The Importance of Cyber Insurance in 2018 and Beyond…
In today’s technology-rich landscape the majority of businesses rely on the internet to deliver sophisticated services and to operate their business. As companies deepen their reliance on online tools and databases, hackers are developing increasingly sophisticated ways to target them. With over half of the internet’s traffic now comprised of bots, many of which have malicious intent, the field of cybersecurity is buzzing with teams of talented risk management experts trying to keep pace.
The potentially catastrophic consequences of a cyber security data breach or attack have been put under the spotlight, hitting news headlines on what seems like a weekly basis. Banks, celebrities and politicians have all fallen victim to security breaches and cybercrime. But they aren’t the only ones, research from Symantec (a leading cyber security firm) has shown that around 43% of all cyber-attacks are carried out against small businesses, leaving no one safe. And if that wasn’t bad enough, around 60% of small businesses close down within 6 months of a cyber breach due to lost customer trust, fines, lawsuits, and associated and mandated costs associated with a breach in the US.
Yet, despite increased awareness and highlighting of the potentially devastating consequences of a cyber security breach, many organizations still haven’t taken adequate steps to protect themselves from this very real eventuality.
Most people will insure their home, their car and other valuable items to protect them against damage or theft, so why not insure those digital assets that are so important to your company, employees and your customers?
And if the carrot of protecting your customers, employees and reputation isn’t enough to entice, consider that we’re now beginning to see precedents set in US courts that are placing further liability on business owners to take reasonable steps to ensure the protection of their customers’ data.
If you’re unsure about the benefits of cyber insurance, or are on the fence as to whether or not your organization should invest in this service, read on for some useful information that will help you to make a more informed decision.
What is cyber insurance?
A cyber insurance policy can also be referred to as a cyber risk insurance policy or cyber liability insurance policy. Simply put, these policies cover businesses against risks and liability associated with the internet.
Cyber Insurance can cover a businesses’ liability for data breaches including those that expose:
- Credit card numbers
- Account numbers
- Drivers license details
- Health records
- And more…
A cyber insurance policy passes risks and financial liability on to the insurance company, rather than that risk and financial liability being absorbed solely by you or your business.
Why do you need it?
So why do you need it?
As the way we work becomes increasingly more digitalized, online security breaches and cyber attacks not only leave a business vulnerable, they can have a truly detrimental impact, damaging your reputation and causing severe losses.
Cyber attacks are known to (in some cases) damage businesses irreversibly, even causing them to cease trading. In fact, these days, cyber attacks are quite likely to occur, whether carried out by organized criminals, hackers and even insiders.
Although cyber insurance can’t protect your business from these attacks, it can help you to keep your business in a stable place financially, should an attack occur. This is why it cyber insurance is now an absolute necessity.
Disturbing Facts Regarding Cyber Attacks:
- The average cost of a data breach for organizations in the USA is $7.91 million (Forbes) but can run into the hundreds of millions.
- The average cost per record of data breached is $148
- On average it takes organizations 196 days to detect a breach, allowing damages to mount
- The average cost of a data breach to small businesses is $117,000 (Kaspersky Labs)
- Around 60% of SMBs are forced to shut their doors and close down within 6 months of a breach due to costs, lawsuits, lost consumer confidence and more
- In some cases businesses and/or business owners are being held civilly and (potentially) criminally liable for negligence and failure to protect their customers’ data.
Types of Cyber Insurance
There are two main types of cyber insurance: business and personal.
Cyber liability Insurance for Organizations
This type of insurance protects a business or organization from damages incurred as the result of a security breach.
Cyber liability Insurance for Individuals
This second type of cyber insurance is for individuals rather than companies. The purpose of individual cyber insurance is largely to protect the individual against the associated damages that come with identity theft.
First-Party and Third-Party Coverage
First party coverage generally covers direct losses inflicted upon an organization or an individual. Third-party cyber insurance, on the other hand, generally covers your business against any claims made by your partners, suppliers or customers (i.e. another third party).
What does Cyber Insurance Cover?
