Despite the tremendous amount of good that has come from the rapid growth of the Internet, it has also exposed the dangers of the cyber universe. In recent years, ransomware attacks and data breaches at some of the biggest brands demonstrate that cybercriminals have become more creative – and businesses have paid a higher price for it.
Cyber insurance is following the same upward trend as other types of insurance. As risks and threats increase, so do premiums.
The cyber insurance market
Having cyber insurance is not only important for corporate risk management from a financial perspective, but it also provides the expertise for strong risk assessment, risk reduction, and crisis management. It’s a long-term necessity for preventative and reactive measures.
As more companies like Colonial Pipeline, JBS Foods, and even AXA (a cyber insurance company) are falling victim to damaging ransomware attacks, demand for cyber insurance has increased. No one is safe – and no one should run a business without this insurance.
- Cyber insurance demand has increased nearly 25% in the four years to 2020.
- US cyber insurance policies written increased by nearly 1.5mn between 2016 and 2019.
- Premium policies increased by $1bn in the same period.
Cyber insurance trends
The most common cyber insurance claims are related to:
Depending on the policy, costs covered can include legal fees, regulatory penalties, the cost of ransom, and public relations.
Types of cyber insurance
There are several types of cyber insurance covering first-party (costs incurred to the business from a data breach or hack) and third-party (lawsuits filed by clients or other businesses affected as a result).
A few types include:
- Network Security
- Theft and fraud
- Forensic investigation
- Business interruption
- Reputation Insurance
- Computer data loss and restoration.
- Data Restoration
Changes in cyber insurance
Currently, cyber insurance policies and types are aplenty, making finding the right one for your company very challenging.
As new cybercrimes are making way and ever-evolving regulations surface, the cyber insurance market has had to develop and expand its offerings in not only the enterprise market but also within public-private partnerships. There is the understanding that better cyber insurance policies and higher uptake by more companies will act as a defense against attackers and a deterrent.
This said, some key elements make up an adequate cyber insurance policy:
- Forensic expenses: hiring an external team and investigating how data has been compromised, what data was involved, and exactly what was accessed.
- Legal expenses: to help determine federal and state notification requirements and legal counsel if a lawsuit is filed.
- Notification expenses: include postage, paper, printing, call centers, etc.
- Regulatory fines and penalties
- Credit monitoring and ID theft repair: given to those affected, which can also help reduce potential legal liability.
- Public relations expenses: reputation damage control for clients, vendors, shareholders, and employees.
- Liability and defense costs
Important steps to take before buying cyber insurance
1. Ask the right questions
With so much at stake, including policy costs, it’s important to ask all the questions needed for complete clarity on what you’re getting.
What is covered? What support will be offered? What details are needed for a claim?
If anything gets too technical or complicated, seek an agent to help guide the process.
2. Perform a risk assessment
Understanding your exposures is cybersecurity best practice 101, but doing it before buying cyber insurance is necessary to get the right policy and can help with the underwriting process, possibly even lowering the premium.
A risk assessment should be holistic, considering all devices, the amount and type of data held, how sensitive the data is, applicable standards and regulations.
3. Assess finances
It’s quite an obvious one, but not going the whole hog might be the better option for your organization. Determining what is or isn’t available in the event of network downtime, investigations, and legal fees can help prioritize areas of coverage and reduce insurance costs.
Providing your workforce with user awareness training on the specifics of malware and phishing is critical for strong cybersecurity. As employee negligence is one of the most common cyber insurance claims, phishing simulation programs, cybersecurity training, and building a cyber secure culture can help reduce the number of threats.
There’s a lot to consider when it comes to cyber insurance. Involving a cybersecurity service company such as ENHALO can help to make the entire process easier and more transparent.
We know what the insurance questionnaires require, how to run a full risk assessment and what the insurance companies will need from you for the policy and the claims.
Cybersecurity insurance is not something to rush into or wing as you go; it can be costly. Therefore, seeking professional help will probably be one of the best investments you could make.