Article

Why Cyber Insurance Should Be a Part of Your Cyber Security Strategy

Making sure your company is fully covered with a comprehensive policy as part of its cyber security strategy equates to survival for most businesses.

Watch Video
< Back to Insights
Insights  <  Why Cyber Insurance Should Be a Part of Your Cyber Security Strategy

Making sure your company is fully covered with a comprehensive policy as part of its cyber security strategy equates to survival for most businesses.

Data breaches can do heavy damage to a business in terms of financial status, brand reputation, and professional credibility. A joint effort between IBM and the Ponemon Institute found the average cost of a data breach is $3.86 million. By instituting cyber security best practices to help mitigate an attack from happening, it is important to include cyber insurance as part of your cyber toolbox to help mitigate the risks and costs should you have an attack.

What is cyber insurance?

Cyber insurance works like many other types of coverage policies – it’s issued by a carrier and can be coupled with liability insurance to provide a business with comprehensive coverage. In our digital age, the risks are high. In the event a compromise occurs, cyber insurance coverage will help pay for:

  • Expenses associated with a potential incident or actual attack
  • Costs associated with forensics and recovering data
  • Government or industry fines
  • PR response to salvage brand reputation
  • Legal fees for liability and defense costs

Coverage can also ensure money is available to pay for the types of redress needed to rectify the incident for affected individuals, such as sending out notifications to affected individuals, credit monitoring, and ID theft repair. These remedies can be quite costly, especially if a large number of people are affected.

Determining if you need cyber insurance

According to statistics, 28% of the data breaches for the first half of 2020 involved small businesses. Unfortunately, cyber criminals and other bad actors actively seek to target small and medium sized businesses, because they typically make the assumption SMBs don’t have a robust cyber security strategy or the budget larger corporations do. Any business can benefit from including cyber insurance as part of its overall cyber strategy – here are questions to ask yourself when determining what your cyber insurance policy needs to look like:

  • Does your company handle sensitive information? (Most do on some level)
  • Do you host a website where users/customers store login data?
  • Do your employees use their own devices for work purposes?
  • Does your company have enough money in reserve to cover the cost of a data breach?
  • Are you partnered with a third-party vendor who stores your data or has access to any part of your systems?
  • Are you a target for ransomware? (i.e., Will people be in inherent danger if data becomes inaccessible or will locked data render your business inoperable?)

Even just one “yes” answer means your company should invest in at least some level of cyber insurance as a part of your overall security strategy. Experts generally agree it’s not a case of “if” a cyber attack will occur, it’s a matter of “when.” To offset the financial consequences of an exploit, many businesses find purchasing insurance is a good safeguard because the cost of not having it is more costly than they can afford.

What to look for in a cyber insurance policy

Being a new type of insurance, this specific insurance doesn’t yet have the same set standards other types of insurances do. When selecting coverage consider the following:

  • Amount of insurance needed and how much is affordable
  • Level of assessed risks for different types of breaches
  • Type of incident coverages you need (and don’t need)
  • The length of time the policy covers; keep in mind average data breaches aren’t discovered for 280 days

Before investing in any cyber insurance policy, be sure to ask the provider what types of incidents are covered, the cost of deductibles, and who would be covered if an incident occurs. The blumshapiro cyber security team can help your organization review and analyze policy options to determine the best policy that fits your organization.

Making a policy decision

Most insurance companies offer a choice of package policies where you can mix and match coverages—or standalone policies that provide specific coverage and enable companies to tailor their insurance needs. Don’t be afraid to comparison shop. Like any other type of insurance coverage, you’re going to find significant differences amongst providers. Once you narrow down potential insurers, always read beyond the summary of coverage and any fine print before signing off on a policy. Be sure to fully understand all details, along with any exclusions within the policy. By fully analyzing your policy you’ll see how it fits into your overall cyber strategy and how it reinforces certain components of that strategy.

Cyber insurance is one of those policies many companies aren’t proactive about because they may feel a sense of complacency that “it won’t happen to us.” However, the reality is any company – of any size – is at high risk these days for a data breach, theft, or another type of loss. Employing protective cyber security measures to mitigate risk is important, but it doesn’t eliminate all risk.

Making sure your company is fully covered with a comprehensive policy as part of its cyber security strategy equates to survival for most businesses. Many businesses that aren’t covered are unlikely to survive beyond six months after an incident is discovered. Obtaining insurance often mitigates this possibility. You wouldn’t go without property, vehicle, or other liability insurance, and, nowadays, businesses shouldn’t go without cyber security insurance either.

Continue the Conversation with Our Team
Get in touch with us.

Contact Us