Introduction
Cybersecurity has never been more crucial than it is today. With the increasing prevalence of cyber threats and data breaches, individuals and businesses alike are vulnerable to significant financial losses and reputational damage. In response to these growing threats, cyber insurance has emerged as a valuable tool for mitigating risk and protecting against the consequences of a cyberattack. In this interview with Brian Mahon, EHD’s resident Cyber Insurance Expert, we delve into the world of cyber insurance, addressing the key questions and providing insights into this rapidly evolving field.

Interviewer: Thank you for joining us today, where we’ll explore the ins and outs of cyber insurance. To kick things off, could you explain what cyber insurance is?

Expert (Brian Mahon): Certainly! Cyber insurance, also known as cybersecurity insurance or cyber liability insurance, is a specialized type of insurance coverage designed to protect individuals and organizations from the financial losses associated with cyberattacks and data breaches. It helps cover expenses related to data recovery, legal fees, notification costs, and even public relations efforts to manage the fallout from a cyber incident. More info here: What to look for in a Cyber Insurance Policy (brianmmahon.com)

Interviewer: That sounds important. Who needs cyber insurance, and is it something that everyone should consider?

Expert (Brian Mahon): Yes, everyone, from individuals to small businesses and large corporations, should consider cyber insurance. Cyber threats don’t discriminate based on the size or type of organization. In fact, cyber criminals often prefer attacking smaller businesses (who sometimes lack proper cyber security) in order to find a way into larger more secure business. Anyone who handles sensitive data, such as personal information, financial records, or proprietary data, is at risk. Most companies rely on technology to operate day to day. Insurance agencies utilize agency management systems, distributors and manufacturers use ERP systems to track inventory, doctor offices use electronic health record software, not to mention the countless businesses that depend on tools like Microsoft 365 or e-mail. We can’t get away from technology.

Interviewer: How much does cyber insurance typically cost, and what factors influence its pricing?

Expert (Brian Mahon): The cost of cyber insurance varies widely and depends on five main factors. These factors include the size and industry of the insured entity, its cyber claims history, how much and what kind of data the company is responsible for, and its cyber hygiene or IT controls in place. Additionally, the amount of coverage needed, and the policy’s specific terms and conditions affect pricing. Overall, cyber insurance is priced based on the level of risk a policyholder presents, so it’s essential to work with an experienced insurance broker to tailor coverage to your needs and budget.

Interviewer: Great insights. Why should someone consider purchasing cyber insurance? Are there specific reasons that stand out?

Expert (Brian Mahon): Absolutely. There are several compelling reasons to buy cyber insurance:

  1. Financial Protection: It helps cover the significant financial costs associated with a data breach or cyberattack, which can include legal fees, data recovery expenses, and regulatory fines.
  2. Reputation Management: Cyber insurance can provide resources for public relations efforts to minimize damage to your organization’s reputation whether that be current customers or potential future customers.
  3. Legal Compliance: It assists in meeting legal requirements for notifying affected parties and regulatory bodies following a data breach. Most countries and U.S. States have some sort of privacy regulation, here is a map:
  4. Business Continuity: It can help ensure that your business continues to operate smoothly even in the wake of a cyber incident. When you are a “sitting duck” due to a cyber incident, a cyber insurance policy can pay net income plus continued operating expenses like salaries and overhead to keep you going during downtime.
  5. Peace of Mind: Knowing that you have financial support in the event of a cyber incident can provide peace of mind and allow you to focus on your core business activities.
  6. Competitive Advantage: Demonstrating a commitment to cybersecurity and risk management can be a competitive advantage when dealing with clients and partners, particularly larger entities that have stringent contractual insurance obligations.

Interviewer: How can someone determine if they have enough cyber insurance coverage in place?

Expert (Brian Mahon): There are two primary ways to assess if you have sufficient cyber insurance coverage:

  1. Risk Assessment: Conduct a thorough risk assessment to identify potential vulnerabilities and potential financial exposure. This assessment can help you determine the appropriate coverage limits. Often businesses utilize third party IT Service/Managed Service Providers to offer these assessments. Members of The National Society of IT Service Providers can be a good place to start: National Society of IT Service Providers (nsitsp.org)
  2. Consultation with a Cyber Insurance Expert: Work closely with an experienced cyber insurance broker or consultant who specializes in cyber insurance. They can help you understand your unique risks and ensure that your coverage aligns with your needs. Learn more about EHD’s here Brian Mahon – EHD Insurance

Interviewer: Valuable advice. Now, how can individuals and organizations secure the best deals on cyber insurance?

Expert (Brian Mahon): Getting the best deals on cyber insurance involves several steps:

  1. Comparison Shopping: Obtain quotes from multiple insurers and compare coverage options, deductibles, and premiums. Our self service portal allows you to do so here: Limit (policyapplication.com)
  2. Risk Mitigation: Implement robust cybersecurity measures and risk management practices. Insurers often reward organizations that demonstrate a commitment to cybersecurity with lower premiums, transitioning from bad IT controls to good IT controls could swing annual cyber insurance premiums up to 30%! Items like MFA, EDR, employee security awareness training, and robust back up strategies are paramount.
  3. Choose the Right Coverage: Tailor your policy to your specific needs. Don’t pay for coverage you don’t require, but ensure you have adequate protection.
  4. Work with an Expert: Partner with an insurance broker who specializes in cyber insurance. They can provide valuable insights and negotiate on your behalf.

Interviewer: Lastly, where is the cyber insurance market heading in terms of claim trends and premium projections?

Expert (Brian Mahon): The cyber insurance market is continuously evolving. Overall claim trends indicate a rising frequency of cyber incidents, leading to increased demand for cyber insurance coverage. That being said, we’re back to pre-pandemic levels as indicated by Chubb’s Cyber Risk Index. We continue to see phishing/social engineering claims lead the way followed by ransomware/extortion.  We’ve also seen an uptick in old school “check washing”, which are traditional crime claims. As a result, premiums may continue to rise in the near term. Insurers are also becoming more selective about the risks they underwrite, emphasizing the importance of robust cybersecurity practices for policyholders. At the same time, Cyber insurance is one of the fastest growing property & casualty insurance products, so more insurance carriers are entering the space and offering additional underwriting capacity, which can ultimately lower premiums. More info here:

Conclusion

Cyber insurance is no longer an optional consideration but a vital component of risk management in today’s digital age. It provides the financial protection and peace of mind necessary to navigate the ever-changing landscape of cyber threats. By understanding what cyber insurance is, who needs it, how it’s priced, and why it’s essential, individuals and organizations can make informed decisions to safeguard their digital assets and financial stability. Furthermore, working with knowledgeable insurance professionals can help ensure you have the right coverage at the best possible price. As the cyber insurance market continues to evolve, staying informed and proactive will be key to effectively managing cyber risk.

About the Author

Brian Mahon

Brian Mahon is a Certified Insurance Counselor (CIC), and innovation enthusiast. Brian has served innovative companies in the technology and life science industries since 2017. After a few years of helping entrepreneurs and CFOs at small, medium, and large companies with their risk management programs, he realized his favorite clients were all MSPs! In March of 2022, he graduated from Chubb and Carnegie Mellon’s Cyber COPE Insurance Certification program. Brian serves small to medium sized businesses in a sales and service role while specializing in cyber liability and commercial insurance for managed services providers, and community health centers, among others. He is currently pursuing his MBA at Penn State.

You may follow Brian on YouTube and LinkedIn to stay up to date on cyber insurance industry trends and cyber security risk management best pacices.

LinkedIn

Brian Mahon – YouTube