Iowa businesses are becoming increasingly aware of the need for cyber liability insurance, according to a representative with LMC Insurance, which offers the specialty coverage. 

“Simply going through the application process can be eye-opening for clients because they can see areas of concern that need to be improved from a security perspective,” said Brian Hughes, an account executive with LMC. He estimated that fewer than half of Iowa businesses purchase the coverage, which he believes will become a standard part of liability coverage within the next few years.  

“In the past year we’re starting to see a significant adoption rate,” he said. “I would say now that 75 percent of the businesses that we propose to are purchasing the coverage, whereas maybe it was only 25 percent just a year or two ago.” 

A recent report by the Brookings Institution recommends cyber liability insurance specifically for health care organizations. “To underwrite the privacy risk of health care organizations, cyber insurance companies will be willing and able to conduct timely and efficient audits and proactively manage their clients’ privacy protection efforts,” the report said. 

The average cost of a corporate data breach increased 15 percent in the last year to $3.5 million, according to the Poneman Institute’s “2015 Cost of Data Breach Study.” 

The standard policy provides $1 million in liability coverage, but policies are now available that cover a number of data breach notifications instead of a dollar limit, Hughes said. He has quoted policies in excess of $50 million for large organizations. 

Ransomware attacks can be covered; however, there is no standard policy language for the highly specialized policies, so it requires a broker to sort through the options. 

Policy premiums start at about $1,000 per year and can go into the hundreds of thousands of dollars, depending on the size of the company being insured. “There has been some claim activity, which is why we’re starting to see some of the premiums rise,” Hughes said. 

“It’s not a matter of if but when a company is going to have data compromised,” Hughes said. “And they’re going to want to have help navigating through it, specifically the notification laws.”

Read full story >>>