Cyber insurance tips, courtesy of Lloyd's of London

On November 9th, Lloyd's of London issued a market bulletin to its syndicates on managing catastrophe-risk and exposures.  While the memo is directed at the syndicates which make up the Lloyd's insurance market and in assisting those syndicates in managing their cyber exposure (and the accumulated cyber exposure risk to the entire Lloyd's market), it also provides some insight into how this insurance market leader believes its constituents should be approaching cyber insurance. 

The memo's guidance can be applied to business owners and purchasers of cyber insurance as well.

The memo suggests that the syndicates "create and develop their own lists of 'plausible but extreme' types of cyber-attack scenarios, with associated lines of business that may be affected."  This is good advice for anyone purchasing cyber insurance.  It is important for policyholders to understand what types of cyber attacks would most effect their business, what is the possible scope and scale of the attack, and what is the possible expense.  With that information, a business can plan for what types and how much insurance to purchase.

For example, the memo also notes that "there are different types of cyber-attack, which could cause different types of harm: denial of service, data-theft, data-damage, reputational harm, physical damage etc.  The economic damage for each type may differ, with consequences including direct financial loss, bodily injury or property damage."  These are just some of the questions that businesses should be asking themselves when considering the purchase of cyber insurance.   

Nearly half of cyber claims come from Middle Market companies

The recently released NetDiligence 2015 Cyber Claims Study illuminates the data breach dangers for Middle Market* companies. 

Unlike many other cyber-risk studies, this one is focused on insured claims and insurance claims payments. 

Along with a great infographic, the study showed that:

• Nearly half (43%) of the reported cyber insurance claims came from Middle Market companies.
• "Insider involvement" was responsible for more losses than outside hacking
• While Middle Market and smaller companies accounted for 71% of claims, they were responsible for only about a third of records exposed.  While smaller companies may be more prone to data breaches, they typically house less records.
• The per-record cost of response for the last two years has been in the range of $955 to $965.

*Although there are different definitions of Middle Market, for the purposes of this post, I used the $50 million to $2 billion in annual revenues definition.