register now for McGowanPRO Alerts

Education is your best defense in guarding against professional liability claims.  Sign up for our Email Newsletter and receive Alerts, Articles, and White Papers on protecting and managing your practice.

McGowanPRO is a national agency that specializes in procuring Professional Liability Insurance. On average, each of our executives and producers have over 15 years of experience in the professional liability industry.

Contact us and you will speak directly with someone who is experienced in professional liability and will work with you to obtain the best options for your business.

McGowanPRO Upcoming Events & Press

Cybercrime As online thievery spreads, so too does demand for insurance


Read the article on the Boston Business Journal

Mar 22, 2013

Mary K. Pratt, Special to the Journal

American businesses are under attack, and insurers are reporting to duty.

U.S. companies experienced an average of 102 cyber attacks per week last year, according to a study sponsored by Hewlett-Packard and conducted by the Ponemon Institute. That's up from 72 attacks per week in 2011 and 50 per week in 2010.

The study, which comes amid calls by U.S lawmakers and security officials to view the threat of cyber espionage and related crimes in the same light as global terrorism, also found that the average annualized cost of cybercrime incurred by a benchmark sample of U.S. businesses was $8.9 million per organization last year.

That's why Irene Wachsler, a partner at the family firm Tobolsky & Wachsler CPAs LLC in Sharon, opted to get an insurance policy designed specifically to protect her business if it suffered any technical attack or data breach.

"We hear about breaches all the time, and I thought, 'What would happen if someone breaks in?' I thought we should get some protection," Wachsler said.

Cyber insurance has been around for years now, but insurance industry experts say demand for such specialized policies is rising in lockstep with the costs associated with data breaches and other cyber crimes.

"Everybody is still getting a handle on what the magnitude of risk and cost is for cyber crimes, and the level of coverage is all over the map. People have not been well informed about (these policies), but that's starting to change," said Edward J. Naughton, a law partner at Brown Rudnick LLP.

An October 2012 survey by database and research concern Advisen Ltd. found that 43.9 percent of responding risk managers and insurance buyers said their companies purchase cyber liability insurance, up from 35.1 percent in 2011. The analysis also found that 25.1 percent of respondents who lack such coverage are now reconsidering their position.

Gary Sutherland, CEO of North American Professional Liability Insurance Agency, said his company has been working more closely with its clients on the cyber insurance front since 2008, but he said many business owners still lack a clear understanding of what's at stake. For example, he said many assume they don't need cyber insurance because they mistakenly think they're covered under other insurance products. And many don't understand their risks and what kind of losses they could face.

Sutherland and others said that the policies and what they cover vary widely, so prices will, too. Sutherland said policy costs are generally calculated on factors such as a policy holder's revenue, what type of business it is in and the types of information they have. As an example, though, he said his firm, with 4,000 clients, has a cyber policy worth $1 million for which he pays $2,800 annually.

But organizations of all sorts face significant cyber-related risks, said Rob Fitzgerald, president of The Lorenzi Group, which offers data security evaluations and digital forensic services.

First, there are the hackers, who today often work together in organized criminal syndicates to break into computers to steal whatever data they can - everything from credit card and Social Security numbers to corporate documents and intellectual property.

Fitzgerald said the second biggest misconception is that this is a big-company problem.

 "It's more often than not smaller companies and midsize companies who are more vulnerable and more likely to be attacked, and when they are attacked they have to deal with issues they haven't even thought of," he said.

Indeed, the Information Security & Cyber Risk Management study found that companies with less than $250 million in revenue still view cyber risks less seriously than those with revenue greater than $10 billion; 81.8 percent of smaller companies say such risks pose at least a moderate danger, compared to 95.9 percent of large companies.

Sutherland said polices vary but often cover first-party costs such as client notification, credit monitoring, media and advertising requirements and even public relations. They also cover third-party costs related to bills incurred by the victim's clients - say, a bank's customers - as a result of the cybercrime.