Is cyber liability insurance necessary?
View the video here on your mobile device.
In April 2011 a cyber data privacy breach at Sony affected nearly 77 million people, tarnishing the company’s reputation, sparking legal action and causing great trepidation for Sony customers. Despite this, a large percentage of executives in various organizations that participated in the Tower Watson’s 2011 Risk and Finance Manager survey, say they have adequate protection against such crimes, and don’t need cyber liability insurance. Larry Racioppo, Executive Liability Practice leader with Towers Watson, disagrees.
Larry Raccioppo: In our recent survey there were a couple of reasons why those that don’t purchase are starting to come around or cited reasons why they don’t purchase cyber liability insurance. Thirty-seven percent, the largest piece of it, felt their internal controls, their own IT controls, are adequate.
When you talk about it it’s really stuff that is uncontrollable, which is the lost lap top. Even the best IT controls really aren’t going to respond or help in that regard. You know, a simple leaving a lap top on a train type of thing.
Another component is they feel the policy is too expensive. Fifteen percent I think noted that. When you think about the potential catastrophic consequence of a cyber event and combine that with the state of the property/casualty market, I think you can argue it’s a fine time to be in the market.
I guess the third component of that is I think a lot of Chief Financial Officers and finance folks really have a hard time understanding or quantifying the exposure. And I think that is something we certainly really try to do is to work with risk assessment or risk mitigation firms, and trying to give them that how big could the potential problem could be.
A lot of companies have corporate confidential, commercial information, which is a big component to it. It’s not only the personal identifiable information, it’s also the corporate information that’s a big component to it. It’s no longer a couple guys in the basement kind-of-thing. It’s very sophisticated teams that are always one step ahead of the technology. So that’s certainly a component to it, but it’s also the data breach component. It’s the loss of lap tops; it’s the failure of technology. Even if it doesn’t work as it should is a component to it, so it’s not only the bad actors.
You might also be interested in: Is corporate cyber crime inevitable?
