Cyber insurance goes hand in hand with cybersecurity. Protecting your data is the first line of defense, but if that fails, cyber insurance is the last line of defense, helping organizations manage and mitigate losses associated with cyber events. Depending on the coverage, these events may include everything from network damage to a data breach. Cyber insurance can also help organizations recover from and mitigate the lingering impacts of other events such as:
- Data loss or destruction
- Cyber extortion
- Legal claims
- Other legal, compliance, and regulatory obligations
It’s important to point out that traditional commercial insurance policies, such as general liability or property insurance, often won’t cover cyber events, so many organizations opt to purchase cybersecurity insurance for additional stand-alone coverage.
Is there more than one kind of cyber insurance?
There are many kinds of cyber insurance depending on the needs of your business.
The most common is cybersecurity insurance, which generally covers the costs of responding to a cybersecurity breach. Response costs often extend beyond the technical and personnel measures to stop and recover from an incident, also covering additional expenses related to determining how a breach happened and making appropriate and mandated notifications to affected parties. In some cases, depending on the nature and severity of the breach, that could also include paying for costs associated with credit monitoring services for those affected for up to a year.
Cybersecurity insurance may also be called cyber liability insurance as it’s associated with damage liabilities related to a cyber incident. Cyber liability insurance may cover a range of events—for example, liabilities related to employee theft or loss of a device, or a hacking incident. It may also cover liabilities associated with a business disruption related to an event, expenses related to data recovery, crisis management fees, and other related costs.
Some organizations may also choose to purchase privacy liability coverage, especially those that handle sensitive and protected data such as personal health information (PHI) and personally identifiable information (PII). Privacy liability coverage may be a good choice for organizations concerned about the impact of a breach or other event and related costs that could incur from compliance failures and penalties, civil penalties, or other fines and legal or regulatory actions.
There is also errors and omissions insurance, which is related to issues regarding the delivery of products and professional services. This type of insurance covers claims of inadequate work or negligent actions from clients, including court costs and settlements. E&O insurance is suggested, and often required, for any business that provides an ongoing service to clients including lawyers, doctors, consultants, advisors, and more.
Why do I need cyber insurance?
There are a range of factors to consider when determining if you need cyber insurance, which type of coverage is best for you, and what best suits your business model. However, regardless of organization size or industry, there are some common benefits to investing in cyber insurance. For example, cyber insurance may:
- Cover expenses related to overall breach costs
- Manage business and income losses caused by a disruption
- Determine the cause and scope of a breach
- Manage cyber extortion claims and related losses
- Cover expenses related to investigations and legal obligations
- Provide peace of mind to executives, key stakeholders, investors, partners, and customers that your coverage extends beyond general commercial liabilities
What are some common cybersecurity insurance security mandates?
As the number of successful cyber breaches such as ransomware attacks continues to increase year after year, many cyber insurance underwriters now require their customers to implement a range of security controls. These requirements may vary from provider to provider, but here are some worth noting:
- Surveys outlining existing security controls such as network setup and security or backup processes
- Ongoing risk analysis and risk management
- Governance and procedure documentation
- Additional security controls such as MFA, air-gapping, device and data segregation, identity and access management, and smart endpoint detection
How can CBM help you navigate the world of cyber insurance?
We at CBM are experts on cybersecurity, and our knowledge of cyber insurance is just one element of that expertise. Good cybersecurity goes hand in hand with cyber insurance and can even lower your insurance premiums. We can help identify your company’s cybersecurity needs, implement a plan to mitigate those vulnerabilities and figure out which types of insurance coverage best suits the needs of your company. Contact us today for a consultation!