I was reading this article the other day and a thought hit me. According to the link, $300 million of insurance coverage is about all you can find to protect a corporation from a cyber attack or data breach. After talking to a few brokers and underwriters it seems that the only way to get to a $300 million policy is to layer many insurance companies on top of each other, which can be a daunting process. But, wait a second…many say the Target breach could cost $3.6 Billion and they only had $100 million in coverage.. That doesn’t even take into account the revenue lost by customers leaving and the brand taking a hit.
The demand for more Data Breach and Cyber Insurance coverage exists, but it seems the reinsurance and insurance companies (Think of them like the investors/backers. They are the ones who make the promise to pay back the client.) are somewhat afraid of it. I don’t really blame them; I’m skeptical too. It will take years to collect enough data or “Proof” for insurance and reinsurance companies to feel comfortable entering the data breach and cyber insurance space in a big way; especially if another Target goes down.
If we don’t get a handle on breach exposures and understanding them, then the insurance market dries up as the insurance companies see the exposure as very risky; which technically will increase premiums too. However, the real trigger of demand may be when, and if, the federal government actually puts laws into place about consumer responsibility and protection of credit card data when a breach occurs. Currently, states have their own laws regarding breach, but no national law exists. PCI compliance is used to regulate the industry, but again..no federal laws.
The entire world now lives online, and $300 million is all we can find to insure a fortune 500 company from breach….the exposure is billions of dollars for some of these fortune 500 companies. Think about that.
Photo: Bob Mical