The 6 Things to Consider When Choosing a Cyber Insurance Policy
Why Your Company Needs a Cyber Liability Insurance Policy
Just like most other types of corporate insurance, cyber insurance has become very important for a lot of companies. In fact, it’s being added to a list of insurance policies that continues to grow, policies that seem to already include plans for workers compensation, officer and director liability, professional liability, and more. Even though cyber insurance has become more popular in the past few years, it seems that companies still need to learn more about protecting themselves against cyber attacks. With that said, in the following blog we’ll tell you more about what you need to know about cyber insurance and why your company needs it.
Cyber insurance is not heavily regulated as other types of insurance packages
Along with PCI and healthcare, insurance is one of the most regulated industries out there. Underwriters for professional, car, and health insurance need to abide by certain standards. However, that doesn’t seem to be the case with cyber insurance.
The most vulnerable types of businesses to cyber insurance attacks are small businesses. Even more, they’re also the ones to be the least likely to buy cyber insurance packages. What this means is that if they’re breached, they may be highly susceptible to great losses. To avoid that, small businesses need to learn more about the benefits of cyber insurance and realize that it can actually save them from bankruptcy in the case of an attack.
Since cyber insurance has no set standards, this means that providers can offer a wide range of policies. When cyber insurance was first offered to businesses, businesses were able to purchase fairly comprehensive policies. These days though all of that has changed and they can now choose from a wide range of separate liability coverage that are quite confusing.
Top six things to bear in mind before getting a cyber insurance policy
- The insurance amount you require and the risk you can afford. For your information, the average maximum financial exposure as a result of data breaches and security exploits in ’13 was one hundred and sixty three million dollars.
- Double check the available coverage types.
- What activates your policy.
- What the policy includes.
- The specific data the policy actually covers.
- The way response is handled and the services and costs covered.
Your cyber policy and what it needs to include
If you’re currently wondering about the amount of cyber insurance you should purchase, well, the answer is “as much as you can afford”. In fact, all you have to do is look at Target and how they were breached a few years back and the amount of money they lost. Their cyber insurance policy only covered one hundred million dollars. Out of those one hundred million dollars, sixty five million were used for officers and directors liability coverage. Even if that policy was okay, it won’t actually cover the potential billions of dollars the company is stand to lose once civil lawsuits kick in.
When choosing your cyber insurance policy, there are quite a few things you need to closely take a look at. They include:
- Network security coverage, including staff, physical, software, and hardware status.
- Response time of data breach incidents, including recovery and response planning, but also attack recognition.
- PR and crisis management.
- Digital assets, stolen and lost data.
- Loss associated with third party systems.
- Enforcement and litigation proceedings.
- Governmental fines.
- Coverage for terrorism and cyber extortion.
- Cyber business interruption coverage.
- Laptop insurance.
- Multimedia liability.
As you can see, this is just a partial list of the contents a cyber insurance policy needs to include and it should give you a fairly good idea of how much you should include in your own policy once you decide to get one. In fact, this is the very reason why companies of all sizes are facing lot of confusion. Without purchasing the right type and amount of coverage, most of them may end up losing a lot in the long run.
Visibility is the first step to cyber protection
There are actually a wide range of situations where cyber security won’t cover an incident. For instance, if a company purchased cyber insurance, but it failed to take the right steps to protect itself from cyber attacks, then the cyber insurance policy won’t kick in. If you want, you can look at it in the same way as property insurance. If you don’t lock your door and someone breaks into your house and steals your personal things, then the policy won’t cover you. What this means with cyber security is that the same steps have to be taken in order to ensure your company is protected against cyber attacks.
Therefore, if you’d like to be protected from such attacks, then you need to first of all make sure that your network is visible. If you can detect and fix network issue, mitigate breaches within twenty four hours, respond and recover swiftly, then you won’t have to worry about being denied coverage.
The truth is that networks get more and more complex by the day and there are plenty of companies that simply lose track of data which means that malicious data may end up compromising their systems. As such, if you cannot see your network’s traffic, then you need to fix this as soon as possible prior to getting a cyber insurance policy.
A proper response plan and visibility are not enough. As a company, you also need to have all the required security appliances in place, including web app firewalls, IPSs, IDSs, etc.
In conclusion, as a company you need to have a strong cyber insurance policy, great visibility and proper security precautions in place. On their own, neither of these will be able to protect you from complex breaches. However, together they’re a lot more effective at it and therefore offer you a solid chance of being able to stand against a wide range of sophisticated and aggressive cyber attacks.