The Current State of Cyber Insurance Coverage
Over the past decade, cyber insurance has grown from niche to mainstream in terms of insurance coverage for businesses and organizations. The instances of ransomware attacks, data breaches with extortion demands, and electronic financial crimes are increasing in leaps and bounds year over year. So much so that insurance providers have had to modify their coverage for these threats within their policies to reduce the amount they are paying out, raise premiums, or both. Organizations, large and small, are constantly at risk from bad actors trying to take advantage of weak security protocols, loose accounting practices, or unsuspecting employees. But what does cyber insurance cover and does your organization need to worry about it?
We’ve organized a webinar to answer all your cyber insurance questions, but read on to learn about some of the topics we will cover in more detail on March 22nd.
What Exactly is Cyber Insurance?
Most organizations have general liability insurance, and these policies can include provisions for some types of crime we may think of as cyber threats. But cyber insurance specifically covers costs associated with the most dangerous types of cyber threats that aren’t covered under general liability. These include ransomware attacks, data breaches with extortion, funds transfer fraud and social engineering attacks. They can also provide access to valuable services (or pay for those services) such as data recovery costs, computer forensic investigations and a public relations crisis management firm. Unfortunately, not all policies are made equal. Forbes shared this insight surrounding the cyber insurance industry:
“The growing demand, coupled with an increase in payouts, is driving the cyber insurance industry to rethink how it can mitigate its exposure.”
This means that you’ll have to ask some questions of your policy provider to ensure you are fully protected. Insurance is a for-profit business and it is on you as the consumer to make sure you’re buying the coverage and services you’ll need and not overspending on the coverage you don’t.
Does Your Organization Need Cyber Insurance Coverage?
It seems like every week in the news you hear about another major corporation suffering from a data breach or ransomware attack. While large companies likely have cyber insurance coverage, it’s not only enterprise-level organizations that need to worry.
According to Nation Wide, “55% of small businesses have experienced a data breach and 53% have had multiple breaches.”
Cyber insurance coverage is used as a way for companies to transfer a large portion of the risk to themselves against these threats and it is a smart precaution for organizations of all sizes.
How to Apply for Cyber Insurance
Some general liability insurance policies include data breaches or some forms of limited cyber coverage. So, the first place to start would be reviewing your existing General Liability Policy. Note which types of threats and losses are covered. You may want to extend your current coverage to include other areas where your organization lacks coverage, such as on a ransomware payment or a social engineering attack. It’s best to shop around and find the best options for your organization.
If you’re not sure what the best choices are for your organization, you might need some help. Ask your insurance broker if they (or someone they work with) is an expert in cyber insurance and can provide you with comprehensive coverage. You should also ask the individuals in charge of your IT security to review the types of coverage included in these policies and ask if all the relevant cybersecurity risks are covered. You should also cross-reference your cyber policy with any other insurance policies you have that include crime coverage to ensure there are no types of crime that are missing from your policies (and that you don’t overlap too much — overlapping coverage is often less helpful than you think).
When applying for cyber insurance coverage, you’ll be asked a lot of questions about your current IT security, your accounting practices and your past claims history. Make sure you answer these questionnaires truthfully and completely. While the insurance carrier won’t be auditing you during the policy purchasing phase, they definitely will audit you if you file a claim with them. If they determine you’re not doing something that you promised you were, they can use that as justification to deny your claim.
Types of Cyber Insurance Coverage
Below are some types of coverage that you want to ensure are included in your policy portfolio:
1. Data Breach Coverage
Data breaches can come from anywhere, such as a simple phishing email that an employee opens. Suddenly, data exfiltration malware is surfing your network. Or maybe a vendor is compromised and an email comes from them that looks exactly like every other email but it actually has a malicious attachment. Maybe some of your employees aren’t practicing good password hygiene and bad actors guess passwords to your main databases. These breaches usually result in the theft of personal or client information. Cyber insurance policies will include services to help you recover from these breaches, like a Breach Hotline, forensic services to investigate the breach, crisis management and public relations help. These are all great benefits to have in the case of data theft.
2. Personal Client or Business Information Restoration
Cyber insurance policies with this coverage will include paying for the labor and any special tools for recovery and/or replacement of lost or stolen data. Note that you need to have good backups for this coverage to work; the insurance company can’t wave a magic wand and put all of your data back on your systems.
3. Data Recovery
Not only will a cyber insurance policy cover data recovery after a breach, but it will also bring you peace of mind knowing that all elements of the aftermath will be addressed. Providers will work to recover or recreate lost data; they will ensure any clients with compromised information are informed and, if necessary, compensated. Some policies even help victims of identity fraud restore their credit rating.
4. System Repair
After a data breach, your computer systems may be damaged or destroyed. Malware and spyware can wreak havoc on your network settings and organization, not to mention finding all the information that has been compromised. Cyber insurance will cover the costs of system and hardware repairs, as well as repairing your data centers and network architecture.
Is Cyber Insurance Worth It?
In our opinion, yes, cyber insurance coverage is essential for any organization that relies on computers to process or store its data, make financial transactions, or manage their human resources. As technology advances and there is a wider attack surface for bad actors to exploit, every organization is at risk, no matter the size.
If you’re uncertain about your current security being advanced enough to obtain insurance, we can help your business improve your security landscape. designDATA has decades of experience with IT security for businesses of all sizes. We can protect your mission-critical data, elevate your security network and ensure that you and your team are prepared for a review by a potential cyber insurance provider.
This includes reviewing your current cyber insurance policy if you request it. We’ll ensure that your policy is best serving you, that you’re well-protected and that your policy includes all of the coverage you might need. Knowing that your cyber insurance policy is robust and up to par means you can work with less worry and more confidence. If you want to check the status of your cyber insurance and make sure your business is prepared for cyber incidents, request a free cyber insurance review now!
Be sure to register for our cyber insurance webinar on March 22nd from 11:00 a.m. - 12:00 p.m. EST. We want to give our community the best information available about cyber insurance so you can ensure your business is protected.