Considering Cyber Insurance? Very Smart Idea!
Discovering that a hacker conned your business out of a large amount of money is probably one of your worst nightmares. For one organization, this nightmare came true. In December 2018, the Connecticut-based Save the Children Federation revealed that it fell victim to a business email campaign (BEC) scam the year before. The charity unwittingly transferred nearly $1 million to the hackers’ account. Fortunately, the charity had cyber insurance, which covered most of the stolen money. The charity ended up losing only $112,000.
With BEC scams and other types of cyber attacks increasing in number and sophistication, getting cyber insurance to mitigate the risks and offset the costs of cyber attacks and other Internet- and IT-related liabilities is important. In the USA alone, the market is expected to grow from $2 billion to $15 billion in the next decade.
Getting Started With Cyber Insurance – 5 Key Items
1. It is Challenging Comparing Policies
Today, there are many types of cyber insurance policies being purchased by different kinds of businesses. And as the Internet, cyber crime, and IT systems evolve in the future, so too will the cyber insurance policies.
2. It is Challenging Comparing Policies
Some insurance companies add cyber insurance extensions to existing insurance policies. Most insurers, have separate cyber insurance policies. These stand-alone policies are usually more comprehensive than extensions. Insurance companies often offer different cyber insurance policies for different types of organizations based on their gross revenue, industry type, and data risks.
3. Expenses Commonly Covered
Insurance companies typically cover cyber incidents caused by both internal actors (e.g., errors and omissions by employees) and external actors (e.g., cyber attacks by hackers). Below are items usually covered:
- Cyber extortion costs (e.g., ransomware payment)
- Lost revenue due to network downtime or a business interruption resulting from a cyber incident
- Expenses incurred from a forensics investigation of a cyber attack
- Costs incurred to restore data and systems after an attack
- The expenses associated with notifying customers and other parties about a cyber incident
- Cost of hiring a PR firm to minimize a cyber incident’s impact on a company’s reputation
- Regulatory fines
- Defense costs to handle lawsuits levied by individuals or businesses adversely affected by a cyber incident or a lawsuit imposed by a government entity
- Legal settlements from lawsuits
4. Expenses Not Covered
Loss of future revenue due to a cyber incident, costs to improve internal IT systems, bodily injury, and property damage.
Note: a claim can be denied if a company misrepresents its security measures. Businesses are usually required to fill out an application that includes questions about the security measures they have in place.
5. Getting Started With Cyber Insurance for Your Business – Analysis Needed
- Kinds of cyber threats your company faces
- Types and sensitivity of the data used in your business
- Susceptibility your business’s operations have to a network interruption
- Loss of revenue you would lose every day due to a cyber incident
- Does your business have to adhere to any cyber-related laws or regulations?
- Contracts you have with suppliers and other business associates and what data they are able to access through joint business operations
We at CopperTree Solutions can help you gather this information to identify the best cyber insurance needed for your business.
Want to find out additional ways to protect your business? We can help get you started with IT planning items to consider and how IT Services can assist.