Cyber Insurance Policies Should Be Customized

Cyber insurance policiesWhy You Need a Cyber Insurance Policy Tailored to Your Business

With the slew of cyberattacks and data breaches escalating in terms of cost and scale of damage through the years, cyber insurance has come to the forefront of discussions. While still a relative newcomer to the insurance industry, the global cyber insurance market is projected to grow to as much as $22.8 billion globally by 2024, according to Zion Market Data research.

This comes with the recognition that even with the various cybersecurity protection and cyber-crime prevention protocols and tools, companies remain vulnerable to data breaches and cyberattacks. Of course, companies must continually invest in cybersecurity and update employee training and cybersecurity solutions. Still, cyber insurance adds a layer of protection for companies when dealing with the fallout of a cyber-disaster.

Cyber Insurance – No blanket coverage

Cyber insurance policies are typically created with digital risk in mind. This means that their primary function is to ensure business continuity and, hopefully, help enable companies to develop cyber-resilience down the line.

But cyber insurance policies are not created equal. There are lower-priced policies that end up not giving the protection a business needs, especially when these packages do not cover high-risk areas. Also, some cyber insurance vendors are still inexperienced in cybersecurity, while others may not fully comprehend the level and extent of an organization’s needs in view of the current cyberthreat landscape.

Moreover, not all companies have the same level of use and dependence on data. They can also differ in the amount or complexity of data they collect and store. For example, a health care company would collect and utilize patient information that does not necessarily apply to real estate companies and financial institutions.

This is why assuming that a commercial general liability (CGL) policy covers all losses in the event of a cyberattack is a big mistake.

What is typically covered in a cyber insurance policy?

In general, cyber insurance policies cover the following items:

  • Data and software restoration – items destroyed by forms of malware (e.g. viruses, spyware, worms, etc.)
  • Losses incurred due to extortion (ransomware)
  • Expenses related to the setup of a temporary workplace for the resumption of operations
  • Cost of business disruptions directly resulting from a cyberattack (e.g. DDoS attacks)
  • Professional fees for temporary security experts hired to protect your systems/data from further attacks or breaches
  • Legal fees and expenses
  • All costs associated with employee notification and public relations
  • Reputational damage-related costs

Getting the right type of cyber insurance that’s tailored to your business is critical in ensuring all high-value areas are adequately covered and protected. You also need to consider the following:

  • The amount of sensitive information you store
  • Where this sensitive information is stored
  • Policies and measures in case of a data breach
  • Projected costs in case of damaged software and hardware
  • Whether you have a trained dedicated team for mitigating damage
  • Whether you need external security specialists
  • Whether you have capable PR staff to handle crisis management during a data breach

Make sure to take your business model into account, as this will help you gauge just how much insurance coverage it would need in case of a cyberattack.

So, before deciding to get a cyber insurance policy for your establishment, find out exactly what it covers. This will help you to not only better assess if the insurer is a good fit for your company but also to determine if you are getting the protection you need.

Shawn Corrigan

Shawn Corrigan

Shawn Corrigan is the President and Founder of Interactive Security Holdings Inc. Interactive Security has grown into a global company offering IT Compliance Auditing services for small to large companies - focused on making it obtainable, simple and affordable. With over 20 years in the BPO and Financial industry working at the executive level, Corrigan has experienced the pitfalls, trials and tribulations of bringing an enterprise organization into IT compliance. Corrigan has designed a methodology geared at guiding clients of any size to successfully achieve compliance and ultimately obtain compliance certification. Corrigan is certified as a FISMA – NIST Implementor, PCI-DSS QSA, HiTRUST Certified Practitioner and HiTRUST Certified Quality Professional, ISO 27001 Lead Auditor and Implementor