Cyber Risk Is Keeping Your CEO Up at Night. Here’s Why
The past few years have certainly brought a fair number of risks that might keep CEOs tossing and turning as they try to figure out how to lead their companies forward.
First, there was a global pandemic, then the supply chain issues that followed.
Now, enterprises are struggling with vaccine mandates and the EPLI exposures that come with it, along with the ever-present threat of cyber attacks.
A session at the 2022 RIMS annual conference focused in on these risks that may cause CEOs to lose sleep.
The session, “Five Risks That Keep Your CEO Up at Night and How to Mitigate Them,” was presented by attorney Andrea DeField, a partner at Hunton Andrews Kurth LLP, and Mike Tush, senior enterprise risk management analyst, Blue Cross Blue Shield Kansas City.
The speakers began the session by surveying the audience on what risks they believed keep CEOs up at night. Responses ranged from employee turnover to concerns over supply chain.
But as Tush and DeField outlined the five risks they wanted to focus on in their session a common theme emerged: cyber exposures.
Cyber Risk Dominates
During their session, Tush and DeField named ransomware, a need for sufficient cyber coverage, supply chain cyber risks, government investigations and subpoenas, and other D&O exposures as the five primary risks that keep CEOs up at night.
Of those five, three were concerned with cyber exposures and for good reason: In the first six months of 2021 companies, paid an estimated $600 million in ransomware. That’s up from $416 million in 2020, per the Department of the Treasury.
“Now, I’m getting calls directly from the CEO,” DeField said. “They’re actually asking about insurance, particularly cyber insurance.”
The increased frequency and severity of cyber attacks has led to an increase in insurance premiums, with some organizations reporting rate hikes of 80-90% or higher.
“When you get that 400% [increase] your CFO wants to murder you. I’m sure that is not the call you want to get,” DeField said.
Businesses of Every Size Need Cyber Coverage
With prices so high, some organizations may wonder if cyber insurance is worth the trouble. Smaller organizations especially may wonder if it’s worth the price, since they might believe it is unlikely attackers would target them.
“One of the great questions we’re getting now is ‘Should I even buy cyber insurance?’ ” DeField said.
Both DeField and Tush agreed that cyber criminals are willing to attack any size and any type of organization.
“It’s really not a matter of if you’re going to be breached at this point. It’s a matter of when,” DeField said.
To illustrate this point, Tush shared a story about a small medical provider in Oklahoma that suffered a ransomware attack.
“They had to resort to running their hospital on paper,” he said.
Their best advice to insureds looking for cyber coverage? Start early.
That way, you have time to shop around for carriers and get your cyber risk management in order.
“There’s still robust coverage, but you better be starting very early,” DeField said. &