It's likely you have insurance plans for all of the unforeseen circumstances in life: apartment fires, cell phone accidents and even getting sick. You may think of these plans as no-brainers, but have you considered whether you need the same insurance for your cybersecurity?
According to a recent study completed by IBM in 2019, it’s estimated a data breach on average can cost a business roughly 3.9 million dollars. That number is still hard to pinpoint, given that many major companies may not report breaches due to PR concerns. Costs may vary for every business, but cyber-related security breaches are affecting organizations all over the world, large and small.
A cyber-insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage, isn’t a tech solution, but it can be a fail-safe for your business when something goes wrong. A policy can help you decrease your risks by offsetting costs that are related to a cyber breach or event.
There are a few aspects you need to discuss with your team, whether that’s your IT services provider or internal team, before purchasing cyber insurance and deciding what policy may best protect your organization:
- What it covers: Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Common reimbursable expenses include: forensic investigations that were needed to determine what happened, remediation costs for recovering data and services, monetary losses due to business interruptions, required data breach notifications to notify customers and affected parties about the breach and even legal expenses associated with lawsuits or extortion. Your IT support team can also help you understand what it covers as well.
- Who needs it: If you have even a single computer in your organization, then you have electronica data or services that are important to your business operations. At Five Nines, we strongly believe that cyber insurance is a mandatory component of a complete business risk-management strategy.
- How to determine what you need: Consider how your business would be impacted if your data and IT systems were unavailable for a day or two. If you’re in a regulated industry, you likely have mandatory expenses if personal identification or health information is breached. Though it’s never recommended to pay the ransom if your data is held, the demand could be tens, hundreds or thousands of dollars – those costs can be colossal compared to a cyber insurance premium.
After you evaluate these areas, you should meet with an insurance agent to discuss coverage amounts, premium costs, and deductible or retention costs. Some providers have packaged ‘business policies’ with a small amount of cyber insurance included, but those coverage amounts are often far from adequate. While every business has different insurance needs, a few general indicators of a policy with good coverage are:
- Look for a standalone cyber policy from a leading provider such as Chubb, Travelers, Hartford, Beazley, AXIS, Hiscox, Zurich, Liberty Mutual, or similar.
- Consider a policy with a deductible/retention of $10,000 or more. Policies with lower deductibles may be an indicator of inadequate coverage or an excessively-high premium.
- Line-item coverage limits should be in the hundreds of thousands or millions for specific cyber incident costs, such as Business Interruption coverage, Breach Notification and Remediation coverage, Crisis Management coverage, Extortion or Ransom coverage, and Data Restoration coverage.
You won’t be able to 100% protect your company from cybercrime, but you can set yourself up for a best-case scenario ahead of time by obtaining cyber insurance. Take the first step by talking to your IT team to assess your insurance needs, then contact a reputable insurance provider to review policies.
Need cyber insurance but don’t want to do it alone? Let’s chat.
Have questions on how this affects your business?
