Survey Cites More than Half of U.S. Businesses Have Experienced a Cyber Attack

A recent survey of business executives by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re, shows that 53% of firms have experienced a cyber attack in the past year. Of the hacked companies in the last 12 months, 72% spent over $5,000 to investigate each cyber attack, restore or replace software and hardware, and deal with other consequences. More than one-third (38%) of the hacked businesses spent more than $50,000 to respond; 10% spent $100,000 to $250,000, and 7% more than $250,000, as cited in the survey.

The survey also shows that seven in 10 executives are concerned that data would be destroyed as a result of a cyber attack and 62% were concerned about equipment damage. Indeed, the most common result of a cyber attack for a business is loss data followed by business interruption.

Malware (53%) and viruses (51%) were the most common types of cyber attacks, according to survey respondents. Businesses and institutions also experienced distributed denial of service (DDoS) attacks (35%); ransomware (29%); cyber extortion (25%) and social engineering (13%).

As a result of the rise in incidents, as well of the awareness of the extent of damage a cyber attack could wreak on a business, more and more are not only purchasing Cyber insurance coverage but also increasing the level of coverage they have. The increase in the Cyber market is underscored by a 2017 RIMS Cyber Survey, which shows that organizations are buying more insurance.

Cyber Liability Insurance  

Cyber coverage can be designed to respond to both first-party and third-party losses with a policy tailored to include the following: 

First-Party Coverage

  • Brand Protection/PR Expenses: Designed to help a business communicate to customers, business partners, and the public in response to news of a data breach in order to try to prevent and limit lost business.
  • Breach of the Network: Includes both remediation expenses and notification costs to customers and/or patients whose data may be compromised.
  • Cyber Extortion: Covers the ransom to a cyber criminal who accesses and encrypts data and is demanding payment to stop or prevent an attack.
  • Business Income and Extra Expense: Covers lost profits and extra expenses following a data breach.

Other first-party coverages available include data restoration expenses, computer fraud, or fund transfer fraud.

Third-Party Coverage

  • Breach or Loss of Data: If data is lost, this coverage will respond in the event a suit for damages is filed.
  • Media Liability: As on-line information increasingly replaces traditional sources such as newspapers, television, and radio, losses due to infringement are possible.
  • Regulatory Investigation/Fines: Covers the legal, technical or forensic services necessary to respond to governmental inquiries relating to a cyber attack; also provides coverage for fines, penalties, investigations or other regulatory actions.

It’s important to review the specifics of each coverage part and the limits of liability available in a Cyber policy with each client so that he/she fully understands what is covered and the extent and scope of the coverage. RPS provides Cyber insurance coverage for all types of businesses and can help you design custom policies for your clients.