Why are some companies still underinsured for cyber crime? 

According to a report by Reuters, Dutch insurer Tryg said that 90% of its corporate customers will buy cyber crime insurance within the next five hears as the threat from hackers and viruses to data and IT systems rises. Since the beginning of the year the company has sold 5,000 cyber crime insurance policies.

Wannacry the ransomware that was unleashed in May this year, caused major disruption to thousands of computers worldwide, is believed to be the catalyst for the increased demand in cyber insurance. Reuters said Tryg’s chief executive, Morten Hubbe told it that the company expects to see around 50% of clients buying cyber crime insurance by 2020. A couple of years later, this figure is predicated to jump to 90%.

However, not all companies appear to see this insurance as a vital element to protecting their businesses. According to Aon’s 2017 Global Risk Management Survey, smaller companies don’t prioritise cyber crime as much as they should compared to their larger competitors. According to their report, larger firms see cyber crime/hacking/viruses and malicious codes as their second highest risk, but smaller companies rank this threat as much lower.

Unfortunately, we are moving into an age where cyber crime is a real threat to any business, regardless of size. Aon points out that cyber crime has evolved from stealing individuals’ personal information and credit cards to staging coordinated attacks on critical infrastructures.

Cyber crime is now so common that it’s being compared to fires and floods because, just like natural disasters, they can cause massive business interruptions through electric outages, the shutting down of assembly lines and blocking customers from placing orders. This would hurt any business – small or large.

However, in some instances, companies prefer to insure their equipment rather than guard against cyber crime – why is this? Do they not realize the potential threat? Or are brokers not giving adequate advice?

Aon points out that insurance specifically designed to cover the unique exposure of data privacy and security can act as a backstop to protect a business from the financial harm resulting from a breach. Fixing problems caused by ransomeware such as Wannacry is not easily covered by companys’ slush fund. It needs plenty of funds and expertise – something not every company has dedicated to such a threat.

What’s also critical to point out is that general cyber insurance is not a panacea for all breaches. While some categories of losses might be covered under standard policies, there may be gaps where specialist cover is needed. This is why it’s so vital that companies work with their insurance brokers (and vice versa) to scrutinize the fine print and determine any potential problems or areas where extra cover would be an advantage.

If cyber cover is becoming as common as say car or home insurance, it should be treated with the same regard and studied to ensure it’s the right kind of cover for the business (large or small).

Make it a pact to talk to your clients about cyber insurance for 2018, particularly if they don’t have any cover at all. Explain what’s included and excluded. At the time of writing, reports highlight that premiums for this type of insurance are still soft, meaning that your clients will probably still get a good deal. That is, until the next big cyber disaster strikes!