As a business leader, cyber liability insurance is something you've likely heard of, but you may not know exactly what it is and if your business needs it.
We're at the point now where no business or organization is entirely safe from the risk of cyber attacks, which means cyber insurance can be the difference between a company closing its doors or successfully recovering from a cyber incident.
That's not to say that businesses shouldn't do everything they can to prevent, detect, and mitigate the impact of a cyber incident -- they absolutely should. In fact, accountability for cyber security is becoming required by industry regulations and vendors.
Cyber security continues to be an uphill battle as growing communities of hackers target companies of all types and sizes. As a result, cyber insurance and tighter cyber security standards have become essential pieces of a business's strategy to minimize cyber risk.
How does cyber insurance fit into this? Let's dive in.
- What is Cyber Liability Insurance?
- What Does Cyber Insurance Cover?
- Who Needs Cyber Insurance?
- Cyber Security Strategy and Your Cyber Insurance Policy
What is Cyber Liability Insurance?
Cyber liability insurance is a policy that mitigates the fallout of a cyber attack or incident. This insurance policy is there to help your business recover financially from the costs of an attack and the liability aftermath. Cyber insurance can't prevent an attack, but it can keep your company operational after a breach.
The costs of a cyber attack depend on the type of attack you experience. For example, ransomware demands are often paid, from thousands to millions, when proper backups aren't in place or a system is too critical to risk wiping or leaving out of commission.
When sensitive information such as client data or intellectual property becomes exposed through an attack, it can often lead to loss of business, reputation issues, regulatory fines, and potential lawsuits.
Cyber insurance covers some to most of the costs your company can incur when an incident occurs, depending on your plan.
These policies are separate from your standard business general liability insurance. Additionally, not all insurance providers offer cyber insurance, so you may not find it with your current provider.
What Does Cyber Insurance Cover?
A company's cyber liability policy will generally cover costs like data recovery, legal defense, and paying a ransom. It may also cover the cost of a settlement brought by those affected by a data breach and the recovery measures needed to get your business back online after an attack interrupts operations.
Cyber attacks often focus on holding your data for ransom through system lock-outs and malicious encryption. However, the more destructive attacks may delete essential data, making it even more challenging to bounce back after the intrusion.
While data recovery and business continuity are essential components of cyber security strategy, they do not free you from ransom attempts when the attacker threatens to expose your data if you refuse to pay the ransom.
Legal defense and settlement limits allow you to compensate those whose data was stolen through a cyber attack. If the stolen data was then sold on the Dark Web and resulted in actual damages, settlement coverage can help those affected mitigate their losses.
If the data was not knowingly shared, then cyber insurance can provide identity-watch services for those affected, alerting them to fraudulent use of their identity or credentials.
Lastly, sometimes you have to pay the ransom. No matter your size, most businesses can't afford an interruption in continuity -- and that's what hackers are counting on. Business interruptions from a cyber attack can cost time and money and, in extreme cases, even affect physical safety. Cyber insurance provides coverage that can mitigate or even fully cover the damage when the only course of action is to pay the ransom.
Who Needs Cyber Insurance?
- Any business that stores and uses customer information.
- Any business that stores sensitive data, such as credit card numbers, employee HR information, intellectual property, or contract data.
- Any business that needs to meet compliance standards.
- Any business that uses electronic data.
At one time, cyber insurance would have only been the concern of large companies with equally large customer databases. But today, every business, big and small, handles stacks of sensitive data. Every employee record, all the customer data you've ever kept, and all of your intellectual property has become the 'prize' for malicious attacks.
As a result, every type of business from small mom-and-pop bakeries to massive chemical distributors have been targeted, and all potentially face losses.
Cyber insurance is still highly recommended even if you work with an MSP or MSSP and have robust security measures in place. Don't think that you're automatically covered by their policy because you aren't. In fact, you might need to work with an MSSP to even qualify for cyber insurance today because cyber insurance underwriters are looking for a high level of cyber security to lower risk.
As of 2019, businesses reporting breaches were up 200% from 2015, representing only a tiny fraction of actual breaches since most data breaches go unreported.
The better question today about cyber insurance would be: Who doesn't need cyber insurance as part of their overall business and liability coverage planning?
If you run a cash-only business, use pen and paper for your record-keeping, or solely communicate and collect customer info in person or over the phone, you probably don't need cyber insurance. But those businesses are few and far between as technology has become part of everyday life.
Think about it this way – if your business uses computers connected to the internet, you should consider having at least a basic cyber insurance policy.
In the next five years, it is likely that cyber insurance will become a more standard part of business liability and property packages by providers. But today, only select insurance firms offer scalable cyber insurance policies for businesses of all sizes.
Cyber Security Strategy and Your Cyber Insurance Policy
Finally, looking into cyber insurance is an excellent way to fully assess, update, and fine-tune your cyber security strategy. Like most forms of insurance, cyber insurance requires you to maintain reasonable security measures to protect your private data. Fortunately, these standards also serve as a handy guideline to upgrade your company's security measures if you know how to approach the difference between the existing and required security measures.
If you're considering cyber liability insurance, but you're unsure if you qualify based on your current security policies and procedures, contact us for a security assessment. We'll help you navigate through the qualification process with the info you need to get the cyber insurance that best fits your business.