Why Cyber Security Coverage Is Critical

Does your business use data, a computer, or the internet? If any of these are compromised it could be a costly event for your business if you don’t have the proper cybersecurity insurance to protect you. Here’s what you need to know.

Who Needs Cybersecurity Insurance

Most often, you’ll hear about big corporations getting hit by cyberattacks but small businesses are the most at risk since they typically don’t have large technology departments or IT staff. The best way to protect against cyberattacks is with strong internal safeguards but security is never one-hundred percent effective and breaches can occur even with safeguards in place. That’s why businesses need to consider cybersecurity insurance. This type of insurance helps businesses respond effectively to a data breach, virus, or cyberattack. It covers the costs to recover and get back to doing business as usual. It also covers legal claims resulting from the event. Any business that stores sensitive data in the cloud or on an electronic device should have cybersecurity insurance. A general liability policy or professional liability policy usually contains basic cyber liability coverage but businesses that store personally identifiable information for employees or customers should have stand-alone or enhanced cybersecurity insurance. 

What Cybersecurity Insurance Does

Insurers have only started offering cyber coverage within the last couple of decades. Due to its short existence, there’s no such thing as standard cyber insurance, and coverage can vary depending on who you purchase it from. The variety of policies available can create challenges when trying to compare them but most insurers include these types of coverage in a cybersecurity policy:

  • First-party Coverage – This pays for expenses incurred after an event and includes:
    • Cost to notify employees and the public
    • Repair of damaged software or hardware
    • Marketing and public relations to protect the company’s reputation 
    • Cost of business interruption and lost income while operations are suspended
    • Extortion money (ransom to a hacker holding your data or systems hostage)
    • Ancillary costs (credit monitoring for affected customers, etc)
  • Third-party Coverage – This helps defend against lawsuits or legal claims and includes:
    • Lawsuits claiming that you breached the privacy of customers or employees
    • Fines from regulatory bodies
    • Media liability claims, such as copyright infringement, libel, or slander.
    • Breach of contract or negligence claims
  • Risk Mitigation Services – Some insurers offer services to help identify and avoid cyber threats before they happen.
  • Hotline – After a breach occurs, some insurers will set up a hotline that customers and members of the public can use to get more information.

How Much Cybersecurity Coverage Do I Need

Work back from a hypothetical incident and figure out how much it would take to recover. Consider how many sensitive records you store, their type, and where they are stored. If a breach occurs, what would it take to inform your customers and protect them? How long would it take? Where do you store sensitive data (website, remote services, mobile devices, etc.)? How much would it cost to replace affected hardware or software? Do you have a security team to help mitigate the damage, or would you need to bring in a consultant? Do you have a public relations professional to answer questions from the public? If you can’t answer these questions, you’ll need to hire an IT security firm to audit the business and determine your risk. An insurance broker will be able to use the audit to help you figure out how much coverage you need.

Cybersecurity insurance is an evolving but critical piece of coverage that can help minimize the damages if you are attacked. Understanding the coverage you need and having it in place is essential and we can help.