When you buy a house or a car, you’re sure to purchase adequate insurance to protect both of those properties in the case that something bad happens. For your business, you also are likely to have insurance for that property to protect your investment. I wish I could say that this careful mindset always carries over to providing cyber protection for a business’ data and digital assets, unfortunately, that frequently isn’t the case.
Cyber liability insurance — sometimes called cybersecurity insurance or cyber insurance — is a robust policy that provides a “security” blanket to help protect your business if the unthinkable happens in the cybersecurity realm. Should there be a disaster — for example, if there’s a fire, or an overseas hacker or a disgruntled employee attacks your business — it helps to protect your clients and helps your organization weather the storm.
According to the Insurance Information Institute (III), interest in cyber liability insurance, thankfully, is growing in light of the headline-making data breaches that have been reported over the past few years:
“Packaged cybersecurity policies as measured in quantified and estimated direct premiums written grew from $416.8 million in 2016 to $1.1 billion in 2017… Cyber incidents ranked second on Allianz’s 2018 list of top business risks (five years ago, it ranked 15th.).”
In 2017 alone, there were 53,000 incidents and 2,216 confirmed data breaches, according to the Verizon Business 2018 Data Breach Investigations Report. While this may sound bad, what makes it worse is that each of these attacks could result in thousands of exposed records. For example, 1,579 reported breaches resulted in the exposure of nearly 180,000,000 records in the same year, according to the Identity Theft Resource Center (ITRC).
However, as we’ve discussed in previous articles, cyber attacks don’t just affect prominent organizations. According to a 2017 report by the Ponemon Institute and IBM, more than 61% of small and medium-sized businesses were breached in the previous 12 months.
In observance of Insurance Awareness Day on Thursday, June 28, we thought this article would be a fitting topic to help increase awareness of the growing importance of cybersecurity liability insurance for businesses of all sizes across every industry.
1. Get the Financial and IT Security Teams On the Same Page
Cyber liability is a critical component of building a “cyber-aware culture” at your organization. When you’re preparing to find or choose a cyber liability insurance policy and provider, the first thing you’ll want to do is get your financial and IT security teams in the same room — or, at least on the same page. Doing this will help both essential groups make the best financial and security decisions possible for your organization to protect your brand, image, and clients.
Take the time to discuss what cyber liability insurance is, what types of data and losses are covered (or not covered), how this insurance will affect the organization’s systems and/or processes, etc.
2. Determine Which Type of Insurance Policy to Put in Place
The first step is to determine the needs of your business. How much of a budget do you have available? What types of digital assets do you need to cover? The types of risks, costs, and flexibility requirements you have are among some of the things you’ll want to assess before deciding on any one type of plan.
For example, are you looking for a standalone policy, or do you want a package policy? On the one hand, a standalone cyber liability insurance policy is one that provides coverage that is tailored to cover specific risks and costs. Alternatively, a package policy is one that typically has lower premiums because it has predetermined risks and provides the option of purchasing additional separate coverage.
3. Evaluate What Is and Is Not Included in the Coverage
When it comes to most cyber liability policies, most will cover intangible assets like your networks, data, liability, and your organization’s brand and reputation. However, that doesn’t mean that a cyber liability insurance policy will cover your physical assets. Physical assets, such as your hardware and servers, are most likely going to be something you need to double check and make sure is covered under your business’ general or property insurance policies.
Cyber liability insurance covers a variety of first-party and third-party expenses. For example, first-party expenses can include:
- Customer breach notification costs
- Costs associated with interruptions to your organization or business
- Hiring costs relating to the forensic investigation of the data breach
- Crisis management and public relations (PR) costs related to mitigating damage to your brand or reputation
- Costs of offering credit monitoring to clients as a result of their exposed information
Some of the types of third-party costs that are covered can include:
- Legal defense costs against customer lawsuits
- Expenses and damages relating to claims
- Regulatory defense costs
There are some potential exclusions that cyber liability insurance may not cover. For example:
- If an attacker breaches your vendors’ systems,
- Information that is physically stolen from your trash
- Debit/credit card fraud
- Regulatory penalties
4. Choosing Between Cyber Liability Insurance Providers
According to Nemertes, a global research-based advisory and consulting firm, there are about 500 U.S. cybersecurity insurers available, with roughly half of the market divided among three main firms.
Don’t just move forward with the first provider who gives you a quote. Much like when you’re shopping around for a new car insurance provider, you should take the same steps which choosing a cyber liability insurance provider to ensure they are the right fit for your business or organization. Take your time, do your research, read reviews, and make a careful decision among the cyber liability insurance providers that are available in the marketplace.
Prior preparation is your best step to prevent a disaster. However, even with the best preparation, things can go wrong, so it’s imperative to expect the unexpected and make sure that you have your cybersecurity insurance with a reliable and trusted cyber liability insurance provider in place.
At FPA, our team of experts has helped our clients with the decision process (“do we need it?”), as well as completing the technical survey often required to get it. So, if you’d like to learn more about cyber liability insurance or need other assistance in this area of concern, please feel free to give us a call to discuss your option.
Please feel free to share your thoughts on this topic in the comments section below. Or, feel free to reach out to speak with me directly if you’d like to discuss this more in-depth.