Increasingly digitized workplaces, processes, and communications inevitably lead to more cyber threats. So why in the digital age did only 55% of US companies have cyber security insurance in 2022? Various factors, like cost and knowledge, contribute to the decision to invest in coverage, but the financial and brand damage that results from successful cyberattacks could be devastating. With the increase in frequency and sophistication of threats, we want to make sure everyone knows what their options are and cyber security insurance is one of them
Cyber Security is an Ever-Moving Target
While there is the odd general liability policy that may cover cyber attacks, they are the exception. So you may want to consider something more specialized with the rise of cyber threats. We really try not to scare our clients but unfortunately ransomware attacks surged by 37% this year, and it doesn’t matter how big or small the company is: everyone’s a target. From small businesses, which now amount to more than 56% of the claims being made, to large corporations. Having cyber security insurance offers first- and third-party coverage for damages, expenses, or settlements incurred in the digital space. Unfortunately, the increasing number of attacks and corresponding jump in claims, growing by 100% over the past three years, means premiums are increasing and policy underwriters are getting more discerning about who they approve.
Still, it could be worth your while if you’re seeking extra cyber protection. Cyber security insurance may be a relatively new creation but the industry is consistently updating to match the ever-changing list of threats. They implement risk assessments to adjust coverage needs, create incident response plans to help clients stay calm should the worst occur, and have their own list of must-haves before approving claims and policies. The industry is working hard to stay ahead of cyber threats and be proactive.
You’ve Got Your Back
So, let’s say you want to invest in cyber security insurance. For small businesses it’s a challenge, as they’re viewed as higher risk. That’s because they can lack the infrastructure for more robust security measures (but there are ways!). For many larger businesses, though, it’s still not a given they’ve taken appropriate steps. Once you have your policy, in the event of a threat, like any insurance, all you can do is submit a claim and weather the audit, trusting you’ve done everything in your power to satisfy the requirements. While underwriters are more scrutinizing these days, if you’ve done your due diligence to qualify for a policy, you’re most likely in good shape for your claims. Staying on top of security awareness training, updating antivirus, maintaining an incident response plan, and those sorts of measures are typically what a carrier will expect.
So, What Happens If I Have Insurance?
Continuing with the above scenario, where you’ve qualified for coverage and unfortunately have a cyber attack. Let’s assume your audit goes well: What can you expect? While the finer points vary widely from one insurance provider to the next, your incident response team will involve attorneys, IT experts, law enforcement, engineers, and possibly negotiators to help you through an incident. In broad strokes, your coverage can help with some of the following:
The increasing price of premiums can seem a barrier to entry, but that cost can outweigh the financial ruin a cyber security incident could cause. As you start to think about the results of a cyber attack, revenue loss is probably top-of-mind, since you’ll need to shut down or divert resources to recover from data loss. The larger concern is what happens if that data breach is your client’s private information? You’ll need to let each of them know about the breach, and how extensive it is. Each of those clients might unfortunately file lawsuits for your breach of their privacy, which requires either legal fees or payouts. We could go on down the line, but you get the picture. With the right cyber insurance coverage, you can typically reduce the dent in your company’s bottom line.
Thanks to the internet, news travels pretty fast, and everyone can quickly find out almost anything about any business. That’s why a company’s branding and image is so important. A cyber incident can change all that overnight if your business isn’t ready for it, as partners, vendors, and customers can lose faith in a company that looks like it doesn’t have the right protective measures in place. Thankfully, in this case, you should be covered. Most cyber security insurance providers have a PR team and crisis management services that can smooth everything over, and prove you did your due diligence.
Finding the Culprit
With so many means of attacking your business via malware, ransomware, phishing, data theft, and beyond, getting to the bottom of an incident can take time. Depending on the severity of the attack, law enforcement will get involved alongside a team of experts to perform cyber forensics and comb through every piece of your system. They can figure out if someone in Operations opened the wrong email or whether a hacker actively broke into your database. It can go a long way in proving you did your due diligence to prevent the risk and also pinpoint where you can reinforce your cyber security.
Aside from the financial aid, the second most valuable need is returning your business to normal operations. Most insurance providers support their clients in creating an incident response plan so you can act fast and sensibly throughout the potential crises. As you work through finding, containing, and removing the threat, your team will also focus on recovering systems and data to restore functionality…and profitability.
As part of their oversight, cyber security insurance providers will support you in maintaining legal and regulatory requirements. It protects you both in the event of a cyber incident. As carriers stay on top of the latest laws and regulations, they educate their clients to ensure compliance, reducing liability. Should the worst happen, you want regulators and lawmakers to be the least of your problems, and insurance providers tend to agree.
The Cost of Defense
When looking at insurance companies, there are a lot of options and for smaller businesses, plenty of policies can be tailored to their specific needs. There’s also the option to start with something simple and tack on excess cyber insurance supplements that provide particular forms of coverage, like focusing on BI, ransomware, or SEF. We’re not insurance providers though, so we’ll leave all those details to the insurance experts themselves.
As the digital age opens businesses to new, ever-evolving threats, risk management is the name of the game. Cyber security insurance can be a key component to your defensive strategy, as it usually protects you financially and legally in an incident but can also help you proactively prepare for possible threats through assessment and compliance. If you’re exploring insurance options and want to determine you’re ready for the audit requirements or have questions on how to raise your security posture on your budget, our Managed Services team is here to help.