The coverage you are entitled to will depend on your cyber insurance provider and the type of policy you select. The main purpose of cyber insurance is to help your business to recover from an attack by covering a number of associated costs.
Common items generally covered include:
- Data breaches
- Personal identity theft
- Data theft
- Legal fees
Your cyber insurance policy will usually cover other associated costs including:
- The cost of data recovery
- Repairing breached systems
- Recovering data that has been compromised
- Restoring identities of affected customers
- The cost of contacting customers and notifying them of the breach
Coverage may also extend to other areas such as:
- Extortion (such as that associated with ransomware)
- Forensic investigations needed to understand what happenend and how to prevent it from happening again.
- Costs associated with investigating the attack
- Business losses
- And more…
What cyber insurance doesn’t cover
Although cyber insurance is critically important to have in place, there are a number of things that it does not protect against. Even if you have cyber insurance, you should still be vigilant in protecting your company against potential breaches by ensuring that you invest in additional cyber security.
The majority of cyber insurance companies will not pay out if there is no evidence that you or your organization has taken reasonable and proactive steps to protect against security breaches in the first place. This is akin to an auto insurance policy not covering the theft of your car if you were so careless as to leave it unlocked with the keys in the ignition in a bad neighborhood.
Make sure that you identify which breaches are preventable and which are beyond your control. If you can show that you have taken steps to protect your digital network, your insurance provider will be more likely to work with you on covering losses included in your policy.
Always be sure to read and understand the small print and your responsibilities as it relates to the policy. If you have questions, consult your insurance provider, agent or legal representation for assistance.
What does cyber insurance cost.
The cost of cyber insurance will depend on several risk factors and therefore it can vary from business to business based on factors such as:
- Scope of the policy
- Size of the business
- Number of employees
- Number of customers
- Types of information and databases utilized or held on or off site
- And more…
It is a good idea to research a number of different providers to get an idea of cost and find coverage that is right for your business. Many insurance companies will provide you with a checklist so that you can easily compare their policy against others.
When you’re comparing policies and providers, make sure they cover against the areas that you’ve identified as a priority. Also make sure that you compare the deductibles, in the same way that you do this when you are purchasing your home or vehicle insurance.
Other Types of Cyber Insurance:
Cyber Security Insurance
Cyber security insurance is a type of coverage that helps companies to recover from data loss, usually as a result of a security breach, network outage or cyber-attack. This type of coverage may or may not be included in your policy, so be sure to check when comparing providers.
Cyber Crime Insurance
Cyber crime insurance is another type of cyber insurance coverage. According to statistics, cyber crime costs the global economy approximately 600 billion each year. Cyber criminals are developing increasingly sophisticated methods for accessing online accounts and information. You can protect yourself against cybercrime by purchasing cyber crime insurance.
What to Look for When Buying Cyber Insurance
Now that you know the importance of a high quality cyber policy, here’s a few tips on what to look for when comparing policies and insurers.
- Do they offer or make available more than one type of policy or is the coverage an extension of their other offerings? In most cases a “stand alone” policy will provide better and more expansive coverage.
- Are their policies customizable to meet your specific needs?
- What are the dedcutibles?
- How are limits applied differently to first and third party liabilities?
- Does the policy cover generalized attacks not specifically targeted to your business or only those targeted directly at you or your organization?
- Does the policy provide for coverage of “non-malicious” actions taken by an employee?
- Is social engineering covered? Are network attacks covered? Phishing? Advanced persistent threats (APTs)?
- With regards to APTs are there specific timeframes or time limitations on the policy coverage?
There’s no doubt that cybercrime and cyber security breaches pose a very real risk to any business. It is up to you to evaluate the impact that a cyber security breach could have on your business. You need to offset the risk that a breach poses to your business and weigh it up against the investment.
Remember, cyber insurance is not a replacement for cyber security. Your first step should always be to make sure that you have the right processes and procedures in place to protect against a cyber security breach in the first place.
Choosing the right policy will give you peace of mind and confidence that should a security breach or cyber attack occur, you’ll be able to get your business back on track more quickly.