Cyber Insurance for Your Business
Should You Get Cyber Insurance for Your Business?
As more and more businesses move their workloads online – from using wireless network infrastructure to cloud-based software solutions, databases, and operational services – the chances of experiencing cyber security threats are greater than ever.
The number of online threats seem to increase every day. And the numbers of companies falling victim to common types of cyber-attacks, have resulted in more organisations looking to invest in cyber liability insurance. Depending on your choice of cyber insurance coverage, you can claim back regulatory fines, operational interruption losses, cyber incident response costs – as well as any legal fees that may have been incurred.
What constitutes a cyber incident?
Typically, a cyber incident is classified as any event that threatens the security, integrity, confidentiality, or the availability of your data assets, be it electronic or on paper. It also refers to events that may threaten information systems and/or networks responsible for delivering data. Essentially, any violation of standard computer security practices, computer security policies, or acceptable use policies constitutes a cyber incident.
As the lines can be blurry, we recommend that you consult the terms and definitions used by your cyber insurance vendor.
Today’s businesses face a wide variety of threats, from mediocre malware launched by mediocre hackers to sophisticated malicious cyber threats initiated by equally sophisticated cyber criminals and nation states. Cyber attacks have now become prevalent, resulting in serious losses for business big and small.
Deciding how to secure your business and which threats to prioritize will be a significant part of your risk management plan. The decision to invest in cyber insurance falls neatly in the category of transferring risk. Is it something you should seriously consider?
READ MORE: The Best Secure VPNs of 2019.
What is cyber insurance?
Cyber insurance, also referred to as cyber liability insurance coverage or cyber risk insurance, refers to insurance policies designed to facilitate businesses in alleviating risk exposure. This is mainly achieved through financial compensation, offsetting the costs involved with the recovery process after a cyber attack or breach.
While cyber insurance is an entirely modern idea, the concept itself is derived from errors and omissions (E&O) insurance. It’s demand began to increase in 2005, and it’s forecasted that by 2020, the total value of cyber insurance premiums will reach around $7.5 billion. Cyber insurance policies are mostly popular in the US, but the demand is expected to increase on the UK market over the next few years.
What does standard cyber insurance policy cover?
While it all depends on the provider and insurance you choose, a standard cyber insurance policy typically covers costs incurred by the primary party (the insurance holder) and the claims submitted by third parties. There are a few basic reimbursable costs that may be covered by the majority of insurance policies:
The expenses sustained during the investigation process
When a cyber attack occurs or if a malicious software (malware) has wormed into a company’s network system, a forensic investigation becomes necessary in order to figure out what happened, how the malware was released, which databases and applications were affected, and how to prevent the same kind of attack from happening again.
For example, a computer system in your company has been infected with GandCrab (ransomware) and that computer system contains critical company data. That kind of scenario will most likely trigger a serious forensic investigation.
Such investigation may involve the services of a third-party security firm, as well as the involvement of law enforcement if it’s a particularly serious attack. All these will have financial ramifications that should be covered by cyber insurance.
Possible business losses resulting from a cyber attack
A cyber risk insurance policy may also cover similar elements that are usually included in an errors and omissions policy, as well as potential financial losses that have been sustained due to network downtime, data loss recovery, business interruption, and expenses associated with the cyber incident. If you have a particularly good insurance policy, this may also include the cost involved in crisis management and repairing the company’s damaged reputation.
Cost associated with privacy breach and the notification requirement
Companies that manage sensitive third-party data, such as private customer information, are required by law to provide data breach notifications to the affected parties. This process will cost time and money to implement properly and efficiently.
Also, in an event where a business has a data breach and the attack resulted in many of its customer information possibly exposed to cyber criminals, credit monitoring for those customers whose private information may have been compromised becomes necessary. This potential risk may also be covered by the cyber insurance policy.
Potential costs resulting from lawsuits and extortions
In the event of a cyber attack or if some kind of malware has been let loose within a network infrastructure where sensitive data, customer information, and other files have been exposed and compromised, the ensuing expenses associated with that particular incident doesn’t just end once the malware has been removed and the network system repaired.
The reality is there are potential legal ramifications to cyber incidents. And when lawyers get involved, you should know expenses can skyrocket quickly. Even if a company implements the best cyber security strategies, hackers may still get lucky or an employee may unwittingly install some type of malicious software that could expose critical company data to would-be attackers.
Now, legal expenses don’t just mean attorney fees. The legal expenses covered by cyber insurance policies may also include financial settlements with the victims/customers whose privacy has been breached as a result of the attack or the malware. Costs that may be incurred as a result of cyber extortion—i.e. ransomware and other similar programs—are also covered by most cyber insurance policies.
However, as a company, you must understand that cyber insurance is an area which is constantly evolving. And it’s not likely to go away anytime soon. As long as cyber attacks remains a business liability, cyber risk insurance will always be a significant investment for many companies.
Choosing a cyber insurance policy
Regardless of whether you have the best endpoint security, DDoS protection, or the most robust security strategy in place, it’s clear that having a good cyber insurance policy can not only protect your financial assets but also give you peace of mind. But what are the key considerations when finding the right cyber insurance company for you?
- Firstly, you should consider an insurance provider that offers a stand-alone cyber insurance policy. These are generally more comprehensive and better for most organisations.
- Consider insurance companies that offer more than one type of cyber insurance policy. It’s also worth noting if they’re policies are customizable to meet the individual needs of your organisation.
- Explore the coverage and limitations of the policy when it comes to both the first and third parties. For instance, does the policy cover third-party entities and service providers? Also, ask your current service provider if they already have a cyber insurance in place. If so, figure out how those policies might affect the agreement you’re about to purchase.
- Consider social engineering and network attacks coverage. Both of these can play a significant role in any kind of cyber attack, from phishing to advanced persistent threats. It’s essential that the cyber insurance policy covers these actions.
- You should also consider policy coverage on non-malicious actions taken by company employees. Actions taken with non-malicious intent by employees are part of the errors & omissions (E&O) coverage, which should apply to cyber insurance policies as well. This is when an employee unwittingly opens a file that eventually wreaks havoc to the company’s network infrastructure. The cyber insurance policy should have coverage for such a scenario.
Six Questions with SAS: Prof Bill Buchan
Prof Bill Buchanan OBE, PhD, FBCS Professor of Cryptography at Edinburgh Napier University.
Six Questions with SAS: Bridget Greenwoo
Bridget Greenwood, Founder at the Bigger Pie.
Six Questions with SAS: Mia Baker
Mia Baker, B2B Product Lead at Prenetics International, answers Six Questions with SAS. -Wi...
The People Problem
The majority of security breaches are “not due to the failure of the technology implemented, b...
A Conversational Future
One of the most significant modern trends to take the world of technology, and subsequently th...
ERP Review: The Pros and Cons of Odoo
Odoo ERP has grown a significant following around the world. But will it be the right ERP syst...
The Best Secure VPNs (with Free Trials)
Are you looking for the best secure VPN on the market? Our security experts have gathered up a...
Buyer’s Guide to Endpoint Protection
A solid endpoint protection is key for any business that wants a comprehensive approach to the...