Many organizations are investing in cyber insurance to provide them with some protection against the fallout associated with a cybersecurity incident. With data breaches and hacks becoming increasingly common and the damage they cause only getting more destructive, it’s time for business owners across all sectors to consider what kind of cyber insurance will best suit them.
What is cyber insurance?
According to Nationwide Mutual Insurance Company, cyber insurance “covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.”
Cyber insurance is generally not included under most policy’s general liability coverage and has to be purchased separately.
Who needs cyber insurance?
With breaches, hacks and ransomware attacks taking place at an unprecedented rate, organizations of all sizes should invest in cyber insurance.
The idea that only large companies find themselves targeted by hackers is long disproven. In fact, small businesses are often perceived as easy pickings for hackers. The vast majority of breaches involve small businesses that never make national headlines simply due to their size.
What should cyber insurance cover?
As with any insurance, your policy is only as good as its coverage. The Federal Trade Commission (FTC) has created a handy guide that details what you should look for in an effective policy.
According to the FTC, cyber insurance should cover:
- Data breaches that involve the theft of sensitive information.
- Attacks leveraged against any data being held by a third party or vendor.
- Cyberattacks leveraged directly against your network.
- Coverage for attacks worldwide, regardless of where they occur.
- Acts of terrorism.
Cyber insurance can also help businesses recuperate costs associated with the aftermath of a cyberattack. This can include:
- Restoring the identities of any customers who have had their data exposed.
- Notifying customers of any breaches.
- Recovering any compromised data.
- Repairing damaged computer systems.
First-party and third-party cyber insurance explained
Brokers generally offer policies for two different types of cyber insurance: first-party and third-party.
First-party cyber insurance is designed to protect your company in the event of a direct cyberattack and it covers:
- Credit monitoring services.
- Public relations services related to communications about the attack.
- Notification of clients and customers.
- Loss of income as a result of the attack.
- Forensic analysis.
Third-party cyber insurance is made to help cover legal fees in the event that another company sues yours due to lapses in your cybersecurity that may have compromised their data or business.
According to Embroker, third-party cyber insurance covers:
- Legal fees.
- Government penalties related to lapses in your cybersecurity.
- Settlements and judgements.
For example, if a company that has entrusted you with information takes damage due to a cyberattack against your business, third-party cyber insurance would help mitigate the costs associated with those claims.
How much does cyber insurance cost?
The cost of cyber insurance depends on a wide range of components associated with your business or organization. There is no way to accurately determine how much it will cost without obtaining a quote from a broker. The cost of your insurance is determined by the following factors:
Your company’s size
Larger companies employ more people and are therefore more susceptible to phishing attacks or hacking efforts that depend on social engineering or human error. The more opportunities there are for an attack, the higher your insurance cost will be.
The industry you operate in
Some industries, like finance, crypto and healthcare, are more frequently targeted by hackers because they store valuable personal and financial information. Healthcare organizations are also popular ransomware targets because a halt to their operations has potentially life-threatening implications.
The data your business stores
The amount and nature of the data your company stores will factor into how much your policy costs. Businesses flush with personal information related to their customers, patients or clients have more to lose and therefore more to protect.
Companies that take a demonstrative approach to proactive cybersecurity will pay less for insurance than those who don’t take it as seriously. From educating employees on how to identify scams to having procedures in place in the event of an attack, organizations that invest in their own security are looked at kindly by insurance brokers.
What degree of coverage you choose
As with any insurance, your costs are also influenced by the coverage you opt for. More coverage means more expense. You will have to carefully determine your budget to decide what kind of arrangement makes the most sense for your business.
Cybersecurity best practices
Just as with auto insurance, the cost of cyber insurance is affected by the risk that the broker associates with covering your business. Your premiums will rise with claims filed against your organization, so cybersecurity best practices are paramount.
- Employee education is key. Human error and social engineering are common ways for hackers to infiltrate networks and gain access to data. With phishing attacks being the most common cyber threat, workers should be taught how to identify an attempt and know what to do in the event of one being spotted.
- Activate two-factor authentication anywhere that it’s available. Hackers follow the path of least resistance, so the more obstacles you can put in their way the more likely they are to look for an easier target.
- Avoid shadow IT. Maintain control over the platforms, devices and messaging services your employees use for both internal communications and contacting outside contractors and customers. Keeping everything to company standards limits the risk of an employee receiving a fraudulent message purported to be from a colleague and taking the bait.
Update your software, operating systems and hardware. Developers are always patching and updating their products to meet the evolving security demands of today’s world. Automatic updates will make sure you never miss a critical patch. Outdated hardware, or gear that is no longer supported by the manufacturer, should be replaced. You can save money by purchasing refurbished firewalls, switches and more from a reputable dealer.