The large data breach at Marriott this year is just a blip on the radar when it comes to cybercrime’s impact on business. While the Marriott case was large, exposing the records of up to 500 million people, it is just one of thousands of such cases each year. Breaches at most companies never make the news. In 2018, there were 1,244 data breaches in the U.S., according to Statista, and each one took an average of 197 days to detect, IBM said. Security firm Symantec estimates that 4,800 websites each month are injected with “formjacking” code, which cybercriminals use to steal personal information.
Whether it is malicious code or email phishing scams, cyber criminals are working overtime to steal customer data, and those in the transportation industry are just as vulnerable as any other company. Symantec said that supply chain cyberattacks increased 78 percent in 2018.
FedEx and Maersk learned these lessons in 2017. The infamous “NotPetya” cyberattack cost FedEx at least $300 million in lost business and clean-up costs. Maersk, too, reported losses of more than $300 million and faced disruptions to its supply chain for weeks.
The numbers are even more discouraging for mobile devices, which the transportation industry has adopted on a large-scale. According to RSA, a security risk management company, 70 percent of fraudulent transactions in 2018 originated on a mobile channel, and 20 percent of cyberattacks were attributed to a rogue mobile app. The firm found that up to 57 percent of companies (across all industries) utilize up to 10 different anti-fraud tools to manage fraud, and yet cyberattacks still occur.
Despite these facts, the Council of Insurance Agents & Brokers (CIAB) found that only a small percentage of companies are increasing their cybersecurity protection policies. In its biennial survey released earlier this year, CIAB reported that only 33 percent of clients purchased some form of cyber coverage, and of those, only 34 percent of clients increased their coverage in the past six months.
The Council represents the nation’s leading commercial insurance brokerages that collectively place 85 percent of U.S. commercial property and casualty premiums annually. The biannual Cyber Insurance Market Watch Survey offers a snapshot of the cyber insurance market over the past six months from a nationwide sample of brokers.
Whether it is a trucking company, a broker or a shipper, having cyber insurance is becoming an important part of insurance coverage portfolios, yet most still believe “it won’t happen to me.” That is reflected in CIAB’s survey, which found the 33 percent of those paying for cyber insurance changed little from previous years – just 32 percent in the group’s summer 2018 survey and 31 percent in the fall of 2017 survey.
The survey found that a firm in the Northeast saw a greater take-rate of coverage when it was bundled as part of a broader package.
Even those that increased coverage was limited, though, with just over one-third (34 percent) increasing while 63 percent keeping levels the same.
“While respondents agreed that clients view cyber insurance as important to have, this did not necessarily translate to clients increasing their budgets for higher limits or increased coverage,” explained Ken A. Crerar, president and CEO of CIAB. “As a result, take-up rate and coverage levels have remained consistent over the past two years.”
Without proper insurance coverage, companies are leaving themselves at risk, experts say. The average data breach now costs $3.86 million, up about 6 percent from the year before IBM said, but that number is significantly lower, by about $1 million, for those companies that contained a breach in the first 30 days. Yet, the average cyber insurance policy across all businesses is for $2.8 million in coverage, down from $3.2 million in early 2018.
While most companies in the transportation space would not be facing $4 million data breach losses, they remain vulnerable to high expenses as a result, and depending on their size, those expenses, which include required notifications, cleanup and any restitution, could jeopardize the overall viability of the business.
Verizon notes that 58 percent of data breach victims are small businesses. In transportation, those businesses make up nearly 90 percent of the industry.
The good news is that premiums are not increasing, CIAB said. The survey found that 61 percent of those buying cyber insurance had not seen an increase in premiums and an additional 26 percent actually saw a decrease.
Most small and midsized business respondents to the survey – 43 percent – said the transfer of risk was the reason for acquiring cyber insurance. Twenty percent, though, took out a policy following a cyber breach.
CIAB reports that regulations are also starting to drive more companies to look into cyber security policies.
“On the whole, respondents agreed that the clients who had been directly affected by regulation like the European Union’s General Data Protection Regulation and the New York Department of Financial Services’ Cybersecurity Rule were the ones who were starting to ask more questions, such as whether certain fines or penalties would be covered,” it wrote. “As more and more states continue to enact or introduce bills and resolutions related to cybersecurity (at least 22 states enacted 52 such bills by November 2018), it will be interesting to see if that might drive more companies to purchase, or at least consider the purchase of, cyber insurance.”