Cyber Liability – What’s the Risk?

By Brian Francetich
UPDATED 11/28/16 – Cyber security is top of mind and critical to the wellbeing of your organization.  The risk is real and growing (as evidenced by the most recent NetDiligence study below).  In this RiskTip we want to primarily explore the options available to insure/transfer the risk.  There is indeed another key part – managing this risk effectively requires two components:  (1) Control and (2) Transfer/Insure.  Admittedly, we are not information technology and security experts and the element of “controlling” the risk is best suited for these professionals.  The risks must be rigorously identified and controlled but insurance/transfer is also critical as not all exposure can be removed by way of control.

Cyber Liability Insurance is reactive in that it is triggered upon an occurrence of breach or loss of private information.  The two primary exposure expenses applicable to a RIA firm, which can reimbursed and/or paid-on-behalf of you, are (1) Crisis Services and (2) Legal Defense Costs.  Crisis Services includes forensics, notification, credit monitoring and legal guidance expenses.   Proper steps after a breach occurs are critical and most insurance companies connect insureds with a cyber-breach expert to ensure that the severity of the event does not grow due to missteps in handling the forthcoming correspondence.  Coverage terms and additional sub-lines of coverage vary by underwriter and can include items such as loss of your own digital assets, non-physical business interruption, regulatory claims, cyber extortion threat coverage, media liability, employee privacy liability and other ancillary lines.

In closing, we think it is important to note what types of claims and expenses are associated with this risk. The NetDiligence 2016 Cyber Liability & Databreach Insurance Claims Study references 176 different insurance cyber claims, brought against various businesses.  Here are some key findings of the report:

  • The average claim payout was $495k. The median payout was $49k.
  • The highest average payout was in the Financial Services sector ($1.3M).
  • The average breach cost was $665k. The median cost was $60k.
  • The average cost for legal defense was $130k. The median cost was $16k.
  • The average cost for crisis services was $357k. the median cost was $43k
  • Breaches with few records can be very costly.  One event in the dataset involved 1 record with a cost between $1.5M and $2.0M

The good news is that the cyber insurance carrier marketplace has significantly matured over the past couple of years as insurance actuaries have more data to work with and charge accordingly.  Minimum premiums are considerably lower than the past and terms are as attractive as they have ever been.

marketsquare_participant_140Golsan Scruggs is a participating vendor in Schwab OpenView MarketSquare™. Schwab OpenView MarketSquare™ is an online resource that provides product information along with submitted ratings and reviews of technology. Advisors rate products for qualities such as service, value, and features and functionality, plus have the opportunity to give specific feedback on their experiences with products. This resource is exclusively for advisors who custody with Schwab Advisor Services™ and is available on the Schwab Intelligent Technologies™ website.

Golsan Scruggs is an insurance brokerage firm operating throughout the United States specializing in investment advisor E&O errors & omissions insurance (aka professional liability insurance) for RIA registered investment advisors.. As one of the largest insurers of RIA firms in the U.S., we have a dedicated staff that understands the risks of the financial services industry and delivers superior results.  We make the underwriting process painless.

Our RIASURE Review will analyze your fiduciary exposures, provide rate details and comparisons, and provide a contract comparison. No application required.

To obtain your complimentary RIASURE Review, please provide the following information or contact us at (800)273-5883. Fields marked with * are required.