Does your business need cybersecurity insurance?

December 31st, 2021 by admin

In business, as in life, there are things within our control — and things that are outside of it. For instance, we can control how we design and implement our marketing strategies, but not how our customers will react to these. We can also implement all sorts of cybersecurity tools, such as anti-malware programs and firewalls, but we can’t stop cybercriminals from trying to thwart your defenses. Having little to no control over circumstances doesn’t necessarily mean we just throw our hands up in defeat, for this is exactly what insurance is for. In this post, we’ll take a closer look at cybersecurity insurance, in particular, and explore whether your business needs it.

Under a cybersecurity insurance contract, the insured pays a premium to the insurer in exchange for protection against the financial repercussions of adverse IT events, such as data loss and data breaches.

What is cybersecurity insurance?

Also known as cyber insurance or cyber liability insurance, cybersecurity insurance is a contract between the insurance provider and the insured. Under this contract, the insured pays a premium to the insurer in exchange for protection against the financial repercussions of adverse IT events, such as data loss and data breaches. Cyber insurance policies vary widely, but these usually cover the following:

Costs directly incurred because of a data breach, such as:

Data replacement costs
Software replacement costs
Loss of income during downtime
Cyber extortion payouts for paying ransomware demands
Customer notification costs (e.g., sending out mass emails, setting up customer hotlines, etc.)
Crisis management expenses (e.g., hiring lawyers, forensic accountants, and PR managers to mitigate the fallout the breach may cause)

Liabilities and penalties, such as:

Privacy and network security liability (e.g., a business partner sues your company because you exposed them to a downtime-causing virus)
Electronic media liability for when the policyholder’s customer data is published online and affected parties file suits ranging from defamation to invasion of privacy
Regulatory penalties, such as fines for HIPAA violations

What is not covered by cyber liability insurance?

The costs were caused by the insured’s own deliberate and/or malicious actions (e.g., a healthcare provider responds to negative online reviews given by their patient by disclosing that patient’s medical condition, which is a HIPAA violation)
The policyholder already knew that it was going through a cyber incident but did not disclose it to the insurer during the inception of the insurance policy
The costs are already covered by a preexisting policy

What are the most common types of claims that policyholders make?

Usually, policyholders file claims to make up money lost due to data ransom payments, business email compromise attacks, and money transfer scams.

What types of businesses usually avail of cyber insurance?

Any business that relies on being online or transmitting and keeping electronic data (such as digital customer records) to operate may benefit from this type of insurance. If a business is old-fashioned and only utilizes paper records, or it doesn’t rely heavily on IT to operate, then that business may have no use for cyber insurance.

Does your business, in particular, need cyber insurance?

As previously mentioned, businesses that utilize digital tech and electronic data will benefit from the financial protection that cyber insurance provides. However, this is a general statement that might not apply for your business, or if it does, you’ll then have to find out how much coverage you need and how much you’re willing to pay for it. To make the best decision for your business, consult with our IT experts at [company_short]. We’ll help you determine your insurance needs and find the insurance policy that would serve your company best.