Technology, social media and financial transactions over the internet are integral to how most organisations go about finding customers and how those customers purchase products. Unfortunately, those methods are also used as access points by cybercriminals to get their hands on sensitive information. Whether it be hackers, those looking for financial gain or even insiders, cyberattacks can range from minimal breaches to full-scale, crippling attacks.
As part of your risk assessment, your organisation must decide what risks to avoid, accept, manage or shift to a third party – which is where cyber insurance comes to the fore.
What is Cyber Insurance?
A cyber insurance policy is designed to help your organisation mitigate risk by offsetting the cost associated with recovering after a cybersecurity breach.
Cyber insurance typically covers costs relating to first as well as third party claims. Although, there is no cookie-cutter approach for underwriting these policies like there is with other insurances; the following are commonly reimbursed:
- Investigation – Sometimes, a full-scale investigation will involve determining what happened, how it happened and how it might be corrected. Investigations may need input from third-party security experts or even law enforcement.
- Business Loss – Cyber insurance may also include monetary loss due to network downtime, day-to-day business disturbance, data recovery and crisis management, which could consist of appeasing customers if the attack also impacts them personally.
- Privacy & Notifications – This will include sending mandatory data breach notifications to customers – such as credit monitoring – or any other affected party.
- Legal Costs – This will include legal costs associated with attempting to retrieve your confidential information and intellectual property, legal settlements and fines. This could also cover expenses related to cyber extortion, such as ransomware.
Bear in mind that cyber insurance is an ever-evolving industry and the kind of threats that pose a danger to your cyber infrastructure never stay the same for long.
This has an impact on how well underwriters can determine the financial consequences that a cyber-attack can have on a business since they have limited data to draw on. Basically, the actual cost of cybercrime is one that is not fully understood.
#1: UK Lagging Behind US in Cyber Protection Policies
Around 30% of businesses in the US already have cyber protection insurance. In the UK, we’re only at approximately 15%. That means it’s an emerging market, and insurance companies are going to be trying to make a good impression, so excellent premiums and policies with fewer warranties and exclusions are currently available on the market.
#2: Around 90% of Claims are Settled
Again, in this country especially, it’s a new market, and they’re still trying to find their feet and decide which standards to implement in terms of agreeing to take on a policyholder or not. Cyber insurance does usually pay out for stupidity, however not recklessness.
#3: Your Cyber Insurance May Not Cover Every Breach
Just like car, home or any other kind of insurance, each policy and insurer differs. Investigating how much protection your cybersecurity insurance policy can offer before you purchase it is certainly the best course of action. For example, a particular policy may cover you after the initial cyber breach, but not cover third-party vendor breach.
#4: What’s the Difference Between First-Party and Third-Party Coverage
First-party coverage will include direct expenses, such as event management, day-to-day business interruption, denial of service attacks, cyber extortion, customer notification and ransomware.
Third-party coverage includes customers, partners or vendors that are impacted by cyber incidents that affect your business.
As we’ve already mentioned though, it’s important to be aware that not all insurance policies will cover both first and third party, so it’s important to check this before you buy your insurance to ensure you’re fully covered for everything you need.
#5: Your Business Insurance Probably Won’t Cover Cyber Attacks
Some business and liabilities insurance policies will expressly exclude acts of cyber vandalism due to the costs involved. However, as we’ve mentioned already since insurance policies are so different, it’s best to check any business or liabilities policy, so you don’t end up paying for two lots of cyber insurance.
Shopping around can pay dividends, since you can sometimes bolt cyber insurance onto your current plan, and prices can vary hugely between providers.