ANY ORGANIZATION THAT CONSIDERS
cybersecurity solely an IT issue is vastly
underestimating its reach. Just consider
that cybercrime now costs an estimated
$600 billion a year, up from $445 billion
in 2014, according to a report by the
Center for Strategic and International
Studies. Given that data breaches and
other cybercrime incidents can have
a major impact on an organization for
years, protecting systems and data must
be a priority for C-suite executives and
the board of directors.
Among their due diligence: ensuringthat their organizations have insurance
that covers crisis management and
potential losses from breaches,
malware, and other attacks. Until
recently, the challenge for fi rms has
been knowing whether a policy actually
covers security incidents.
All policies should be abundantlyclear about whether they cover cyber
risk and to what degree. This enables
a business to clearly and accurately
analyze coverage gaps within its risk
transfer programs. But the insurance
industry has been grappling with the
issue of “silent cyber,” which refers to
potential cyber-related losses stemming
from traditional property and liability
policies that weren’t specifi cally
designed to cover cyber risk.
Unlike dedicated cyber insuranceplans available today, traditional liability
policies weren’t created with cyber
exposures in mind. As a result, they
might not implicitly include or exclude
those risks. This uncertainty is what
creates the silent-cyber scenario.
Insurers such as Allianz Global
Corporate & Specialty (AGCS), the
commercial insurance division of global
fi nancial services company Allianz, are
on the forefront of clarifying this issue
for customers. The fi rm has assembled
an abundance of tools, experts, and a
“think tank” to track and analyze where
a client’s cyber exposures are lurking
and how they might manifest.
“It’s not enough for an insurance
company to put together a dedicated
cyber-risk policy, although that is
critically important,” says Kelly
Castriotta, a product development
leader at AGCS. “We think a carrier
actually has to do the analysis of the
traditional lines of coverage that existed
before comprehensive digitization to
help their clients triage cyber risk.”
AGCS has begun updating and
clarifying all commercial, corporate, and
specialty policies within its property
and casualty portfolio, some of which
were established long before many
digital services existed. Castriotta says
this strategy is designed to eliminate
uncertainty around cyber coverage and
expedite claims settlement, aligning with
the new holistic approach organizations
should be taking toward cybersecurity.
“The corporate world has been
measuring cyber risk as if it is discrete
and isolated from a risk perspective,
with dedicated cyber policies only,”
Castriotta says. “Cyber is now amainstream risk, given that technology
has been integrated into the way we all
do business. It now really is a board-
level issue for companies to recognize
cyber risk as a threat to overall
corporate health.”■$600
BILLION
ESTIMATED ANNUAL COST
OF CYBERCRIME–
UP FROM $4 45 BILLION
IN 2014
CENTER FOR STRATEGIC AND
INTERNATIONAL STUDIES
Senior executives and board members
must be involved in due diligence—including
selecting the best insurance coverage.