Cyber Insurance: Good for my Company?

May 20th, 2015 by admin

Black calculator sitting on a sheet of data, next to an uncapped silver pen

We've spent a lot of time on this blog talking about cyber-attacks—from nuisance hacking to data theft to virtual electronic terrorism—and the steps your company can take to defend itself. But what if, despite all your best efforts, you one day discover you've still been hacked? An insurance policy may be the best option.

"Cyber liability" coverage has actually existed in the insurance industry for over a decade, but most companies simply didn't give it much thought—until those high-profile data breaches at Target and Sony flooded the news. As the number of reported hacking incidents continues to soar, many insurance carriers are now specifically excluding electronic data from the "tangible assets" covered in their standard liability policies. And cyber insurance policy sales are increasing.

Even for small businesses handling confidential customer data (particularly financial services), a single cyber-attack can be a major financial hit.

As Bloomberg reported last year, a nationwide survey of small businesses revealed almost half the respondents had already experienced some type of security breach, with the average cleanup cost near $8,700.

Cyber Insurance: What Does It Cover?

Most cyber liability insurance coverage available today generally revolves around these key areas:

  • Cleanup. Cleaning up the results of the incident can be expensive, especially for a small business. IT experts often have to be brought in to find out what damage occurred, how to resolve it, and how to keep it from happening again. The consequences of a single virus attack could affect your business to the tune of several thousand dollars.
  • Cyber Extortion. Coverage of "ransom" payments made following credible extortion threats, plus applicable prosecution expenses.
  • Virus Liability. Compensation to victims who received a virus or malware via a business's compromised website.
  • Asset Protection. "Reasonable" costs associated with recovering or replacing lost or corrupted data.
  • Loss of Revenue. Estimated gross revenue losses during a full or partial interruption of a business's computer network due to a denial-of-service attack or other act of cyber terrorism (typically covering an outage of up to 48 hours).
  • Data Breach/Privacy Crisis. The costs associated with notifying people or companies whose data was on the affected servers (as mandated by law in many states including California) and establishing a call center, plus offering complimentary credit monitoring/identity theft restoration and associated legal expenses.
  • Regulatory Civil Action. Reimbursement for financial penalties imposed by government agencies for violations of protected data laws, such as HIPAA or HI-TECH (the fees themselves and/or court costs).

Getting the Best Deal

Annual premiums for cyber liability insurance can begin around $7,000 for every $1 million of coverage—but as more major carriers enter the growing cyber liability market, expect competition to drive those costs down. And just as an individual may get a better life insurance rate by not smoking and watching their cholesterol, businesses can earn premium discounts by adding advanced security measures such as superior firewalls, encryption, and antivirus software. It pays to shop around for the best coverage at the best price. Better yet, find an insurance broker who specializes in cyber liability.

As hackers grow bolder and even more relentless, the levels of malicious cyber-attacks will get worse before they get better. Just as home, auto, and health insurance are now looked upon as staples, cyber liability insurance may become a necessity for any business, large or small.

Posted in: Cyber and Data Security, Solutions