Every organization–big or small, needs cyber insurance today. Cyber insurance covers a range of elements, the most basic being the legal expenses incurred as a result of falling victim to cybercrime. This includes legal fees, expenses, and even any fines that you may have to pay or financial settlements that have to make with your customers or third parties who have been affected as a result of the incident. Apart from this, depending on the coverage you opt for, your cyber insurance may cover the following.
- Notification costs – In the event of a data breach, the business is required to inform all affected parties of the breach. This involves reaching out to them individually and also through the press. Cyber insurance may cover the costs related to this process.
- Restoration costs – After a cybercriminal attacks your IT infrastructure, you will have to spend money restoring it. There will be considerable expense in terms of recovering the lost data and repairing or replacing affected IT systems.
- Analysis costs – In the event of a data breach, you will have to conduct a forensic analysis to identify the root cause of the breach and figure out how to prevent further occurrences. Cyber insurance may cover the costs of such an investigation.
- Downtime costs – When your business operations shut down, even temporarily, due to IT issues, you lose revenue. You could get a cyber insurance policy to cover such downtime costs.
- Extortion money – In some cases of data theft like a ransomware attack, cybercriminals usually demand a certain amount of money as ransom or extortion to let you access it again. Considering how rampant ransomware attacks are these days, it may make sense to opt for a policy that covers this angle as well.
With the cybercrime rates rising consistently, cyber insurance is increasingly becoming a necessity for survival. Here are a few things to consider before you sign up with a cyber insurance service provider.
First, perform an internal risk analysis. Research to understand what kind of cybercrimes are most rampant in your industry and ensure your insurance policy covers those for sure. Like we discussed before, the most basic of cyber insurance covers data breach and associated costs, but you definitely want more than just that.
What is the scope of your policy
Be clear about the scope of your policy before you sign the dotted line. Remember that cyber insurance functions on the same principles and policies as like any other insurance, which means there will be deductibles, waiting periods and exclusions. Be sure to ask your insurance service provider about them. You don’t want to find out you weren’t covered by insurance until after the attack, at the time of claim. Here are a few things to ask your insurance company in this regard.
- Does the policy cover you if a breach happens via your sub-contractor or vendor and makes you liable to your clients? If your cyber insurance doesn’t cover those, then make sure your vendors and sub-contractors have cyber insurance to cover you or sign some kind of an indemnity contract with them so you are covered in the event of such incidents.
- In case of an action by your employee causing the breach, such as clicking on a fraudulent link or sharing data accidentally to a dubious email ID, will you still be covered?
- Ask your insurance provider to clearly spell out any deductibles, exclusions and window periods that may exist.
- Check with your insurance provider on what would be your liabilities as the insured. For example, there may be rules regarding anti-virus measures, data safety and security measures, IT training, timely data backups and IT audits, etc., that you may have to follow in order to be eligible to be covered under the insurance in the event of a breach
Before you sign up, do your research thoroughly, get proposals from multiple insurance service providers and opt for a policy that covers your needs the most and the best. Sometimes, service providers may be willing to make additions or modifications to an existing policy to meet your exact requirements, which may work best for you.
Cyber insurance is not a replacement for cybersecurity
Having cyber insurance doesn’t mean you can be lax about cybersecurity. It is meant as a buffer, to help your business survive when something slips through the cracks. A managed IT service provider (MSP) can help you tighten your cybersecurity and prevent data breaches and other incidents. Also, being well versed with the IT industry, your MSP can help you understand the IT risks for which you need to get coverage.