In business, as in life, there are things within our control — and things that are outside of it. For instance, we can control how we design and implement our marketing strategies, but not how our customers will react to these. We can also implement all sorts of cybersecurity tools, such as anti-malware programs and firewalls, but we can’t stop cybercriminals from trying to thwart your defenses.
Having little to no control over circumstances doesn’t necessarily mean we just throw our hands up in defeat, for this is exactly what insurance is for. In this post, we’ll take a closer look at cybersecurity insurance, in particular, and explore whether your business needs it.
Under a cybersecurity insurance contract, the insured pays a premium to the insurer in exchange for protection against the financial repercussions of adverse IT events, such as data loss and data breaches.
What is cybersecurity insurance?
Also known as cyber insurance or cyber liability insurance, cybersecurity insurance is a contract between the insurance provider and the insured. Under this contract, the insured pays a premium to the insurer in exchange for protection against the financial repercussions of adverse IT events, such as data loss and data breaches. Cyber insurance policies vary widely, but these usually cover the following:
Costs directly incurred because of a data breach, such as:
- Data replacement costs
- Software replacement costs
- Loss of income during downtime
- Cyber extortion payouts for paying ransomware demands
- Customer notification costs (e.g., sending out mass emails, setting up customer hotlines, etc.)
- Crisis management expenses (e.g., hiring lawyers, forensic accountants, and PR managers to mitigate the fallout the breach may cause)
Liabilities and penalties, such as:
- Privacy and network security liability (e.g., a business partner sues your company because you exposed them to a downtime-causing virus)
- Electronic media liability for when the policyholder’s customer data is published online and affected parties file suits ranging from defamation to invasion of privacy
- Regulatory penalties, such as fines for HIPAA violations
- The costs were caused by the insured’s own deliberate and/or malicious actions (e.g., a healthcare provider responds to negative online reviews given by their patient by disclosing that patient’s medical condition, which is a HIPAA violation)
- The policyholder already knew that it was going through a cyber incident but did not disclose it to the insurer during the inception of the insurance policy
- The costs are already covered by a preexisting policy
What is not covered by cyber liability insurance?
As with all types of insurance, cyber liability insurance also has exclusions. That is, the insurer won’t cover costs incurred by the insured if:
What are the most common types of claims that policyholders make?
What types of businesses usually avail of cyber insurance?
Any business that relies on being online or transmitting and keeping electronic data (such as digital customer records) to operate may benefit from this type of insurance. If a business is old-fashioned and only utilizes paper records, or it doesn’t rely heavily on IT to operate, then that business may have no use for cyber insurance.
Does your business, in particular, need cyber insurance?
As previously mentioned, businesses that utilize digital tech and electronic data will benefit from the financial protection that cyber insurance provides. However, this is a general statement that might not apply for your business, or if it does, you’ll then have to find out how much coverage you need and how much you’re willing to pay for it. To make the best decision for your business, consult with our IT experts at CDS. We’ll help you determine your insurance needs and find the insurance policy that would serve your company best.