CYBER INSURANCE | 5 MIN READ
Cyber insurance, also known as cyber liability insurance, is beneficial as a form of financial mitigation in the event of a cyber attack. However, for those unfamiliar with the industry, the jargon can make buying a policy and finding the right insurer difficult. Keep reading to learn some questions you should ask yourself and your insurance provider before buying a policy.
Not enough time? Jump to:
Questions to Ask Yourself
What Are Your Exposures?
In insurance, the term "exposures" refers to how often a business is susceptible to various risks that can cause financial losses. When calculating premiums, insurance companies evaluate how much risk a business is exposed to.
For instance, for businesses that store and process a large volume of customer data, there is a higher probability that in the event of a data breach, a large amount of customer information would be taken or leaked, which is a huge liability to an insurance provider.
Before deciding if you want to buy a cyber insurance policy, get a feel for what your exposures are, as this will help determine how expensive your policy is.
What kind of information does your business keep on file? If, for example, you're a healthcare organization, how do you store patient files and other sensitive information? Do you keep paper copies in the office, or are all files stored online, and if so, where? If your business stores sensitive information in an insecure way, you have a higher exposure to data breaches.
Does your company regularly perform backups? If so, how do you back information up? Some companies only keep data in one location, whereas others use multiple locations. Additionally, some may automatically perform backups multiple times a day whereas others may resort to a few times a week.
If your company doesn't automate your backups to occur as often as possible, or you only back up your data in one location, there's a higher chance that in the event of a data breach, you will lose private information.
Have You Experienced Cyber Attacks Before?
If your company has been a victim of a cyber attack before then you fully understand the negative impact that one can have on your business. Besides the potentially devastating blows to your reputation and the financial costs of restoring your network, your company may suffer lawsuits from consumers whose data has been breached.
Cyber insurance can mitigate these costs. Depending on the level of coverage you want, you can have first-party protection, which encompasses any direct losses your company experiences due to a data breach or cyber attack.
You can also seek out third-party coverage, which helps mitigate the costs of legal claims from partners and customers. If your company has experienced one or more cyber attacks in the past, consider having both types of coverage.
If your company's network was breached multiple times and you did little to patch security gaps and protect your network, if you have additional data breaches moving forward, a court most likely won't rule favorably on your company in the event of a customer lawsuit. Additionally, any previous or future data breaches could cause your premiums to increase.
How Are You Currently Securing Your Network?
Examine your current infrastructure to see how up-to-date and secure your network is, as this can help you determine if your policy will be more expensive. Besides the usual antivirus and anti-malware, what other forms of protection does your network have to safeguard against cyber attacks?
Do you have email filtering systems to deter phishing attacks? Do you perform dark web scans? Does your company diligently educate employees about cyber security best practices, including how to create a secure password? These are just a few of the questions you should answer when examining your network.
If your cyber security is lacking, you could be leaving the door open for a hacker, which increases the odds of a data breach. If your company experiences additional data breaches after signing with a cyber insurer, your premiums could quickly increase.
Questions to Ask Your Insurer
What's Covered in a Policy?
Many cyber insurance policies do not provide coverage for the costs to replace or upgrade a computer system that was breached. See if your insurer would be willing to cover at least some of the costs to restore your network in the event of a cyber attack or data breach.
While many cyber insurance policies cover both first party damages (ones that you directly incur, such as the cost to recover your data) and third party damages (those that affect your customers or partners, which could lead to lawsuits you must pay to mitigate), talk with your insurer to learn the specifics of your policy.
Learn exactly which types of scenarios are covered and if there's a limit, as this will show you if your deductible is reasonable. For instance, if a type of cyber attack that you think your company may run into down the road typically costs $10,000 to mitigate but your deductible is $12,000, then that particular policy would not be worth the investment.
What Happens in the Event of a Data Breach or Cyber Attack?
It is important to understand what activates coverage under your policy so you are better prepared in the event that a claim needs to be filed. For instance, some policies are triggered on the date the loss occurs, while others are triggered when a claim is made.
Sometimes, cyber insurance policies restrict coverage to losses that take place after a specified date. In other words, coverage may only extend to losses incurred after the start date of your policy.
Check to make sure that your coverage starts at the earliest date possible so you have a better chance of getting coverage for a claim, especially because some breaches may go un-detected for a while.
How Can Cyber Insurance Costs Be Lowered?
Cyber insurance costs are variable and heavily depend on your exposures. By better securing your network, you can potentially keep your premium and deductible lower.
Start by implementing a password policy and email filtering program within your company.
Creating a password policy fosters a culture of personal accountability within your organization while ensuring that passwords to all company devices and platforms are as secure as possible.
Password policies should emphasize the importance of passphrases. Passphrases are created by stringing together a random group of words.Secure passphrases can be anywhere from 4-12 words or more, and the longer the passphrase, the harder it is to crack.
For instance, an example of a passphrase could be "s3ven Heaven collegiate Turtle". According to the website Use a Passphrase, which lets you test passphrases to see how long it would take a computer to crack it, this example would take a computer over 461 billion centuries to figure out!
Your employees' account passwords may not be as secure as you think. When creating a password, many choose to use personal information that can easily be found online, such as children's names and names of your alma mater.
Additionally, encourage employees to limit usage of the same password that's also used for personal accounts (like a personal email password). If anyone uses personal account passwords, that creates a door that hackers can come in through if they hack into any personal accounts.
Employee cyber security education mitigates the risk associated with those who handle sensitive accounts and information, seeing as humans are prone to error and one mistake can give a hacker an open door to your network.
Having cyber security training for your company can educate everybody on Internet best practices, from how to detect spam emails to tips on creating secure passwords.Good cyber security training minimizes the risk of your other network security protocols being rendered ineffective.
Additionally, it decreases the likelihood that your employees will fall victim to cyber-attacks by opening spam or going to malware-infected websites.
Establishing basic cyber security practices and policies decreases the odds of a cyber attack, which will in turn lessen the odds that you would have to file a claim with your cyber insurer.
Cyber security insurance helps protect your business' financial health in the event of a cyber attack or data breach lawsuit. However, cyber insurance doesn't provide any technical protection to prevent network breaches and cyber attacks from happening in the first place.
A Managed Service Provider (MSP) can implement a variety of tactics to keep your network secure, which can keep your premium and deductible lower.
MSP's implement the latest cyber security tactics to protect your network, and constantly monitor it to ensure any cyber threats that pop up are neutralized. Hiring managed IT services shows your insurer that you're committed to reducing your exposures and protecting your network, which can persuade them to reduce your insurance costs.
Some of the security solutions an MSP can implement are: email filtering, antivirus, backup and disaster recovery solutions, employee cyber security education programs, and secure remote conferencing platforms. By managing all these programs for you, your MSP takes the pressure off of internal staff, freeing everyone up to focus on other business-critical tasks.
As a Managed Service Provider, we understand the cyber insurance industry because it is adjacent to what we do.
When considering whether or not your organization should buy a cyber insurance policy, go beyond your budget to consider the strength of your current network security as well as what kind of policy you need and how much your insurer is willing to work with you.
Use this article as an educational tool to find a policy that will aptly provide sufficient coverage in the event of a cyber attack.
Posted by Erica Kastner
Erica Kastner is a lead Marketing Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.