Cyber security is an evolving exposure for any organization which handles, transmits, stores or processes “personal identifiable information (PII).” A simple definition of PII is any data that could potentially identify a specific individual, such as employee files, customer records, credit card information, personal health records, etc.
Over the past three years as I have been focused on cyber security, I have seen it develop from an ancillary type coverage to something Main Street businesses are now considering. Several years ago it was difficult to help the agent and insured understand the need for cyber security. However, with multiple high profile security breaches and cyber crime issues this is now something every business is concerned about.
As an example, on February 5, 2016, a Los Angeles hospital’s IT systems were taken hostage for an entire week. The hackers inserted ransomware into the hospital’s network causing them to lose control of all of their IT systems and demanded $17,000 in bitcoin to release control. The hospital was forced to pay the ransom in order to regain control as quickly as possible.
All types of risks are eligible for cyber security. The most popular are retail, health care organizations and companies that handle credit card or personal information. The industry has seen a large increase in demand from all types of insureds and in turn the market has adjusted making it more difficult to obtain cyber. It is more difficult to obtain cyber coverage because markets have tightened up underwriting standards and capacity. Currently London is working hard on a unified project to fully assess the overall risk exposure for the cyber that is currently offered. This ongoing project will help all carriers better understand their risk and modify their underwriting approach accordingly.
In the past year I have seen cutbacks in coverage offered, increase in price and retention and a reduction in appetite. We have also seen carriers enter and exit the market. Many of my colleagues say that cyber is similar to EPL’s (Employment Practices Liability) evolution. In today’s business climate it is clear that this is no longer an ancillary cover and insureds should be purchasing this along with their other lines of cover.
Sullivan offers access to a variety of competitive cyber security markets. Our expertise can help you understand this risk and how to better protect yourself and your organization.
By Bridget Livingston, Broker at Sullivan Brokers in Los Angeles
Want more information?