What is Cyber Insurance?

Cyber insurance is a type of insurance that’s designed to protect against cyber risks. It’s primarily for mitigating the adverse effects brought by cybersecurity incidents (like a data breach, ID theft, or a cyber attack). It also covers the cost of recovery from such events and helps an organization cope with lawsuits. Cyber insurance is also referred to as cybersecurity insurance, cyber risk insurance, data breach insurance, and cyber liability insurance.

According to PwC, cyber insurance premiums were forecasted to grow from $2.5 billion in 2014 to $7.5 billion in 2020. In the US alone, a third of companies have some form of cyber insurance. These figures indicate that companies are finally appreciating the importance of cyber insurance.

What Does Cyber Insurance Cover?

Cyber insurance has no standard coverage, as it’s relatively new and still evolving. It differs from general liability insurance, which only covers property damage and bodily injuries. 

Policies differ from one insurance company to another, but generally, there are 2 types of cyber insurance coverages: 

• First-party coverage: This covers expenses incurred by the company after a cybersecurity incident. Examples of such reimbursable expenses are the cost of forensic investigation, monetary losses from network downtime or business disruption, system repair, data recovery, cost of notifying affected customers, extortion money (like with ransomware), and the cost of protecting the company’s reputation from media or public backlash.
• Third-party coverage: This covers expenses involved in defending the company against lawsuits. Examples are legal fees, legal claims, and regulatory fines.

What Cyber Insurance Doesn’t Cover

Before buying a cyber insurance policy, be aware not only of the coverages but also the things that are not included. Here are the typical exclusions:

• Bodily injury and property damage: These are covered by general liability insurance.
• Loss of property: Losing a phone or any physical property is under commercial property insurance.
• Criminal activity: Fraud, robbery, employee theft, and other crimes are usually covered by commercial crime insurance.

Who Should Buy Cyber Insurance? 

Companies that store customer information, perform online payments, or use cloud services should buy cyber insurance. But most (if not all) companies now have an online presence and are regularly exposed to cyber threats. If your company is a small one, do not assume that you don’t need cyber insurance. 

• In a 2015 report, Symantec stated that 30% of phishing attacks were directed against companies with less than 250 employees. 
• In another study, 66% of small-and-medium-sized businesses (SMBs) said they wouldn’t survive a data breach on their own. 
• In 2017, USA Today reported that 61% of data breaches occur in smaller businesses, with costs averaging between $84,000 and $148,000. Moreover, data breaches cause 60% of startups to go out of business in less than 6 months.

Why Buy Cyber Insurance?

Cyber insurance won’t shield a company from cyber attacks or from being exposed to cyber risks, but it can mitigate the damages caused by a cybersecurity incident. Cyber insurance is an important safety net to ensure that your business can continue to thrive with minimal impact after a security incident. 

Cyber insurance is becoming a vital part of cybersecurity strategies for organizations. Noncompliance with required frameworks and regulations like PCI DSS and HIPAA may result in costly penalties and fines. Depending on your cyber insurance, noncompliance fines may be covered.

Is Cyber Insurance Worth It?

While cyber insurance is helpful, it doesn’t exempt a company from fulfilling cybersecurity obligations. Whenever a company buys cyber insurance, it agrees to establish measures to avoid incidents that can be prevented in the first place. If there are no such measures, there’s a chance that the company’s claims may be denied. Companies should take proactive steps to maintain a strong cybersecurity posture, such as conducting regular compliance audits and implementing employee cybersecurity awareness training. 

Cyber insurance is a valuable protection for businesses of all sizes, offering coverage that protects your business from many of the devastating effects of a security breach. With the cost of a data breach skyrocketing and fines for regulatory non-compliance on the rise, cyber insurance can help your business weather the storm.