Modern business practices call for modern approaches to business insurance and that means insurance that covers a range of cyber risks. Cyber insurance (or cyber liability insurance) is becoming increasingly important as companies conduct more of their business online, store more of their business data digitally and generally occupy a great deal of cyber space. Unfortunately, not many companies, especially small enterprises, have recognised the need for cyber insurance, and if they have, they haven’t given it the priority that it deserves.
The risk is real
In an article by Noah Buhayar and Alexandria Baca, Peter Hancock, CEO of AIG) says that cyber risks are extremely underinsured, which means that many companies don’t have a safety net in the event of cyber attacks and data breaches. The safety net is important because, as Michael Kerner from Zurich Insurance Group says (in the same article), the number and sophistication of cyber attacks is increasing, causing major disruptions for businesses – not to mention financial losses.
The importance of cyber insurance is underlined by Professor John Walker (Visiting Professor with Nottingham-Trent University Faculty of Engineering and CTO of Integral Security Xssurance) in an interview with Steve Gold from SCMagazineUK.com. In addition to protection against the financial losses and business disruption caused by cyber attacks, Walker says that new data breach legislation on the horizon in both the US and Europe make cyber insurance particularly important.
As with other types of insurance, it’s important to know your risks and your options before you run off and buy the first policy you come across.
The most basic cyber insurance policies can cover companies for the costs of systems repairs and data recovery, compensation for those who negatively impacted by a data breach and loss of revenue resulting from an attack. There are also more complicated options that are divided into first- and third-party coverage. According to L.D. Simmons II, first-party coverage insures against losses to the policyholder, while third-party coverage insures the policyholder against losses suffered by clients or other entities as a direct result of a cyber attack.
According to Simmons, first-party insurance includes theft and fraud, forensic investigation, business interruption, computer data loss and restoration and extortion. Third-party insurance includes privacy liability, media liability, credit monitoring, crisis management, notification costs, regulatory response and litigation and regulatory costs.
Every business has unique needs and faces unique risks, so it’s dangerous to take a one-size fits all approach to cyber insurance. Your best bet is to talk to a broker about your needs. Brokers should be familiar with the different types of policies available, and if they aren’t, they are in a position where they can easily find out. Furthermore, your broker knows what your existing insurance already covers, so you don’t accidentally double up on anything, like theft and fire damage, for example.
Another advantage of going through a broker instead of an agent is that brokers don’t have an agenda. They aren’t trying to sell you a specific policy from a specific insurer. They want to help you get the cover that is right for you, and that means they’re willing to do the legwork to find a policy that fits your needs – and your budget. Finally, brokers will be able to fully (and without bias) explain various terms and conditions and exclusions – the small print – so that you thoroughly understand what you’re paying for.
Remember that as with other forms of insurance, the more safeguards you have in place, the more willing insurers are to provide cover and the lower your premiums are likely to be. So, do yourself a favour and beef up your cyber security systems before you buy insurance. Ensure that you have the best firewalls and antivirus and antimalware you can afford, make regular backups and keep the backups in a secure location, ensure that you have good physical security systems, like surveillance cameras and security alarms, etc. Even then, the insurer is likely to recommend additional safeguards before giving you the best possible deal.