Do Insurance Agents Need Cyber Liability Insurance?
By Joe Peters
Think you don’t need cyber liability and data breach insurance? With cyber losses mounting, it might be time to reconsider.
Many insurance agents don’t think they need cyber liability and data breach insurance. They believe their business is too small to be at risk or their cybersecurity plan sufficient to keep hackers at bay. Think again. Regardless of business size and cyber defenses, all insurance agents are at high risk of falling victim to cybercrime.
The reason is easy to see: Each year, the world becomes increasingly digitized. This means insurance agents and agencies store more data electronically— in local databases but also the cloud. More criminals have also learned they can make big money by stealing other people’s information or holding it hostage.
Hackers have become increasingly clever, revising their attack vectors as companies harden their digital defenses. How can your insurance business stay safe when the world’s largest corporations can’t?
Risks Mounting Rapidly
This much is clear: insurance agents face an increasingly perilous cyber environment. According to the FBI’s Internet Crime Complaint Center, cyberattacks grew from 791,790 in 2020 to 847,376 in 2021. Losses exploded from $4.2 billion to $6.9 billion over the same time period.
When attacks occur, the financial aftermath can be devastating. The 2021 Cost of a Data Breach Report from IBM and the Ponemon Institute revealed an average loss of $180 per breached record. If your database consists of 1,000 customers, a breach might cost you $180,000 to repair and restore your system. Can you afford to spend this much or more to recover from a hacking incident?
Making matters worse, the finance and insurance sectors have become more enticing to cybercriminals. According to Verizon’s 2021 Data Breach Investigations Report, 2,527 cyber incidents occurred in 2021, 690 with confirmed data disclosure. Basic web application attacks, system intrusions and miscellaneous errors represented about 80% of all breaches. External actors perpetrated 73% of the breaches, with financial motives involved in 95% of the events. As an agent, being part of an industry with a cyber target on its back does not calm the mind.
Four Major Cyber Risks
Let’s be honest: You are a high-profile cybercrime target. Why? Because you record and store large amounts of personally identifiable information (PII). Since you’re at the front end of the insurance sales and underwriting process, you collect client names, dates of birth, Social Security and financial account numbers, payment information and more. Then you send this data to your insurance carriers and store it on your own servers. You also save your own data for use in marketing and other company functions. In either case, having PII on your computer is a necessary part of your job. But, it puts you in the crosshairs of cybercriminals.
How will hackers come after you? Here are four common types of cyberattacks:
- Ransomware– Hackers will encrypt your computer so you can’t use it. Imagine one day you arrive at work to discover you can’t access your customer files, marketing data, correspondence and more. In short, everything you need to run your business is unavailable. Think about how this will affect your clients. When they email you a claim question, expecting a prompt response, they will get silence. Insureds who call with questions about coverage will remain in the dark because you can’t access their policies. Multiply this by dozens or hundreds of client interactions over days and weeks, and you can see how severely a ransom attack will disrupt your business. “But I have a data backup,” you say. True, but it might not include your applications. So now you have two stark options: Pay the ransom or restore your backup. With the latter choice, you must painstakingly restore your software applications and other digital tools. This could take many hours or even days. In this context, paying the ransom might seem a better choice.
- Hacking– Stealing your company’s or clients’ confidential information is the goal. Hackers use breached data to target your financial assets or those of your customers. Because of state data breach laws, if they steal client data, you must notify each affected person promptly while also providing complimentary credit monitoring. The cost of data breach regulatory compliance can be high, especially for insurance agents who are solopreneurs.
- Phishing– Hackers often use business email to steal credit card or bank information, Social Security numbers or passwords. How? By emailing or texting messages that appear credible, which invite you to click on a link to complete a familiar transaction. When you enter your private information on their phony web form, they will use it to access your account. The impact can be devastating. For example, imagine if a hacker drained the cash in your business checking account, leaving you with no money to pay bills for days or weeks to come. This would put your accounts payable on ice, angering vendors and disabling your marketing effort. Without marketing, your top-line revenue might take weeks to recover.
- Malware– Hackers often send emails with an attachment. If you download or open the file (commonly a Microsoft Word document), it will execute malware. This can wreak havoc on your computers. For example, it might change settings, stop certain programs from opening or spy on and record your computer usage. As with ransomware, a malware attack can impede your ability to respond to prospects and customers, essentially putting your company into suspended animation.
- Cyber Deception– Often referred to as social engineering, cyber deception is a set of techniques that skilled attackers use to entice you with trust. Like phishing, hackers practicing cyber deception will impersonate business partners or employees and use authentic-looking emails to gain your confidence. However, cyber deception is far more thought out than your average phishing attempt. They’ve typically completed research about your company before connecting with you, all to aid them with building your trust and, ultimately, get access to your company’s databases and other confidential information.
Cyberrisk Mitigation: More Important Than Ever
Hackers have many other ways to attack your insurance business. Try to familiarize yourself with their playbook. But, more importantly, lock down your data, so they have to work harder to penetrate your defenses. Here are some steps to take:
- Complete a robust cybersecurity assessment– Work with a knowledgeable security consultant to accomplish this as quickly as possible.
- Use security software– Install a reputable application on your computer that constantly scans for intrusions, malware and viruses. This will facilitate breach detection and repair.
- Develop a cyber incident response plan– React quickly to cyber incidents to limit damage and speed recovery.
- Set up email spam filters– Activate spam filters to screen out dangerous emails and lower the chance you’ll fall prey to phishing.
- Educate yourself (and your team)– Get familiar with the main hacking vectors. Then learn the elements of cyber hygiene and stick to them every day.
Strengthen your cybersecurity by purchasing Cyber Liability & Data Breach Insurance from BCS. Coverage starts at just $199 annually. And, don’t forget to buy or upgrade errors and omissions (E&O) coverage for your business.