Cyber Insurance: Is it right for your company?

Cyber InsuranceLet's say your server has been compromised. A few internal network components are crippled, and some of your customers are raging mad.

On top of it, your employees and customers cannot reach the server. The phones are ringing off the hook with complaints.

The kicker: the attackers have breached your customer data, including social security numbers, bank account numbers, and credit card numbers. You can expect your first notice of a lawsuit on Monday.

After thousands of dollars and hundreds of work hours, the threat is finally eliminated. Your systems are up and running again.

Thankfully, you have a cyber insurance policy to help cover the costs related to the breach, right?

What is cyber insurance?

Also known as cyber liability insurance, this type of insurance policy covers many of the losses suffered by your company and related third parties (clients, vendors) due to a cyber attack.

The costs can include liability claims against your company for data breaches, asset losses due to extortion,  company expenses for handling the attack, and a lot more.

Before a cyber insurance policy existed, tech companies primarily relied on errors and omissions insurance (E&O Insurance) to protect themselves and their clients from losses due to network intrusion.

As the nature of information systems evolved and threats became increasingly complex over the past decade, a whole new branch of cyber insurance developed.

These days, cyber insurance policies include more than just protection from errors and negligence claims. Network security, privacy liability claims, and intellectual property infringement are also commonly covered.

Below, we review what a cyber insurance policy typically covers and what you can expect when shopping for a policy.

Do you really need cyber insurance?

Few nations, if any, require companies by law to carry a cyber insurance policy. But if you store a significant amount of sensitive customer data or intellectual property info, you ought to at least take a good hard look at cyber insurance.

Cyber attacks aren’t cheap to recover from. The National Small Business Administration found that the average cost of a cyber attack for a small business in 2014 was $20,752 per attack.

Simply put, a comprehensive cyber insurance policy can help keep the company’s out-of-pocket expense to a minimum. Larger firms can expect those costs to be in the millions, especially when lawsuits are brought to the table.

While the dreadful scenario mentioned in the introduction is only speculation, such a cyber nightmare became a reality companies like Target, The Home Depot, and more recently Anthem. Collectively, these companies will likely face billions of dollars in legal fees and settlement costs alone.

But large companies aren’t the only types of businesses that are vulnerable to attacks. While cyber attacks on large companies increased by 40% in 2014, 60% of all cyber attacks hit small and mid-sized businesses, according to the 2015 Internet Security Threat Report.

What does cyber insurance cover?

Like any other type of liability insurance, cyber insurance comes in a variety of packages and coverage limits, and varies by the industry of the policy holder. While this is not a complete list of coverage areas, most cyber insurance policies cover the following:

  • Business interruption - Coverage for lost business revenue that occurred while operations were down as a result of the issue. Keep in mind, cyber liability insurance does not cover loss of future revenue as a result of customer dissatisfaction while operations are up and running again.
  • Data and equipment loss - Coverage for losses of digital and tangible assets, such as data, software, and equipment. Your policy will not cover the costs of improving technology system components.
  • Customer notification costs- Most states and countries require companies to notify customers of any breach in private information. In some cases, the company is also required to pay for credit monitoring for the affected parties.
  • Reputational damage- Not all policies cover reputational damage, but this coverage would help pay for public relations and marketing costs associated with improving the company’s image after a breach of data.
  • Cyber extortion- When a cyber criminal threatens to release or harm your data if a monetary demand isn’t met, your policy would cover extortion expenses. Crypto ransomware is an example of this.
  • Consultation- Costs associated with resolving damage to hardware and software caused by the incident.
  • Legal fees- Including lawyer and court fees, as well as settlements and judgments paid to third-parties.

Tips for buying cyber insurance

#1: Do your due diligence

As with any type of insurance, you’re going to want to do your due diligence and go with a reputable insurance firm that fits your company’s needs.

If you’re a small business, look for an insurer who specializes in coverage for small businesses. The same goes for mid-sized and large businesses.

#2: Start with a smaller policy

If cyber insurance doesn’t meet your company’s budget, it never hurts to start with a smaller policy so that you have some coverage in the event of a breach. You should also consider going with retroactive coverage to help mitigate any losses from prior incidents.

#3: Know your risks

It’s vital to understand the unique risks that your company faces. In addition to the size of your business, different industries are at risk for different types of attacks, and the costs of resolving the effects of the incident vary.

When you begin looking for cyber insurance, you’ll find a huge variety of companies and agents who believe that they know your company’s unique risks. Knowing them yourself will give you confidence as you shop in the marketplace.

Read the annual internet security reports to understand the risks and costs you face. And ask the insurance agents you’re working with to send you any relevant data. With this information, you’ll be equipped to buy only the coverage your company absolutely needs.

#4: Get an attorney to review the policy

Policy terms are written in extremely complex language and often have a laundry list of exclusions, which is why it’s important to have an attorney review and explain any policies you’re considering.

In the grand scheme of things, the few hundred dollars you’ll pay an attorney to look over the policy is a small price to pay to ensure that you’re making a sound buying decision.

Protect your organization from the cost of cyber attack

With the frequency of attacks constantly increasing, cyber liability insurance is simply a must for any company that stores large amounts of data and sensitive customer information.

The costs of resolving these incidents are also increasing with each passing year, and without cyber insurance, a security incident could result in a substantial setback to your company’s goals.


Related resources

Small Business Security Under Attack: 3 minute video

Ransomware Prevention: 5 ways to avoid a crisis

DDoS Attacks 101: Types, targets, and motivations

Written by Calyptix

 - May 5, 2015

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram