Introduction
Cyber insurance complements responsible cybersecurity planning, polices and practices. All are key no matter the size of your business, and cyber insurance is essential in preventing or recovering from a data breach. This is because cyber attacks are not only on big names and industry statistics show that about 40% of cyber attacks and breaches are targeted at small businesses. There was a time when insurance brokers couldn’t give away cyber insurance but that time has long passed.
What is Cyber Insurance?
Traditional general liability insurance policies typically exclude cyber risks, and this has led to the growth of cybersecurity insurance as a separate, stand-alone coverage. Cybersecurity insurance, commonly known as cyber insurance or cyber liability insurance is a relatively new coverage that underwriters are still gathering data on in order to provide coverage on a consistent basis. It has its origins in errors and omissions (E&O) insurance that protects against faults and defects in the services a company provides – analogous to product liability policies for companies that sell physical or digital goods.
Cyber liability insurance mitigates the financial risks and potentially catastrophic impact of a data privacy or security breach. Most policies include first-party coverage, which applies to losses that directly impact a company, and third-party coverage, which applies to losses suffered by others from a cyber event or incident, based on their business relationship with that company.
As cyber risks and vulnerabilities have multiplied, cyber liability insurance has evolved from some basic coverages to policies with multiple insuring agreements protecting against a myriad of risks and coverage needs such as breaches, credit card fraud, PII/personal identification information fraud, ransomware attacks, invoice manipulation, notification costs, crisis management, restoration costs, etc.
How Cyber Insurance Protects Your Business
Cyber insurance policies help cover the financial and property losses that result from cyber events and incidents. In addition, cyber liability coverage helps with the remediation costs. Here are some examples:
- Notifying, Reporting and Recovery:
- Payment for crisis communications to customers and other related parties
- Restoring identities of customers whose PII/Personal Identifiable Information has been compromised
- Computer System Repairs:
- Hiring computer forensics experts to investigate and recover compromised data
- Repairing or replacing damaged or compromised computer systems.
- Recovering data that has been altered or stolen
- Meeting extortion demands from a ransomware attack.
- Payment for legal and public relations assistance.
These are some of the coverages that cyber insurance can provide for your business. However, all cyber insurance policies are not created equally, so it makes sense to compare policies from different carriers to make sure you get the one that meets your needs and budget. A good approach is through an insurance brokerage experienced and knowledgeable in cyber liability assessments, coverages and placements.
What is not covered by cyber insurance?
It is important to be aware of areas that cyber insurance will not cover. Many policies exclude preventable security issues caused by humans such as the careless mishandling of digital assets or sharing passwords through text messages and allowing others to access confidential data. Exclusions may include:
- Preexisting or prior breaches or failure to address and correct a known vulnerability, which results in a breach.
- Cyber events initiated and purposefully caused by employees or insiders and from inadequate security measures.
- Infrastructure failures not caused by a cyber attack.
- The cost to improve technology systems, including security upgrades in systems or applications.
- Cyber claims if you’re not using Multifactor Authentication/MFA or encryption.
When choosing the right policy for your business, it’s important to study what your policy does and does not cover so you can avoid future surprises keeping in mind that cyber liability policies are written on claims made forms, meaning that you must have a policy in force when the claim is made and this may be different from when the breach occurred.
Choosing a Cyber Liability insurance policy and cost?
Cyber liability insurance can be purchased through many business insurance brokers. The cost of cyber insurance varies from business to business and many factors are taken into account by underwriters including company size, number of employees, industry, location, security protocols in use, and the amount of sensitive employee and customer data your business stores. To evaluate how much cyber liability insurance is likely to cost for your business, ask for multiple quotes.
To choose a policy, companies should closely review policy details to ensure it contains the necessary terms and conditions, and adequate limits for each insuring agreement in the policy. In addition, companies should evaluate whether policies provide protection against known and emerging cyber incidents and threats. Many cyber insurance carriers offer a risk vulnerability assessment at no charge if you’re purchasing cyber insurance.
Best Practice Cybersecurity Comes First
It’s important to understand that cyber insurance, while mitigating the impact of breaches, also provides an element of prevention from cyber-attacks through policy guidance, procedures and employee training. In fact, without adequate data security in place within your company, cyber insurance providers are unlikely to provide coverage.
A great first line of defense in your cyber security measures is a business password management solution, which is often suggested by insurance carriers, and IT MSPs/managed services providers. A business password manager allows you and the business and your employees to track, store, share, protect and manage all passwords and prevent cybercriminals from accessing sensitive data by restricting access to it.
Passpack’s password manager for businesses is built on the zero knowledge model, meaning no one but the end user can view the plain-text data in their Passpack account.