Cyber Insurance is a developing market with businesses regularly purchasing cyber coverage in addition to liability, errors and omissions, fire, and flood. With so many attacks and data breaches happening every day, it’s important to learn about cyber insurance protections available for your business. Like flood and fire insurance, cyber insurance is there to help when a catastrophe strikes. Cyber Insurance policies typically cover losses that are related to hacking, malware, theft, extortion, or lawsuits that come from security breaches. This article will explain important cyber insurance concepts and protections you should consider for your business. Be sure to come back next week to learn about the things cyber insurance does not cover.
Who Needs It?
Cyber insurance is for businesses of any size that operate computers and networks. In the 21st century, cyber insurance has become an integral part of a defense-in-depth cybersecurity program. When applying for cyber insurance, you will be asked to detail your cybersecurity program. In many cases, you will be expected to provide cybersecurity awareness training, governance policies, technology protections, and a risk management framework in order to secure cyber insurance. Some companies think they can “insure” their cyber risks away without implementing basic cybersecurity best practices. In truth, most companies need a rudimentary cybersecurity program to qualify for cyber insurance. In next week’s article, we’ll talk about insurance claims being denied for companies not doing what they claimed to be doing on their insurance application.
What’s Covered Under Cyber Insurance Policies?
It’s important to mention that there are over 200 unique and complex cyber insurance policy options for different industries and different purposes. There is no one-size-fits-all approach to cyber insurance. Similar to your cybersecurity plan, it’s unique to the risks your business faces. Let’s look at some of the different cyber insurance policy coverage options you can purchase.
Following a data breach, it’s critical that the malware or malicious user is removed from the network or devices. Cyber insurance forensic policies help pay for the expensive forensic software licenses and experts required to identify, contain, and eradicate hackers and malware from your network.
Business interruption policies cover losses stemming from downtime and income losses you sustain when your networks and systems have been breached and your company cannot operate.
After a breach, there are costs for repairing damaged or corrupted systems. Hacker damage policies cover the costs of getting your business back up and running. For example, malware compromised machines often need to be rebuilt from scratch.
In breaches where financial or health records are stolen, the individuals whose records have been compromised must be notified. Insurance policies covering notification costs fund the costly activities of notifying all parties affected by a data breach. Additional costs covered here may include establishing a call center to handle consumer inquiries.
Identity Theft Monitoring
Many insurers combine notification cost insurance with identity theft monitoring since they often go hand in hand. If HIPAA or financial records are breached the impacted individuals may need both services: breach notification and identity theft monitoring. Individuals can prevent identity theft by locking their credit at all four credit agencies. Here’s how.
There are conflicting opinions around whether to pay a hacker’s ransom demands. However, cyber insurance gives businesses the opportunity to cover such payments in a ransomware attack. In 2019, the costs of recovering from a ransomware attack skyrocketed on average to more than $84,000 per incident.
A critical form of cyber insurance is payment fraud coverage. This form of insurance reimburses companies for unauthorized or fraudulent payments. For payment fraud policies to provide coverage its important that all of the security controls claimed in the insurance policy application be implemented and followed.
In part 2 of this insurance policy blog, we cover overlapping insurance problems that some businesses face when filing insurance claims.
Business Owner Tips For Getting Started
First, it’s important when searching for the proper cyber insurance policy, that you work with an established specialist in the field, like Joseph Brunsman, MSL. Joseph has created a series of YouTube videos to guide business owners in the emerging market of cyber insurance policies. Professionals like Joe help translate difficult cyber insurance terms and policy types to business owners enabling them to choose exactly what they need. You can download his latest cyber insurance book for free at CPLBrokers.com/book2.
Secondly, SMBs must complete an insurance questionnaire detailing what security controls are currently in place to the underwriter of the insurance policy. If you don’t do the things you claim in this questionnaire you could be denied coverage in a catastrophe.
Thirdly, one of the best ways to build your cybersecurity program in compliance with your insurance application is to hire a virtual or fractional Chief Information Security Officer (vCISO). vCISOs are the most economical way to build your cybersecurity program.
Finally, you should also be working with an attorney specializing in privacy and cybersecurity. This is especially important for organizations dealing with PII, PHI, or PCI. Attorneys advise firms through the process, ensuring laws are followed and coverage is sufficient. For example, Breach Notification laws differ from state to state and the attorney can lead you through that.
Business owners should investigate cyber insurance protections for themselves. Business owners should work with insurance specialists, vCISOs, and attorneys to determine exactly what your business needs for cybersecurity programs and cyber insurance. With a strong defense-in-depth cybersecurity program, you shouldn’t need to call on your cyber insurance policy. However, by following the advice in this article, the correct cyber insurance coverage will be there if you need it.