GRAND FORKS — In the history of fire insurance, the Great Chicago Fire stands as a milestone.
The 1871 fire destroyed some 3½ square miles of the city and bankrupted 68 of Chicago’s 200 fire insurance companies. But the city and the insurance industry not only recovered, they did so while pioneering dramatic improvements in fire protection, firefighting and fire insurance practices.
Today, businesses and homeowners routinely carry fire insurance. And they need it blessedly seldom, because thanks to prevention, catastrophic fires now are rare.
Here’s hoping the recent ransomware attacks in Atlanta and Baltimore help speed a similar evolution. Because right now, too many “cyber structures” in America are rickety and made of figurative wood — and as we’re learning, it doesn’t take much to make the structures go up in virtual flames.
Cybersecurity is a big part of fixing that situation.
So is cyber insurance, and that’s what this story is about.
Cyber insurance helps protect companies financially against hacking, ransomware and other internet-based risks. It’s one of the fastest-growing areas of insurance; premium totals will triple in the next few years, jumping from $2.5 billion in 2017 to $7.5 billion in 2020, PWC Global predicts.
The growth is understandable. “Cyber crime is the greatest threat to every company in the world,” Ginni Rometty, IBM’s chairman, president and CEO, said in 2015.
Rometty had a point, as Atlanta and Baltimore’s experiences in March showed. “Hackers launched cyberattacks in both cities,” reported Governing magazine, “hobbling the 911 emergency response system in Baltimore, crippling a wide swath of city services in Atlanta, knocking out Wi-Fi at the nation’s busiest airport and forcing city workers to keep records with pen and paper.”
Such attacks get people’s attention, coming as they do on the heels of infamous breaches of Target, Equifax and other large firms.
But take note: It can happen here. That’s because these days, small and mid-sized businesses in the Upper Midwest and elsewhere are at serious risk, said Adam Hamm, former North Dakota insurance commissioner and past chairman of the cybersecurity task force for the National Association of Insurance Commissioners.
“Cyber attackers are looking for soft targets,” Hamm said. Small businesses often qualify because they lack strong cybersecurity protections.
The response of any business should be twofold: First, strengthen cyber defenses; and second, consider cyber insurance.
Basically, “it doesn’t matter what size business you are, whether you’re a multinational or on Main Street,” said Hamm, who’s now in Chicago as a managing director and cyber insurance expert for Protiviti, a consulting firm.
“A cyber liability insurance policy is likely a prudent course of action.”
The region’s organizations now are learning this first-hand, said Gregg Schaefer, senior producer and vice president of sales at Vaaler Insurance in Grand Forks.
“I spoke with one fellow, he bought a policy and a week later, he got hacked,” Schaefer said.
“That claim probably was in the $20,000 range. We also had an $85,000 claim; we had written it for a client, and 10 days later, he got hacked, too.”
These days, about half of all cyber attacks target small businesses, Schaefer said.
“Before it was, ‘This will never happen to me,’” he said.
“Now, it’s happening a lot, and people are hearing about it.”
Organizations that are thinking about buying cyber insurance should engage in a four-step process, said Hamm, who’s now in Chicago as a managing director and cyber insurance expert for Protiviti, a consulting firm.
Depending on the type of business and other factors, the premiums for such a policy might start at less than $100 a year, said Desiree Khoury, vice-president for specialty reinsurance at NAS Insurance Services in California. (North Star Mutual Insurance Co. in Cottonwood, Minn., is among those that offer NAS’s cyber insurance plans.)
With higher limits will come higher premiums. At Vaaler, for example, a construction company’s annual premium for a Travelers cyber insurance policy with a $1 million limit likely will be in the neighborhood of $5,000, Schaefer said.
But in all cases, the focus on insurance mustn’t blind executives to the need for good cybersecurity. To protect against the potential devastation of a fire, today’s business owners have smoke detectors, sprinkler systems and fire insurance, Khoury said.
That’s the way owners can lower their cyber risk, too.
“So, when you get that reminder to do a security update on your computers, don’t just click out of it,” she said.
“Make sure you make the update.” The whole process starts with sweating such details, because businesses first should make their systems as hacker-proof as they can be.