Prevention & Response
Approach & Benefits
Cyber Trends
Cyber Playbook
The cyber insurance market is soft which leads to a positive experience for insureds as rate reductions and enhancements to coverage are readily available. It's imperative companies employ preventative measures that safeguard their networks.
Current Cyber Claim Trends
More common than a data breach, we have seen social engineering and ransomware claims dramatically increase in recent years.
What’s Covered?
Cyber policies are divided into two major components, first party coverage and third-party liability. Below are the key coverages that make up a cyber policy.
Click through the following guidelines for when purchasing cyber liability coverage
Buy What You Need Determine Appropriate Limits of Liability Get Retroactive Coverage Be Aware of Broadly Worded Exclusions Be Aware of Panel and Consent Provisions Know How Defense Costs are Allocated Obtain Coverage for Vendor Acts Omission
Guidelines to Follow When Choosing a Plan
Producers
click to view
Clients
Claims Outcomes
Health & Safety Outcomes
The resources we have are abundant and can be overwhelming. Educate yourself. Digest them in bite sizes. Be strategic in how you use them. Click to view.
Resources
Providing comprehensive insurance coverages across disciplines can lead to significant opportunities for you and your client. Our holistic approach to programs and risk services such as benchmarking and data analytics, can provide clients with the highest level of insight and consultation that reveal growth opportunities and savings. Below you can find topical issues to discuss why a client or prospect should consider enterprise programs.
A hacker uploads malware into the company’s network, typically via email containing a document or a link in which an employee opens. Once the malware is uploaded into the network, the hacker can launch a ransomware attack when they choose. The malware disables the computers and network until a ransom is paid.
Ransomware Attacks
Hackers sends an email posing as an executive, employee, customer or vendor. The email communicates to the employee urgently directing them to perform an electronic wire transfer or change an ACH instructions to a bogus account.
Social Engineering
First Party Coverages Includes
Breach Response: included notification, forensic, crisis management, legal, and credit monitoring coverages. Data Replacement: covers the cost to reinstall a company’s data. Extortion: pays the ransom as a result of a ransomware attack. Business Interruption: reimburses the company for lost income as a result of a system or security failure. Dependent Business Interruption: reimburses the company for lost income as a result of a third party’s system or security failure which the insured relies on to conduct business.
Network and Privacy Liability: provides defense and settlements for law suits brought against the insured from a third party who sustained harm as a result of the insured inability to secure the information on the network. Media Liability: provides defense and settlement for lawsuits brought by a third party for slander, liable, trademark, copyrite infringement. Regulatory Defense: provides defense for regulatory investigations as a result of a network breach.
Third Party Liability Includes
This blog post will help you understand the cyber market and what to expect at your next renewal.
Buy What You Need
With all the bells and whistles now offered by some insurers, it’s important to stick to basics. The cyber insurance market is highly competitive with many insurers currently focused on building market share, so one might be willing to give you coverage or terms another will not.
One of the most important issues in negotiating cyber insurance is determining the appropriate limits of liability. Cyber insurance is not particularly expensive, so choose limits in line with your total potential liability in the event of a breach.
Determine Appropriate Limits of Liability
Most cyber insurance policies limit coverage to breaches that occur after a specified “retroactive date.” This could mean no coverage provided for claims made due to breaches that occurred before the policy period, even if unknown when the policy was purchased. Because breaches may go undiscovered before claims are made, you should always ask for a retroactive date. This will ensure the coverage includes unknown breaches that may have occurred before the policy incepted.
Get Retroactive Coverage
It’s not uncommon to find cyber insurance provisions that contradict the basic purpose in buying the coverage. Some policies broadly exclude coverage for any liability arising from a breach of contract.
Be Aware of Broadly Worded Exclusions
Many cyber insurance policies require that any investigators, consultants or attorneys used by you to respond to a claim or potential claim be drawn from a list of professionals that have been preapproved by the insurer. If you have consultants or attorneys you want to use in the event of a loss because they already know the business operations, it’s a good idea to ask to add these professionals to the insurer’s preapproved list during underwriting.
Be Aware of of Panel and Consent Provisions
Where both covered and non-covered claims are asserted in the same lawsuit against you, an issue that often arises is the proper allocation of defense costs: what portion of your defense costs must the insurer pay? There are ways that insurance policies can respond in this situation, with some policy provisions being more advantageous than others.
Know How Defense Costs are Allocated
Chances are that at least a portion of your organization’s data processing and storage is outsourced to a third-party vendor. Therefore, it’s important your cyber insurance policy cover claims that result from breaches caused by your data management vendors.
Obtain Coverage for Vendor Acts and Omission
Industry Trends
Click below for a breakdown of each of these claims.
