Cybersecurity Insurance: Does Your Business Need It?
July 24, 2017
What is cybersecurity insurance?
Cybersecurity insurance protects companies from the repercussions of a cyber attack. By paying monthly premiums, companies can lessen the financial blow of cybersecurity incidents that include business interruptions, loss of data, cyber extortion, and more.1
With cyber attacks becoming more and more frequent, companies have spent billions of dollars preparing themselves for the worst. For those still on the fence, consider the risks your company faces, what coverage you need, the cost of the investment, and whether your insurance policy will have you covered.
Cybersecurity insurance allows businesses to mitigate the financial damages of a cybersecurity attack.
Before signing up for a policy, consider working with a cyber insurance broker and choosing coverage that fits your business needs.
The two types of cybersecurity insurance
Insurance companies offer first-party and third-party cybersecurity policies.
- First-party insurance covers businesses if an attack results in damaged or lost digital assets, ransomware extortion, lost business opportunities, and loss of money. The typical business should look for a policy that has first-party coverage.3
- Third-party insurance covers businesses in the event of cybersecurity breaches, loss of third-party data, if customers need to be notified, and if lawyers and public relations agencies must be hired. This policy is tailored to third-party companies that store the damaged or compromised data in their software, systems, etc.4
List of cyber coverage options
According to the Insurance Information Institute, these are some of the most popular forms of coverage in cyber policies:5
- Liability—covers the legal fees and court judgments that could result from an attack.
- Crisis Management—covers the cost of contacting customers in the event of a data breach, as well as the cost of retaining public relations firms or advertising agencies to help rebuild the brand if it’s damaged.
- Directors & Officers Management Liability—covers the liability risks faced by the executives tasked with making decisions on behalf of the company.
- Business Interruption—covers the loss of income that results from an attack that halts business.
- Cyber Extortion—covers the ransom money paid during a cyber threat and the cost of tracking down the criminals.
- Loss or Corruption of Data—covers the damage or destruction of data during a cyber incident.6
What to do before purchasing a cybersecurity policy
Consider the following steps when searching for the right policy for your business.
- Find a cyber insurance broker. Every insurance company has its own set of offerings. It may be beneficial to work with a cyber insurance broker to help find and customize the perfect cyber policy for your needs.
- Assess what cyber risks are covered by your current insurance packages. Before you choose your policy and sign on the dotted line, it’s important to know what coverage you’re already paying for. Check your current insurance policies to see what protections you can cut from your new cyber policy.
- Evaluate your coverage options. Work with your cyber insurance broker to ensure the policy you choose covers multiple aspects of an attack, including different cyber incidents, crisis management, legal fees, PR fees, and more. Be sure to understand what is excluded from the policy as well.
- Determine what events will trigger your cyber policy. In what cases will your cyber insurance policy come into effect? Are you covered for a data breach caused by employee negligence? Are you covered for a loss related to the failure to secure data? These cases should be spelled out in your policy.8
- Decide how much risk you can afford to purchase. Once you know what coverage you’re looking for, figure out your budget in a worst-case scenario. How much are you prepared to pay in the case of an incident? This will give you a good gauge of what price deductibles and monthly premiums you’re open to.