Cyber liability insurance protection is key to an effective risk management strategy when you’re a registered investment advisor. But changes are afoot in the cyber insurance marketplace and it could impact your ability to get the coverage you need while it’s still affordable.
Since the beginning of the pandemic, the already elevated rate of cyber crime has exploded. Cyber claims are multiplying, which has pushed up prices for premiums and lowered insurers’ capacity to write new coverage.
These developments are particularly relevant for advisers. Increasingly, regulators view having proper cybersecurity protections in place as part of an advisor’s normal obligation to fiduciary duty. Without adequate cyber coverage, you could be risking increased scrutiny by regulators and excessive risk exposure to business and personal assets.
If you have been putting off purchasing new cyber liability coverage, now is the best time to act, and if you will be renewing a policy in the next year, it’s worth noting the changes taking place in the cyber market and what steps you can take to ensure a smooth renewal at the best possible price.
Recapping the Cybercrime Spike
A lot has changed since March of 2020. That’s when the pandemic became cause for concern and many businesses moved to a work from home format. That shift provided new technical vulnerabilities for criminals to exploit, resulting in a 400% increase in cyberattacks according to the FBI.
Like other professionals, advisors have been targeted with simple but devastating email phishing scams, which have multiplied at an exponential rate to more than 60 times the pre-pandemic level, according to IBM.
The cost of getting hacked has also gone up. Ransomware demands of six to seven figures used to be rare enough to make headlines. Now they’re the norm, with the average ransomware attacker demanding about $250,000 to decrypt and return stolen and exposed data records — a huge increase from 2018, when the average demand was only a few hundred dollars.
Cyberattacks can do serious damage when you’re an advisor. You face the danger of stolen data and assets, plus legal costs, reputational damage, regulatory penalties, and the added personal liability risk that can come with an ERISA fiduciary duty breach.
Surveying the Cyber Market
The cyber market is in a state of change as insurers focus on managing these evolving risks. Rate-increase forecasts are changing every quarter, with premiums going up and more pressure being placed on limits and self-insured retentions.
Today’s cyber market is such that organizations that don’t keep up with the latest security best practices to protect their systems and data may find that insurance has become too unaffordable or is no longer available to them.
Underwriters are reviewing potential insureds more carefully, looking at risk characteristics to determine whether to write a policy for a given company. Some carriers are requiring supplemental applications for ransomware and asking that policyholders meet specific requirements.
Technologies such as multi-factor authentication (MFA) and next generation endpoint protection are now often seen as mandatory — the way locks on doors and windows are required for domestic policies and sprinklers are required for fire policies.
The pace of change is also faster than many insurance shoppers and current policyholders are prepared for. Data shows that reduced coverage and premium increases of 10–20% are now impacting some companies that don’t have the necessary cyber security measures in place.
Preparing for Your Purchase and Renewal
Events of the last 18 months have taken many by surprise. The pandemic, work from home changes, cybercrime increases, and a turbulent cyber market all make it more challenging to protect your systems and data.
However, there are steps you can take that will help safeguard your sensitive information systems and make your company more attractive to potential insurance underwriters.
- Deploy key technologies, including multi-factor authentication and next generation endpoint protection.
- Limit system access and segregate data so only current authorized users have access to what they need.
- Create a cyber incident response plan that addresses policies and procedures to follow in event of a breach.
- Work closely with security vendors and any IT resources you may have to implement the latest security measures.
- Offer education, training and drills to employees on how to recognize and respond to common cyber threats.
As an advisor, it’s important to take action to protect your business and your personal assets with the latest security precautions and adequate cyber liability protection.
Cyber insurance market trends are forecast to continue in the same direction for the foreseeable future, with many of the effects of the latest cybercrime spike yet to be felt.
Even though you may have no history of claims, it’s possible you may see a higher premium the next time you shop for or renew your cyber liability policy. For the best rates and availability of coverage, advisors should talk to their insurance representative now.
Financial exposures can often exceed $250 per record, but with Lockton Affinity Advisor’s Cyber Liability Insurance, you no longer carry all the risk of these costs. Cyber Liability Insurance is available to add to your Lockton Affinity Advisor E&O policy for better protection and peace of mind.
While other industry groups and associations offer Errors and Omissions Liability Insurance policies with shared aggregate limits, Lockton Affinity Advisor offers coverage with individual limits, so that you will always have access to your full policy limits.
Plus, Lockton Affinity Advisor coverage meets ERISA standards, including services as an ERISA 3(21) and 3(38) advisor.