What is Cyber Insurance and is it right for my business?
According to the Verizon 2018 Data Breach Investigations Report, last year there were 2,216 confirmed data breaches. With that number expected to continue to climb in the foreseeable future, business’ may be thinking of ways to protect themselves through Cyber Insurance policies.
Around for more than a decade, Cyber Insurance is an insurance policy that provides coverage from losses resulting from a data breach or loss of electronically stored confidential information. Cyber insurance helps businesses survive data breaches and cyber-attacks by paying for recovery expenses. This insurance could also pay for customer notification, credit monitoring, legal fees and fines after a business experiences a breach.
Cyber Insurance policies are complex because threats are constantly changing, and since these types of policies are relatively new, there are not many market norms.
Types of Cyber Insurance
There are generally two types of Cyber Insurance: First Party and Third Party.
First Party Cyber Insurance insures for losses to the policyholder’s own data or lost income or for other harm to the policyholder’s business resulting from a data breach or cyber-attack. First Party coverage typically includes, but is not limited to:
- Forensic Investigation:
Covers costs associated with legal, technical or forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack and to stop an attack.
- Computer data loss and restoration:
Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software or other information destroyed or damaged as the result of a cyber-attack.
Third Party Cyber Insurance insures for the liability of the policyholder to third parties-including clients and governmental entities-arising from a data breach or cyber-attack. Third Party coverage typically includes, but is not limited to:
- Litigation and regulatory:
Covers costs associated with civil lawsuits, judgments, settlements or penalties resulting from a cyber event.
- Credit monitoring:
Covers costs of credit monitoring, fraud monitoring or other related services to customers or employees affected by a cyber event.
Finding the Right Policy
If you are considering purchasing a Cyber Insurance policy, keep these tips in mind:
- Use a reputable insurer who has been in the cyber insurance industry for several years. The industry is new, so a history of three to five years may be enough. Additionally, seek a standalone cyber insurance policy. A reputable insurer or broker may suggest adding a cyber endorsement to a policy; however, a standalone policy will typically include the broadest possible coverage.
- Gain a clear understanding of exactly what the insurance policy covers. Chat with your insurer and talk through breach scenarios with them to clearly understand what is covered and what is not.
- Ensure that you are fully aware of your obligations. Your insurer may require that you implement policies, procedures and technologies to remain covered.
Cyber Insurance is not a replacement for cyber security. Your business should evaluate its network to make certain it is well defended against cyber threats. Ensure established security policies and protocols are being followed, and that you are protecting your data network.
It is important for a business to understand how to respond to a cyber event via an incident response plan. If your business decides to purchase a Cyber Insurance policy, ensure you have your policy and all accompanied riders reviewed by outside expert legal counsel.
The threat of a data breach or cyber-attack is real in today’s world. If you’re interested in Cyber Insurance, consider researching different companies and policies to see what best fits your business’ needs.