Always great to talk cybersecurity insurance coverage with John Miller of Sterling Seacrest Partners. Threats are constantly evolving for all of us. That means cyber liability coverage must also evolve.
Have you evaluated what your cyber policy will really cover when you are attacked? There are certainly several areas John brings up for us all to consider in our cybersecurity policies.
In this episode:
Cyber Liability Trends with John Miller – Ep 288
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Remember to subscribe on your favorite podcasting app, share us on Social Media, and rate us wherever you find the opportunity.
The HIPAA Boot Camp
Virtual Edition Feb 23-25, 2021
More info at TheHIPAABootCamp.com
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Cyber Liability Trends with John Miller
There is a lot of information in this interview. Here is just a taste of topics in a few clips from our discussions about cyber liability, what is happening and where we are really going with it.
[01:47] Welcome back John. Let’s make sure you tell everyone a bit about yourself and your company before we start rambling through all our different topics.
What are your thoughts on the 2020 attack’s impact on cyber coverage?
JM: It’s been a rough year if you’re an underwriter. You’re making a promise on a sheet of paper to pay. And when those promises all have to be fulfilled all at the same time, it’s a pretty delicate seat to sit in. So the losses are mounting. And I’ll give you some statistics on that. But the industry as a whole from a cybersecurity or privacy perspective (cyber liability) is about a five billion dollar market. The US is by far the largest of those.
And the expectation is we’re going to grow about 20% to 30% each year over the next few years or so. Boardrooms have become particularly attuned to cyber liability risk. You can’t pick up the newspaper these days without having yet another hack. It is a real challenge if you sit in the underwriter seat.
So just a little bit of data that might help everybody to kind of understand the average payment. This is from the insurance industry. The average payment when there is a claim in quarter three of this past year was $233,000. So when there is a claim, that’s the average payment and that’s up about thirty one percent ( 31% ) from the previous quarter. But there are two components to insurance pricing.
[19:50] When you go down the path in these cases they don’t resolve quickly, do they?
JM: There are a lot of different things that you need to enable your defense attorney to have to portray to the jury that you’ve taken this seriously and that you’re kind of best in class, if you will, relative to defend in these matters or relative to protecting the data.
There’s kind of two levels of that point. First, do you meet the minimum threshold that the government requires for compliance? And then secondarily, did I go over above that and do things that maybe that even they didn’t require?
I would tell you that the more I learn about this topic is that I advise clients, the more I’m telling people, look, you got to be out ahead of this. You’ve got to be way in advance of what just the minimum requirements are. Because when we’re in litigation, we need to be able to say, you did it better, faster, more thoroughly than anybody else that’s going to play well to juries.
[32:48] What kinds of things in contracting are you seeing?
JM: This is an area that many companies are not attuned to. And it’s something that I know you’ve been preaching. I’ve been preaching for a long time. So the teeth of a contract, there are two key components. The first is the indemnity obligation stand between you and the harmed you and the plaintiff relative to the negligence of that party. It doesn’t matter whether you’re an IT consultant providing services, whether you’re a software vendor, providing services, IT platform cloud based services, etc. There needs to be an indemnity provision in every contract. Then insurance limits backing up that indemnity.
[37:49] With the new things coming like information blocking and recognized security practices where do you see things going? For example recognized security practices aren’t required and you don’t get a free pass. Is there a liability value of doing them? Does this help the premiums or hurt the premiums?
JM: You certainly want to do everything within your budget and capabilities that you can do.
There’s an expectation that you’re going to be doing certainly all the minimum requirements. And frankly, nowadays, particularly in health care, there’s an expectation you’re going to go above them. But, it’s not like you will get a discount on your premiums if you do these things. However, if you don’t do them you may pay a higher premium than those who elect to follow them.
[50:47]I’ve seen more and more companies that are saying use our services and we’ll provide you with a $100,000 cyber liability policy. How does that work?
JM: It seems like it’s a little bit of fox guarding the hen house going on there. So the answer is you can get an insurer to put a program together as long as you’re willing to bring volume to. Right. And so what they’re doing is they’re just paying a couple of hundred dollars for maybe a couple of thousand dollars per client to wrap their services into a cyber liability policy that they’re buying on behalf of their clients. And then, of course, they’re just marking the client’s cost up to account for that.
Take the time to listen to the whole episode. These snippets don’t do it justice. Another very informative visit with John Miller. Always appreciate him taking the time to help us navigate a very important issue with real deep knowledge of the topic.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
