As more and more of our day-to-day business gets conducted online, cyber security threats have increased in volume and frequency. Cyberattacks seem to grow more cunning by the minute. Hackers are already employing next-gen technology like artificial intelligence and machine learning in their schemes.
It’s not just big fish that need to worry, either. Any company that maintains sensitive personal information or processes credit cards is a potential target for cybercriminals. Of course, corporations like Equifax and Marriott possess the deep pockets to deal with breach-related expenses. Unfortunately, 60 percent of small companies go belly-up within six months of a cyberattack.
According to stats compiled by techrug, 43 percent of cyber attacks target small businesses. Furthermore, while many small businesses don’t think that they store sensitive data, it turns out that 68 percent store email addresses and 64 percent store phone numbers.
For these reasons, the rapidly expanding field of cyber insurance, also known as cyber liability insurance coverage (CLIC), has become an increasingly crucial part of many business plans.
What is cyber insurance?
First introduced in the late 1990s, the initial cyber insurance policies mainly dealt with software risks. However, as malicious threats became more prevalent in the early 2000s, these policies expanded to include network security and virus-related liability coverage.
These days, cyber insurance is particularly essential for any company that handles, maintains or processes personally identifiable information (e.g., driver’s license and social security numbers) or protected health information (e.g., medical record numbers). These policies help protect businesses against the liabilities and costs associated with a data breach.
Cyber insurance covers first-party losses and third-party claims, while general liability insurance only covers property damage. As with other kinds of insurance, cyber is all about transferring risks. In this case, those risks relate to the loss of data due to:
- Phishing attacks
- Rogue or incompetent employees
- Lost or stolen hardware
- Other causes
It’s not just about losing money, either. Cyber insurance helps with costs related to combatting negative publicity, brand tarnishment and the erosion of customer trust.
How big is the cyber insurance market?
Today, about one-third of American companies pay for cyber liability insurance, and the total value of premiums is projected to reach $7.5 billion by the end of next year. Meanwhile, the research and consulting firm Progressive Markets believes that the worldwide global market will be worth nearly $30 billion by 2025. Currently, roughly one-third of American companies purchase some form of cyber insurance.
That said, the “barrier to entry” remains relatively low, and cyber insurance experts consider it a consumer-friendly market. Almost anyone can get a quote, and you can still buy broad coverage for relatively cheap.
One reason: compared to other types of insurance, cyber remains a relatively new field. By now, every business owner understands that they need workers’ compensation, unemployment and disability insurance. However, unless you work in an industry sensitive to cyber crimes – e.g., banking – cyber insurance may not be on your radar yet.
Does my business need cyber insurance?
There are three primary reasons why a business would look into purchasing cyber insurance:
- They store a lot of personally identifiable information (PII) or personal health information (PHI).
- They can’t afford a business interruption and can’t risk data corruption.
- Either they already got hacked, or they know somebody who got hacked.
What does cyber insurance cover?
This is a still-evolving field, especially with new cyber threats and risks getting introduced all the time. Coverage varies by insurer, with different carriers offering different premiums that cover various risks.
As an example, the techrug “Cyberbreach Policy” for managed service providers covers the following:
- Security liability
- Privacy liability
- Breach response costs
- Forensic expenses
- Crisis management expenses
- Regulatory coverage
- Digital asset restoration costs
- Business interruption
- Cyber extortion threats
- Cyber-threat losses
- Cyber-fraud events
- PCI DSS assessment coverage
How do I choose the right policy?
As stated above, cyber liability insurance policies offer a lot of variances. That makes it vital for businesses to do their due diligence. Before signing on the dotted line, you should:
- Figure out what types of data your company collects and how that data gets stored and protected.
- Make sure your carrier has experience selling this type of insurance.
- Look for broad coverage, low limits and low deductibles.
- Watch out for exclusions that could leave your business exposed.
- Be sure your business cyber security makes the grade.
How can I upgrade my business cyber security?
Insurance can keep you and your business on a stable financial footing if a security event occurs, but it should not offer a false sense of security. It cannot protect you or your business from cybercrimes and cannot substitute for basic security protocols such as firewalls, antivirus protection, data backups and routinely updated software patches.
Every cyber insurance policy requires your business to follow minimum security requirements. If your business cyber security is lacking, CNS can help.
For more information on how to keep your network safe and your data secure, contact Capital Network Solutions at (916) 366-6566.