What is cyber insurance?
Cyber insurance works in much the same way as any other specific incident-related insurance, like flood or earthquake insurance. It reduces the financial risk of online business and covers organizations in the event of a cyber attack.
If your enterprise falls victim to some form of cyberattack, data breach, or other incidents, cyber insurance is designed to cover the costs and get you operational again as quickly as possible. It is designed to ensure that disruption to business processes is kept to a minimum, the cost of data loss or leak is reduced or removed, and can also help with legal repercussions and fines.
Cyber insurance remains a new industry and, as such, is constantly in a state of flux. Cybersecurity itself changes month to month, responding to new threats and risks, and cyber insurance does the same. It is, therefore, a rather different prospect to traditional insurance policies, and underwriters work with a far more fluid, uncertain risk package.
Why is cyber insurance important?
Cyber attacks can be disastrous for businesses. They can result in loss of data, revenue, and customers in the short-term, liability for damages in the medium term, and a loss of consumer confidence in the long term.
Cyber insurance is hugely important in managing the risks associated with successful cyberattacks. It can significantly limit or remove the financial risks of a breach, meaning that any and all costs relating to an attack can be covered. If businesses have to remunerate customers or users for a loss of service or data as a result of a cyber incident, insurance can take the hit. Some cyber insurance will cover ‘ransoms’ paid for encrypted or stolen data, while others might cover fines or legal costs. Cyber risk coverage essentially gives victims of cybercrime a huge boost in getting back on their feet in the wake of a breach.
Do I need cyber insurance?
The short answer is yes.
Cyberattacks are an ever-growing risk in our increasingly online world, and the increased subtlety, nuance, and technological prowess of bad actors mean that even the most cutting-edge cybersecurity can only offer so much protection. Cyber insurance acts as a safety net in the event that your defences are breached, and disaster strikes. Much like a disaster recovery plan, you hope you won’t need it, but if you do, not having it will make a disaster even worse.
It is important, however, to view cyber insurance as a safety net, not as a form of protection in its own right. You still need to have proactive and reactive security measures in place, not least because you won’t find an underwriter who will cover you if you don’t!
But cyber insurance can be an enormous help. As an example, in 2011, Sony’s PlayStation network was successfully hacked, leading to a network outage of over three weeks. This loss of service cost Sony over $171 million. Although Sony’s existing insurance covered damage to physical property, they did not have cyber insurance and so were found to be liable for the full cost of the cyber damages. An expensive lack indeed!
What does cyber insurance cover?
As with all forms of insurance, cyber insurance can be customized depending on exactly what sort of coverage you require, what your business is and does, and what sort of risks you are likely to face online.
Cyber insurance can cover extortion demands following a ransomware attack, the costs of communicating with clients in the wake of a security incident, legal fees and fines, forensic and investigative costs, data recovery costs, replacing damaged or destroyed hardware and software, and even restoring customer identities who have been compromised.
Most cyber insurance policies start out covering first-party losses, with third-party losses and costs available as an additional level of cover.
How can my IT provider help?
Your IT or Managed Services Provider (MSP) is best placed to help you understand the risks you face, explore what sort of coverage you might need, and find the best provider for your specific needs.
Cyber insurance pricing is usually fixed depending on your organization’s annual revenue as well as the industry in which you operate. In order to qualify for coverage, you will need to submit to a security audit or provide relevant documentation, which is something else that your MSP can help with.
As the cyber insurance industry is still in its infancy, there are so many variables and unknowns that it can be extremely hard to know exactly what you need and who is best placed to provide cover. Policies will vary enormously from one insurance company to another, and understanding exactly what is covered and how the coverage might shift as time and threats develop can be tricky.
This is why working closely with your IT provider or MSP when arranging cyber insurance is important. They can evaluate your risks and research which provider is best suited to your needs. They can also explore whether the policies on offer will be able to protect you in the future - i.e. against risks and threats that don’t currently exist!
To find out more about cyber insurance, just get in touch with VC3. Our experts will be happy to help with all the guidance and advice you need.