In 2021, the world seemingly embarked on a new era of cyberattacks. Damages from cybercrimes have skyrocketed to $6 trillion in the past year. Granted viruses, breaches, and other forms of attacks are nothing new in the past decade. Last year saw increased bad actor sophistication, a propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty that hackers have seized upon. To put a finer point on it,  The White House recently issued a warning that the Russian government is exploring cyber attacks against the U.S..

Meanwhile, our lives in cyberspace are growing by leaps and bounds from communication (email, Wi-Fi, mobile phones), electronic health records, transportation, (car engine systems, GPS), not to mention e-commerce (shopping, credit cards) and defense contractor projects.

Facing the prospect of major financial fallout from an attack, C-suites around the world have turned to cyber insurance to fortify their networks. Insurers are issuing more policies, and the amounts of protection available are escalating. Forecasts suggest that cyber insurance will grow into a $20 billion industry by 2025.

What you need to know about cybersecurity insurance

Our team at MIS Alliance had an in-depth conversation with our strategic partner, Brian Kilcoyne, President of  H & K Insurance in Watertown, MA. In addition to providing personal and business insurance for over 50 years, H & K Insurance also offers cyber liability insurance. They protect businesses and individual users from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Traditional commercial general liability policies typically exclude coverage from risks associated with a cyberattack. With half of all SMB’s reporting suffering at least one cyber-attack last year and a 64% increase in cybercrimes in 2021 according to the FBI, having cyber insurance has become an essential cost of doing business.  


Brian Kilcoyne, President of H & K Insurance

Q: What does cyber insurance cover and offer for a business?

A: A company transfers the risk to insurance companies which includes risk assessment, trains employees on cybersecurity best practices, and comprehensive cybersecurity policies for employee behavior in case of a breach.

Q: Is cybersecurity insurance covered in a business’ general commercial general liability policies?

 A: It can be added to some general liability policies for a premium increase. The coverage on these endorsements is subpar to a stand-alone strong cyber policy. As cybercrimes are expected to increase, premiums on policies will also increase. Our advice is to be proactive now to save time, money and headaches later.

Q: As the world becomes more and more dependent on IOT, (Internet of Things), and the digital attack surface increases, do you think there will be a time when all businesses will be required to implement a cybersecurity insurance policy?

A: It would be prudent to have a cyber policy, but not mandatory. Businesses will be able to self-insure which is a big risk and potentially bankrupt a small business. Typically, you see a state mandate insurance for employees for injuries and disease like workers compensation, not financial reasons.

Q: What are some additional cyber insurance benefits companies may consider?

 A: Other benefits include regular security audit, post-incident public relations and investigative expenses, and criminal reward funds.

Q: What percent of insurance claims fell under cybersecurity?

 A: A 2020 study showed that 73 percent of insurance claims between 2013 and 2019 fell under the insuring clause of incident response and crisis management of breaches. Data privacy liability, cyber extortion, network business interruptions, and recovery and restoration of data assets were the five most common cyber insurance claims.

 Q: What doesn’t cyber insurance cover?

 A: Business cyber insurance doesn’t always cover social engineering attacks, such as phishing and spear-phishing, even though these are the third most common cause of breaches. Sometimes, this protection is available as an add-on. It is extremely important to review the actual coverage, not just the coverage limits.


In conclusion:

It’s difficult to predict how much cyber risk will continue to grow in our ever-changing landscape—only that it will increase. If you don’t have a solid backup solution, you may not recover from a cyber incident. With the spike in cyber crime and businesses’ increased reliance on the internet, it’s clear that organizations of all types and sizes are vulnerable and must be vigilant in managing cybersecurity risk. For businesses to respond to this ongoing threat, companies will need to invest in protection while working with their insurers to increase the types and amounts of insurance available. As a business owner, there’s no substitute for having a plan.