As cyber attacks increase in number and sophistication, more and more companies are acquiring cyber insurance. If you are considering getting this type of policy for your business, below are five things to remember.
Finding out that a hacker just bilked your business out of a large bundle of money is probably going to be your worst nightmare. For one company, this nightmare came true. In December 2018, the Connecticut-based Save the Children Federation disclosed that it fell victim to a business email campaign (BEC) fraud the year prior to. The charity organization transferred about $1 million to the attacker’s account.
Fortunately, the charity had cyber insurance, which covered most of the pilfered cash. The charity ended up losing just $112,000, still a tremendous amount of money but better than $1 million!
With BEC hoaxes and various other types of cyber attacks escalating in number as well as sophistication, a growing number of companies are relying on cyber insurance to mitigate the risks and counter the expenses of cyber attacks as well as various other Internet- and also IT-related damages. In the USA alone, the market is anticipated to grow from $2 billion to $15 billion in the 10 years.
If you are thinking about buying cyber insurance for your business, listed here are 5 things to remember:
Cyber Insurance Is Continually Developing
Cyber insurance policies are not a new product by a long shot. Its roots are in errors and omissions insurance policies. Around twenty years ago, extensions were connected to technology firms’ E&O policies. These additions covered events such as a technology company’s software program bringing down another firm’s networks. Eventually, the extensions evolved in to different plans that covered a lot more kinds of incidents (e.g., data breaches). As the type of coverages increased, so did the relevance in these plans by companies outside the technology sector.
Today, there are various types of cyber insurance policies being purchased by various types of businesses. And also as the Internet, cyber criminal activity, and IT systems evolve in the future, so also will the cyber insurance policies.
Comparing Plans Can Be Demanding
Cyber insurance policies can be hard to size up because there is no set standard for underwriting this type of product. It is up to each insurer to determine what it is going to cover as well as how to market that protection. As a result, you may discover that:
- Some insurance companies just include cyber insurance extensions to existing insurance coverage. Many insurance providers, though, have different cyber insurance policies. Stand-alone plans are usually more comprehensive than extensions, according to experts.
- Some insurance companies place various types of insurance coverages into different plans. For instance, they could have a plan covering simply data breaches and also a policy covering cyber liability. On the other hand, other firms provide one policy in which they include all their coverages (e.g., one plan covering both data breaches and cyber liability).
- A few insurance companies offer various cyber insurance coverage for different kinds of organizations. For instance, they may have separate plans for small companies, tech companies, and public sector entities.
- Like various other types of insurance, the cost of the cyber insurance coverage depends upon many factors beyond the kind of insurance coverage provided. For example, a organization’s gross revenue, industry, as well as data risks are factored into the price.
Different Costs That Are Commonly Covered
Although there is no requirement for underwriting cyber policies, they cover many of the same kinds of expenses. Insurance companies usually cover cyber events brought on by both in-house actors (e.g., errors as well as omissions by staff members) and outside actors (e.g., cyber attacks by hackers). Examples of items usually covered include:
- Lost income because of network downtime or a company interruption arising from a cyber incident
- Cyber extortion expenses (e.g., ransomware payment).
- The costs sustained from an investigation of a cyber attack.
- The costs sustained to restore information and systems after an attack.
- The costs associated with informing customers as well as various other parties regarding a cyber event.
- The cost of employing a PR firm to reduce a cyber occurrence’s effect on a firm’s overall reputation.
- Regulatory fines.
- Defense expenditures to handle suits imposed by individuals or companies adversely impacted by a cyber event or a claim imposed by a federal government entity (e.g., a state’s Attorney General).
- Legal settlements from lawsuits.
As this list reveals, cyber insurance typically covers expenditures incurred by the insured company as well as third parties also adversely affected by the cyber incident. This is referred to as first-party coverage as well as third-party coverage.
What Is Normally Not Covered
There are some expenses and types of events that are not commonly covered in cyber insurance coverage. They consist of the loss of future income as a result of a cyber event, costs to improve internal IT system security, physical injury, and property damages.
In addition, it is essential to know that a claim can be rejected if a company misrepresents its safety and security actions. Businesses are usually required to complete an application that consists of inquiries about the safety and security measures they have in place. If a company submits a claim and the insurer can prove that business did not actually have the defined security measures in place, the insurer can deny the insurance claim.
Where to Begin If You Wish To Get Cyber Insurance Coverage for Your Business.
Before searching for cyber insurance coverage policies, specialists suggest that you start by identifying the following for your organization:
- The kinds and vulnerability (sensitivity) of the data stored by your business.
- The kinds of cyber risks your organization faces.
- How prone your business’s procedures are to a network interruption and also just how much in earnings you would certainly lose each day if a cyber event damaged your operations.
- Whether your company should stick to any type of cyber laws and regulations (e.g., European Union’s General Data Protection Regulation, United States’ Medical Insurance Mobility and Accountability Act) and the cost of violation.
- The agreements you have with suppliers and various other business affiliates and what information they have the ability to gain access to via joint company procedures.
With this info, you can begin to start your strategy. We can help your organization with expert consultation, policy services, compliance, and gathering the correct information in order to obtain the most effective cyber insurance coverage for your company.