one successful attack could shut down a company completely because of the enormous costs associated with recovery. This data is alarming when only 34.6% of these businesses believed the threat of a cyber-attack wouldn’t be severe enough to warrant the investment of time and resources.
The ultimate take away is there are clear benefits from addressing cyber and data security at the executive level. Starting and maintaining regular discussions about cyber security and loss mitigation techniques can lead your organization to have an active role in safeguarding themselves if – and when – a cyber-attack occurs.
If you are a small to midsize organization, you can contribute your thoughts on cyber risk and participate in the Marsh & McLennan survey by clicking here: www.marshmma.com/2017GlobalCyberSurvey.aspx
Learn more about MMA Michigan:
Health & Benefits- Troy Property & Casualty- Livonia
(248) 822-8000 (734) 525-2463
Find out more & join the conversation on social media! #MMAinsights
About Marsh & McLennan Agency – Marsh & McLennan Agency LLC, a subsidiary of Marsh, was established in 2008 to meet the needs of midsize businesses in the United States. MMA operates autonomously from Marsh to offer employee benefits, executive benefits, retirement, commercial property & casualty, and personal lines to clients across the United States.