Cybersecurity insurance, also referred to as cyber insurance or cyber liability insurance, is insurance that your business can buy to reduce risks to data loss. A cybersecurity insurance policy will transfer some risk to the insurance company for a fee.
While all types of insurance have been around for decades, cybersecurity insurance is relatively new. Businesses that chose to buy cybersecurity insurance were early adopters. Given how cyber risks fluctuate, cybersecurity policies must change and adapt frequently. Underwriters have access to data that helps them calculate risk and set policy rates, premiums, and coverage. For cybersecurity insurance, it's not that simple. This hurdle is because cybersecurity insurance is new, and the data is limited.
1. It is an Extra Layer of Protection.
Losing data through theft or compromise has the potential to harm an organization. It can mean customers go elsewhere and cause your business a loss in revenue. What's more, without cybersecurity insurance, your company could be liable for any damages that stem from third-party data being stolen or compromised. Losing client data without a backup plan in place could be a disaster.
Cybersecurity insurance is essential if businesses want to protect themselves against cyber event risks, including threats linked to terrorism. In addition, coverage for cyber threats can help remediate cyber incidents quickly and could save your business.
2. Anyone can be hacked!
Back in 2011, the PlayStation Network suffered a breach by hackers. This breach exposed the personal data of 77 million users. It meant that PlayStation users were unable to access the service for over three weeks. In terms of cost to Sony, there were over 171 million dollars lost due to this breach. Sony could have saved themselves some of the $171 million had they secured a cybersecurity insurance policy - but they didn't. A subsequent court case ruled that their insurance policy only covered physical damage, which meant that Sony had to pay the costs of the losses from the cyberattack.
3. How It Works.
Many insurance providers that provide coverage like commercial property insurance or business liability insurance will also provide cybersecurity insurance. Most cybersecurity policies cover the first party (losses that impact a company directly) and third-party losses (losses by other people caused by a cybersecurity incident, depending on their relationship to the organization).
Cybersecurity insurance will help cover any losses resulting from cyber incidents and events. What's more, it can also help with costs linked to remediation, such as paying for legal assistance, crisis communicators, investigators, customer refunds, and loss to customer accounts.
4. Who should get Cybersecurity Insurance?
Companies who manage, store or create electronic data like contacts, sales, or credit card info will benefit from cybersecurity insurance. E-commerce companies can also benefit from cyber coverage. Besides losing money, downtime from a cyber event can potentially lose customers and sales.
In a similar vein, any company storing client information online will benefit from cybersecurity insurance and its liability coverage. But be forewarned that not every business will qualify for this type of insurance. You'll need to prove that you are doing everything possible to secure your data. If you're not sure if your cybersecurity is the best it can be, that's something we can help you figure out.
5. What doesn't a Cybersecurity Insurance Policy cover?
Whenever a business purchases a cybersecurity insurance policy, check the policy documents carefully. Depending on the policy type, you may lack some coverage you wanted, or you might have coverage for things you weren't aware of. Examples include paying legal fees, costs of notifying customers, meeting ransomware demands, costs of recovering data, etc. Make sure you're happy with your coverage before you sign on the dotted line.
Since it hasn't been around very long, policies and prices vary between providers. Therefore, businesses need to think carefully about what they would like covered in their cyber insurance policy. Depending on the industry, different organizations will need different types of coverage.
Having your Managed Service Provider help you through the application process is a good idea. After all, we can help define what coverage your business will need. The bottom line is, if you don't have it, look into getting it. Without it, you may risk making the same mistake as Sony did. If you have any questions, contact us for a cybersecurity consultation.