When you buy a house or a car, you’re sure to purchase adequate insurance to protect both in the case that something bad happens. For your business, I'm sure you also have insurance to protect various aspects of it. I wish I could say that this careful mindset also carries over to providing cyber protection for a business’ data and digital assets. Unfortunately, all too frequently this still isn’t the case.
Cyber liability insurance — sometimes called cybersecurity insurance or cyber insurance — is a robust policy that provides a “security” blanket to help protect your business if the unthinkable happens in the cybersecurity realm. Should there be a cyber disaster — for example, if you're hit with a breach, hack, or ransomware or simply a disgruntled employee attacks your business — it can be the difference between simply weathering the storm or going out of business.
According to the Insurance Information Institute (III), interest in cyber liability insurance, thankfully, is growing in light of the headline-making data breaches that have been reported over the past few years:
“Packaged cybersecurity policies as measured in quantified and estimated direct premiums written grew from $416.8 million in 2018 to $1.1 billion in 2019… Cyber incidents ranked second on Allianz’s 2019 list of top business risks (five years ago, it ranked 15th.).”
In 2018 alone, there were 53,000 incidents and 2,216 confirmed data breaches, according to the Verizon Business 2019 Data Breach Investigations Report. While this may sound bad, what makes it worse is that each of these attacks could result in thousands of exposed records. For example, 1,579 reported breaches resulted in the exposure of nearly 180,000,000 records in the same year, according to the Identity Theft Resource Center (ITRC).
However, as we’ve discussed in previous blogs, cyber attacks don’t just affect prominent organizations. According to a report by the Ponemon Institute and IBM, more than 61% of small and medium-sized businesses were breached in the previous 12 months.
It's with these thoughts in mind that we thought this would be a fitting topic to cover to help increase awareness on the growing importance of cybersecurity liability insurance for businesses of all sizes and across all industries. Here are four key tips...
1. Get the Financial and IT Security Teams On the Same Page
Cyber liability is a critical component of building a “cyber-aware culture” at your organization. When you’re preparing to find or choose a cyber liability insurance policy and provider, the first thing you’ll want to do is get your financial and IT security teams in the same room — or, at least on the same page. Doing this will help both essential groups make the best financial and security decisions possible for your organization to protect your brand, image, and clients.
Take the time to discuss what cyber liability insurance is, what types of data and losses are covered (or not covered), how this insurance will affect the organization’s systems and/or processes, etc.
2. Determine Which Type of Insurance Policy to Put in Place
The first step is to determine the needs of your business. How much of a budget do you have available? What types of digital assets do you need to cover? The types of risks, costs, and flexibility requirements you have are among some of the things you’ll want to assess before deciding on any one type of plan.
For example, are you looking for a standalone policy, or do you want a package policy? On the one hand, a standalone cyber liability insurance policy is one that provides coverage that is tailored to cover specific risks and costs. Alternatively, a package policy is one that typically has lower premiums because it has predetermined risks and provides the option of purchasing additional separate coverage.
3. Evaluate What Is and what Is Not Included in the Coverage
When it comes to most cyber liability policies, most will cover intangible assets like your networks, data, liability, and your organization’s brand and reputation. However, that doesn’t mean that a cyber liability insurance policy will cover your physical assets. Physical assets, such as your hardware and servers, are most likely going to be something you'll need to double check to make sure are covered under your business’ general or property insurance policies.
Cyber liability insurance covers a variety of first-party and third-party expenses. For example, first-party expenses can include:
- Customer breach notification costs
- Costs associated with interruptions to your organization or business
- Hiring costs relating to the forensic investigation of the data breach
- Crisis management and public relations (PR) costs related to mitigating damage to your brand or reputation
- Costs of offering credit monitoring to clients as a result of their exposed information
Some of the types of third-party costs that are covered can include:
- Legal defense costs against customer lawsuits
- Expenses and damages relating to claims
- Regulatory defense costs
There are some potential exclusions that cyber liability insurance may not cover. For example:
- If an attacker breaches your vendors’ systems,
- Information that is physically stolen from your trash
- Debit/credit card fraud
- Regulatory penalties
4. Choosing Between Cyber Liability Insurance Providers
According to Nemertes, a global research-based advisory and consulting firm, there are about 500 U.S. cybersecurity insurers available, with roughly half of the market divided among three main firms.
Don’t just move forward with the first provider who gives you a quote. Much like when you’re shopping around for a new car insurance provider, you should take the same steps which choosing a cyber liability insurance provider to ensure they are the right fit for your business or organization. Take your time, do your research, read reviews, and make a careful decision among the cyber liability insurance providers that are available in the marketplace.
Prior preparation is your best step to prevent a disaster. However, even with the best preparation, things can go wrong, so it’s imperative to expect the unexpected and make sure that you have your cybersecurity insurance with a reliable and trusted cyber liability insurance provider in place.
At FPA, our team has helped our clients with the decision process (“do we need it?”), with acquiring it ("who do you recommend?"), as well as working with them to complete the technical survey often required to get it. So, if you’d like to learn more about cyber liability insurance or need other assistance in this area of concern, please feel free to give us a call to discuss your options.
What are you doing about protecting your digital assets? What are you doing to protect your reputation should you get hit? Do you have cyber liability insurance now? If not, what's holding you back? Please feel free to share your thoughts in the comments section below or drop me an email if you’d like to discuss this more in-depth.