Data from Statistica highlights the fact that cyber incidents are the leading risk factor facing companies worldwide, selected by 39% of respondents to a survey conducted in October and November 2019.  Combined with the fact that the data breaches in the U.S. healthcare sector cost an average of $7.13 million, it’s easy to see that there can be vulnerabilities in our modern data infrastructures. 

To help protect businesses from these events, cyber insurance providers offer extensive policies, known as cyber insurance or cyber liability insurance, that address most of the common risk factors. When a business has cyber insurance coverage, a claim can be made against the policy in the event of a specific cybercrime or data breach. 

In addition to direct support for costs associated with the event, the provider also may provide assistance with coordinating third-party support needed to manage data and infrastructure repairs, litigation, and employee or customer communication and identity protection. In this post, we’ll review what a cyber insurance policy is, the common areas of coverage, and how a company can use this type of insurance to reduce their overall risk of a cybercrime or data breach. 

An Overview of Cyber Insurance

A cyber insurance policy helps cover the costs associated with a data breach or other forms of cyberattack, such as malware or ransomware. Coverage for these policies will focus on a variety of actions that a company may take after a cybercrime has occurred. The goal of maintaining cyber insurance is to have a dedicated resource that can help minimize damages and restore business operations as quickly as possible. In addition to direct financial liabilities, companies also may need financial support to fund costs associated with notifying customers, managing a legal team, and acquiring various services to restore data or repair IT systems. 

What a Cyber Insurance Policy Covers

Cyber insurance policies are structured much like any insurance policy you may be familiar with such as liability, home, and auto. Most plans come with a core set of coverage areas and may offer additional a-la-carte options to meet specific needs. Coverage is typically defined as either first-person coverage, related to the business entity itself, or third-party coverage, which involves liabilities associated with external parties. While the specific coverage options will vary between cyber insurance providers and plans, there are a few common areas of need. 

• Customer and Employee Data Loss. Most cyberattacks and data breaches involve the targeting of specific company data. Cyber insurance can help with costs associated with managing the incident, paying regulatory fines, and providing identity recovery services. Many policies also cover data privacy litigation costs and other liabilities the company may the exposed to due to the nature of their work. 
• Business Interruption and Extortion. Ransomware is a common form of cybercrime that is growing in popularity during the COVID-19 pandemic. These extortion attacks can require the use of negotiators and data restoration services that are costly. These costs are covered in some cyber insurance policies. 
• Third-Party Lawsuits. With the large amounts of information collected these days, data privacy is an obvious concern for individuals and businesses. When a data breach occurs, this can lead to third-party lawsuits against the company regarding violations of privacy policies and other legal matters. Cyber insurance helps to cover the costs of defense and settlements. 
• Payment Fraud. Another common form of cybercrime involves tricking employees into sending money to a destination controlled by the hackers. This can be done through phishing email schemes or other means. Since a skilled hacker can use a company’s own systems to facilitate the entire process, it can be difficult to recover funds lost in these situations. Cyber insurance can cover lost funds and additional costs that may be incurred by your telecommunications provider. 
  

How to Manage Cyber Insurance Costs

It is difficult to generalize the cost of cyber insurance plans because they are uniquely tailored to the needs of each business. Plans are structured with a premium and deductible, and there are several actions that a company can take to reduce their insurance costs over time.  Many of these factors can help reduce the estimated risk associated with the business, which is the basis for insurance policy models: 

• Remain compliant with all relevant data regulations
• Maintain a clean record of past claims with low incident severity 
• Explore a-la-carte policy options for high priority coverage areas
• Regularly train staff on data management policies and best practices
• Invest in robust network security tools
• Utilize Managed Service Providers (MSPs) to fill security gaps
• Conduct regular and thorough risk assessments
  

Investing in a cyber insurance policy can significantly reduce the risk and exposure of a business in the event of a data breach or cybercrime. These policies have adequate coverage to provide support in the common areas of need that are critical in the days following an event. In addition to supplementing your internal security efforts with insurance, it is still crucial to continually improve your own capabilities and reduce identified areas of risk.