City of Atlanta Cyber Nightmare Demonstrates Why Businesses Need Captive Insurance

It’s not surprising that many businesses are not fully prepared to for cyber risks.  The nature of this threat continues to evolve as technology advances, cloud computing grows, social media continues its advance and cyber criminals become more sophisticated.

And, last week it became clear that the City of Atlanta wasn’t ready for a cyber-attack either.  According to an MSN.com article titled “A Cyberattack Hobbles Atlanta, and Security Experts Shudder”…

Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack — one of the most sustained and consequential cyberattacks ever mounted against a major American city.

Also, as cyber-attacks are prone to do, this one caused massive business interruption.  According to the article,

But as the city government’s desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website.

Captive insurance companies are ideal vehicles for addressing cyber risk.  Because cyber threats are relatively new and ever-changing, it can be difficult for third party insurance coverage to keep up.  Also, cyber threats can have a tremendous spill-over effect, touching off a chain of secondary losses.  For example, businesses impacted by a cyber breach often suffer well into the future as they not only incur liability costs, but also suffer lost sales as they endeavor to regain the trust of customers.

Because captive insurance companies can issue customized, more flexible coverage to their parent companies, they can serve as an ideal insurance solution for cyber risk.  Furthermore, a captive’s flexibility also enables the parent company to maintain third party commercial cyber insurance and supplement third party coverage with a broad insurance policy from the captive to address gaps and secondary losses caused by a cyber incident.

Businesses that have third party cyber insurance in place, should consider supplementing their cyber insurance with a blanket cyber policy in a captive insurance company.  Many businesses do not have cyber insurance policies in place.  And, it is difficult to get excited about purchasing additional insurance.  For many businesses, insurance is a necessary evil…it is definitely a necessity but can also be viewed as a sunk cost.  Owning a captive insurance company gives a business an additional tool to address “non-traditional” but very real risks like cyber-attack.  A business can purchase cyber insurance from its captive insurance company and simultaneously grow profit in its captive insurance company when claims are low.

Also, because captive profits are at stake, the business has an even greater incentive to take active security measures to reduce the likelihood of cyber-attack and other digital threats to business data.