Cybersecurity insurance protects businesses against targeted attacks and even the occasional misplaced laptop containing confidential material. If your company has employees or handles sensitive client information, you are vulnerable. The best cyber insurance strategy takes a three-pronged approach: prevent, detect, and mitigate risk. This includes educating all levels of the organization about the importance of cybersecurity, facilitating ongoing monitoring of critical networks, reviewing response plans for emerging threats, and insuring against financial risk with a stand-alone cyber policy.
Many companies go without a policy because of the perceived high cost, confusion about what they cover, and doubts that their company would ever become a target of a cyberattack.
Commercial general liability and property insurance policies typically don’t include cyber risks, so a new category of cybersecurity insurance has been created as a “stand alone” line of coverage. The new cybersecurity coverage protects against a wide range of cyber incident losses that businesses may suffer directly or cause to others. Coverage includes costs arising from data destruction or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations.
There are two kinds of cybersecurity policies, first-party and third-party policies.
First-party cybersecurity insurance covers costs associated with being the victim of a breach, ransomware incident, data or hardware destruction, interruption to business, and denial of service hacks. Policies typically include everything from notifying clients of the breach to weathering the storm of lost revenue.
Third-party cybersecurity insurance helps an IT company cover the risks of being blamed for a breach. This is especially applicable when a gap in security ends up passing a virus on to someone else or exposing customer information. If an IT company’s client experiences a ransomware attack or data breach and sues the IT business, third-party cyber insurance can pay the necessary legal expenses to defend the business in court.
Typical costs covered under most policies include:
- Business Interruption
- Penalties and Fines
- Costs of Monitoring Credit
- Expenses Related to Public Relations and Communications
- Costs Associated with Rebuilding or Restoring Private Data
This is not an exhaustive list and continues to grow each year in response to the needs of industries, governing bodies, and the growing level of cybersecurity threats. In some cases, insurance providers are mandating specific actions from companies to qualify and in some cases, lower their cost of insurance. Ultimately, cyber insurance is designed to ensure companies who must operate over the internet are not made victims by circumstances where they have limited control. The potential financial impact from litigation, business interruption, and financial losses have many companies rethinking the need to purchase coverage. “If you don’t have a well-defined cybersecurity plan that’s been tested, includes employee training and policies that are enforced, then your company has significant exposure,” says Shawn Waldman, President, and CEO of Secure Cyber Defense.
So why should businesses consider getting cybersecurity coverage:
- Protect against data loss due to cybercriminal activities
- Protect customers and suppliers from being impacted by cybersecurity incidents
- Give investors and funders confidence the company can survive and recover after a major cybersecurity incident
- Ensure the company is in compliance with all regulations and industry standards
- Deal with public relations and communication requirements following a cyber incident
- Define funds to cover legal and technical costs when dealing with a major cyber event
- Deal with issues of privacy and data protection for customers impacted by data theft
- Provide funds to replace equipment and hardware damaged by the cyber incident
- Funds data breach response for forensics, investigation and crisis management support
- Provide funds in cases of cyber extortion and ransom payment
While companies like Secure Cyber Defense can provide incident planning and testing as well as incidence response, Waldman feels “having a cyber insurance policy in place provides an additional level of financial protection in the event of a major cybersecurity breach.”