Risk Insider: Martin Eveleigh

Cyber Risk Insurance: An Ever-Evolving Coverage

By: | March 28, 2017

Martin Eveleigh is Chairman of Atlas Insurance Management, which he formed in 2002. He specializes in designing alternative risk transfer programs – particularly risk pools – and captive structures. He can be reached at [email protected].

The evolving category of cyber risk insurance continues to receive increased awareness each year, as more and more security breaches continue to surface. Across all industries, the number of cyber attacks, and the costs associated with them, are increasing.

First, the bad news.

The 2015 Verizon Data Breach Investigations Report identifies the top three industries affected by data breaches as Public, Information and Financial Services; while the 2015 Ponemon Institute Research Report indicates that Health, Education and Pharmaceuticals are the most costly per capita. The overriding message from both reports is that no company is immune to cyber attacks.

There were 79,790 known security incidents globally in 2014 with 2,122 confirmed breaches producing loss. The reports also show a 23 percent increase in the total cost of breaches since 2013 and a 12 percent increase in the per capita cost.

The Ponemon Report identifies three main reasons contributing to higher costs of data breaches in 2015:

  1. Cyber attacks are more frequent and costly.
  2. Data breach costs are impacted by lost business.
  3. Costs associated with detection of data breaches are increasing.

With risk increasing, it is no longer a question of whether a business will be subject to some level of cyber attack, but when and how. Knowing this, what can businesses do to mitigate the risk and damage?

Professional cyber security consultants agree preparation is key. In addition to developing a compliance work plan, companies should identify unpatched vulnerabilities in software and install test patches regularly. Also, certain industries are now mandating specific regulatory compliance criteria be met, and the insurance industry is taking note.

Creating a More Sound Cyber Risk Policy

Despite the best efforts at prevention, however, the risk of cyber attacks and breaches is great. A company can spend thousands, if not millions, on a security system and firewalls; but one employee opening a phishing email can compromise all defenses and allow criminals inside your system undetected, which is why a robust cyber insurance policy is critical to a company being properly protected.




Unlike other coverage forms, there is no established standard cyber insurance form utilized by carriers in the standard commercial insurance market. To be protected, businesses need to know whether coverage is provided, and at what level, for:

  • regulatory actions
  • incident response costs
  • credit and identity monitoring
  • transmission of viruses
  • business interruption and extra expenses
  • extortion expenses
  • data loss and restoration

A careful review of coverage is critical because a particular coverage that may be most important to your business could be excluded or limited in scope or amount. A captive is an excellent vehicle for providing coverage for cyber risks, as it has the flexibility to tailor coverage to the specific needs of your business.




Cyber risk is certainly here and rapidly increasing, but you can reduce its risk to your business with the right combination of security and proper insurance. And for insuring cyber risk, a captive just may be your best solution.

More from Risk & Insurance