GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

By Cynthia Lopez Olson

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance.

Related: Bots attack business logic

Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

These risks are normally not covered by a general liability policy, which includes coverage only for injuries and property damage. In general, cyber insurance covers things like:

•Legal fees and expenses to deal with a cybersecurity incident

•Regular security audit

•Post-attack public relations

•Breach notifications

•Credit monitoring

•Expenses involved in investigating the attack

•Bounties for cyber criminals

In short, cyber insurance covers many of the expenses that you’d typically face in the wake of cybersecurity event.

Cyber coverage drivers

According to the World Economic Forum’s Global Risks Landscape for 2018, extreme weather events, natural disasters, and cyberattacks are the risks that you are most likely to face, with a likelihood score of 4.40, 4.17, and 4.01; respectively. In other words, you are just about as likely to suffer from a security or data breach as you are to experience a hurricane or earthquake.

Lopez Olson

What’s more, cyberattacks are one of the risks that can cripple your business the most. Depending on the type of cyberattack your company falls victim to, the losses can be substantial. For instance, more than 20,000 business email compromise incidents were reported to the FBI in 2018. All of these cost victims around $1.3 billion. Meanwhile, credential-stuffing attacks have a potential cost of at least $5 billion a year, while ransomware can set companies back around $8 billion.

Coverage types

“Put simply, cyber insurance covers financial losses that stem from a data breach, hacking, and other cybersecurity events,” explains Sidd Gavirneni, CEO and Co-Founder at Zeguro. “Some coverage is inherently added to any cyber insurance policy. If you need to add more coverage for something that you or your business needs, you can add it à la carte.”

First-party coverage, for instance, is a  type of coverage that will pay for the direct costs associated with a cybersecurity event, such as expenses associated with informing your customers that you were hacked.

Cyber insurance policies typically will help companies offer coverage for the cost of the following, resulting from a cyberattack:

•Replacing and restoring electronic data or software that was damaged

•Lost income

•Cyber extortion, or being blackmailed to pay an attacker to avoid the deletion of files or a denial of service attack

•Notifying your customers about the breach or hacking

•Repairing your reputation

Third-party coverage even pays for expenses that you will incur if there is a claim against you or your company as a result of the cybersecurity incident, such as if a customer sues you for having his records stolen.

Third-party coverage applies to settlements and damages, as well as the cost of your defense. It will often cover the cost of paying claims against errors, omissions, and negligence. It will also cover expenses associated with regulatory proceedings.

What’s not covered

As with regular insurance policies, there are some things that most cyber insurance policies do not cover. For instance, cyber insurance will not pay for additional software or hardware you buy after experiencing hacking. The loss of potential profit in the future is also not covered. If your company loses value because a trade secret or intellectual property was stolen, those losses would not be covered, as well.

Not all cyber insurance plans are the same, so it’s important to evaluate the coverage offered when comparing plans.

About the essayist: Cynthia Lopez is the managing editor at Watchdog Reviews. She’s been writing about tech-focused topics and trends since 2014.





Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone