“Cybersecurity and cyberinsurance just came out probably less than five years ago,” says Fort Lauderdale-based Mike Gorham, executive vice president of Brown & Brown of Florida, Inc. — Fort Lauderdale, the largest independent insurance agency in Florida. “And now it’s the most-claimed event in insurance right now, because of all the different attacks.”
It doesn’t matter whether you own a national company or a mom-and-pop business, Gorham says. Everyone is at risk. “We’re selling more of this type of insurance in the last two years than we ever have,” he notes, “and the prices, the demand and the claims activity are all going up.”
The 16-year veteran of Brown & Brown spoke with SFBW to talk about the pitfalls of being uninsured in a digitally dangerous world.
Can you talk about a client situation that illustrates the problem?
I personally have a general contracting client who does $80 to $100 million in sales—so not Fortune 500, but not small—and it’s a contractor so you wouldn’t think it would have these types of issues. We sold them cyberinsurance years ago, and last year they had a breach, and the client was up to almost $600,000 in losses because they could not bid on jobs for almost three weeks, because their system was shut down. They handle $5 to $10 million deals, so they’re not massive—it’s a churn-and-burn type deal—so if they can’t churn-and-burn, it costs them a lot of money. In the end, it cost the company $600,000 to $700,000 in lost revenue that the insurance company is going to pay—and they were paying $5,000 to $6,000 a year for this coverage.
Do you have other clients that people wouldn’t necessarily expect to be concerned with cyber breaches?
Now these claims are getting more and more publicity through the news with the big claims, and more clients are asking about it. We have a client in our office that makes T-shirts. They had a breach over a weekend—their bank accounts were breached through their software system and the losses were at almost $400,000. The banks won’t cover that if they can prove that it was malware intent and not just a phishing expedition.
What are some other nightmare scenarios that can happen to businesses?
Well, the worst thing that can happen is that they get your customers’ information—Social Security numbers, bank accounts. That would be big hospitals, big schools, big retail distributors. When that happens, the federal government gets involved and you have to notify anyone who could be affected, and you can be fined by the government up to $500 per record for every record that was attacked or stolen. Think of your regular physician’s office that has 400 patients and they have every one of those Social Security numbers, date of birth, everything. Cyberinsurance would cover all that.
You mentioned the big breaches that have been in the news. Can you comment on one?
Some of these cases don’t even involve the business’ website. Take, for instance, the Target breach that was years ago. Target hires a maintenance company to do their HVAC work, and [the culprits] got into the HVAC company’s system and through their system, got into Target’s system. No one is immune these attacks. The fact that the insurance company is paying the ransom incentivizes the attackers. On the other hand, the companies have to be protected, so the insurance company is there to do that. It’s kind of a lose-lose, really.
What do you say to small firms that don’t feel that they need this kind of protection?
The bottom line is the “it could never happen to me because I’m too small” excuse is not accurate. If they think that their cybersecurity company or IT firm is enough, these hackers are smarter than all of these IT firms. They’ll pay 30 to 50 grand in other types of insurance but won’t pay two grand a year in cyber. And it’s probably the most at-risk area of insurance.
What is the most satisfying thing about your role?
Honestly, it’s the fact that I can help people protect what they spent years building, and the fact that I’ve delivered checks for millions of dollars when there’s a claim. And that’s when it really gets good. No one likes insurance, and no one wants insurance until they need it.
Photos by Larry Wood