Insurance can be a fickle thing.
If you’re unlucky enough to be in a car accident, it can be as much of a life-saver as your seatbelt and airbag systems. But often, policies can feel redundant or over the top, like when you got that volcano insurance.
The reality is insurance is more than just coverage in the case of an accident or problem. And cyber insurance, in this volatile and uncertain internet age, is more of an answer to your concerns than you know.
If you’re thinking your business is iron-clad, or more likely that problems couldn’t possibly happen to your team, here is some perspective:
- Who is targeting my business? 74% of those who perpetrated cyber crimes come from external sources, which means that internal sources make up over a quarter of the threat (26%).
- What infrastructure is at risk? Compromised assets include user POS terminals, POS terminals from the server, desktops, laptop, and web applications.
- What are they looking to steal? 52% of the time, credentials (think username and password) were the target as they can be used for later crimes or sold on the dark web.
Read more about how your credentials are used here: How to Protect Your Business From This $43B Scam
Once these nefarious folks are into your system and have their credentials, personal data, or whatever it is they were after… well, who knows. And THAT is where cyber insurance comes in.
Look, we aren’t insurance salespeople, nor do we get any kind of bird-dog benefit from you carrying a policy. Carrying cyber insurance is IMPORTANT. Our goal is to be the “Bill Nye: Insurance Guy” to your 10th-grade-chemistry-class-with-a-substitute. So today, we’re going to take a look inside the incredibly important world of cyber insurance while covering three topics:
What on Earth is Cyber Insurance?
Known formally as cyber-liability Insurance, cyber insurance is a type of policy that protects organizations from the aftermath of a cyberattack or other kind of hack. Holding a cyber insurance policy shields a business from financial losses caused by cyber incidents like data breaches and theft, system hacking, ransomware extortion payments, and denial of service.
"The formal definition of cyber insurance is essentially a contract between an insurer and a company to protect against losses that are related to computer- or network-based incidents," explains Juergen Weiss, head of global financial services research and advisory at tech analyst Gartner.
For small businesses that store sensitive information online or on a computer – like the one you are a part of, likely – this coverage could prove critical. Among small businesses (fewer than 250 employees), the average reported cyberattack cost in 2021 was about $25,600. While that may not seem like an earth-shattering amount to some businesses, for many small businesses that sum would prove insurmountable.
“Cybercrime is very opportunistic,” says Nathan Little, vice president of digital forensics and incident response for Tetra Defense, a cyber risk management company that assists insurers and companies in preventing and recovering from cyberattacks. “Every company, no matter what the size, is an opportunity for a cybercriminal to make some kind of money.”
Nathan also noted that hackers often systematically search for targets and attack small businesses because of certain vulnerabilities often associated with those businesses, not because they're set on attacking any specific company.
What Does Cyber Insurance Cover?
In the best 90s stand-up comedy voice we can muster…
There are TWO TYPES of cyber insurance. You’ve got your FIRST-PARTY coverage that protects this stuff over here. But then, your LIABILITY coverage, it protects that stuff over there!
Okay, back to our normal voice, whatever that might be for you in your head… Is it your own voice? We’d love to know!
Our forever-caveat is every business is unique and different but generally, cybersecurity insurance is more or less split into two categories, either first-party or liability coverage. Each policy protects companies in different circumstances and ways.
This kind of coverage will defer costs during the recovery stage. Every policy and provider is different, but policies generally provide coverage for the investigation of a break-in, risk assessment for future cyber attacks, lost revenue due to business interruption, and ransomware attack payments (based on your coverage limits).
Policies also often cover the cost of communicating with customers about the incident and providing anti-fraud services like credit monitoring to go along with any practical assistance that may be needed. Some policies will even cover the repair of systems damaged by the incident.
The most common first-party cybersecurity coverage is data breach insurance BUT the two are not necessarily interchangeable as some may suggest. Cyber insurance looks after cyber risk from first-party and third-party incidents while data breach insurance covers damage to data.
Whether you work B2C, B2B, or some other kind of sales system, you will be liable to cover the damages if your client/partner information is compromised through a cyberattack. Cyber liability coverage protects your business in the unlikely event a third party sues the original policyholder for damages as a result of data crime.
But as unlikely as it is to be the target of a cyber liability claim on the whole, it might be way more likely than you think. Consider employees losing cell phones which can easily grant access to customer information. Ransomware attacks on data processing can suddenly keep you from fulfilling orders or completing projects, leaving you liable for customers’ financial losses you were contractually obligated to finish or provide.
Cybersecurity liability coverage protects businesses by paying for extraneous expenses like attorney and court fees associated with legal proceedings following a breach, possible settlements and court judgments, as well as regulatory fines for noncompliance. (For the love of all things IT-related, GET COMPLIANT!)
While it covers a lot of incredibly important things, cyber insurance doesn’t necessarily cover everything. For instance, monetary losses and damages are covered, but property damage like a fried hard drive couldn’t be included in the claim and would need to be filed with commercial property insurance. Intellectual property is another with its own insurance type, with no losses from IP being covered by cyber insurance policies.
To discover the specifics of cyber insurance policies your business may qualify for, talk to your insurance provider for details.
How Does Adopting Cyber Insurance Work?
If you can’t see the benefit of applying for cyber insurance at this point, give us a call. Seriously, we’ll walk you through the exact threats to your business and how this kind of coverage can keep you safe. On the other hand – if you see the benefits of a cyber insurance policy but are uncertain how to proceed in the best way, we’ve got you covered.
First and foremost, you can ask yourself any and all of these 20 easy questions we’ve created to help you dig deep internally and lower your insurance premium before you ever apply. Some questions, like performing regular data back-ups, we’ve grilled you about before. There are others about limiting remote access and where/how your records are stored, and even one about enabling multi-factor authentication – as if that’s never come up before.
And if you really prefer checklists to blogs… Well, thanks for getting this far, and here’s your reward, an easy-to-use checklist for anyone applying for renewing cyber insurance for 2022.
Cyber insurance certainly has many layers and can seem overwhelming. Hopefully, you can walk away from this blog equipt with some helpful knowledge to get things started.
The moral is: If you don’t have it, you’ll need it. If you have it, you never want to use it until you have to, at which point you’re thrilled you didn’t risk it for the proverbial biscuit. Volcano insurance may be useless to folks far away from fault lines, but for any business storing data and accessing the internet, cyber insurance is a necessity.
To learn more about cyber insurance or any other IT-related questions you may have, give us a call at (864) 552-1291 and we'll help you evaluate capabilities and options. Also, sign up for PTG Tech Talk for bi-monthly tech news and consider following us on LinkedIn, Facebook, and Twitter!