The odds a company will suffer a cyberattack grow daily.
It’s not if, but when a breach occurs does that business have a plan to ensure the aftermath will not be fatal? Investing in cybersecurity protection diminishes the possibilities of being hit and purchasing cyber-liability insurance could help provide the necessary funding to restore operations without going broke.
But many organizations aren’t purchasing insurance. Data compiled by Insurance Journal found 50 percent of companies do not have cyber-liability insurance and 27 percent do not plan to purchase it. Despite that statistic, the insurance market is forecasted to grow from $2.5 billion in 2015 to $7.5 billion by 2020.
Finding an insurance policy that best suits your business can be intimidating. Policies can be confusing, and it should be used to supplement preventive measures already being taken. Insurers are unlikely to underwrite a policy without a comprehensive risk assessment done in-house or by a third-party contractor. This would highlight vulnerabilities and grave areas of risk that might need attention.
The review benefits organizations. They can prioritize issues and develop a plan for ongoing risk management, including a schedule for required amendments. Companies would share this information with potential insurers, demonstrating information security and risk management are taken seriously and never ignored.
These actions should serve as a reminder to business leaders that insurance never should be expected to cure a cyberattack by itself. A thorough cybersecurity approach is an essential complement.
So how should owners and CEOs determine what insurance policy best meets their needs? Annual cost is a key concern. A cost-risk analysis should be completed to determine whether the value of assets outweighs premium costs. Other questions that should be answered:
- How many sensitive records are stored?
- What types of records are stored?
- Where are they stored?
- What would it take to protect your customers’ information?
- How long would it take to remediate?
- Do you store data on websites, remote services, mobile devices, etc?
Policy prices vary. The type of business, annual revenue and limit of liability selected can cost small-sized companies $750 to $8,000 yearly. Mid-sized and large businesses can expect to pay many times higher.
There are two types of policies from which to choose: First-party and third-party.
First-party insurance covers losses suffered by your company. Should a system be compromised, and data be exposed, this coverage would pay the cost to remediate the situation. This coverage’s priority is protecting business data. Targeted information includes:
- Customer names, email addresses, phone numbers and addresses
- Credit-card numbers
- Social Security and driver’s license numbers
- Medical information
Third-party insurance covers expenses related to customer or client data that businesses failed to protect. It also can pay legal expenses if a person or group sues. It’s recommended for businesses that work with sensitive customer data.
Organizations enforcing proactive approaches toward better security could be rewarded with lower premiums. User-awareness training is among a myriad of ways companies could save money. Apogee IT Services focuses on educating its clients’ employees, and business leaders would be wise to take advantage of this program.
Cyber-liability insurance also has limits. It excludes:
- Bodily injury or property-damage claims
- Loss of property
- Criminal activity
- Social engineering
Executives should choose reputable providers. Do research to learn which insurers deliver the best coverage without burying bottom lines. Hire an attorney to read the policy. Legalese is difficult to decipher, and confusion could result in heartache should these leaders learn their policies won’t deliver when they need them most.
To discuss security strategy, email Security Analyst Frank Verdecchia at firstname.lastname@example.org.