Cyber Insurance: What is it? Do You Need it?

Technological advancements have revolutionized the way online advertisements, promotions, and shopping are done. This has brought immense benefits to companies, who have now found new ways to interact with the existing and potential buyers. The opportunity offered by social media alone is rich for companies that intend to conduct exhaustive marketing activities. However, social media platforms have also become avenues of cyber-attacks. This has wrought untold financial losses to all types of companies – small, medium and large. A case in point is the latest attack from “wanna-cry’’, a ransom ware that affected businesses on a global scale. Cyber-attacks can originate from almost anywhere. Businesses large and small have to be vigilant.

There are a number of ways that companies can react to the threat of cyber attacks in order to protect themselves and their clients. Some threats are avoidable through proper implementation of policies like requiring strong passwords. Others may require more advanced software and monitoring. But regardless, if you deal with clients online, or if you keep important personal information, you likely need cyber insurance.

What is the Role of Cyber Insurance Providers?

Cyber Liability Insurance Protection (CLIC) is an insurance plan that is meant to offer protection in the event of a cyber-attack. Companies face massive losses and expenses in the event of a cyber-attack and the cyber insurance plan is meant to mitigate such eventualities. The concept of cyber insurance has grown tremendously since 2005. It is projected to reach close to $8 billion in premiums within the next three or so years. Many companies in the US have realized the need for investing in a cyber insurance policy. Presently, close to 35% of US businesses have acquired cyber insurance policies of some kind, and their number is growing daily.

The cyber insurance industry is evolving at a breathtaking rate. However, the magnitude of the cyber-attacks threat has not been fully appreciated for a couple of reasons. One, many companies fail to report the full extent of the damages they face from cyber-attacks for fear of negative publicity. Second, the nature of cyber-attacks is often changing. The two reasons straddle underwriters with a challenge on how to value the financial impact of an attack.

Generally, a cyber-insurance policy will cover the following expenses:

1. Forensics Examination

Once an attack takes place, it is vital that a forensics examination is conducted. The examination will reveal the full extent of the damage and what needs to be done to rectify the situation. The forensic examiners will advise the company on what needs to be done to successfully avert or withstand any future cyber-attack threats.

2. Expenses Arising from Lawsuits and Extortion

The policy will cater for expenses that arise from lawsuits preferred against the company. Such lawsuits may be occasioned by a breach of client confidentiality occasioned by a cyber-attack. The policy also covers any statutory fines that may be imposed on the business, the cost of legal negotiations and any costs incurred as a result of cyber extortion.

3. Service Losses

The cyber insurance policy will meet the cost of loss as a result of failure by the company to deliver service due to the cyber-attack. The service interruption may be as a result of network downtime or otherwise. Other service costs that are covered by the cyber-insurance policy include those of recovering any lost data and carrying out the necessary PR activities to repair the firm’s dented image.

4. Information Alerts

The policy caters for information alerts to customers following a breach. This also includes monitoring the credit rating of customers whose credentials and identity might have been compromised during the assault.

What do you look for in Cyber-insurance Coverage?

A number of cyber insurance companies offer a list of items that are covered by their insurance policy. The buyer can use these lists to compare and contrast various providers before they settle on the one they perceive to be most receptive to their needs. You can also leverage an independent insurance agency to help you shop for the best value. For example, because we are independent, we can shop between multiple carriers for all kinds of insurance needs. Whatever the case, you must ask about the following aspects of a cyber-insurance plan:

a. Does the insurer customize the insurance coverage plan to the needs of their clients, or does it offer a one-size-fits-all kind of policy? Of course, as the buyer, you will be more interested in an insurance firm that is willing to customize their products for your firm.

b. How do deductibles compare amongst the various insurers? Be sure to compare and contrast deductibles among various insurance providers to determine the ones with the best deals.

c. Does the insurance policy include coverage for third-party providers? What are the limits? If third-party providers have cyber-insurance, how will this influence the terms of my contract?

d. Does the insurance policy cover APTs (Advanced Persistent Threats) and other network attacks?

e. Does the insurance policy offer protection in the event of a strike?

The strikes could be targeted at the company, or the company may be affected by collateral damage. How does the insurer propose to handle this?

f. Does the insurer offer E&O protection that caters for an injurious action done inadvertently by an employee?

g. For how long will the policy offer protection against the risk of APTs?

How Do Insurance Companies Determine Insurance Coverage?

A cyber-attack insurance provider expects potential clients to have put certain measures in place before they can underwrite them. For example, the buyer must ensure that they have done a risk evaluation and created a detailed cyber risk profile. They also must have solid protections against potential cyber-attacks. The insurer will request that the buyer educates its workforce on the best security practices to prevent, control, or successfully withstand a cyber-attack.

The buyer is encouraged to consult moral hackers with a view to getting an insight on the buyer’s most vulnerable spots and how to protect them.

Cyber insurance buyers may be asked to provide a detailed audit of their company’s procedures and practices. This will be to enable the insurer to assess the vulnerability levels of the company. Insurers may ask companies to change some aspects of their administrative practices if they are deemed to be a threat.

The Importance of Cyber Insurance Coverage for Businesses

Companies that partially or fully conduct their businesses over the internet need to contact a reputable insurer for a cyber-attack insurance policy. This is because such businesses stand the greatest risk of being assaulted and losing their assets. Statistics clearly show that cyber-attacks are on an upward trajectory. A shocking observation: small businesses are being attacked at a higher frequency than expected. For example, a report by two leading internet security providers found that about 30% of the cyber-attacks recorded 2 years ago targeted small businesses. Shockingly, the attacks against small businesses increased by 15% (to 45%) last year. This in itself should be a wake-up call to small businesses to safeguard their businesses against such attacks.

(It is estimated that the impact of cyber crimes on the world’s economy has skyrocketed to $580 billion per year, from the $350 billion experienced just a few years ago.)

The cost of a cyber insurance plan is dependent on how the buyer’s industry is organized. The industry dictates the policies and procedures of the firm, the kind of services offered, and their risk profile. Small businesses with profits of between $90,000 and $500,000 will have lower premiums than larger organizations.

If you have questions about cyber insurance, definitely reach out to us so that we can put you in touch with the best available resource.