Cyber Insurance: Do the Benefits Outweigh the Costs?
If you feel a rumble beneath the ground, it might not be an earthquake. It might just be the cyber insurance boom getting ready to explode.
Cyber insurance policies, which totaled approximately $1.3 billion in annual premiums last year, are expected to increase substantially by the end of the decade. In fact, 57% of the respondents in a new study, who currently don’t have cyber insurance, plan to purchase it in the next few years.
The biggest factor fueling the growth is the huge increase in data breaches and the high costs associated with them. Organizations spend an average of $9.4 million on one or more security incidents, according to the same study, which was just released by the Ponemon Institute. The study’s respondents expect those costs to rise to $163 million.
The shock of a data breach or security infiltration usually prompts companies to invest in better technology to try to prevent another incident from happening in the future. Many companies also increase employee training and awareness, as numerous breaches occur because of negligence.
But as breaches become more prominent and widespread, they’re being viewed as major business risks that should be handled by risk managers instead of technical problems handled by the IT staff. And risk managers, who oversee insurance anyway, have spurred a greater interest in cyber insurance.
If your organization is contemplating cyber insurance, here are five objectives to consider:
1) What the Policy Covers
Most cyber policies cover the replacement of lost or damaged equipment, forensic and investigative costs, along with legal expenses and crisis management. They also usually cover breach response costs, such as notifying the breached victims and providing them with credit monitoring. What’s not usually covered are reputation damage and revenue losses probably because these losses are difficult to quantify. Fines and penalties are sometimes covered, depending on the specifics of the policy.
2) Benefits Versus Costs
Although each quote will be different depending on your needs and your organization, Ponemon found that most insurers thought their premiums were fair. About 62% of the respondents said their premiums were reasonable given the nature of the risk. And 61% believe their premiums will stay the same in the near future.
3) Comparison to Natural Disasters
Many cyber security experts now equate breaches and cyber threats to natural disasters like Hurricane Sandy, which devastated parts of New Jersey and New York last year. In other words, you never know when one will hit but if you’re not prepared, the losses can be devastating. In the Ponemon study, 76% of the respondents believe cyber security risks are equal or greater than some of the more common insurable risks like fires, earthquakes and other natural disasters.
4) Your Security Posture
Many organizations find that their security posture improves with the purchase of cyber insurance, not just because of the financial protection of the policy, but because of the requirements of purchasing it. Often insurers require assessments and other steps to improve safety before a policy is issued. In addition, some insurers offer value-added services, such as assistance with breach response plans, network penetration testing and information portals. All of these services can help organizations be better prepared for a data breach or security exploit.
5) Word on the Street
Of course it’s a good idea to find out what others are saying about a product before you buy it.
While cyber insurance is still fairly new, those organizations that have purchased it seem to be satisfied, according to Ponemon. About 74% of the study’s respondents rated their insurance companies as excellent or very good when responding to a claim.
You Be the Judge
Cyber insurance, like many insurance products, will vary based on your organization’s needs and the insurer who provides it to you. If you do decide to purchase it, be sure to do your due diligence and work with a reputable insurer. But it may help to know that many organizations are glad they purchased cyber insurance and many more plan to purchase it in the future, according to the Ponemon study.
To learn more, download the complete Ponemon Cyber Insurance study