Things to be aware of when buying cyber insurance:
Fueled by rapid digitization and the Internet of Things (the concept of internet working devices leading to an increasingly interconnected world), cyber crime continues to grow at an alarming rate, with the cost of data breaches estimated to reach a whopping US $2.1 trillion globally by 2019. With such potentially high losses at stake, businesses and consumers are increasingly seeing the importance of securing protection with cyber insurance. People are often confused by what exactly is covered by this type of insurance, so this article highlights the key things you will need to be aware of when buying cyber insurance.
Know about the types of cyber insurance coverage available
In essence, cyber insurance covers the costs associated with cyber security related breaches, such as private data being leaked, cyber attacks, and remediation costs such as forensic investigations. There are a myriad of cyber insurance coverage options available, and these tend to be split into two major categories: first-party and third-party coverage.
First-party coverage benefits
As the name suggests, first-party coverage protects policyholders from costs associated with their own cyber losses (e.g. data loss). Some of the coverage benefits offered from first-party cyber insurance include:
• Forensic investigation: This covers costs of forensic services necessary to investigate and stop a cyber attack.
• Cyber extortion: This covers payments to extortionists threatening to disclose, destroy, or gain access to private information.
• Loss of data: This covers the costs of losing data, as well as the costs associated with restoring or recreating lost data.
• Interrupted business operations: This provides reimbursement for extra costs or income lost from the suspension of daily operations due to a cyber incident.
• Crisis management: Covers expenses incurred from crisis management activities, which may include hiring a public relations firm to restore an organization’s reputation.
Third-party coverage benefits
Third-party cyber insurance is more relevant to businesses who need to take out cyber insurance, as it covers the assets of third parties (e.g. clients) damaged, leaked, or lost as a result of a cyber attack. The coverage benefits of third-party policies tend to include:
• Privacy liability: This covers claims from third parties that resulted from a breach or failure to properly handle their confidential information.
• Network security liability: This provides coverage for claims from third parties that resulted from network breaches or transmitting viruses to third parties’ networks.
• Litigation: This covers the costs of lawsuits resulting from a cyber incident.
• Media liability: This covers online publication copyright infringement costs.
• Costs of notifying stakeholders: This covers the costs of notifying stakeholders (e.g. customers and the government) that were affected by a cyber incident.
As you can see there are coverage options available for most situations. The problem is, some of which are not readily available (more on this below). The cost and availability of your cyber insurance coverage will be based on all the potential risks that you may be vulnerable to.
What are your security risks?
Insurers will want to know about your cyber security maturity before deciding on your coverage cost and the coverage options available to you. This security audit is conducted so that they know what kind of risks you may be vulnerable to and whether your current IT security infrastructure is adequate enough to ensure high levels of protection against cyber incidents.
To secure cyber coverage that you can afford, it is also in your best interest that your business prioritizes cyber-security and implements the following precautionary measures:
• Conduct regular IT security audits.
• Have contingency and continuity plans in place so that when a cyber incident happens, your business has protocols on how to restore operations and deal with security breaches.
• Regular data back-ups.
• Foster a culture of security so that all employees are aware of the importance of adhering to security protocols.
• Regular risk screening, meaning you will always be one step ahead when it comes to detecting potentially disastrous cyber risks.
Keep a tab on emerging threats
The cyber risk landscape is constantly evolving, meaning that being aware of emerging threats is also essential when protecting your business from cyber incidents. As such, these new risks may not be covered by your cyber insurance plan, so reading the fine print of your cyber insurance policy is important in telling you exactly what is covered by the plan, and whether or not you will need additional coverage when faced with new risks.
The case of social media and cyber liability
Taking social media as an example, if your company is heavily involved with social media, you may also want to make sure that your cyber insurance policy covers social media liabilities. This is a relatively new type of risk associated with all the costs that may have incurred from getting into trouble on social media, such as launching a marketing campaign that involves alleged defamation or slander, which can leave your business liable to a mountain of lawsuit costs if your insurance policy doesn’t cover this liability.
It can be hard to determine exactly what kind of cyber risk requirements you need, especially on top of having to keep a tab on all the risks that you may be vulnerable to. This is why it pays to talk to an insurance broker to find the most suitable cyber insurance plan for your business.
