Cyber Insurance in 2020: What You Need to Know
Cyber insurance has emerged as a response to the rapidly increasing cyber-attacks across the world and the extent of damage these attacks cause to businesses. Recent trends indicate there is a continual rise of cybersecurity attacks that leverage vulnerabilities of businesses to launch cyber attacks. Data breaches exposed around 4.1 billion records in the first half of 2019.
Companies are now proactively managing their cybersecurity risks by early identification and mitigation of vulnerabilities. However, it’s impossible to completely secure your business from cyber threats and attacks. There’s only so much you can do, from resource allotment to hiring skilled professionals.
As a part of the response to cyber attacks, companies should also purchase cyber insurance. While it doesn’t help mitigate security risks, it helps companies overcome the aftermath of a cyber attack.
What is Cyber Insurance?
Cyber insurance, also referred to as cyber liability insurance coverage (CLIC), is a form of insurance policy designed to help businesses tackle the devastating effects of cyber crimes such as ransomware, malware, distributed denial-of-service (DDoS), brute-force attacks, or any other type of cyber attack.
Why Do You Need Cyber Insurance?
Cybersecurity risks are significantly increasing due to highly interconnected and complex IT infrastructure which entails networks, servers, software, applications, databases, etc. In fact, a survey has found that nearly 68% of business leaders feel their cybersecurity risks are increasing. This is where cyber insurance works for enterprises looking to protect their data and assets. Similar to business insurance where companies are insured against physical risks, natural disasters, and business problems, cyber insurance covers their cyber risks.
Cybersecurity risks such as poor security configuration of cloud and hybrid environments, lack of strong password policies, poor access management controls, and others are some of the most common risks that could lead to data leakage, exposure of sensitive data of customers’ of an enterprise, and other cyber threats.
Cyber attacks can be detrimental for a company’s growth and can have not just short term effects, but long-term as well. One of the most prominent and far-reaching effects of a cyber attack is the costs associated with it. This may include several expenses that businesses are often not aware about. For instance, if a data breach occurs and sensitive information of customers, employees, or stakeholders is compromised, the company often has to compensate them for their loss. Furthermore, the company might have to pay hefty fines and penalties to compliance companies such as the Payment Card Industry Data Security Standard (PCI DSS) for non-compliance with security standards.
These costs could impact an organization’s revenue and their operations, especially small to mid-scale businesses (SMBs) that may not have enough resources to survive the breach in the first place, let alone sustain and achieve their business goals. Cyber insurance can provide assistance, and help companies combat the aftermath of a cyber attack.
What Does Cyber Insurance Cover?
Most cyber insurance companies have expertise on how to provide protection, assets to insure, cyber risk losses that may be caused due to cyberattacks. In addition to this, some cyber insurance plans also offer coverage to business income loss or physical damage to hardware. Companies can get a custom cyber insurance plan designed for them, as every business has a unique set of resources, assets, valuation, and budget for cybersecurity. Since these plans are not traditional and standardized, it’s better to venture different cyber insurance plans before purchasing one.
Typically, a cyber insurance plan covers first-party loss as well as claims by the third-party. Some of the most common expenses covered include:
Investigation: A major cost associated with cybersecurity attacks is conducting a forensic investigation, which can be quite expensive because they often involve third-party service providers that are quickly on-boarded to determine and analyze the cyber attack. A forensic investigation is highly important as it helps to determine how the cyber attack occurred, what damage it has done, how to repair the damage, and how to prevent similar cyber attacks from taking place in the future.
Business Losses: A cyber insurance policy may include monetary loss experienced due to unexpected operational downtime, network interruptions, errors made due to poor policies and negligence as well as other costs such as enhancing brand reputation or repairing customers relationships.
Privacy and Notification: Once a data breach has occurred, the company is liable to notify its customers, employees, third-party providers, and any stakeholders about the breach. In many jurisdictions, it is a mandatory step that every business has to take in case a data breach occurs which might have compromised the personal information of customers.
What to Look for When Buying a Cyber Insurance
There’s no such thing as “one size fits all” when it comes to cyber insurance policies. Different cyber insurance providers cater to different security risks and issues, and this implies that a company from one industry may have completely different cyber insurance needs as compared to another company. It’s important to choose a cyber insurance plan that is specifically designed to meet your business needs and expectations.
Here are some questions you should consider before you buy a cyber insurance policy:
What types of incidents does the insurance cover? There’s no underwriting standard for a cyber insurance policy, so it’s critical that you understand exactly what type of crisis or incidents are covered under the insurance policy.
Are there any demographic restrictions on the policy? Companies have been increasingly adopting globalization, so make sure you are aware of any demographic based restrictions. For instance, if you do business in another country and suffer a data breach there, would it still be covered in your insurance policy? Or will there be any exceptions to which attacks will not be covered?
What is the turnaround time of your cyber insurance provider? Once you have notified your insurance provider about the breach, your insurer should be contractually liable to act quickly. Check out each prospective insurer’s minimum turnaround time.
Is the insurance policy flexible in terms of modifying coverage to meet the evolving cyber threat landscape? Attackers are constantly seeking ways to launch cyberattacks and using more sophisticated methods that make it difficult to detect and mitigate these attacks. Ask your insurer about the identification of additional risks, if amends can be made to the policy, and will it impact the premium coverage.
Tips: You can also create a checklist to ensure you have covered all the important aspects you would like to have in a cyber insurance policy.
In today’s cybersecurity landscape, you cannot overlook the importance of having cyber insurance. When determining if a cyber insurance policy is right for you, conduct a cyber risk assessment on your business. This will help you understand your assets, risks associated with them, and how to mitigate them. Having cyber insurance is imperative to businesses, as even the most global and massive organizations could find themselves in crisis.