Does My Company Need Cyber Insurance?
The universal truth is that network defense, no matter how sophisticated, is vulnerable to cyber-attacks. And if one of those attacks turns out successful, the aftermath will completely devastate your business.
Affected companies can expect negative financial impacts, including lost sales and severely hampered productivity due to downtime. Businesses may also suffer from credibility hits in the marketplace and with clients.
So, to answer the loaded question, do you need cyber insurance?
But what exactly is cyber insurance, and how does it help in times of trouble?
Here at ITS, we’ve been helping hundreds of clients manage their cybersecurity to protect their businesses from physical, financial, and reputational damage. This article will give you a rundown of what cyber insurance is, its coverage, and some cybersecurity measures to implement to be able to afford one at a low cost.
What is cyber insurance?
Cybersecurity insurance is similar to other forms of insurance that you are likely familiar with, such as car insurance. In a general sense, insurance protects you in the event of an unwanted incident. In the case of cybersecurity insurance, the incident could be:
- A data breach,
- Server malfunction resulting in downtime,
- Network damage, and in some cases,
- Payment of a ransomware demand
Among the four most common risks, data breach accounts for 73% of cyber insurance claims pre-corona virus.
Cyber insurance post-COVID
However, a lot has changed after the mass switch to a work-from-home environment. Since it is now harder to monitor what everyone clicks on the internet, the risks have grown larger. As a result, the number of ransomware attack cases became higher.
And by increased, we mean a 600% surge.
In relation to the overblown number of attacks, the ransom amounts hackers demanded also doubled in 2021. The highest demand, according to reports, was roughly $30 million–the previous peak was at $15 million.
The combination of more attacks with a higher ransom has been wreaking havoc on the cyber insurance industry. Expectedly, their response has primarily been to increase their premiums. In some cases, organizations are noticing a 50-100% increase in cyber insurance premiums.
But an increase in premiums is not the only potential change. Some insurance companies are exploring other options such as ransomware sub-limits, co-insurance, and most vital of all, increased premiums for organizations that do not implement cybersecurity measures at the company level.
In other words, they may not insure you at all, or you’ll be paying a lot if your business doesn’t implement appropriate cybersecurity procedures. And while a lower insurance premium may be nice, the bigger benefit of implementing cybersecurity procedures cannot be understated–a bit of a win-win scenario if you think about it.
What are the cybersecurity measures you should implement?
Here are nine measures to take to achieve the basic level of cybersecurity your cyber insurance partner may require:
- Enable company-wide multi-factor authentication (MFA). Watch this video to know what MFA is and how it works:
- Have a backup system in place and regularly backup essential data and files. Ideally, have the backup stored remotely, and offline.
- Discuss phishing scams at length with your team and implement cybersecurity awareness training for your company. A single click on a bad link can cause a horrible chain of events for an organization.
- Patch and update systems when needed. Do not wait on these.
- Close open ports. Open ports make it easy for cybercriminals to access data.
- Limit the number of employees with administrative access to sensitive data. Know who these employees are, and periodically review whether or not they still need access.
- Make cybersecurity a priority for management, and cultivate a cyber-minded culture.
- Work with cybersecurity specialists–either employ a team or work with a trusted, outsourced organization.
- Use next-generation EDR (replace older antivirus software with newer Endpoint Detection and Response technologies).
What does cyber insurance cover?
Finally, you will need to know how exactly cyber insurance can back you in times of trouble.
When you find yourself in the middle of a lawsuit due to internal and external privacy issues that result from a data breach, your cyber insurance has the duty to defend you. Apart from the legal fees and settlement expenses, here are other issues your cyber insurance typically covers:
- Data loss, recovery, and recreation
- Business interruption/loss of revenue due to a breach
- Loss of transferred funds
- Computer fraud
- Cyber extortion
In addition to that, your policy will also help with notification costs. This expense is significant because your organization bears the burden of identifying potential victims, which requires an internal investigation and providing a reasonably calculated notification to give actual notice. The whole process may be lengthy and costly.
Do you need help with your cyber insurance?
Ensuring robust business cybersecurity not only helps with the protection of your data and processes but also lessens the sum you’ll have to pay for your cyber insurance.
At ITS, we help our clients bolster their network defenses to prevent potential risks. If you want to know the current security trends your business must have, download and read this e-book.