Five questions to ask about cyber insurance | Business Insurance

know about this Five questions to ask about cyber insurance

in complete details.

the Allianz Risk Barometer reports that global businesses are more concerned about cyber risks than the pandemic or other threats to their operations. Cyber ​​attacks and data breaches can cause significant losses, not to mention damage to brand reputation from disgruntled customers.

So how can companies protect themselves? Like other types of insurance, cyber insurance can help businesses mitigate risk. It offers a safety net for businesses that are under constant threat from cybercrime, and it’s evolving every day.

But before a company gets on board with cyber insurance, it’s important to understand the details of an insurance policy and how the company’s own protocols influence the process.

Cyber ​​Insurance Defined

Cyber ​​insurance covers business liability for a data breach involving sensitive customer data, such as customer payment information, account numbers, health records, and social security numbers.

Some companies mistakenly believe that general liability insurance will cover these types of threats, but often this is not the case. General liability insurance only covers bodily injury or property damage caused by a product, service, or operations, not cyber threats. Here are five questions to ask about cyber insurance:

What does cyber insurance cover?

Along with legal fees and expenses, cyber insurance covers:

  • Notify customers of a breach.
  • Restoration of the identities of the affected clients.
  • Compromised data recovery.
  • Repair of computer systems.

Some states require companies to notify customers of a data breach involving sensitive and identifiable data, an expensive proposition. Most states do not require businesses to offer a free credit check after a violation, but this measure can improve public relations.

Should a small business have cyber insurance?

Any business, big or small, should have cyber insurance if they handle sensitive customer data. If there is a violation, the legal fees are often astronomical.

When it comes to the imminent threat of a cyber breach, companies must mitigate business risks and be prepared to respond to a security incident. Here are some of the benefits of a cyber insurance policy:

  • Forensic Assistance: Forensic services can uncover cyber incidents that originate internally, such as breaches caused by employees.
  • Protection against damage by hacks or viruses: Cyber ​​breaches often cause disruption to business processes, but cyber insurance can include a business interruption clause to cover lost revenue and compromised data.
  • Data theft and corruption coverage: Data recovery after a breach can be challenging, especially when it comes to retrieving customer information or business data. Cyber ​​insurance can include theft and data coverage to help with this process.
  • Assistance in public relations: A cyber insurance policy can include public relations assistance, which can help the business rebuild its brand and maintain a positive image.
  • Coverage for stolen or damaged electronic devices: Cyber ​​insurance can cover the cost of electronic devices, such as tablets, laptops, and mobile phones. This can include theft and loss along with a malware event.

What does cyber insurance not cover?

While comprehensive, cyber insurance does not cover everything. This is what is not covered:

  • Loss of future profits: Cyber ​​insurance generally does not cover loss of earnings, even with a breach.
  • Loss of value: Cyber ​​insurance may not cover the cost to the business if intellectual property is stolen.
  • Updates: These are typically not covered by a cyber insurance policy.

There are also two different types of cyber insurance: first person liability coverage and third party liability coverage. Companies can buy one or both.

First-party liability coverage protects the business from expenses related to a breach, while third-party coverage offers protection when a vendor, partner, customer, or other party sues the business for allowing a cyber breach to occur, thus putting your data at risk.

Cyber ​​insurance has been evolving, so it’s important to review all company policies and assess what the insurance covers, what it doesn’t, and how much insurance the company really needs.

Does my business need cyber insurance?

No matter the size of the business, you need cyber insurance if the business:

  • Store sensitive information for customers or clients.
  • Use point of sale systems.
  • Provide hardware or software services.
  • Store data on computers or in the cloud.

Is cyber insurance the same as data breach insurance?

No, there is a big difference between cyber insurance and data breach insurance. Cyber ​​insurance covers the risk of own and third-party cyber incidents, while data breach insurance only covers data damage.

How to apply for cyber insurance

Any type of insurer considers the risk they incur when hiring a client, and cyber insurers are no different. Cyber ​​threats are on the rise and cyber insurers want to know that the companies are complying with their rigorous security checks to meet the criteria.

Applying for cyber insurance requires scrutiny of a company’s risk management and security controls, including policies and protocols for multi-factor authentication and web content filtering.

Cyber ​​insurers assess cyber risk using a variety of factors, including network segmentation, malware defense, administrative privileges, and access management. Regardless of the details, everyone is looking for rigorous and proactive cybersecurity risk controls. Depending on the industry, the company may face different risk control criteria or security measures. Fortunately, taking steps to implement protocols and controls increases the chances that the business is “insurable” and can lower overall insurance costs.

Here are some considerations:

  • Automate password management instead of relying on manual methods.
  • Implement a least-privilege strategy to ensure that privileges are only granted for activities required in a time limit, rather than general access.
  • Proactively rotate, monitor, and audit access to privileged accounts with privileged access management solutions.
  • Implement security controls with multi-factor authentication to verify user identities before granting or elevating privileged access.
  • Train employees on cyber risks, security protocols and protection measures.

Cyber ​​insurance continues to evolve to address new threats and risks. Like protecting other aspects of the business with an insurance policy, cyber insurance gives businesses peace of mind knowing they are covered against the negative impact of a breach, from damaged electronics to the effects on brand reputation .

With the changing demands and rising costs of cyber insurance, it is vital to maintain security controls to make the business more “insurable”. Solutions such as privileged access management offer a significant advantage and show that the company has protected itself from external and internal threats.

Joseph Carson, Chief Security Scientist and Consulting CISO, Delinea

See also  Former Salem business owner gets four years of arson [The Salem News, Beverly, Mass.] – InsuranceNewsNet | Business Insurance