Having a strong cyber security stack is critical for all businesses. Making sure your practices and technology stack include things like security awareness training, spam email blockers, multi-factor authentication, and advanced firewalls all help to minimize your risk of attack. Unfortunately, bad actors are highly motivated to find new ways to compromise your staff and/or network so you can never be 100% safe from an attack. For this reason, having cyber insurance is an important piece of your overall cyber security strategy. Cyber insurance (also known as cyber liability insurance) is coverage to protect against losses incurred by a data breach or other malicious security incident. Coverage and criteria differ from provider to provider so here is what you need to know about cyber insurance.
Criteria: Because the threat landscape is volatile and compliance requirements vary across industries and business operations, getting a new cyber insurance policy started can be challenging. Most providers have become more selective about who and what they cover. The most essential position to any cyber insurance provider will be the strength of your current network security and cybersecurity practices. To position yourself for success, have some base criteria in place including multifactor authentication throughout your entire business, annual security awareness training for your entire staff, and strong firewalls and spam filters in place. Make sure you understand what data and security compliance laws and requirements apply to your business and have documented processes for remaining in compliance. If you work with third-party vendors, make sure you have documentation of their cyber security requirements. Have a documented and practiced incident response plan in place. The more advanced your cyber security stack is, the better your position is to qualify for a policy and negotiate affordable rates.
Coverage: The point of insurance is obviously to help protect your business when there is a negative event. Not all cyber insurance policies are created equal though, so it is critical to understand the differences across providers and rates. You can expect most policies to include:
- Customer and employee outreach: If your business is the victim of a cyber-attack and precious information is stolen, your customers and employees need to be among the first people you contact. They need to be aware that a cyber attack occurred and that their information may have been compromised. Depending on your industry and location, there may be a legal obligation to inform. Cyber insurance will help cover the costs of cyber security breach notification and rectification.
- Recovering stolen data: Most cyber insurance policies will pay for a professional data recovery service to help your business recover stolen customer or business information.
- Software and hardware repair and/or replacement: Cyber attacks can wreak havoc on your software and hardware. If a bad actor damages or corrupts your computers, networks, or programs, your cyber insurance policy can help cover the cost of repair or replacement.
- Financial loss: This one will vary a bit, but most policies will cover at least some financial loss due to business interruption caused by a cyber-attack and ransomware demands. This may not include system upgrades or estimated future financial losses due to a breach or decreased valuation of your business caused by an attack. Make sure you understand exactly what is covered before selecting a policy and provider.
Cyber insurance can help protect your business when you become the victim of a cyber-attack, but as you can see, it’s only part of a strong, overall cybersecurity strategy. We recommend a 15-point cyber security strategy to best protect your business. Get started with a free cyber risk assessment.