Almost everybody loves bacon and as a result, some interesting new businesses have sprung up around this tasty food. We recently stumbled across J&D's, a Seattle-based company that specializes in all things bacon. In addition to run-of-the-mill flavorings, spreads and dressings, J&D's offers exotic items like Bacon Moustache Wax and bacon-flavored deodorant. The company even sells Naked Bacon Cooking Armor for those who wish to rustle up bacon in the buff (not advised though as it tends to splatter hot grease around when cooking).
We're not sure how big an appetite people have for these products, but we do know that banks are hungry for more information about cyber-risk insurance. It's not mandatory yet, but the day could come in the not-too-distant future. Already there are rumblings from regulators about the increasing importance of cyber insurance. In a Dec. 3 speech to the TX Bankers' Association, Treasury Deputy Secretary Raskin set out reasons why banks should be investing in cyber-insurance. Then, on Dec 10, NY State Department of Insurance Superintendent Lawsky issued an industry guidance letter to banks outlining new targeted cyber-security preparedness assessments. The letter expressly states that examinations will include "cyber security insurance coverage and other third-party protections."
Cyber-risk insurance is relatively new and is it becoming increasingly popular, particularly in the wake of high-profile data security breaches at large companies. In 2013, only 10% of respondents to a study sponsored by Experian Data Breach Resolution said their company purchased a policy. In this year's poll, the percentage more than doubled to 26%. While the study didn't focus only on banks, financial services firms accounted for nearly 20% of the respondent base.
Cyber-risk insurance is expected to grow substantially over time as the spate and size of data breaches continue to increase. In 2013, 33% of respondents to the Experian report said their company had been hit with a data breach. This year, the percentage increased to 43%. What's more, 60% of respondents said their company experienced more than one data breach in the past 2Ys, up from 52% of respondents in 2013.
Even if you've taken preventative measures to ward off breaches, there's no guarantee one won't occur, which makes cyber-risk insurance all the more compelling. You might be able to handle a minor breach or two without additional coverage, but if you are unlucky enough to be hit with a massive cyber breach, your general liability policy probably won't do you much good.
When it comes to cyber-insurance, not all policies are created equal, however, so you have to shop around and read the fine print carefully. There are certain cyber risks that are commonly covered, but don't assume carriers offer the same protection.
How much this insurance costs is also a loaded question. Cost depends on the size and scope of your business and it varies widely by carrier. We did a cursory search and found you might expect to pay in the range of $10k to $35k or more a year in premiums for $1MM in coverage. Keep in mind that $1MM probably wouldn't even scratch the surface if a large-scale breach were to occur at your organization.
We know cyber insurance can be expensive, but the reality of the world we live in is that you can't be too prepared. At the very least, you'll sleep better knowing you have an added blanket of protection. Then, if you're so-inclined, you can even catch your winks on a bacon-flavored pillowcase.