By Emily Selck
Director of Cyber Liability, M3 Insurance
Construction companies are no strangers to the risk identification and insurance purchasing process. For years, specialty products have been tailored to construction’s unique needs, as business transactions continued to drive insurance purchasing. Cyber liability insurance may have been lost in this exercise, as companies often misunderstood their exposure.
Early iterations of cyber coverage were tailored toward organizations that held large amounts of confidential information, leaving many construction buyers scratching their heads at how a policy could be beneficial for their business. Today, companies who have seen their peers suffer from the consequences of ransomware, business email compromise, and social engineering are looking into cyber liability coverage, perhaps for the first time.
The expansion of coverage has sparked new interest in a construction-specific product line that was not prioritized in years’ past. But, as any buyer will tell you, the coverage is broad, complex, and can be hard to navigate alone. Here are some of the most important exposures to consider in the construction industry to create a solid foundation of cyber coverage.
Missed Bid Coverage
Ransomware dominated the headlines in 2020 and continues to do so in 2021. It not only creates havoc for leadership when having to consider the pros and cons of paying criminals, but can also stop a business in its tracks. Even if a ransom payment is made, companies are left with a mess, often unable to access information or forced to deal with a malfunction of their computer systems.
This can stop current business, but can also prevent the opportunity to submit bids electronically. A tailored cyber insurance policy will address this gap in coverage with indemnification to the insured for the potential loss of revenues.
Electronic Device Coverage
Many insurance carriers would define computer systems broadly, with consideration for networks and devices utilized by many industries. Construction exposures are unique with the increased reliance on technology.
Drones, wearables, and specialized software utilities may not fall within this broad definition. If an incident were to occur due to a result of the devices, an insurance policy with affirmative coverage is the only way to ensure that a claim will be paid.
As mentioned before, insurers are managing a number of claims stemming from interruption of services as networks are restored following an incident. A comprehensive cyber insurance policy will respond to indemnify for lost revenues that result from this outage.
The coverage can often be broadened to include interruptions of third parties due to a breach, or from administrative errors and failures of systems to function properly. It is important for insurance buyers to understand the reliance of technology, the location of data assets, and the potential impact of an outage to the operation of their business.
Social Engineering Coverage for Goods
Social engineering claims have run rampant for many years, as criminals have become more successful in their impersonation of executives. The loss of funds have been painful for many insureds as they may not have implemented controls to verify the validity of these payments.
The construction industry is exposed to the same types of social engineering attempts, but with the increased value of construction products, construction companies may be duped into sending valuable goods to the bad guys. Many insurance policies consider a financial loss in these circumstances, but savvy buyers will request affirmative coverage for goods as well.
Negotiated Panel of Vendors
Cyber insurance policies have afforded many the opportunity to access world-class resources in legal, incident response/digital forensics, and other important services. These services are available to insureds nearly instantaneously with highly negotiated rates.
When purchasing a policy, it is important to engage with those vendors to expedite the response and to mitigate the damage from a cyber event. Be sure to bind coverage with an insurance carrier who has a broad panel of negotiated vendors.
It’s never been more important to reconsider your organization’s cyber liability insurance. The next construction industry cyber event may be lurking around the corner, and arming your company with a tailored product will be your best defense. Adding a cyber policy can be the integral brick in your foundation to keep your business stable.