With the number and scale of data breaches still increasing, many companies wonder how to protect themselves against potential future losses. The financial cost of a cyber-attack or data breach can be far-reaching and difficult to estimate. Many people may not realize that every step of cleaning up, responding to, and recovering from an attack can be costly, sometimes devastatingly so. Could a cyber insurance policy help your company better prepare for and recover from a data breach? Here's what you should know about cyber insurance and the benefits it provides as part of a sound cyber security strategy.
What is cyber insurance?
According to the US Cybersecurity and Infrastructure Security Agency (CISA), cyber insurance mitigates losses from cyber incidents like "data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations." In addition, cyber insurance policies cover the costs of data recovery, system forensics, legal defense, customer reparations, and more.
Companies need a separate standalone cyber insurance policy since standard commercial insurance policies do not usually cover cybersecurity incidents. It's also important to evaluate whether first-party or third-party cyber liability insurance applies to your industry and services. First-party cyber liability insurance protects your company and covers costs related to a cyberattack, like public relations and forensic analysis. Third-party cyber liability insurance, on the other hand, protects against lawsuits brought by other businesses for losses or damages caused by the cyber incident your company experienced.
How much does cyber insurance cost?
Costs for a cyber insurance policy can vary depending on a company's revenue, type of business, type and volume of data handled, and cyber security measures in place to protect data. A recent study performed by AdvisorSmith Solution Inc. found that the average cost of a cyber liability policy in 2019 was $1,500 per year for $1 million in coverage, with a $10,000 deductible.
Who is using cyber insurance?
In short, most companies would benefit from cyber insurance, and indeed a wide variety of organizations are investing in policies. Companies big and small, across a wide variety of industries, should have cyber insurance. However, there are some industries where it is more prevalent, including energy, oil/gas, and utilities (88% of companies), media, leisure and entertainment (88%), business and professional services (87%), IT, technology and telecoms (87%), and financial services (86%).
How cyber insurance and cyber security go hand-in-hand
A cyber insurance policy doesn't replace preventative cybersecurity measures. On the contrary, cyber insurance policies often require and promote the adoption of preventive measures to get coverage in the first place. Implementing best practices can also reduce one's premiums.
And despite excellent policies and coverage, some intangibles can't be fixed by cyber insurance. For example, when a cyberattack leads to intellectual property theft or severe damage to a business's reputation, no insurance policy can fully compensate for that damage. In which case, a company should do everything it can to prevent a cyber attack from succeeding in the first place.
To prevent a successful cyberattack, organizations should follow cybersecurity best practices like requiring multi-factor authentication organization-wide or protecting all passwords with a business password manager. Some cyber insurance providers are actively aiding clients to improve their cybersecurity practices. Implementing best practices means it's easier to get cyber insurance, cheaper to stay insured, and less likely the company will be at fault due to a preventable vulnerability. Most importantly, it's significantly more difficult for bad actors to compromise a corporate network or steal valuable data when IT puts these cybersecurity measures in place.
Ultimately, good cybersecurity leads to better cyber insurance rates, and good cyber insurance means better cybersecurity in the case of an unforeseen event. For any company considering a cyber insurance policy, it's crucial (and may be required!) to pair it with an investment in preventative cybersecurity measures like multi-factor authentication to mitigate and prevent cyber attacks.