Answering your questions about cybersecurity insurance
Nearly every day, we learn of data breaches against major companies. Some leading experts see cyber incidents as the top emerging risk to businesses. Cybersecurity insurance premiums are nearly $2.75 billion and the numbers are expected to explode to $20 billion by 2025.
The attacks come against almost every type of business, from banks and retail stores to even a U.S. credit bureau. Network outages or loss of data also pose threats to many businesses. All of these factors are pushing companies to explore the idea of cybersecurity insurance. So the question is … do you need this type of coverage? We answer your questions here.
What is cybersecurity insurance?
If you own a business, you most likely have property and general liability insurance to protect your property, assets, employees, and customers in case of an injury. Cybersecurity is another layer of protection that can protect something just as precious to your business … your data. According to The Data Center Journal, “Cybersecurity insurance…is a type of standalone coverage. It helps companies recover from data loss owing to a security breach or other cyber events, such as a network outage or service interruption.”
Do you need cybersecurity insurance?
Most of the major “hacks” reported in the news affected large companies such as retail giant Target or Equifax. If you own a small or medium-sized business, you might think you’re too little for cybercriminals to bother trying to hack your system. You might be wrong. A TechCo article states that “71 percent of cyber attacks target small businesses because they are easy targets without a security structure in place.” The results of a hack can be far-reaching, severely damaging your company’s reputation with customers and the general public. The economic damage could be catastrophic, leading to lost revenue, layoffs, and even closing your doors in a worst-case scenario.
Knowing this statistic, it might be surprising that most companies don’t have adequate protection. “A study conducted for Hiscox shows that, out of 3,000 companies in the U.S., UK, and Germany, slightly more than half (53 percent) of these organizations are not prepared to effectively handle a cyber-attack. It is concluded in the study that U.S.-based companies not only outrank the others regarding key aspects like planning, strategy, resourcing, and process, but they are also the most heavily targeted for cyber attacks,” reports Security Magazine.
Is cybersecurity insurance beneficial? According to the U.S. Department of Homeland Security, “A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.”
Are there different types of cybersecurity insurance?
There are two primary types, first-party and third-party insurance. They can be offered together in one policy or as separate policies. There may also be special provisions and exclusions, so make sure you review a policy closely.
First-party coverage is meant to protect against risk to your company’s computers and systems. Any company that stores customer data such as credit card numbers, phone numbers and emails could be a target via a hack, stolen computer, misplaced thumb drive, or unsecured email.
- Damaged or lost digital assets, data, and software
- Losses due to computer system crashes that lead to lost business opportunities or higher operational costs
- Cyber extortion in the event data is “held hostage”
- Money that is stolen through electronic crime.
Third-party insurance is meant to protect a clients’ systems in the event they are compromised or experience a data breach. This type of insurance applies primarily to IT businesses that maintain, host, or manipulate clients’ data in any way.
- Security breaches that affect employee confidentiality
- Lost customer data and information
- Customer notification of breaches
- Public relations relating to combatting defamation and intellectual property violations.
How do I know what kind of cybersecurity insurance my business needs?
According to The Data Center Journal, “Businesses should carefully review their assets—including financial and customer data—as well as intellectual property, and categorize them as high or low risk. They should also recognize their main points of vulnerability during this process.”
It’s also a good idea to speak to legal counsel to better understand how cyber threats could jeopardize your business, reputation, and employees.
Is cybersecurity insurance expensive?
There is a higher cost to this type of insurance. Premium amounts are calculated in much the same way other types of insurance. It’s all based on risk factors and how likely the insurance company is to end up paying out. Data breaches are considered high risk. The policies must be customized, and since the area is so new, there isn’t as much quantitative actuarial data to help calculate risk assessment.
Cybersecurity is one of the biggest challenges in this modern age. Do your research and decide if you need added protection. If you have any questions about cybersecurity insurance and are looking for answers, contact Avante Insurance today.