Password management, system updates, consistent training – it may not be enough. Practicing cyber hygiene does better position your business to avoid a cyberattack. But breaches can still happen, and when they do, the fallout is potentially devastating.
Cyber insurance is a form of coverage companies of all sizes can use for protection should a cyberattack disrupt their operations. With the number of cybercrimes continuing to rise, pairing consistent cyber hygiene with the appropriate cyber insurance plan is an approach more businesses are taking.
“I think that, from a small business perspective, using an insurance policy like a cyber policy on top of your basic cyber hygiene is going to help you protect what is sacred,” says Derek Gabriel, CEO of Ignite Solutions Group, a BBB Accredited IT services provider based in Hawaii. “It's going to help you protect the revenue and the income that you've got as a business.”
If you’re considering cyber insurance for your company, or maybe you just want to learn what it is, here’s everything you need to know.
What is cyber insurance?
Cyber insurance is a policy that helps organizations and individuals remediate issues that arise following a cyberattack. If your data is breached, cyber insurance lessens the amount of time it takes to recover. In many cases, it can also help minimize financial losses that were incurred.
The policies are similar to others you hold – auto or building insurance, for example – in that they’re a way to move risk around in exchange for some money. Beyond that basic structure, though, there are some distinct differences when it comes to the types of issues cyber insurance covers.
Here’s what some policies may protect:
- Legal defense: Depending on the severity of the attack, you or your business may need to connect with some legal help. That type of assistance is typically pretty costly. Cyber insurance covers expenses should you need to utilize lawyers to help put the pieces back together following a breach.
- Lost income: Data breaches aren’t cheap. If your business has to shut down its operations because of a cyberattack, those disruptions can result in thousands or even millions of dollars in losses. You may need to purchase new hardware as well, in case the attack caused permanent damage to some of your systems.
- Ransom: Should an attacker hold your data hostage until you pay to get it back, that’s considered extortion. Covering costs associated with those investigations is included in some cyber insurance policies, as well as any expenses incurred when recovering that information.
- Reputation: False information about your company that’s shared online can permanently impact your business’s credibility. It’s why defamation connected to cyberbullying or other forms of online harassment is insured under some cyber policies.
Who needs cyber insurance?
If your business sends or stores electronic data (most every business does these days), then cyber insurance may be a coverage option worth exploring.
Consider the types of information your business likely collects from your employees and customers – names, addresses, dates of birth, and important financial data. Cybercriminals target that exact information because it can be extremely profitable. So, if your business has it, someone may want to pry it away from your network.
When also you consider the ransomware component, and that those attacks can completely impair your ability to operate, then having a safety net could be especially crucial. If your company is hit with a data breach, getting out from under those attacks is impossible to do on your own. Cyber insurance provides essential assistance on the way to bouncing back.
How is cyber insurance acquired?
There are plenty of easy options for adding a cyber insurance to your coverage. However, picking just any policy is not always advisable.
“Technically, you can call any insurance broker and they can find you a cyber insurance policy,” says Gabriel. “I would highly recommend not doing that.”
“Cyber is such a dynamic and changing environment, policies this year have changed completely from where they were last year. The requirements to get those policies and what those policies will protect has really changed dramatically. So, you really want to work with a specialist.”
Finding that specialist may be as easy as leveraging some of the other insurance-related contacts you’ve established. If you have errors and omissions or liability insurance coverage, ask those providers what options they have. Insurance companies that specialize in cyber coverage are becoming more common, too.
As far as choosing the right cyber insurance policy, that all depends on how digital your company runs. The average business is likely fine selecting a standard plan, but if your assets do tend to be more digital, then more advanced coverage may be the best option. These questions can help you make the right call.
Why is cyber insurance important?
It’s about more than the money. By now you’ve already picked up on the financial pluses of having a cyber insurance policy. Beyond those benefits, as Gabriel describes it, adding a layer of coverage that protects your company’s data can separate it from competitors.
“I think it helps to be a differentiator as well. Much like having a BBB Accreditation helps differentiate a business in the marketplace from a trust standpoint, cyber insurance can help a business differentiate themselves in the marketplace, from a cybersecurity standpoint.”
According to a recent survey on consumer trust in the tech industry conducted by PwC, nine in 10 business leaders stated that “trust will be a competitive advantage in the future.” That’s because consumers are becoming increasingly knowledgeable on the ways their information can be breached. Substandard cybersecurity precautions are becoming less acceptable.
Cyber insurance is a way to show customers and partners you’re committed to protecting data they share when purchasing your products and services.
Is your business considering adding cyber insurance? Let us help find some answers. Share your questions in the comment section.