Cyber liability take-up rates are finally starting to improve. After nearly two decades of attempting to sell this fringe product, commercial producers are seeing businesses turn from window-shoppers to buyers, helped along by frequent data breaches of major corporations.
Now, a ruling from a federal judge that Target is responsible for the financial losses banks sustained when the retailer was hacked last year provides even more incentive for commercial clients to take the plunge.
Judge Paul A. Magnuson of the Minnesota District Court ruled Thursday that Target was negligent in the holiday data breach and as such, decided to allow banks and other financial institutions to seek compensation through legal means.
“Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur,” Magnuson ruled. “Indeed, Plaintiffs’ allegation that Target purposely disabled one of their security features that would have prevented the harm is itself sufficient to plead a direct negligence case.”
It doesn’t take a huge leap of imagination for producers to assume that if Target—with its billions in revenue and sophisticated cyber security defense—can be ruled negligent, so can their small to midsize clients.
Convincing clients of this additional risk, however, may not be so easy.
“Sometimes they tell me, ‘I’ve got a general liability policy, so if I’m liable then that should cover it,’” Neil Ness, an agent with Farmers Union Insurance in Bismark, N.D. told USA Today.
“I tell them, ‘Well, GLC only covers bodily harm or property—stealing someone’s information isn’t covered.”
That statement is sadly rooted in fact. According to a report from Hanover Research and Verisk’s ISO, a full 40% of carriers offering cyber insurance say businesses do not think they need cyber insurance, with another 29% under the impression they are covered under existing policies.
Yet ignoring cyber risk is particularly dangerous for these small businesses, Ness said.
“That’s how these hackers practice. They go after the little ones who aren’t really paying attention.”
Despite the increase in cyber insurance take-up rates, market penetration is still low. A November Marsh & McLennan Agency survey reveals that just 33% of small to mid-sized businesses have appropriate coverage.
In some ways, that’s good news for producers who can make cyber security a unique selling point. However, Hanover Research suggests there is yet work to be done among the producer workforce—a full 51% of survey respondents say they have no dedicated cyber workers, instead relying on staff from other lines to sell the policies.
You may also be interested in: "The top 8 data breaches of 2014"
"Sony Pictures: It isn't just a cyber insurance issue"
"Industry leaders' top risk concerns for 2015"