A business fell victim to a ransomware attack every 40 seconds in 2017, with global ransomware damage costs for that year amounting to more than $5 billion. Despite the continuous improvements in information security software, these figures are likely to increase in 2019 and beyond.
If you're responsible for the security of your organization, cyber insurance should be high on your agenda. It can be a useful solution for any business wanting to reduce their exposure to additional losses and costs.
Here we outline exactly what cyber insurance is, what it covers and whether you should consider it for your business.
WHAT IS A CYBER INSURANCE POLICY?
Cyber insurance policies, also called cyber risk insurance or cyber liability insurance coverage, are risk management techniques created to support businesses in case of an information security breach. They compensate your business for the associated costs and attempt to reduce businesses’ exposure and losses from cyber-attacks.
The main objective is to provide funds and resources to help you return to a normal situation as fast as possible following a cyber-attack, or similar event. Cyber insurance will cover some of your expenses as well as those of some third-parties.
WHAT COSTS CAN BE COVERED BY YOUR CYBER INSURANCE POLICY?
Here are some examples of the types of cost that might be covered and refunded by your insurers:
- Investigation : Related to the investigative and forensic services necessary to carry out an assessment when a network-security breach has occurred. The purpose is to determine what happened, the impact, remediation and to evaluate how to anticipate and protect against a future attack of the same type. Assessments might be carried out by a third-party such as a private firm or even in some cases a government entity.
- Business interruption: Losses, costs and reputation damages related to the inability to conduct business because of a network downtime, data loss or crisis management.
- Extortion and lawsuits: Legal expenses and costs related to the release of confidential information, intellectual property and cyber extortion through ransomware.
- Computer data loss: Physical damages, losses and costs related to a data loss, data restoration retrieve, software and hardware damages or destruction as the result of a cyber-attack.
You should keep in mind that information security risks and types of cyber-attacks are constantly changing. Cyber insurers therefore work with IT security vendors to adapt insurance types to provide the best protection and prevention to cyber-attack.
HOW DOES CYBER INSURANCE WORK?
The main objective of a cyber insurance policy is to strengthen your information security to make it more robust in the future. This is done utilizing security software, processes, technology and training provided, through partnership with suitable IT security vendors (anti-virus, anti-spam and firewalls software).
When a problem occurs, such as a cyber-attack, especially malware, generated losses and costs are taken in charge by the risk management technique. The third-party is also covered by the insurance in the case of an assessment needed for any reparations or investigations to anticipate futures similar breaches.
The more impactful the cyber-attack, the better the cover provided by your insurer should be in terms of funding the recovery and losses of your organization. The overriding objective is to ensure that your organization will be able to efficiently and quickly resume conduct of business after a cyber-attack or similar event.
SHOULD YOUR BUSINESS HAVE CYBER INSURANCE?
Yes. With the knowledge that every business is more and more exposed to a considerable variety of cyber risks through the likes of malware and DDOS (Denial of Service) and that the frequency of cyber-attacks is growing, some form of cyber insurance for any business is essential. It’s no longer a luxury or just “nice to have”.
THE CYBER INSURANCE INDUSTRY
It's worthwhile pausing to think about how the cyber insurance industry works as a whole. The cyber insurance industry is a triumvirate of cyber insurers, their clients and IT security providers, with multiple benefits to the economy.
- Cyber insurers will profit from providing insurance.
- IT security software vendors will increase their penetration thanks to their partnership with cyber insurers.
- Businesses/technology users will potentially avoid losses and costs, or recover more easily from any cyber-attacks thanks to the combination of good information security practice driven by proper risk management tools and techniques.
Cyber insurers provide a risk management method for your organization. Cyber insurance should therefore be viewed as a ‘value-add’ rather than just an expenditure cost. It’s a must-have for all organizations committed to mitigating information risks now and into the future.
Any questions or comments on this topic? Please feel free to comment below and we’ll be sure to get back to you. In the meantime, if you'd like to know a bit more about ransomware why not check out our short video for an instant overview.