Cyber Liability Insurance – A Business Need

Cyber liability insurance for businesses is no longer optional.  A single successful cyberattack that compromises your network or protected information can be catastrophic.  After an unpredictable event, adequate insurance coverage is a must if an organization wants to recover.

How Much Can You Afford to Lose?

The average cost of a data breach in 2018 was $148 per lost or stolen record.  Businesses need enough cyber insurance coverage for all the costs associated with an IT security breach.  Standard liability policies do not cover cyber events.  In fact, many policies specifically exclude losses incurred because of the internet.

When a breach occurs, there are costs associated that are often back-of-mind of, like forensics, that can be quite expensive.  We suggest a policy that separates out the amount of coverage for forensics to ensure investigative work is covered.  It’s also important that coverage extends to mobile devices and laptops.

Cyber Liability Coverage is Not One Size Fits All

The proper amount of coverage depends on the organization’s level of risk.  As with any type of insurance, the proper amount of coverage is going to vary dramatically based on need.  For example, healthcare practices have higher coverage requirements because of the sensitive nature of the data they collect — Social Security numbers, dates of birth, and medical history.  If a medical office experiences a breach that involves confidential data, there are significant financial costs.  The practice will also be subject to a HIPAA violation.

In one case, we worked with a local healthcare client to determine the amount of coverage suitable for them.  Among other things, we used a data breach cost calculator.  The calculator bases the amount of coverage needed, in part, on the number of healthcare records a practice has.  After thorough analysis, we recommended a policy totaling $500-$750k coverage.

Cyber Liability Coverage differs by provider, but common coverage areas include data breaches, identity theft, and personal data theft. There are also the hefty legal fees, fines, and costs associated with recovering compromised data, repairing systems, restoring the personal identities of affected customers, and notifying customers of breaches. Coverage may also extend to scenarios like business interruption, extortion, or forensic investigation, meaning the costs associated with uncovering the cause and impact of an attack. The core idea behind cyber insurance is to help you recover from a data breach or identity theft by mitigating all the costs that crop up in the aftermath.

Source: Rob Marvin January 24, 2018

Required: IT Security

When applying for cyber insurance, providers will request information related to the applicant’s network security.  Get a feel for where your organization stands by using our Cyber Security Checklist. At minimum, the following IT security measures are required:

  • Antivirus software
  • Spam prevention and virus detection
  • Web content filtering
  • Security patch management
  • Physical access restrictions to the network equipment
  • Next generation firewall

Cyber liability insurance can’t protect an organization from cybercrime, but it can keep a business on stable financial footing should a significant security event occur.