Every 40 seconds, a cyber breach occurs globally. When large corporations are targeted, there is endless coverage about consumer impacts, yet small businesses are often more vulnerable because of their smaller budgets and more limited scale. As with many things in life, a preventative approach to online security is immeasurably beneficial, rather than responding to an attack after it happens. One of the best ways to protect your business from the financial costs of a cyber attack or breach is investing in cyber insurance.
Cyber insurance “helps an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.” Simply put, cyber insurance provides peace of mind, knowing should an attack occur, your business can recover.
Who Needs Cyber Insurance?
Just like auto insurance doesn’t prevent car accidents, cyber insurance does not prevent cyber attacks. Any business that relies on technology for operations, processes sensitive data or stores company and customer information on local or cloud-based servers should consider purchasing cyber insurance. Breaches of these types of data are generally not fully covered under a basic business liability insurance policy, which means companies without cyber insurance are left without recourse to financial assistance to support their recovery.
60% of small businesses who suffer a cyber attack, and are unable to recover quickly via data restoration, go out of business within six months. With the combination of near constant attacks and such dire realities of bankruptcy, it’s no wonder the cyber insurance industry is expected to expand to a value of nearly $8 billion by the end of 2020.
Types of Insurance
There a several types of cyber insurance coverage which may be added to your policy, but the most common include:
- Network Security – This coverage is important for all businesses and insures you against network breaches. This type generally covers first party costs, rather than those of affected customers.
- Privacy Liability – This coverage is especially important for businesses which handle sensitive customer data, like medical information. It provides recourse for cyber incidents which result in violations of privacy laws.
- E-Crime – This coverage is important to recover from fraudulent instruction, funds transfers, or telephone fraud
- Network Business Interruption – If your business relies on technology operated by either yourself or a third party partner, this coverage is for you. A network failure due to a hack, human error, or software failures will be covered by network business interruption coverage.
- Media Liability – This coverage protects you from violations of your intellectual property.
- Errors & Omissions (E&O) – E&O protects you against claims of breach of contract, failure to meet your contractual obligations, and allegations of negligence. This coverage can include the cost of legal fees resulting from these allegations.
What Sorts of Attacks Can a Business Face?
There are many types of cyber attacks like phishing, DoS (denial-of-service), ransomware and other malware attacks. A particularly prevalent type of attack since 2019 involves the attacker gaining access to the email inbox of an account department employee. After having accessed contacts and other information for the business’s clients, the attacker can set up a spoofed domain and send new invoices with new payment routing information. The breached company is now responsible for the dollars lost by their clients as a result of this attack.
Without cyber insurance, the breached company will have to make financial restitution on their own. With a good cyber insurance policy, however, your business will be covered against breaches of this kind. Additionally, cyber insurance can help a company recoup losses suffered from the downtime spent dealing with the aftermath of an attack, and may even be able to recover a ransom should files be unrecoverable following a breach.
Non-Financial Consequences of a Cyber Attack
Most cyber attacks are financially motivated, so it’s easy to only consider the monetary impact of such an event. Yet, another equally devastating impact can be the loss of customer confidence. Consider the customers in the scenario above; will those customers feel safe trusting their data to the breached business again? Can they be confident they will never again make a payment on an invoice for which they are not really responsible? Of course not. The cost in customer trust can be just as serious as the financial ramifications of a cyber attack.
What Should My Policy Include?
Good cyber insurance covers losses as a result of a breach. Not only direct costs are covered, but a company can recoup losses incurred as a result of downtime to recover from the breach and possibly a ransom if data cannot be restored from backup. Therefore, picking the right policy is crucial for your business.
While each business is unique in some of the additional components they will need to add to their policy, any policy you consider should cover Breach response costs, Legal services, Computer forensic services, Notification services, Call center services, Credit and identity monitoring or other personal fraud or loss prevention solutions.
You’ll also want to ensure it has both first and third party coverage, terms for Public relations and crisis management expenses, and the policy’s multiple limits will be available for breach response.
Cyber insurance is an essential tool in a business’s arsenal of protection against technological problems. Businesses large and small can be targeted by cyber attacks, so companies of all sizes should consider investing in a cyber insurance policy.
We all hope our insurance policies go unused, but we are certainly grateful for them when disasters strike.