© 2024 Marsh & McLennan Agency, LLC
Privacy Notice | Terms of Use
How to Prevent a Cyber Claim
When it comes to your company data, you should have a clear knowledge of the types of information collected, where that information is stored and who has access to it.
The 12 Cyber Security Controls
How informed is my leadership about our company’s current level and business impact of cyber risk?
Cyber Incident Road Map
Should a Breach Happen
Words of Wisdom
Most of our competitors don’t have the BI benchmarking and data analytics tools that we have. Our ability to show prospects how they compare against their peers in areas such as limits, retentions and pricing is unparalleled and is an incredible tool to creating opportunity.
•
Prior to making calls, collaborate with a BI producer or AE to gain confidence and increased understanding of available resources.
Year after year, our client survey results tell us that most clients are willing to refer Assurance. Use that feedback to confidently ask for an opportunity on their BI lines of coverage.
Anthony Way Senior Vice President & Team 14 Practice Leader
Marty Butler Senior Vice President & Team 13 Practice Leader
Ask for the referral from happy clients and be prepared to provide suggestions. What’s the worst they can say….No?
Develop a friendly, solid relationship with your service staff. On T13 we have had a long history of high employee retention and it’s no coincidence that our client retention rates are extremely high as well.
Lean into our senior living risk and claims management platforms. Our services, resources and expertise are unparalleled in the industry!
There is no time like the present to ask. If they’re a client, especially a new one, you don’t need to “prove yourself” you already have.
Don’t shy away from blue-collar/union risks. These could be large BI opportunities.
Michael Alberico Senior Vice President & Team 10 Practice Leader
Soft market or hard market, both present opportunities. Soft market is prices going down, have they experienced this? Hard market is prices going up, what is the broker doing to mitigate?
Question 1
What’s the current level and business impact of cyber risk and what’s our plan to address the identified risk?
Question 2
How does our cyber security program apply industry standards and best practices?
Question 3
How many and what types of cyber incidents do you detect in a normal week and what’s our threshold for notifying our company’s leadership?
Question 4
How comprehensive is your cyber incident response plan and how often is it tested?
Question 5
5 Questions Every Business Leader Should Ask About Cyber Risk
Download Now
If an incident does occur where you suspect unauthorized access to sensitive information, this cyber incident response road map guides you through the recommended steps to take.
While proper network security and risk management procedures are integral to minimize the risk of a cyber-attack, cyber insurance is needed to financially protect an organization and its employees in the aftermath. Clients rely heavily on our team’s technical and real-world experience to get the best program design and comprehensive coverage to address their specific exposures.
The MMA Approach
Tony Alberico Senior Vice President & Practice Leader
Liz Smith President
Alicia Mellish Senior Vice President & Practice Leader
In order to be successful cross selling – and I mean truly successful – you must have the proper level of expertise in the “other” discipline. It’s not sufficient anymore to “know enough to be dangerous.” I know this because I look at our most successful cross sell producers and they all have an advanced level of knowledge across disciplines that gains them credibility in the sales process and increases their ability to cross sell and close deals.
Don’t just rely on the relationship… meetings should have a purpose.
The more lines of coverage we have, the greater chance of retention.
If the client finds value in one area of our business, they will likely be open to hear about the value we can bring in another area of our business.
Our risk service platform is like no other, use this platform to bring together all disciplines.
Ask for the business or ability to overview the program and come up with options/improvements.
Introduce value added services such as Tech or Compliance if client doesn’t have internal support.
While meeting with client, listen for pain points on other lines.
Offer to simplify a process or experience by engaging wellness or claims teams.
When asking for a referral from a client or strategic partner, get explicit. Do your homework prior and be prepared to provide a list of people that they might know. At the very least, have specific parameters established to describe your ideal target.
Think about the timing of a referral request from a client. The best time to ask for a referral is on the heels of a positive outcome.
Focus on preventing network breach and data loss
Prepare for a cyber-attack by developing an Incident Response Plan
Transfer risk through cyber insurance and effective contract management
1
2
3
MMA relies on a 3-point approach when it comes to network and information security.
Our team starts by analyzing an organization’s cyber exposure through a diagnostic review, Cyber360, then coordinates appropriate resources and finally builds a customized insurance program to address the exposures. Additionally, MMA utilizes this assessment as an effective marketing tool when creating a risk profile. With the client’s input, the profile is intended to summarize and highlight key business characteristics and exposures, positive differentiators and respond to underwriters’ potential concerns. We use the profile to help us prepare you for potential underwriting concerns, as well as, emphasize the company’s most attractive attributes during the marketing process.
Click to learn more about our cyber liability program.
