Updated: Feb 18
Cybercrime is widely prevalent. The growing reliance on IT systems and networks for storage, use and access has exposed critical data to cybercriminals who have become bolder and increasingly sophisticated. Although we most often hear about big corporations falling victim to cyberattacks, small businesses are the most vulnerable. Without big technology departments and IT staff, small businesses are most likely to need cyber liability insurance. This type of small business insurance will help you respond effectively to a cyber breach, cover your costs, and quickly move on. In this article, you’ll learn more about what cyber liability insurance covers, what it costs, what you will be required to do and where to purchase it.
According to new data from The Manifest, nearly one-fifth of small businesses (15%) say they experienced either a hack (seven percent), virus (five percent), or data breach (3%) in 2019. The first quarter of 2020 was one of the worst in data breach history, with over 8 billion records exposed.
The most popular strategies small businesses pursue for cybersecurity are limiting employee access to data (46%) and encrypting data (44%), followed by requiring strong passwords (34%) and training employees on data safety (34%). However, little is done to insure any losses a company may face if an event does occur.
Cybersecurity Insurance, also called cyber liability insurance or cyber insurance is still in its nascent stages where companies that purchase cybersecurity insurance today are considered early adopters.
Why Cyber Insurance is Important
Cyber liability insurance, sometimes short for cybersecurity, privacy, and media liability insurance, helps your company respond in the event of a cyberattack or data breach. For instance, if your network or computer systems are hacked into or corrupted by a virus, cyber liability insurance can be essential.
While the primary protection against cybercrime is and always will be strong internal safeguards - limit access, strong passwords, regular updates to passwords and software - insurance coverage is an added layer of protection which enables the business to call upon the insurer when and if the primary measures fail.
While Sony’s use case was dated almost a decade ago, it helps bring the point of having an insurance coverage into context.
What you Need to Ensure Your Claim
Cybersecurity policies can change from one month to the next, given the dynamic and fluctuating nature of the associated cyber-risks. Unlike well-established insurance plans, underwriters of cybersecurity insurance policies have limited data to formulate risk models to determine insurance policy coverages, rates and premiums. As such, a lot of things may fall into grey areas providing insurance companies with an opportunity to reduce the claim pay-out. In order to ensure your claim, it is essential to put up critical cybersecurity measures that will safeguard your data against common IT risks. These include;
Use strong passwords
Put up a Firewall
Use Security Software
Update programs and Systems Regularly
Monitor for Intrusion
Furthermore, many cybersecurity policies exclude preventable security issues caused by humans, such as poor configuration management or the careless mishandling of digital assets. So before getting a cyber liability insurance policy, consider getting your networks and critical systems managed by experts.
Who Needs Cyber Insurance?
In today’s economy, almost every business should purchase cyber insurance. If you and your employees use a computer and share proprietary information, then cyber insurance is worth considering. Businesses that create, store and manage data online, such as customer contacts, customer sales, PII and credit card numbers, can benefit from cyber insurance. E-commerce businesses can also benefit from cyber insurance as downtime related cyber incidents can result in revenue and customer losses. Similarly, any business that stores customer information on a website can benefit from the liability coverage that cyber insurance policies provide.
What is Covered by Cyber Insurance?
In the United States, almost all major insurance companies offer customers cybersecurity insurance policy options. Depending on the price and type of policy, the customer can expect to be covered for extra expenditures resulting from the physical destruction or theft of information technology (IT) assets. Such expenditures typically include costs associated with the following:
Meeting extortion demands from a ransomware attack;
Notifying customers when a security breach has occurred;
Paying legal fees levied as a result of privacy violations;
Hiring computer forensics experts to recover compromised data;
Restoring identities of customers whose PII was compromised;
Recovering data that has been altered or stolen; and
Repairing or replacing damaged or compromised computer systems.
Traditional insurance policies typically exclude cyber-risks, which has led to the emergence of cybersecurity insurance as a separate, stand-alone cover. Potential customers include any company that accepts digital payments or stores customer related data, including medical and financial information.
What is NOT Covered by Cyber Insurance?
In addition to physical property loss, Cyber Liability Insurance does not cover social engineering attacks. What most companies are not aware of is, 70% to 90% of all successful data breaches happen due to social engineering attacks. Furthermore, many insurance policies contain grey areas. Below you can see what they normally don’t cover.
They do cover attacks or hacks but exclude accidents and errors
They do cover costs imposed by law, but not total incident costs
They only cover the time of the network interruption, but not the overall business disruption moving forward
They may exclude systems delivered by third-party service providers
As cybersecurity insurance is still new, policies vary widely from one provider to the next. To choose a policy, companies must closely review policy details to ensure it provides the required protections and provisions. In addition, companies must evaluate whether policies provide protection against known and emerging cyber incidents and threat profiles.
To prepare yourself for buying cyber liability insurance call us now.