Surplus lines brokers have a lower profile in the insurance world, but their role is huge. They support businesses behind the scenes every day. This type of insurance is needed when other, more traditional carriers do not have the knowledge or specialty expertise on how to cover a particular risk. One of those risks — a growing one — is cybersecurity.
While our primary focus at Socius Insurance over the past 15 years has been management and professional liability, cyber liability had been a lesser needed product. But its importance has come into the spotlight over the past five years.
The reason: hackers.
After the highly publicized Target breach, it became apparent to clients that the risk for exposure and data theft needed to be taken seriously. Since then, hackers have focused their attention on middle market targets. Cyber liability insurance is no longer just for companies with lots of data at risk, like those in health care or those with loads of credit card information. Now, common scams include social engineering and cyber extortion.
The surplus lines insurance industry has been forced to understand and adapt quickly to expand coverage as hackers grow more sophisticated.
Social Engineering Scams
The proliferation of social engineering scams is something to watch. An example of this is when a hacker watches keystrokes — they sit behind a firewall for months, then create a fictitious email from a company executive and try to dupe another person into transferring funds. The victim will receive an email from the business persona, saying, for example, they are “at a conference” and need to wire funds someplace for a deposit. The victim does not find out until later that it was fraud.
Another frequent problem is when a hacker breaks into a system and places malware that encrypts the company’s data. During cyber extortion, a victim opens an email with an attachment containing encrypted data. It then shuts the whole system down. The bad actors send a message to the business saying they must pay a high dollar amount or send bitcoin to unencrypt the system. The “good” bad guys will actually undo it. The worst of the bad guys will leave the encryption in place.
Cyber liability is now a product that every business client, large or small, should consider. Cyber Liability insurance goes beyond coverage for these threats. They help respond. Arguably as important as the insurance, they provide a team of experts when the worst happens. Cyber liability carriers have a cadre of breach response vendors to help in response efforts. Surplus lines offer a special expertise: a cyber liability policy comes with a 1-800 number and is ready to get involved immediately when you realize you have been scammed.
I am proud to say more than 85 percent of my business is for insureds in Florida.
We are a safety valve. As a member of the Florida Surplus Lines Association, I’ve been encouraged to see the work taking place in the Legislature to recognize and modernize the work we do to insure risks for large and small-business owners across Florida. The needed changes will bring Florida in line with most other states.
In our rapidly changing world, I’m in an industry evolving to protect businesses, and it’s great to see our Legislature recognizing that modernization to state laws are also necessary to keep our industry up to speed.
Eric Shapiro is Regional President at Socius Insurance in Tampa; he has worked in the insurance profession for 27 years.