Updated
Cybersecurity insurance protects businesses against targeted attacks. Coverage also includes the occasional misplaced laptop containing confidential material. If your company handles sensitive client information, you are vulnerable. The best cyber insurance strategy takes a three-pronged approach: prevent, detect, and mitigate risk. This includes educating all levels of the organization about the importance of cybersecurity, 24/7 monitoring of critical networks, reviewing response plans for emerging threats, and insuring against financial risk with a stand-alone cyber insurance policy.
According to a 2019 AppRiver survey, 58% of executives at small-to-medium-sized businesses (SMBs) are more worried about a data breach compared to events such as a flood, fire, or break-in.
What this research shows is that over half of SMBs executives are fully aware of the cyber risks they run in operating a business. According to the survey, 48% of these leaders know that a data breach would shut down their business altogether. When it came to financial services and insurance, the number jumped to 71% of SMBs, reporting that a significant breach would close their doors.
Commercial general liability and property insurance policies typically don’t include cyber risks. A new category of cybersecurity insurance has been created as a “stand alone” line of coverage. The new cybersecurity coverage protects against a wide range of cyber incident losses that businesses may suffer directly or cause to others. Coverage includes costs arising from data destruction or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations.
First-party and Third-party cyber insurance policies.
First-party cybersecurity insurance covers costs associated with being the victim of a breach, ransomware incident, data or hardware destruction, interruption to business, and denial of service hacks. Policies typically include everything from notifying clients of the breach to weathering the storm of lost revenue.
Third-party cybersecurity insurance helps an IT company cover the risks of being blamed for a breach. This applies when a gap in security ends up passing a virus on to someone else or exposing customer information. If an IT company’s client experiences a ransomware attack or data breach and sues the IT business, third-party cyber insurance can pay the necessary legal expenses to defend the business in court.
Typical costs covered under cyber insurance policies include:
- Business Interruption
- Penalties and Fines
- Costs of Monitoring Credit
- Expenses Related to Public Relations and Communications
- Costs Associated with Rebuilding or Restoring Private Data
This is not an exhaustive list and continues to grow each year in response to the needs of industries, governing bodies, and the growing level of cybersecurity threats. In some cases, insurance providers are mandating specific actions from companies to qualify and in some cases, lower their cost of insurance. Ultimately, cyber insurance is designed to ensure companies are not made victims by circumstances where they have limited control. The potential financial impact from litigation, business interruption, and financial losses have many companies rethinking the need to purchase coverage. “If you don’t have a well-defined cybersecurity plan that’s been tested, includes employee training and policies that are enforced, then your company has significant exposure,” says Shawn Waldman, President, and CEO of Secure Cyber Defense.
Why should businesses consider getting cyber insurance coverage:
- Protect against data loss due to cybercriminal activities
- Protect customers and suppliers from being impacted by cybersecurity incidents
- Give investors and funders confidence the company can survive and recover after a major cybersecurity incident
- Ensure the company is in compliance with all regulations and industry standards
- Deal with public relations and communication requirements following a cyber incident
- Define funds to cover legal and technical costs when dealing with a major cyber event
- Deal with issues of privacy and data protection for customers impacted by data theft
- Provide funds to replace equipment and hardware damaged by the cyber incident
- Funds data breach response for forensics, investigation and crisis management support
- Provide funds in cases of cyber extortion and ransom payment
Several factors dictate how much a particular company will pay for cyber insurance. However, according to FitSmallBusiness, most SMBs annual premiums range from $1,000 to $7,500 for a $1,000,000 limit policy, depending on industry and exposures.
While companies like Secure Cyber Defense can provide incident response planning and system monitoring, Waldman feels “having a cyber insurance policy in place provides an additional level of financial protection in the event of a major cybersecurity breach.”