MMA Client Benefits
MMA’s Cyber Resiliency Network and eRiskHub are available to all MMA Clients
eRiskHub is a cyber-readiness and educational portal, developed and maintained by NetDiligence, and customized for MMA. eRiskHub serves as a direct channel for you, offering tools and resources to help understand your cyber risk exposures, establish data breach incident response plans, and minimize the effects of a breach on your organizations. Reach out to your local MMA insurance advisor for our access to eRiskHub or Cyber Resiliency Network.
Cyber Resiliency Network
eRiskHub
Learn more about MMA’s Cyber Resiliency Network
1. Proactive information security 2. Legal components of compliance and risk management 3. Education—employee cyber security training & simulants To assist you in navigating though the unique considerations for each area, we have developed a network of resources for you to explore.
MMA’s Cyber Resiliency Network is an offering of partner resources to assist you with three distinct areas of cyber risk management:
Learn more about why your industry needs cyber insurance by clicking below.
Construction
Real Estate
Manufacturing
Staffing
Transportation
Senior Living
5 Reasons Why Senior Living Communities Need Cyber Insurance
Cyber Crime You may have already experienced phishing, telephone hacking, cyber threats, extortion, or an unauthorized electronic funds transfer. These attacks are happening daily, and senior living communities are a major target due to the abundance of health records.
4
5
The senior living and healthcare industries have faced catastrophic losses over the last few years due to cyber breaches. As the industry continues to keep pace with technological advances. The risk of a cyber breach becomes greater.
Privacy Liability Every day, your organization stores and transfers large amounts of electronic information. Resident records, test results, and vital internal information is stored on your systems. If you have a security breach and this information is exposed, the cost of a third-party lawsuit can be staggering. Cyber policies help limit the financial burden.
Notification Costs If you lose sensitive data, you have a legal duty to your residents. Your residents have a right to know if their personal information is available to the public. You may have only a few residents, or you may have thousands across several locations. Once the resident is notified there’s a higher chance of a suit. Notification costs are often covered by a cyber policy.
Business Interruption You have technology and systems needed to perform crucial day-to-day procedures, organizational tasks and serve your residents. When these systems are interrupted, and you can’t service your residents’ needs, there’s a massive probability of lost profit and/or potential danger to your residents. Most cyber policies help cover the loss of income and extra expenses that result from an interruption of your computer systems by a covered peril.
Reputational Harm A community’s failure to protect their resident’s confidential information can lead to the loss of current and potential residents and lower occupancy rates. Why would a new resident and their family come to your community if he or she knows their personal information isn’t safe? Some cyber policies will cover the cost for a marketing or public relations firm to help with crisis management.
38%
of all cyber claims reported over the last decade were from the healthcare industry
source: Chubb
of cyber incidents in healthcare are caused by human error
36%
of cyber incidents in healthcare are caused by rogue employees
22%
source: Healthcare Finance, 2019
A healthcare cyber breach is about $408 per patient record, without the cost of loss of business, productivity or reputation
These stats suggest that more importantly in senior living than any other industry, employee training and internal access controls are imperative.
source: Forrester Survey 2020
of respondents in the construction, engineering and infrastructure industries had experienced a cyber-incident within the previous 12 months.
75%
Cyber Crime If you’re performing any transactions that involve wiring money to a third-party, you’re a target for cybercriminals. Social engineering is happening in every industry these days. A crime policy covers computer crime and funds transfer fraud (FTF) at full policy limit and often covers social engineering fraud (SEF) at a sublimit. FTF and SEF are also often found in cyber policies but always sub-limited.
Reputational Harm If your customers or partners feel your construction firm is not adequately protecting their financial assets and information, you could lose their business. A data breach or cyber-attack may not only result in the loss of current clients, but also future clients.
Business Interruption If your construction firm is relying on technology to run day-to-day operations, you need adequate business interruption coverage in your cyber policy. Are you using a technology to track the progress of your job or strategically plan next steps and communicate with other individuals? If you can’t access this information, there’s potential for a serious loss of profit.
Privacy Liability Construction firms and contractors collect sensitive information about their clients and ongoing projects. This data can include personally identifiable information, payment information, architectural plans, and even insight into a client’s internal network. If this information is lost, you’re responsible for notifying the affected individuals and may face lawsuits, fines, and incredibly high forensics costs.
Large Commercial Contracts If you’re performing work for large commercial organizations, you may have access to their networks, systems and internal processes. This access can be exploited. When competing for a large commercial contract, a cyber policy is crucial.
