Lance McNeel, CPCU, ARM and Vice President of Business Development at Capstone Associated Services, Ltd. has over 30 years of experience in the insurance industry. McNeel is considered as expert in the captive insurance area, working with captive insurers in determining their risk coverage requirements. McNeel answers questions surrounding cyber risk as it relates to closely-held, midmarket businesses.
Intro: According to the Identity Theft Resource Center (ITRC), there were 591 breaches and over 175 million exposed digital records in 2015.
Q: What industries can be affected by a data breach?
SLM: Realistically any company that houses information digitally is at risk. Even when implementing security measures, there’s a chance that a hacker can find their way in, and steal sensitive or proprietary information. Most transportation, manufacturing, franchises, wholesale and retail businesses, and even oil and gas suppliers save client information on internal or external servers. If not properly monitored, a data breach could compromise the information leading to major negative repercussions for the company. The average organizational cost of a data breach is $5.9 million. For a closely-held company, this could be a major financial blow.
Q: What can midmarket companies do if they’ve experienced a data hack?
SLM: The best thing a business owner can do is to take a proactive approach toward their cyber security. As recommended by IT professionals, businesses should implement digital safety precautions, such as security and authentication software. From an insurance standpoint, putting an alternative risk management plan in place is just a smart thing to do in light of the increasing number of hacks that have occurred over the past few years. Forming a captive insurance company could fund losses and keep the business afloat.
Q: How is cyber risk coverage under a captive different from what’s offered in the commercial market?
SLM: Coverage-specific policies are a hallmark of captive insurance and cyber risks can be included. Coverages that are not readily available or too expensive in the commercial market can be tailor-made inside the captive. As an example: Losses stemming from business interruption because of a data hack could be written, as well as reputational risk and the loss of a major customer. The repercussions resulting from a data hack are varied and may be specific to a particular industry or company. Coverage written though the captive addresses those risks comprehensively. According to the ITRC, there were over 800 hacks in 2014 and 2015 is following suit. Relying on commercial coverages alone might leave businesses vulnerable.
Q: In your opinion, is it worth it for businesses to form their own captives to cover cyber risks?
SLM: Absolutely. Well-known companies like T-Mobile, Target, and even Apple partners have had data breaches and big budgets to mitigate the damage. But midmarket companies, such as financial services companies, hotel chains, supermarket chains—they’ve also experienced the fallout from cyber breaches. The risk is there and really can’t be ignored. The protection of client and company data is just too important.
You can watch the video in Captive Corner, our captive insurance and alternative risk planning video page.