Cyber Insurance – Being Qualified for Coverage and Reducing Premium Costs
Cyber Insurance is a relatively new concept, but it is in huge demand recently and rightly so as ransomware attacks are on the rise. Of late, cyber insurance providers are under a lot of pressure to change their requirements for coverage, since many businesses are not taking proper precautions. Like we have mentioned before, no business is too small or remote not to become a cyber target.
What is Cyber Insurance?
Cyber liability insurance or Cyber insurance is designed to mitigate your business losses from a variety of cyber incidents, including data breaches, business interruption, and network damage or related IT assets. This data often holds sensitive and personally identifiable information, either related to individuals or other client organizations.
Please understand, however, that cybersecurity insurance is not a substitute for cyber risk management and many providers are now requiring that a business have baseline cyber risk management before they will even consider providing coverage.
Effect of Recent Surge of Attacks on the Industry
Cyber-attacks in general and ransomware attacks, in particular, are on the rise, there are no two ways about that. This is due to the increase in attack surface and shared bandwidth and computers due to working from home.
This has increased the need and demand for every business to opt for cyber insurance. But that doesn’t mean that the cyber insurers are providing policies for every organization. The ransomware payments from companies increased 341 percent to a total of $412 million during 2020, and most of it is being borne by cyber insurance companies.
- Many insurance providers are raising bars in terms of their basic cybersecurity practices, to be eligible for lower insurance premiums.
- Raising premiums for plans that include damages that cover hacks, ransomware attacks damages.
- Many insurance carriers are also, reevaluating the amount of coverage small businesses are eligible for and how much premiums to charge.
As a matter of fact, there is an increasingly popular practice followed where underwriters are asking for detailed proof of a business’s cyber policies and defense systems while applying for cyber insurance.
For example, there are cases where an applicant’s policy was rejected or asked to pay a higher premium for lower coverage because they did not have basic or reasonable cyber measures such as multifactor authentication or a proper firewall in place.
These basic or reasonable measures might be more stringent based on the type of business you are in. A legal or a CPA firm dealing with a client’s sensitive financial data or a hospital storing health records or a retail firm storing personally identifiable information needs to have stricter access control measures in place to be eligible for a reasonable cyber insurance policy.
Types of Cyber Insurance
Many cyber insurance providers offer different packages to suit various businesses. Classification may occur based on one or more factors such as coverage, locality, or even risk. Let us understand a few key insurance types.
Covers all the incidents that directly affect you. Typical issues include:
- Data Destruction
- Extortion or cyber blackmail
- Online Theft
- Deliberate and Accidental Denial of Service
This covers the situations where harm is caused by others such as:
- Errors of Commission
- Errors of Omission
- Data Breaches
- Data Theft or Business Secrets
- Defamation and Related Negative Publicity
This is a full and valid cyber insurance whose benefits include:
- Security Audits
- Incident Management and Handling
- PR Initiatives
- Investigations, Forensics, and Reporting
- Criminal Rewards
Coverage Under Cyber Insurance
A typical cyber insurance cover
- Legal fees and expenses for reporting or dealing with a breach.
- Notifying customers about a data breach.
- Restoring personal identities of affected customers
- Cost to identity fraud and restore credit history of victims.
- Recovering compromised data (including Ransom payments)
- Repairing damaged computer systems (in case of trojans or worms)
What’s not Covered
A few important assets that are not covered include:
- Loss of brand reputation
- Downtime loss
- The financial damage caused because of compromised patent or other sensitive information
- Loss of customers due to loss of reputation
As a best practice and a legal requirement in most states, it is recommended that businesses must notify customers if there has been a data breach. Although the process can be very expensive it is a good way to regain your damaged brand reputation at least partially. Many good brands have also started offering free credit monitoring to customers. This is also gaining popularity as a legal mandate from a few states.
Should I apply for Cyber Insurance or Not?
Cyber insurance isn’t a defense mechanism or preventive measure to avoid cyberattacks, but it is a great way to mitigate your monetary losses. Being cyber insured is a great way to show your clients that you are trustworthy and think about their privacy.
In short, any business that does one or more of the below needs cyber insurance:
- Accept any form of digital payments including credit cards
- Use laptop, computers, or/and mobile devices that are connected to a network
- Store medical or financial data of your clients
- Store confidential customer information or other personally identifiable information
Steps to Take Before You Get a Cyber Insurance
You must show the insurance service providers that you mean business when it comes to going digital. You need to show them that you have defenses in place, you have a general understanding of the vulnerabilities present and you have proactive steps in place to respond to a breach to reduce its exposure and loss.
Incident Response Plan
A cyber insurance policy expects businesses to take a few preliminary steps to analyze and defend against a potential cyberattack. A cyber insurer often conducts comprehensive audits on-site to evaluate your cyber-risk management practices and your risk exposure. It is recommended to have a comprehensive Incident Response Plan in place before obtaining cyber insurance. Having this plan often reduces your premium and you may expect to pay lower deductibles.
Similar to other types of insurance if you fail to take the proper precautions, you can expect to pay more. Here is a quick checklist that we, at Alliant Cybersecurity, can help you achieve before you apply for cyber insurance:
- Have adequate cybersecurity testing procedures and audits.
- Have sufficient processes to stay current on new releases and patches.
- Have adequate cyber incident response plans
- Have adequate backup processes and recovery procedures
- Have adequate policies concerning the security of vendors and business partners
- Practice regular quality security software and employee training
- Adherence to a published security standard
Alliant Cybersecurity Advantage
Contact our team at Alliant Cybersecurity now to get a detailed analysis of:
- Your current cyber posture
- Current industry cyber standards
- Competitor analysis
- Steps to improve your cyber posture to reduce premium and increase coverage
- Find or suggest a suitable cyber insurance plan