5 Reasons Why Construction Companies Need Cyber Insurance
of all cyber claims in 2021, were made up of the real estate industry
9%
of cyber incidents in real estate are caused by hacking
of cyber incidents in real estate are caused by malware
26%
Cybercrime If you’re performing any transactions that involve wiring money to a third-party, you’re a target for cybercriminals. Social engineering is happening in every industry these days. A crime policy covers computer crime and funds transfer fraud (FTF) at full policy limit and often covers social engineering fraud (SEF) at a sublimit. FTF and SEF are also often found in cyber policies but always sub-limited.
Reputational Harm If your customers or partners feel your real estate firm is not adequately protecting their financial assets and information, you could lose their business. A data breach or cyber-attack may not only result in the loss of current clients, but also future clients.
Business Interruption If your real estate firm is relying on technology to run day-to-day operations (elevators, security systems, etc.), you need adequate business interruption coverage in your cyber policy. If you can’t access this information, there’s potential for a serious loss of profit.
Privacy Liability Real Estate firms collect sensitive information about their clients and ongoing projects. This data can include personally identifiable information, payment information, and architectural plans. If this information is lost, you’re responsible for notifying the affected individuals and may face lawsuits, fines, and incredibly high forensics costs.
4 Reasons Why Real Estate Firms Need Cyber Insurance
of servers in manufacturing are affected by cyber incidents
48%
of cyber incidents in manufacturing are caused by malware
of cyber claims in 2021, were made up of manufacturing
13.3%
Reputational Harm If your customers or partners feel your manufacturing company is not adequately protecting their financial assets and information, you could lose their business. A data breach or cyber-attack may not only result in the loss of current clients, but also future clients.
Business Interruption Furthermore, manufacturers will experience a direct financial loss every hour that their systems are down. They will incur unexpected costs such as sourcing products by alternative means and paying staff overtime to meet deadlines. Additionally, manufacturers of non-durable goods could see an exponential loss in profit if their inventory spoils during the system outage.
Privacy Liability Manufacturers collect data sensitive information on employees and confidential corporate information. If this information is lost, you’re responsible for notifying the affected individuals and may face lawsuits, fines, and incredibly high forensics costs.
System Damage Manufacturers rely heavily on their computer systems to properly fill orders. Damage to a manufacturer’s computer system could be devastating and lead to defective products or a complete halt in production. The forensic investigator will fifgure out what went wrong, but it will take a team to eradicate the malware and repair the system.
5 Reasons Why Manufacturing Companies Need Cyber Insurance
of all cyber claims in 2021, were made up of the professional services industry
of cyber incidents in professional services were caused by malware, in the past 5 years
23%
of cyber incidents in professional services are caused by phishing and blackmail
31%
Cybercrime The staffing industry is especially a target for cybercriminals due to their large money wiring transactions. A crime policy covers computer crime and funds transfer fraud (FTF) at full policy limit and often covers social engineering fraud (SEF) at a sublimit. FTF and SEF are also often found in cyber policies but always sub-limited. Another form of Social Engineering is invoice manipulation where a third party gains unauthorized access to a company’s email and sends fake emails to clients and vendors changing wiring instructions on invoices already sent.
Reputational Harm If your customers or partners feel your staffing company is not adequately protecting their financial assets and information, you could lose their business. A data breach or cyber-attack may not only result in the loss of current clients, but also future clients.
Privacy Liability Staffing companies collect massive amounts of sensitive information on their candidates, employees, contractors, and clients including personally identifiable information (e.g. names, social security numbers, etc.) and financial information. As such, hackers target companies with W2 scams year after year, this is especially true in the staffing industry where companies hold large quantities of personally identifiable information.
Business Interruption & System Damage Staffing companies rely heavily on their computer systems every day to track down leads, set up interviews, review contracts, pay employees, etc. Not only will you have to pay a firm to recover and rebuild your data, but also, in an industry as competitive as staffing, every hour your systems are down literally costs you money.
4 Reasons Why Staffing Companies Need Cyber Insurance
30.2%
source: Alliance
In 2020, the transportation industry had a year-over-year increase in ransomware incidents
Reputational Harm If your customers or partners feel your transportation company is not adequately protecting their financial assets and information, you could lose their business. A data breach or cyber-attack may not only result in the loss of current clients, but also future clients.
Privacy Liability Transportation companies collect all types of sensitive personally identifiable information (e.g. social security number, phone numbers, address, etc). Each piece of information has a value and, if lost, restoring the original identity of your employees and customers can come at a serious cost.
Business Interruption & System Damage Your systems are tracking logistical data, payment information, and sensitive client information for each job. When a hacker damages or takes down your systems during a breach, there’s a direct negative impact on your bottom line. This can include lost profits, external forensic consultants’ hourly billing fees, and any additional costs you incur to pay your employees.
4 Reasons Why Transportation Companies Need Cyber Insurance
715%
