In a world where every person and every business can and has been a target of cybercrime, cybersecurity is now more critical than ever before. From small and medium-sized businesses (SMBs) to giant enterprises, all are vulnerable to cyber threats. Did you know 55% of small businesses have experienced a data breach and 53% have had multiple breaches? Cyberthreats are not slowing down anytime soon. Education is vital for companies to understand the threat of cyberattacks and the consequences of these incidents, understanding your cyber risk and cyber insurance policies, and appropriate cyber threat solutions and best practices.
CYBER INSURANCE, PLAIN & SIMPLE
Life – both personally and professionally – will inevitably throw curveballs. Whether you have the appropriate insurance and protections in place when some of those unexpected events hit will impact how you come out on the other side. You have health insurance to protect you if you get sick, car insurance in case of an auto accident, homeowners or renters insurance in case of significant damage. Similarly, you have cybersecurity insurance if your business experiences a breach, such as a malware or ransomware attack. From SMBs to large enterprises, every business is under continuous threat of security risks in today’s digital world. That’s why cyber insurance is a smart precaution for any size business.
WHAT DOES CYBER INSURANCE GENERALLY COVER?
Regardless of size, every organization faces some amount of cyber risk. However, the larger you are, the more areas of vulnerabilities you have. It’s worth noting that cyber liability insurance policies protect your business from claims and expenses resulting from a data breach. Most cyber insurance policies include both first-party and third-party coverages. While policies are not one size fits all and contain unique terminology, some coverages may be included. In contrast, others are available “a la carte.” Thus, it’s critical to understand your cyber insurance policy. Some of the common risks that cyber insurance typically covers include:
- Data loss, recovery, and recreation
- Business interruption/loss of revenue due to breach or extortion threat
- Loss of transferred funds
- Computer fraud
First-party coverage is similar to commercial property insurance. It covers expenses of a business’s own damages from cyberattacks, like the cost of informing your customers. Third-party coverage is like general liability insurance. It covers claims that result from a business being blamed for causing another organization’s cyber losses. An example includes a customer suing your company for negligence after a hacker steals their personal data from your network and releases it online.
WHAT DOES CYBER INSURANCE TYPICALLY NOT COVER?
As with all insurance policies, some exclusions are essential to understand. Cyber insurance policies generally do not cover:
- Potential future lost profits
- Loss of value due to the theft of intellectual property
- The cost to improve internal security and technology systems (betterment), including any software or security upgrades after a cyber event
Be aware that if you have cyber insurance policies activated, there are likely gaps around which damages they’ll pay. In fact, there are a host of lawsuits, including the infamous NotPetya malware attack, fighting against insurance carriers due to their cyber claims not being covered by non-cyber policies.
These lawsuits shed light on the concept of “Silent Cyber” – otherwise understood as traditional insurance policies (i.e., property liability, general liability, or directors and officers insurance) being silent on whether they cover inevitable consequences of a cyberattack.
Simultaneously, the cyber insurance space is continuing to proliferate, and offers will continue to expand and be customized, evolving towards more industry-specific solutions rather than general.
WHAT’S THE RIGHT AMOUNT OF PROTECTION TO COVER YOUR SMB?
SMBs should consider shielding themselves against the increased possibility of business disruption or bankruptcy in many cases through a cyber insurance policy. As we’ve mentioned, cyber insurance policies have caveats. Thus, conducting a Compromise Assessment of your entire network is an ideal best-practice for both your business and insurance companies and determines the amount of risk involved in insuring and offering the best value.
We can help you conduct a Compromise Assessment of your current security posture. We will identify all past and present threats within your network, provide a comprehensive analysis of your cyber risks and vulnerabilities, and create a strategic road map to reduce your likelihood of a data breach. You can get in touch with us at firstname.lastname@example.org.
Cyber insurance is a smart precaution for any size organization as policies are built to protect your business from claims and expenses resulting from a data breach. While policies are not one size fits all and contain unique terminology, most are flexible, so you can choose the coverages that best fit your individual business needs. In tandem, it’s critical to evaluate your cyber risk posture to ensure your network hasn’t been compromised.