Insurance

No business wants to be hacked or suffer a breach. Alarming headlines seemingly every week remind businesses of the impact – damaged reputation, data loss, revenue loss and even going out of business. Because of the realities of a breach, many businesses are now protecting themselves by purchasing cyber insurance to cover losses associated with a cyber incident, such as breach, attack, virus or cyber security issue. According to the PwC report Insurance 2020 & beyond, annual gross written cyber security premiums are set to increase from around $2.5 billion in 2015 to $7.5 billion by 2020. While cyber insurance has been offered for years, demand continues to increase due to the publicity from breaches as well as the potential losses. If a criminal locks a software system so a business cannot access their data, then the business is unable to function. This means the business must close and lose revenue until the software is back up and running. Cyber insurance protects the company from all associated costs from the incident, including data loss and revenue. Apple and Cisco business customers can now get cybersecurity insurance at a discount through policies the tech companies negotiated with an insurance carrier. In addition to consumer-facing businesses, many manufacturing companies are now purchasing cybersecurity insurance. According to a New York Times article, manufacturers are increasingly vulnerable because factories are now run on computers and digital systems, meaning a breach can halt production. This opens many opportunities for insurance companies to offer cyber insurance coverage to companies ranging from small businesses to large enterprises. However, the profitability of offering cyber insurance depends on an insurer's ability to accurately underwrite policies. While this is true for all types of insurance policies, correctly underwriting cyber insurance is especially challenging because risk factors are complex, and not a lot of data currently exists. Without access to the right information, insurance companies cannot correctly underwrite cybersecurity policies. When underwriting cybersecurity policies, insurers should consider the following: Cyber health of the network and computers – Companies can take steps make it harder for hackers to attack their network. For example, companies with open ports are more vulnerable because hackers can more easily access the data stored on the cloud. Companies that actively monitor and protect ports that are open for a specific reason can mitigate some risk, determining the security of a network is complex and only one aspect of the total security of a company. Employee behavior – It’s been widely reported that human error, such as poor password hygiene and clicking on unsafe links, cause many security vulnerabilities. However, some employees cause the breaches by stealing data from companies and selling it on the dark web, which is the area of the Internet known for criminal activity. The dark web has chat rooms and drop zones that are not accessible by a regular browser. Criminals buy and sell all types of information – healthcare records, social security numbers, driver’s license, travel loyalty cards – that can often be used to commit other crimes, such as corporate breaches and identity theft. Evaluating Risk of Employee Behavior While most insurance companies evaluate an insured company's network vulnerability, determining employee behavior as it relates to risk is much more challenging and beyond the capability of most insurers. To accurately understand behavior risk, insurers must consider the following: Has an employee’s data recently been breached? Because many people practice poor password hygiene by using the same passwords for multiple accounts, this increases the odds a criminal can use the same passwords to access the company’s data. What is the employee’s current financial situation? What is their FICO score? Do they pay their bills on-time? Are they in debt? While not everyone in debt will commit criminal activity, being in a poor financial situation increases the risk that a person may perform criminal activity for money. Is the employee active on the dark web? Companies that employ people who are actively engaged in criminal activity are going to have a much higher risk of cyber security issues. Employees whose personal information is available for sale on the dark web also increase a company’s security risk. Without this level of detail, insurance companies are making underwriting decisions without evaluating all the possible risk exposures. To properly underwrite cyber insurance, it is essential to have access to employee behavior data. Otherwise, insurers issuing cyber insurance policies without evaluating these factors are taking an unnecessary risk themselves. Check out our related article titled Accurately Underwrite Cybersecurity Insurance – Better Assess Employee Risk for more insights on how Experian helps commercial insurers more accurately underwrite cyber risk. Contact us if you are interested in offering cyber insurance through your insurance company and have questions about how Experian can help you. Download our whitepaper Take the first step to identify a company’s cyber exposure by assessing the risk posed by employees. Download the Experian whitepaper to gain insight on how to improve your underwriting process for cyber risk. Download Whitepaper Watch our webinar Sixty percent of small businesses will go out of business within six months of a cyber attack. According to IBM’s 2021 Data Breach report, the average business loss suffered from a data breach is $4.24 million, that’s an increase of 10% from 2020. In this 15-minute Sip and Solve session, the team from Experian unpacks the challenge of accurately scoring the risk of small businesses using a new dimension for insurers. Watch Recording

I had the pleasure of speaking with Kelly DeBoer recently. She is a Product Manager at Experian working in Business Information Services. Kelly leads product strategy for our business marketing products. In this Business Q&A we talk about B2B marketing trends and how Experian is helping business clients get the most out of their marketing initiatives. Gary: B2B marketing has changed significantly in the last five years. What are some of the important trends that you're seeing? Kelly: What we're seeing in the B2B space is really what we've seen in the B2C space for years, and that is, our clients are really trying to gain as much insight into their not only existing clients but potential clients as well? So you know additional firmographic information, credit information, anything that gives them a fuller picture of their clients, and then not only how to retain their existing clients and cross-sell, but also in terms of prospecting, how to best reach these targets once we've identified them what's the best channels to reach those prospects to get the best response. Gary: Kelly, most of our clients think of Experian Business Information Services as firstly business data and credit risk management. So how are we helping clients with their marketing initiatives? Kelly: With regard to B2B marketing, Experian has a tremendous amount of marketing assets including not only our U.S. Business Database which has over 16 million businesses. We also overlay that with our credit information, so clients can come and tap into this this huge resource to help them with their targeting in terms of selecting by firmographics, employee size, sales volume, as well as credit attributes, UCC filings, bankruptcies, information that can be translated to marketing campaigns. It can be utilized for direct marketing, for telemarketing, for digital applications - social media, email campaigns, analytical solutions, modeling. So it's a vast amount of resources that we can tap into to help with marketing campaigns. Gary: Can you share about some B2B marketing solutions we can look forward to from Experian? Kelly: Experian has a lot on the horizon with regard to B2B marketing. But one thing I'm particularly excited about is our new B2C linkage business to consumer linkage. Ultimately our clients have been coming to us saying you know, we're looking for a way to link our consumer records to any businesses that they may be associated with. So we create a customized linkage system that allows us to take in those consumer records, match them to our commercial repositories, and then provide back information that allows our clients to then not only target that consumer at their residential address but also their business address. So it gives them a chance to cross-sell and up-sell commercial offers as well as their consumer offers. Experian Business Marketing Solutions