Based on information from the Allianz Risk Barometer, businesses everywhere are concerned about cyber attacks. The losses, both financial and reputational, can be catastrophic.
Cyber security protocols are the first step in prevention, but what else can businesses do to protect themselves?
One answer is cyber insurance. Find out how this “safety net” for cyber crime can be helpful for your business, what it covers, and how to determine if you need it.
What Is Cyber Insurance?
Cyber insurance is a type of business insurance that covers a data breach involving sensitive customer data, such as account numbers, health records, social security numbers, or payment information.
What Does Cyber Insurance Cover?
- Legal fees and expenses
- Notifying customers of a breach
- Recovering compromised data
- Restoring affected customers’ identities
- Repairing computer systems
Should a Small Business Have Cyber Insurance?
All businesses, no matter the size, should consider whether cyber insurance can help them protect sensitive customer data. The legal fees and PR expenses can be considerable when a breach occurs.
There are numerous benefits to cyber insurance, such as:
- Forensic assistance to uncover cyber incidents
- Protection from damage from malicious hacks or viruses, including business interruption and lost income
- Theft and data corruption coverage
- Public relations assistance for reputational harm
- Coverage for stolen or damaged electronics
What Isn’t Usually Covered by Cyber Insurance?
Cyber insurance covers a list of different fees and expenses following a breach, but not everything. Here’s what may not be covered or may be limited:
- Loss of future profits
- Loss of value for intellectual property
- Upgrades
Be sure to evaluate the type of cyber insurance as well. First-party liability coverage protects your business from the expenses related to a breach, while third-party coverage protects you if a customer, vendor, or partner sues because of the breach. You can get one or both.
Like cyber crime, cyber insurance is continuously evolving, so review your policies and what is and isn’t covered to know you’re protected.
Does My Business Need Cyber Insurance?
Not all businesses need cyber insurance. You should consider cyber insurance if:
- You store sensitive information for customers or other parties
- You use point-of-sale systems
- You provide hardware or software services
- You store data on computers or the cloud
- Your business relies heavily on on digital services
Applying for Cyber Insurance
Insurance companies evaluate risk when they take on a client. Cyber insurers operate the same way, especially with the growing threat of cyber crimes. Insurers want to know that the business is taking its own security seriously.
Applying for cyber insurance will involve rigorous scrutiny of your business’s security policies and protocols and risk management practices. This may include controls like multi-factor authentication or web content filtering.
There are several ways an insurer may evaluate cyber risk, including malware defense, access management, and network segmentation. Overall, their criteria is the same – they want rigorous, proactive cyber security measures.
Different industries may have different criteria for risk and cyber security. Regardless of the specifics, you can implement security measures to make your business more “insurable.”
- Implement a least privilege strategy to grant privilege for users to complete tasks in an allotted time, rather than open, unrestricted privileges
- Proactively rotate, monitor, and audit privileged account access with software
- Conduct security log analysis to identify unusual behaviors, such as logins that occur outside of normal business hours
- Implement security checks with multi-factor authentication to confirm user identities before elevating privilege
- Automate password management instead of relying on manual methods.
- Implement training for employees to identify, report, and defend against cyber crime
These measures show that you take cyber security seriously for your business and understand your responsibilities in protecting sensitive data, which presents favorably to cyber insurance companies. The insurer can feel confident that you’re arming yourself with every available measure and they’re incurring a less risk.
Protect Yourself from Rising Cyber Threats
Cyber insurance is constantly evolving to provide protection for businesses. Like your general liability policy or other business policies, cyber insurance offers peace of mind that you’re protected from financial or reputational damage if a breach does occur. Still, you must take steps to develop and implement a robust cyber security protocol to limit the risk of a breach occurring, such as employee training, access control, and multi-factor authentication.
Author bio: Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.
