Things You Need to Know About Cybersecurity Insurance
Cybersecurity Insurance is one of the many options we get asked about when we talk about the cybersecurity onion layer of protection. Let’s explain the key things you need to know about when it comes to cyber insurance.
Cybersecurity Insurance or Cyber Liability?
Liability is a risk for businesses of any shape or size. A non-profit that uses online tools to support fundraising activities can be vulnerable to hackers. An organization’s website that does not have best practices for information security could disclose client information and expose a liability to the organization.
Publishing online content can also add various exposures such as:
- Electronic security breaches involving the personal/commercial information of clients, employees, volunteers, members, suppliers and/or stakeholders
- The theft of mobile devices, laptops, USB flash drives and cellphones containing organizational, client, employee, volunteer or member, data.
Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by:
- Promoting the adoption of preventative measures in return for more coverage
- Encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.
Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack.
Things You Should Look Out For
- It’s about risk management. Cybersecurity insurance transfers some of the financial risks of a security breach to the insurer. First-party insurance typically covers damage to digital assets, business interruptions and, sometimes, reputational harm. Third-party insurance covers liability and the costs of forensic investigations, customer notification, credit monitoring, public relations, legal defense, compensation and regulatory fines.
- Clear Wording. Investigate what risks are covered by existing insurance packages, because there may beoverlaps with a cyber insurance policy.
- Coverage is inadequate in some areas. Some policies do not cover intellectual property theft, state-sponsored attacks, reputational damages, and the overall destructive nature that can cripple a business after a cyber breach.
- Negotiate lower premiums. By properly protecting your infrastructure, data, and policies, you could speak to a broker about reducing premiums.
What To Ask Yourself When Buying Cyber Liability Insurance
- Do all my technology and portable devices need to be encrypted?
- How many records containing personal and/or commercial information does your organization retain or have access to?
- Have you put proper security solutions and controls in place to reduce insurance premiums?
- What about unencrypted media in the care, custody or control of your third-party service providers?
- Could you make a claim if you were not able to detect an intrusion until several months or years had elapsed?
The possibility of cyber liability lawsuits is becoming a reality that every business owner should consider. There have been several very high-profile personal information breaches that affected tens of millions of records and will cost the companies involved millions of dollars.