What is Cyber Insurance and Do I Need it?
You know the saying: technology is a blessing and a curse.
Technology use is an essential part of business and everyday life today. It has streamlined, optimized and sped up our processes and expanded our capabilities.
But in recent years, it has also made people and businesses, including some of the world’s largest organizations, vulnerable to serious attacks that have cost them money, materials, and reputation.
But it’s not just large businesses — 55% of small businesses have experienced a cyber attack. No organizations are excluded and everybody needs to worry about protecting their systems and data.
Cue cyber insurance!
Cyber insurance hasn’t been around forever. Many people are unaware of it, or haven’t used it in business in the past, so they don’t think they need it now.
So what’s the truth? Is it just a new business fad, or something you really need to protect your business?
At Berry Insurance, we’ve educated hundreds of businesses, both small and large, about cyber insurance and helped them obtain the coverage they need.
Below, we’ll discuss what cyber insurance is, what it covers, and if it is right for you.
WHAT IS CYBER INSURANCE?
Cyber insurance covers costs associated with a cyber attack or data breach.
This includes malicious actions such as hacking, viruses, phishing, denial of service (DoS) ransomware, malware and more; but also data losses from incidents such as computer glitches, power surges, and accidental deletions.
The insurance covers costs and legal fees incurred from business losses, investigations, lawsuits, and extortion.
In addition to the expense recovery, cyber insurance can offer assistance in other areas related to security, such as:
Providing notifications about security threats and data breaches
Recovering compromised data
Repairing damaged computer systems and software
Consulting on cyber related issues
FIRST-PARTY VS. THIRD-PARTY CYBER INSURANCE:
First-party cyber insurance protects business against the financial repercussions of cyber attacks and data breaches, as discussed above.
There is also another type of cyber insurance, called third-party cyber insurance, which protects the insured company if it makes a mistake that causes a client or partner to experience a data breach or cyber attack.
Not all insurance carriers offer third-party cyber insurance alongside first-party, so if you are interested in it, you should ask your agent for a policy that includes it.
WHEN CYBER INSURANCE ISN’T ENOUGH:
When purchasing cyber insurance, it is important to understand your cyber insurance policy will not pay out if you don’t do your part to protect your company from cyber attacks as well.
Just because you have cyber insurance, doesn’t mean you can neglect all other security strategies in your company.
Ensuring your business is adequately protected is completely up to you. When you get cyber insurance, the carrier does not check your security strategies — it only does so when a claim has been made.
This means you might think you’re covered when you actually aren’t.
To ensure you are covered by your cyber insurance, you will want to take the following steps to prove you are making your best effort to prevent any attacks:
Implement a detailed cyber security strategy
Use security/antivirus software
Train your employees
Encrypt your information
Audit your network
Use secure, password-protected Wifi
Use unique employee logins and passwords
Generally, you will need to be already doing these things in the first place to even qualify for cyber insurance.
WHO IS CYBER INSURANCE FOR?
In addition to security policies and training, most businesses of all sizes should have cyber insurance.
Some believe only large corporations are susceptible to cyber attacks, but this is not the case.
Any business that uses technology to store company or customer information, or process payments online are vulnerable to a cyber attack and should have cyber insurance.
Many people assume their general liability insurance will cover losses pertaining to cyber, but this is not the case. To protect your business from cyber attacks, you will need separate cyber insurance.
In some cases, individuals may also want cyber coverage. For example, company founders, public figures, and wealthy people are vulnerable to cyber attacks and could benefit from the coverage.
WHO IS CYBER INSURANCE NOT FOR?
Small businesses who don’t use technology to store information or process online payments usually don’t need the coverage.
The average individual also does not need cyber insurance. Even if you use credit cards and online banking, you do not need the coverage because the financial providers have their own cyber security protection covering you. Individuals who want to be protected from hacking can also can also purchase identity theft insurance.
HOW TO DETERMINE AND ACQUIRE CYBER INSURANCE COVERAGE:
Determining how much insurance you actually need for your business depends on several factors such as the company size, industry, revenue, the likelihood of being targeted, and the estimated potential damage if there were to be a cyber attack.
Industries who might need more coverage include technology, medicine, finance, or any with large revenue or confidential information.
Larger businesses tend to need more cyber insurance because their potential financial losses are larger.
HOW MUCH DOES CYBER INSURANCE COST?
The cost of cyber insurance varies significantly depending on company size, revenue, industry, and the amount of coverage you want on your policy.
For smaller businesses, the annual premium might range from $500 – $5,000, but for larger businesses, the premium can cost tens of thousands.
Even if the insurance does cover an incident and the short-term costs are paid, it does not necessarily resolve everything. Cyber attacks can be damaging to a company’s reputation and future sales, which could even put them out of business.
Remember, just because you have cyber insurance, doesn’t mean you are protected.
Cyber insurance takes a lot of work on the part of the policyholders to ensure they are protecting themselves as well, and if they are not, the insurance might not cover.
In addition to the coverage, you need to make sure you are taking steps to protect your business from a cyber attack.