American International Group (AIG), the causality insurance company, is gearing up to look at all of its commercial policies with an eye toward including coverage against cyberattacks, kicking off in January.
According to news from Reuters, Tracie Grella, AIG’s global head of Cyber Risk Insurance, said at a cyber risk conference in New York on Thursday (Oct. 26) that the change is part of the insurance company’s move away from issuing policies that don’t lay out specifically whether losses from cybersecurity issues are covered. The report noted that while it may result in rate increases, coverage for hacks is becoming more important for companies, particularly in the wake of the Equifax data breach that impacted 145.5 million customers and exposed the credit card numbers of 209,000.
The executive noted that in April, AIG rolled out a property policy that specifically included recovery from cyberattacks, acknowledging that adding it to other types of policies will introduce higher rates. “When you buy affirmative cyber coverage, you should be paying for it,” Grella told Reuters.
The move on the part of AIG comes as companies are increasingly worried about the costs stemming from a data breach. In September, Hartford Steam Boiler Inspection and Insurance Company (HSB), a leading provider of cyber insurance and a unit of Munich Re, revealed a report that a little more than 50 percent of U.S. businesses have experienced a cyberattack during the last year, with 72 percent spending more than $50,000 to deal with the aftermath. The firm said that more than $50,000 went into investigating the cyberattacks, restoring or replacing damaged software and hardware and handling pushback as a result of the cyber extortions.
“In addition to the rising number of cyberattacks and related costs, businesses are increasingly anxious about protecting their data,” said Timothy Zeilman, vice president for HSB in the press release. “Data is what drives a business, and the loss or corruption of information can be devastating.”
According to the survey, 38 percent of the businesses that were victims spent more than $50,000 to respond to the cyber extortions, while 10 percent spent between $100,000 and $200,000. Seven percent spent more than $250,000, the survey found.