Buying all sorts of insurance — car, home, flood, fire — is a common practice. These protect physical assets in case of an unfortunate event. But what about digital assets? As we move further into the digital transformation, assets are slowly but steadily being moved into the digital world. Cyber attacks and breaches can be detrimental to business and are often too devastating to come back from. It stands to reason then, cyber insurance (or cyber liability insurance) is a necessity in today’s world. In fact, 70 percent of companies are transferring the risk of a cyber attack to a third-party insurance company. When asked in the RIMS cyber security survey why they made this decision, 82 percent of companies said they were concerned about how having a breach can cause harm to their reputation. 76 percent were concerned about business interruption and 75 percent were concerned about data loss. Let’s look at the ins and outs of cyber insurance.
What Is Cyber Insurance?
In simple terms, cyber liability insurance helps you not lose your business in the event of a security breach. The goal is to transfer some of the risk of having any sort of security breach over to insurance, rather than bear the losses alone.
To fully understand why businesses should opt for cyber insurance, you need to first be aware of which type of attacks to be on the lookout for. These could range from ransomware—software designed to hold your digital information of hardware files hostage— to the more prolific identity theft. Theft of sensitive data or theft of intellectual property can leave your company with major financial losses. These sorts of attacks can damage the reputation of your company, as well as create trust issues between you and your clients if a client’s private information becomes compromised.
Do I Need It?
With this in mind, it’s wise to invest in cyber insurance to help with potential risks. In a poignant article in The Business Journal, Heinan Landa states on the topic of cyber insurance, “Think of it as living in a flood plain — would you buy flood insurance? Whether you’re dealing with protected data or not, I tend to think about cyber insurance as another layer of business continuity; if your company were to experience a disruptive security incident, this would help keep you operational.” This is because breaches are downright expensive. A single breach could easily set you back thousands of dollars in legal fees, costs of investigating the incident, costs of notifying your clients of the breach, identity recovery costs, costs of restoring data, and downtime costs. Most small businesses can’t handle these sort of expenses, and fold within a few months of a breach. Thankfully, these are exactly the elements cyber liability insurance can help you with.
However, just because you have cyber insurance doesn’t mean you should stop caring about potential breaches completely. Unfortunately, some companies believe that if they invest in cyber insurance, they no longer need to invest in additional security for their company. While cyber insurance is extremely helpful, it is not a substitute for security policies and making sure established security protocols are being followed. As is the case with any sort of insurance, cyber insurance companies will not pay out if companies do not make an effort to protect their data networks. As stated in an article on CSO, “It’s important to make a distinction between what is preventable and what is beyond the control of the business.”
How Do I Go About Getting It?
Since cyber insurance is still relatively new, it’s vital to thoroughly research the policy you are opting for. Make sure you know what types of incidents are coveredand whether there are any specifically excluded from coverage. Much like other sorts of insurance, some cyber insurance companies will exclude certain incidents from coverage if they’re deemed risky from the start. Opt for a provider who is knowledgeable about the industry your business is in, and one is who is willing to evolve as cyber threats evolve. The nature of cyber breaches is dynamic and ever changing, so it’s better to work with a vendor who is adaptable. If possible, ask for retroactive coverage when signing a contract. It takes an average of 256 days for an organization to identify a cyber attack. While some insurers cover this period, some do not. One way to lower the risk is through an advanced penetration test, in which previous breaching or attempts at attacking a network are identified.
In today’s world, cyber insurance is not a luxury, but a necessity. However, cyber insurance shouldn’t be used as your “Get Out of Jail Free” card when it comes to protecting your data networks. You will still need to take adequate care to protect your company’s digital networks and follow digital security protocols. Ultimately, even though cyber insurance can’t help with a broken reputation, it will neutralize some of the risk and help you stand back up in the event of a security breach.