Cyber Insurance
As time progresses, technology becomes more and more heavily used by companies around the world. More things are being converted to the digital world, and that likely includes many things about your business. With this new digital age comes a new form of theft and criminal activity in the form of cyber security. Cyber security is a term that is defined by IBM as “any technology, measure, or practice for preventing cyberattacks or mitigating their impact”. In short, cybersecurity is making sure that your computer systems and sensitive information are safe. Let’s look at cybersecurity in an insurance context and learn how you can protect your business from this issue.
What is Cyber Insurance?
Cyber insurance is a type of insurance that protects your business from attacks on your computer systems and digital assets. Sometimes, you may see it referred to as cyber liability insurance or cyber risk insurance. When we say it protects you, we are not referring to any type of security software or firewall installed on the computer. Instead, we are talking about protection after a cyber-attack. As you can probably imagine, there are a lot of costs associated with a cyber-attack. The proper insurance coverage will take care of these costs for you as well as offer resources to get your business back on track.
What Are Some of the Costs Associated with a Cyber Attack?
There is a large financial impact to a business from a cyber-attack. Depending on the source, data breaches are estimated to cost in the millions. We like to categorize these expenses in three different “Phases” based on the timeline of when they will likely affect you.
Phase 1
The first phase are the immediate issues that are associated with an attack. These are things like paying to mitigate the data breach itself and having to temporarily shut down the business until it is safe to reopen. When a data breach happens, it is your responsibility to notify your clients that their information may have been stolen. Furthermore, you will have to hire a forensic or investigational team to identify the source of the breach to combat it.
Phase 2
The second phase includes the ongoing expenses that you will incur from a data breach. These expenses are things like fines and legal costs, court and defense costs from being sued by your clients (who had their information stolen), and remediation and recovery costs. Once you find the source of the problem you have to pay someone to fix it. Oftentimes this is quite expensive as it is an extremely important task and specialty work.
Phase 3
The final phase are the long term affects of a cyber breach. Things that fall into this category are reputation damage and increased insurance premiums. You may have resolved the issue, bolstered up your security systems, and paid all other fines and expenses, and still have to deal with these costs for years.
Ransom payments that are demanded by a cybercriminal are difficult to categorize. They happen surprisingly often, with some sources claiming that they happen in around 20% of cyber breaches. Additional sources claim that the average ransom paid out was $850,700 in 2023 (just for the ransom, not including additional costs). Check out this site for more information and statistics on ransomware:
Our Partner Companies:
Who Needs Cyber Insurance?
Any business or organization that utilizes technology to house sensitive information. This information could be pertaining to clients or internal information. Things like bank accounts, social security numbers, health records, and credit information. In fact, small businesses (less than 1000 employees) are targeted more often than large businesses. This is because large companies often have an internal IT department resulting in more advanced cyber security. Small businesses often do not have these same defenses, making them an easier target for cyber criminals.
What Does a Cyber Insurance Policy Cover?
Your cyber policy covers a range of different expenses associated with a cyber-attack. These help cover the cost of issues arising from Phase 1 and Phase 2. Here are some of the coverages you can get and what they mean:
- Notifying Customers: the business that had the cyber breach is responsible for letting their customers know about it. They must let you know that your information may be at risk and that they are working towards resolving the issue. Have you ever received one of those notices from a company you have an account with saying that they have had a breach? Usually, they say something along the lines of “we are informing you about a recent data security incident that may involve your personal information”. The cost of these notifications are covered under a cyber policy.
- Data Recovery and Restoration: this includes costs associated with recovering lost or corrupted data. Furthermore, helping people restore their stolen identities.
- Business Interruption: if your business needs to shut down operations while dealing with a cyber breach. Your policy will continue to pay your regular income and cover expenses that are incurred from trying to stop or fix the cyber breach.
- Fines and Penalties: if your business is fined for allowing a cyber breach, your policy will cover these costs.
- Third Party Liability: protects you from claims from clients or customers that may sue you for negligence that resulted in the breach.
- Cyber Management Resources: your carrier has a range of resources that can help you in the event of a breach. Having a number to call for help when you need it can speed up fixing the issue, hopefully mitigating some of the damage.
If we simplify this list and summarize these coverages into only 3 categories, we have costs associated with:
- fixing the breach
- legal defense
- business income
To Summarize
With an increasingly digital world, consequently there is an increasing amount of cybercrime. These situations are highly stressful and extremely expensive. There are many myths that it only happens to large corporations, but small businesses are two thirds more likely to fall victim to cybercrime due to their (oftentimes) lessened security measures. Having a cyber insurance policy in place is crucial to being able to weather an event like this. It will pay for fixing the breach, notifying customers, continue business income if you must shut down, and defense costs for any litigation, to name a few. Each policy has unique limits and exclusions, so speak with an agent to get a more accurate idea of specific coverages for your business. Click here to visit our blog on ways you can protect your business from a cyber attack!
Informational statements regarding insurance coverage are for general description purposes only. These statements do not amend, modify or supplement any insurance policy. Consult the actual policy or your agent for details regarding terms, conditions, coverage, exclusions, products, services and programs which may be available to you. Your eligibility for particular products and services is subject to the final determination of underwriting qualifications and acceptance by the insurance underwriting company providing such products or services. This website does not make any representations that coverage does or does not exist for any particular claim or loss, or type of claim or loss, under any policy. Whether coverage exists or does not exist for any particular claim or loss under any policy depends on the facts and circumstances involved in the claim or loss and all applicable policy wording.