Using Captive Insurance Companies to Manage Cyber Risks

Cyber Risks In New York and Across the U.S.

New York State, home to 19.7 million people, suffered an astounding 900 data breaches in 2013, an estimated loss of $1 billion. What’s worse is that incidents of data breaching had more than tripled between 2006 and 2013. The New York Attorney General's office reported the findings—cyber risks are surging in the Empire state and around the world. The data breach upward trend continued into 2014, with both the public and private sectors being affected.  It is a trend not easily ignored, as millions of people remain at risk for identity theft and related perils. So how does a business owner in the private sector ensure the security of client data, like financials and even sensitive supply-chain and partner information? The answer hasn’t always been clear.

Cyber Business InsuranceRecent independent reports claim that business owners opt out of cyber risk insurance coverages because they feel it’s a low priority. Although CIOs do their best to ensure sensitive and proprietary information is protected behind firewalls and elaborate passwords, the threat remains for midmarket, private institutions. The NY Times Reported in August 2014 that Supervalu, a food retailer based in Minnesota, was victimized by hackers in the worst possible way. Its cash register system had been breached, possibly resulting in the theft of credit and debit card information from its supermarkets and liquor stores. The breach hit 209 Supervalu stores around the U.S., including 59 Cub Foods stores in Minnesota. The intrusion also impacted Albertsons, Acme Markets, Jewel-Osco, Shaw's and Star Markets stores that were until last year owned by Supervalu.

The evidence is clear: Data breach disasters like these are happening more frequently and it is becoming increasingly more important for business owners to take their data security and cyber risk insurance coverage seriously. In industries with high operational risks, such as manufacturing, oil & gas, and transportation, insurance coverages such as loss of vendor, environmental/pollution, and general liability are favored options. However, keeping sensitive data behind lock and key requires insurance that can cover specific and even unique data risks. A wall is often hit because conventional cyber risk insurance is expensive.

Enter captive insurance: a strategic alternative risk management solution for businesses that have a need for comprehensive risk coverage. Coverage-specific policies are a hallmark of captive insurance and cyber risks can be included. Coverages that are not readily available or too expensive in the commercial market can be tailor-made inside the captive.  Insuring your own cyber risks and preventing devastating data breaches could save growing businesses millions of dollars in out-of-pocket expenses and a disastrous PR nightmare.

Hackers Captive InsuranceCyber Security is Top Priority

Notable organizations within the captive insurance industry are showing their support for these types of policies. Captive Insurance Times, a London-based captive magazine publisher, reported that leaders in the risk retention sector of the insurance industry are planning to focus on cyber security as a major issue at the National Risk Retention Association (NRRA) conference in Chicago in October, 2014.

“The threat from hackers penetrating private data on policyholders held by risk retention groups has grown tremendously over the last few years. No company is too small to be exposed to cyber attacks,” said Sanford Elsass, NRRA chairman.

As more well-known businesses get hacked, and cyber criminals continue to get smarter and more sophisticated in their techniques, business owners and executives are going to need options. Cyber risks have become far-reaching, affecting large box-stores such as Target and Home Depot, and smaller midmarket businesses such as AB Acquisition LLC, owner of Shaw’s Market in Boston.

Criminals use fraud and identity theft as get-rich-quick schemes. Competitors steal intellectual property to gain a competitive edge. Some hackers just want to prove that they can do it—break through the most secure digital protections. It’s a scary thought, but with the right safeguards, hackers won’t get very far in bringing your business down. Cyber risks can be left at bay.

Partnering with a Qualified Captive Manager

It is important for business owners to have a qualified, interdisciplinary team at the helm to determine what risks should be considered when writing coverages. Many captive managers only handle the clerical duties associated with the formation of a captive insurance company. They may be licensed CPAs, but they often do not have the expertise to manage the tax, insurance, regulatory, and legal aspects of captive management. Some claim to have turnkey services in-house, but they might offer these services a la carte. Some exclude these important services altogether and are only noted in the fine print.

There’s no doubt that cyber risks have become a real, substantiated threat to businesses of all sizes. With a captive management team in your corner, you can be sure to limit your risks, and keep sensitive information out of the hands of criminals.