News of malicious intrusions by hackers stealing millions of personally identifiable information from businesses might grab the headlines, but the “bread and butter” cyber claims that insurers see in far greater numbers can be just as involved and costly.
These claims involve privacy-related breaches that require strict compliance with a myriad of state and federal laws; incidents arising out of human error; lost equipment with unencrypted data, insider threat, and more.
The Cyber Risk Network recently spoke with cyber insurers about the process of investigating these claims and the benefits in having coverage that responds not only to the less frequent hacker-driven events, but also to the events that are more likely to occur – and must be addressed as rigorously.
Since privacy laws have expanded in severity and scope since 2003, such events call upon the breached party to respond with the various state and federal regulations that apply to their company and customers. According to Advisen data, events caused by non-malicious individuals have increased steadily the last 10 years.
“Most of the claims are not hackers and they’re certainly not mostly sophisticated nation-states,” explained Tim Francis, cyber lead at Travelers.
***
This 9-page report written by Erin Ayers, editor of the Cyber Risk Network, is available free of charge to subscribers of the Cyber Risk Network. If you are a member, you should have received a copy of the paper in your email inbox.
If you are not a paid Cyber Risk Network member, this paper is $249.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
