With the huge proliferation of cyber threats out there, cyber safety and security are at the top of anyone’s list who regularly use PCs or are part of (or who run) a computer network. The PricewaterhouseCoopers 2016 Global State of Information Security Survey revealed a 38 percent increase in the number of security incidents in 2015 over the previous year. That figure will likely climb for next year’s survey, which is why many companies are in a rush to implement iron-clad cybersecurity policies and technology. It’s all because of one thing – the safekeeping of data, which is the backbone of any business entity or organization.
And, along with adopting better cybersecurity standards, more and more companies are opting for cyber insurance as part of their cyber defense strategies. Although a relatively new phenomenon on the computer networking scene, cyber insurance can offer an additional layer of protection between unethical hackers and end-users, filling the gap where traditional business insurance may fall short. Cyber insurance, however, definitely has its perks and drawbacks, so you will want to be fully aware of what you’re getting when you opt-in.
What is Cyber Insurance?
It works exactly like any insurance policy would, covering the financial losses that would occur due to a cyberattack, breach, or cyber-related data theft. The worth of cyber insurance policies generally run well into the millions, in order to be able to cover insureds from the often costly fines stemming from compliance violations. There is as of yet no policy exceeding $100 million, but it is possible to structure “towers” of coverage with multiple cyber insurance policies for added indemnification strength for business organizations with overall worth in the hundreds of millions or even billions.
Who Needs Cyber Insurance?
A good way to determine if your organization needs cyber insurance is to evaluate your ongoing cyberattack risk level, and ask yourself these questions:
- What type of information does my organization hold?
- What are the potential consequences if this information is stolen and/or exposed?
- What are our current cybersecurity policies?
- Does our current business insurance policy cover any type of cybersecurity related risk?
The answers to those key questions will help you get closer to what kind of cyber insurance policy you’ll need, if any. Some other helpful resources are available at the National Institute of Standards and Technology (NIST) Cybersecurity Framework (resources) and the Federal Financial Institutions Examination Council Cybersecurity assessment tool.
How Do I Get Cyber Insurance?
Once you are ready to acquire a cyber insurance policy, you’ll want to first identify the gaps in your existing business insurance policy first, as being fully cognizant of what your traditional policy covers is the first step to understanding what type of additional coverage is needed. Coverage can be widely divergent in exactly what is provided for in the case of a cyber breach, e.g. business disruption and downtime, extraneous expenses, event response costs, litigation defense fees and/or settlement costs in the case of a compliance violation fine, and appertaining lawsuit.
Having a checklist prior to approaching an insurance broker will help you be prepared for an interview, wherein you can comprehensively convey all aspects of your business model, operations requirements, and also be able to formulate the right questions to them on the types of policies on offer.
Shop Around and Be Prepared
Don’t just go for the first cyber insurance carrier out of the gate, and be sure as well that you understand all of a given policy’s set guidelines that govern things like when the policy is triggered, what exactly it covers, and any major exclusions in the policy. This will help to eliminate any confusion in the event of a cyberattack or breach. Remember also that cyber insurance should never serve as the single line of cyber defense, as it’s designed to work as part of a greater overall cybersecurity plan. Here’s another great resource (especially for those entities operating in the financial sector) to aid you in your search for the right cyber insurance policy – The Purchaser’s Guide to Cyber Insurance Products from the Financial Services Sector Coordinating Council.
Ask a Cybersecurity Pro
You can also speak to an IT specialist at Hammett Technologies, which is a proven leader in providing IT consulting and cybersecurity in Washington, DC or Baltimore, about how to find the right cyber insurance policy. Contact an IT expert at (443) 216-9999 or send us an email at firstname.lastname@example.org today, and we can help you with all your questions or needs.