Company without cyberinsurance on the hook for $668k scam

Cyberinsurance

Cyberinsurance is one of the most important protections your business can carry, full stop. No business can exist without insurance coverage of some kind, be it worker’s comp, commercial liability, etc. But one of the most important entrants to the insurance market is cyberinsurance. What was effectively nonexistent 15 years ago is now a mission-critical must have for basically every business.

I was chatting with a good friend of mine who owns an insurance brokerage, and he relayed a story to me about a client of his. This law firm submitted an insurance claim for just shy of $700,000 because they were the victim of a sophisticated and devastating phishing scam. But, because the firm didn’t carry cyberinsurance explicitly, the claim had to be denied. This means they’re likely to be forced into going to court and paying a settlement.

The bottom line? Don’t let something like this happen to you. $700,000 could be a crippling loss for many businesses, which is why cyberinsurance is positively a must have.

The facts about cyberinsurance

According to Stephen Hefner, owner of the Stonebriar Insurance Group, cyber crimes are “the leading cause of financial harm to companies in the current insurance market.” Not “a” leading cause of financial, but “the” leading cause. That’s shocking at first glance, but if you think about it, it doesn’t really surprise me considering how prevalent and sophisticated cyber attacks, phishing scams and the like have become.

“Hacking, phishing and social engineering scams continue to rise,” Hefner continued. As such, they are “the most common and expensive losses in the current market.”

“Scams are extremely prevalent, and they are growing more sophisticated by the day. Many times the emails, phone calls or faxes are completely indistinguishable from real employees or customer’s accounts.”

He gave a simple example that really underlines how pernicious these attacks have become:

An easy example is when a company receives an invoice from one of their vendors or customers and remits payment. The name, email, domain, color of text, etc. all are identical — the only thing different is the account number that the invoice request lists. Once the money is sent, the money is transferred many times over and the account is closed.

“Cyber insurance serves as an instrument to make the insured or their 3rd party (vendor, customer, etc) are made whole after an issue like this,” Hefner said.

The “but” of cyberinsurance

Because the prevalence and costs associated with these kind of breaches have both gone through the roof, there are fewer insurance carriers who even offer cyberinsurance. That does mean premiums are going up. “From 2020 to 2022, the average rate of cyberinsurance has increased over 400%,” Hefner continued. “Due to the increase in cases, expense of these losses, and the carriers pulling out of the market, there are fewer programs in place to write the coverage (and thus, higher rates).”

That said, cyberinsurance isn’t prohibitively expensive. Hefner shared a policy his firm issued to a medium-sized Texas company. The policy provided for $2,000,000 in covered losses (including cyber losses), and the annual policy costs just shy of $6000 for the year. $6000 a year vs. a near million dollar breach seems like a pretty easy calculation from where I’m sitting…

The bottom line

I get it — no company wants to pay for unnecessary insurance products. They aren’t the cheapest things in the world, and you may never need to file a claim. But, the downside risk of not carrying cyberinsurance is crippling. My company can’t afford to roll the dice when the downside of an attack could be $700,000 out of my pocket.

That’s why we recommend cyberinsurance to all of our clients. We can help you choose the right carrier, the right policy for your business, the right coverage amounts, etc.  We’re experts in managing your technology, which includes managing your technology risk. Give us a ring today, and we can help you make sense of this vital business necessity.