2/5/2020 5:43 PM
What is Cyber Insurance?
This is the first of a series of articles about cyber risk insurance. This article discusses what cyber insurance is, and what you need in order to get cyber insurance for your company. Our next articles in this series will discuss the following:
Cyber insurance is designed to transfer cyber risk from your company to an insurance company (Lindros & Tittel, 2016). It protects against damages resulting from cyber threats to your computer systems and data. These threats can result in stolen or damaged data, liabilities, and massive recovery costs. It helps companies recover from data breaches and other cyberattacks that take place on their network. Cyber insurance is sometimes called cyber security insurance or cyber risk insurance. There are multiple types of cyber insurance:
Cyber insurance typically covers damages your business may suffer as a result of a data breach such as investigation services, business interruption coverage and data recovery. It can also cover damages if the breach effects customers or partners. This can include legal fees and settlement costs.
1/3 of companies in the United States purchase cyber insurance. The total value of cyber insurance premiums is expected to reach 7.5 billion by 2020 (Lindros & Tittel, 2016). This number will likely increase as ransomware, malware, and data breaches continue to grow. As cyber attacks grow, so do the financial stakes.
Most cyber insurance policies cover forensic investigations (Lindros & Tittel, 2016). Forensic investigations include monitoring and analyzing network traffic to look for unusual activity. Your company will most likely need a forensic investigation after a cyberattack to find the source of the attack and to prevent it from happening again.
Most cyber insurance policies also cover business losses. This usually includes monetary losses from your network being down, losses because of errors, and data recovery costs. Cyber insurance policies also usually cover legal expenses and data breach notifications (Lindros & Tittel, 2016).
Cyber insurance is important because many companies are affected by data breaches and many general liability insurances don’t cover the cost of cyberattacks (Beekley, 2018). If your company has cyber insurance, it will help you recover from an attack by paying for the cost of getting your systems back online and the cost of eliminating the attack.
If you don’t have cyber insurance and your company is affected by a cyberattack, you will have to notify your customers yourself and recover from the attack by yourself. This could be very detrimental to your business. A report by Radware shows that the average cost of a cyberattack is over $1 million (Security Magazine, 2019). More than 70 state and local governments have been subjected to ransomware attacks in 2019, according to research by Barracuda.
Cyber insurance is not an alternative to having a security policy and mitigating risks (Newman, 2017). But it is necessary to protect your company in the event of a cyberattack. The National Cyber Security Alliance reported that 60% of small businesses fail within six months of a cyberattack (Schueler, 2017). Small businesses can be targeted more often than large businesses because oftentimes small business are not as well protected.
When you choose a cyber insurance policy for your company, you should read it carefully to make sure you know what it covers, how much it covers, and what its limitations are. Most policies usually won’t cover social engineering claims or regulatory fines (Beekley, 2018). Each type of cyber insurance and from different companies covers different aspects. Make sure you thoroughly go over each companies’ cyber insurance coverage to ensure it will cover what your business needs.
Cyber insurance companies also have requirements. If your company has cyber insurance but doesn’t follow the requirements, your insurance may not cover the costs when you’re affected by a cyberattack (RapidFireTools, n.d.) (Newman, 2017). Some common requirements are (Cyber Data Risk Managers LLC, n.d.):
· Know your data. Are you collecting, storing, or processing sensitive (PII) personal identifiable information, (PHI) personal health information or third-party business information?
· Secure your network and data. If it is not secure, you are more of a risk and cyber insurance will cost more.
· Assess your cyber risk. The riskier your business is to cover, the more it will cost to insure your business.
· Make sure you are complying with federal guidelines as needed for your business. Are you FISMA, NIST, and RMF compliant?
Stay tuned for the next article in our cyber insurance series!
Beekley, T. (2018, April 23). The Value and Limits of Cyber Insurance. Retrieved from EducauseReview: https://er.educause.edu/articles/2018/4/the-value-and-limits-of-cyber-insurance
Cyber Data Risk Managers LLC. (n.d.). Cyber Insurance Policy Purchase Preparation Checklist. Retrieved from Cyber Insurance Checklist: https://www.cyberinsurancechecklist.com/cyber-insurance-preparation-checklist/
Lindros, K., & Tittel, E. (2016, May 4). What is cyber insurance and why you need it. Retrieved from CIO: https://www.cio.com/article/3065655/what-is-cyber-insurance-and-why-you-need-it.html
Newman, D. (2017, July 25). Cyber Insurance: What Is It, Do You Need It? Retrieved from HuffPost: https://www.huffpost.com/entry/cyber-insurance-what-is-it-do-you-need-it_b_5977a8e4e4b0940189700d50
RapidFireTools. (n.d.). Cyber Insurance Manager. Retrieved from RapidFireTools: https://www.rapidfiretools.com/products/compliance-manager/products/cyber-insurance/
Schueler, C. (2017, June 12). What Happens When Your Small Business Is Hacked. Retrieved from Entrepreneur: https://www.entrepreneur.com/article/295105
Security Magazine. (2019, January 15). Average Cost of Cyberattack Now Exceeds $1 Million. Retrieved from Security Magazine: https://www.securitymagazine.com/articles/89734-average-cost-of-cyberattack-now-exceeds-1-million
TechInsurance. (2015, March 17). How Much Cyber Liability Insurance Is Enough? Retrieved from TechInsurance: https://www.techinsurance.com/blog/cyber-liability/how-much-cyber-liability-insurance-is-enough/
Vigilant Technologies is a Veteran Owned company headquartered in Tempe, Arizona. We provide products, services and enterprise-wide integration of innovative IT solutions to commercial, Federal, State and Local government clients. Our Leading edge services include Private/Hybrid Cloud, Server Consolidation, Virtualization implementation, and Infrastructure Management.
Need to get a hold of us? No problem!
4500 S. Lakeshore Drive
Tempe, Arizona 85282