Do You Need Cybersecurity Insurance, and If So, How Do You Choose the Best?
Is your company protected against cyberattack? I mean, properly protected? If you don’t have cyber insurance, the answer is ‘no’. A lot like life, really:
- You may have attained your driving license, but you still have insurance, right?
- You lock all your doors and windows at night or while you’re away from home, and you set your house alarm diligently ─ but your property is still insured, isn’t it?
- You’re the fittest person you know. Exercise every day, work out at the gym, and have no health vices. So why is it that you have healthcare insurance?
Simply put, insurance is protection against the worst that can happen despite all the other precautions you have taken. Because you’re a wise owl. You plan for the worst, and hope for the best. That way, should an emergency arise – your car is stolen, your house burgled, or you fall and break an arm – you’re covered. The worst effects of an emergency are mediated, and you can recover quickly.
In many ways, cyber insurance is no different.
Ok, What Exactly Is Cyber Insurance?
Just like other types of insurance, cyber insurance – also called cybersecurity insurance or cyber liability insurance – protects you against financial loss should your business suffer a data loss or breach of cybersecurity.
This insurance is usually sold separately to errors and omissions insurance, and specifically provides cover for loss of third-party data. Like other insurance policies, you may be able to pay the insurance premiums monthly, quarterly, semi-annually, or annually.
What Cover Does Cybersecurity Insurance Provide?
Losses that are covered include those that impact your company directly and those that affect third parties. You may be insured for the costs of returning your business to operation – such as remediation work, legal costs, and payments you may need to make to customers.
The most comprehensive cyber liability policies will cover you for costs such as:
- Demands made from a ransomware attack
- Administration of customer PR after a cyber attack
- Legal fees
- Hiring investigators and cybersecurity forensics experts
- Recovery of stolen data
- Repair/replacement of networks, hardware, and software after an attack
Like all insurances, there will be exclusions. A typical exclusion clause covers human error, which is why we always recommend improving cybersecurity culture and providing security awareness training for employees. Like health insurances, pre-existing conditions won’t be covered (breaches and cybersecurity events that occurred prior to investing in the cyber insurance policy). And like home insurance, an existing vulnerability that hasn’t been fixed will also negate your insurance.
Do You Need Cyber Insurance?
Short answer? If you do business online, or hold business-critical or customer data on your networks and systems, then yes, you do. Getting caught with your cyber pants down can be painful and expensive.
And the numbers behind the answer?
You may have taken all the security measures available to you and within your budget, but a lack of cyber insurance could prove more costly than you imagine:
- 45% of American companies experienced a data breach in 2020 (2021 Thales Data Threat Report)
- 70% of cloud infrastructures are breached within 12 months (State of Cloud Security 2020)
- Data breaches soared by 68% in 2021 (Identity Theft Resource Center)
- 93% of companies that lost data for at least 10 days filed for bankruptcy within 12 months (Unitrends)
What Is the Best Cyber Insurance Policy for Your Business?
Selecting the best cybersecurity insurance depends on several factors. These include the amount of cover you require, your budget, and, most importantly, the protective measures you already have in place. You’ll need to have a security audit, which will help the insurance provider assess for cover and cost.
As with any insurance, you should be diligent in your review of cover to ensure it provides all you need it to.
How to Select Cyber Insurance Successfully
We all know that insurance companies will try their hardest to avoid paying on a claim. We also know that not all providers and policies are equal. If your cyber insurance doesn’t cover what it must, or you’ve neglected your due diligence, those premium payments are like pouring money down the drain.
Here’s how to avoid the most common mistakes made by companies when selecting their cyber insurance.
· Take Your Time
It’s a big mistake to rush the process of applying for cyber insurance. You’ll need to take time to answer lengthy questionnaires correctly – any mistake on these will void your insurance. Some of these questions are… challenging, to say the least. If you don’t have cybersecurity knowledge, it’s easy to make an error.
If you say you are compliant with all security requirements as stipulated by the insurance provider, and it turns out you aren’t, the argument of it being an honest mistake won’t cut it.
Bottom line? It’s always best to get an expert onboard.
· Conduct a Complete Risk Assessment
You’re more likely to avoid mistakes on your application if you conduct a comprehensive risk assessment. With the pace of technological advance and the increasing sophistication of cybercriminals, a risk assessment from only a few months ago may be out of date.
If you have invested in other security measures since your last assessment, the controls you have in place may be invalidated. Like having home insurance and updating your smart home system, without ensuring the alarm is connected.
· Make Certain You Have the Correct Cover
Cybersecurity is a technical subject. Insurance can be confusing. Put the two together and the potential for misunderstanding is increased exponentially.
Never rely on what the insurance broker tells you. The onus is on you to ensure the cover you have is correct for you. Again, turn to an expert. They will help you avoid any issues with non-compliance and inadequate risk assessments that may affect your cover.
Complete Your Cybersecurity with Cyber Insurance
A fit-for-purpose cybersecurity strategy should include cyber insurance. Plan for the worst, hope for the best.
However, cyber insurance is often complex, especially for SMBs that don’t have a dedicated cybersecurity team. Therefore, it is crucial that you look externally for the expert advice you need.
Here at Tiro Security, we help our clients to benefit from state-of-the-art cybersecurity. This includes being the go-to resource for when cyber insurance is needed.
To learn more about our cybersecurity services and how we can help you ensure you don’t pour money down the drain when it comes to cyber insurance, contact Tiro Security today.