Businesses are turning to technology to streamline their practices. But along with this innovation comes the risk of cybercrime. According to the 1,300 executives surveyed by PwC for its 2022 Global Economic Crime and Fraud Survey report, cybercrime is the biggest threat facing businesses today.
And these days, it’s not just the big businesses at risk — cybercrime is becoming increasingly common among small businesses, too. However, a survey reveals only 6 out of ten small businesses believe they’re prepared to deal with cyber-attacks. Cyber insurance is one way to mitigate its risks.
What’s Cyber Liability Insurance?
Cyber liability insurance is a type of insurance that helps to protect businesses from the financial losses that can result from a cyber attack. This type of insurance can help to cover the costs of cybercrime risks like data breaches, cyber extortion, and other internet-based threats. For some, it also helps in remediation processes, investigation, and litigation.
It works the same way as other types of insurance, except that it’s specifically designed to cover the unique risks of operating a business online.
Why is Cyber Insurance Critical?
Data breaches can be costly — not just in terms of the money spent on recovery but also the damage to your business reputation. According to reports, the average cost of a data breach is now $4.35 million. This figure will only go higher as cybercrime becomes more sophisticated.
Your business is held accountable for the loss or theft of data belonging to your customers, employees, or business partners. You could also be held liable for the damage caused by the release of this data. A cyber insurance policy can help in protecting an online business against these risks and cover the associated costs.
What Does Cyber Insurance Cover?
Cyber insurance coverage varies depending on the policy. But typically, it includes first-party coverage of losses incurred through hacking and data theft, destruction and extortion. The main areas that cyber insurance covers are:
Notifying Customers
The first step in the event of a data breach is to notify your customers that their data may have been exposed. Depending on the sensitivity of the information involved, you may also be required to inform the relevant authorities. Cyber insurance can help cover notification costs, including hiring a PR firm to manage the situation.
Personal Identity Recovery
Restoration of personal identities is a crucial component of data breach response. That includes providing credit monitoring and identity theft protection services to customers whose data has been exposed. It can also involve working with the credit bureaus to clear up any fraudulent activity on their accounts.
Data Recovery
Data lost or stolen in a cyber attack can be difficult, if not impossible, to recover. Your policy can handle the cost of professional data recovery services. It can also cover the cost of any business interruption resulting from this data loss.
Legal Fees
Cyber attacks often lead to legal action from customers, employees, shareholders, or regulatory bodies. Cyber insurance can help you hire a lawyer to defend your business in court.
System Damage Repair
Repairing or replacing damaged computer systems can be expensive. Cyber insurance can cover the cost of these repairs and any resulting business interruption.
Ransom Demands
Often, the goal of a cyber attack is to extort money from the victim. Your coverage may include the cost of paying a ransom demand, as well as the cost of hiring a professional negotiator.
What’s Not Covered by Cyber Insurance?
While most policies will cover the costs associated with data breaches and cyber-attacks, there are some limits to what cyber insurance can do.
For instance, many policies exclude coverage for:
Preventable Losses
Cybersecurity insurance is designed to protect businesses from the financial losses that can result from a cyber attack. However, it will not cover losses that could have been prevented with reasonable security measures.
Losses Caused by Employees
Cyber insurance will not cover any losses caused by human error, even if they were not responsible for the attack. For instance, if an employee accidentally deletes important data, your policy will not cover the cost of restoring it.
Prior Breaches
A cyber insurance policy will not cover any losses resulting from data breaches that occurred before the policy was in effect. A reasonable time frame for this is usually about 90 days.
Insider Attack
Most policies will not cover the resulting losses if an employee or contractor intentionally causes a data breach. Investigation and litigation costs may be covered, but not any damages that are awarded.
Pre-existing Vulnerability
If a business is attacked through a known security vulnerability that was not fixed, the resulting losses may not be awarded. That’s because the business should have taken steps to prevent the attack.
Not all policies are the same, so it’s important to read the fine print before buying a policy. Be sure to ask your broker or insurer about any exclusions that might apply to your business.
Who Should Get Cyber Insurance Coverage?
Every business that stores sensitive customer data should have security against cyber sabotage. These businesses include retail, healthcare, financial services and hospitality businesses.
But even if you don’t store data yourself, you could be responsible if a supplier or service provider you use gets breached. So if your business could be held liable for a data breach, you need cyber insurance.
What Should I Look for in a Cyber Insurance Policy?
When shopping for cyber insurance, there are a few key things to look for:
Coverage Limits
Most policies have per-incident and aggregate coverage limits. Per-incident limits are the maximum amount the insurer will pay for a single data breach. Aggregate limits are the maximum amount the insurer will pay out for all claims in a policy period.
Choose limits covering the total cost of a worst-case scenario, including investigation, recovery, legal fees, and business interruption.
Deductibles
Most policies have a per-incident deductible or the amount you must pay before coverage kicks in. Some also have an annual deductible, which you must pay each year before coverage applies.
By finding a deductible you can afford to pay out of pocket if you have a data breach, you can keep your premiums low.
Coverage Extensions
Some insurers offer add-on coverage for cyber extortion, system damage, and reputational harm. These can be worth the extra cost if they cover losses your business will likely experience. Looking for a policy with these coverage extensions can help you get the most comprehensive protection.
Is it Worth Having Cyber Insurance?
For most businesses, cyber insurance can be worth its weight in gold. The security blanket it provides can be invaluable if your business experiences a data breach. Although it’s impossible to predict the future, you can prepare for it. And in the case of a cyber-attack, having cyber insurance coverage can make all the difference.