When shopping for a cyber insurance policy for your business, go for one that fits your organization's unique needs and budget. Follow these five steps to choose the best cyber security policy for your business.
Step 1: Assess Your Cyber Risk
The first step in getting cyber security insurance is to understand your risk exposure. This will help you identify the extent of coverage you might need.
To assess your cyber risks, ask yourself these questions:
- What is the probability of an attack?
- What type of data do I store?
- Is the data sensitive, and does it need the same level of protection?
- What type of risk does my industry face—phishing, ransomware attacks, malware attacks, or a combination of all.
Many cyber insurance providers will want to be sure that you are following best practices when it comes to keeping data safe before they will insure you. This could include things like having a Firewall installed on your network, using multi-factor authentication, secure email, and more. Here is an example of what Travelers Insurance requires in regards to multi-factor authentication. Our Cyber Insurance partner Tech Rug, shared more information to help you understand what Cyber Liability Insuring Agreements might include.
Important Cyber Liability Insuring Agreements include but are not limited to:
- Network Security - Covers claims made by third parties arising out of a breach of their computer network and data storage units or devices. This includes coverage for both online and offline information, denial of service attacks, and the failure to prevent the transmission of a virus or malicious code.
- Privacy Liability - Protects against losses for the failure to protect a customer’s personally identifiable information (SSN, credit card numbers, medical information, passwords, etc.) via theft, unauthorized access, viruses, or denial of service attack.
- Multimedia Liability - Provides coverage for third-party liability claims alleging damage resulting from the dissemination of media material. This covers both electronic and non-electronic media material and may include claims of copyright or trademark infringement, libel, slander, plagiarism, or personal injury.
- Cyber Extortion - Coverage needed for situations where you must make a payment to eliminate credible threats to breach security in order to corrupt, damage, or destroy your computer system, to introduce malicious code into your computer system, or to disseminate, divulge, or improperly utilize any personal or confidential corporate information residing on your computer systems. See our Guide to Ransomware.
- Breach Response Costs - Provides coverage for privacy breach response costs, notification expenses, and breach support credit monitoring expenses. This includes reasonable mitigation costs and expenses incurred as a result of a privacy breach, security breach, or adverse media report – like legal expenses, public relations and advertising expenses, information technology (IT) forensic expenses, postage, and the cost to provide call centers, credit monitoring, and identity theft assistance.
- Regulatory Coverage - This coverage is for claims expenses and penalties if a governmental agency or regulatory body brings an enforcement action against you for a violation of a law protecting the confidentiality and security of Personally Identifiable Information.
- PCI DSS Liability - Provides coverage for assessments, fines, or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) or payment card company rules.
- Business Interruption Loss - Income Loss, Forensic Expenses, and Extra Expenses sustained during the Period of Restoration as a result of the actual interruption of business operations caused by a Security Breach.
Step 2: Weigh Your Risks Against Policy Costs
This step involves determining how much coverage you need versus how much risk you can afford. For instance, annual cyber insurance costs for small businesses range from $1,000 to around $8,000.
Using these numbers, you can determine how much coverage your business needs, considering your budget, risks, and the size of your data.
Step 3: Compare Different Terms
This step ensures you're not being ripped off on your cyber insurance.
Different cyber insurance providers will have different policies, premiums, terms, and conditions. In choosing the right policy for your business, consider the costs and services included in each premium and the type of risks covered.
Step 4: Read Online Reviews of Various Cyber Insurance Providers
If you're finding it hard to decide on the best cyber insurance provider for your company, check online reviews to see what other businesses are saying about them.
Check out their social media profiles and read reviews on popular review sites such as Better Business Bureau. Obviously, if a provider has many negative reviews and complaints, that's a red flag.
Step 5: Choose Your Cyber Insurance Provider
The final step is to choose the best cyber insurance provider for your business.
Your ideal cyber insurance provider should:
- Offer policies that meet your business needs
- Have positive online and/or word of mouth reviews from peers in your industry
- Have competitively priced policies relative to the competition
If you're unable to choose the best provider, engage your team or seek advice from peers in your professional network. You can also ask your IT provider for help.
The Bottom Line
Cybersecurity threats continue to wreak havoc on businesses with weak security infrastructure. You can protect your organization by following cybersecurity best practices and purchasing a cyber insurance policy that best suits your business needs.
If you need assistance determining whether or not your business needs cyber insurance or meeting the best practice requirements to get insured, don’t hesitate to get in touch.
Reply Chain Phishing: What Your Business Needs to Know
Cyber crimes reached new heights and drew more attention than ever in 2021.
What Is Zero Trust Security in IT and Why Should Your Business Use It?
Remember the good old days when security was simple? You could just lock your valuable data in...
Is Your Business a Sitting Duck
Unfortunately, small businesses are under attack. In fact, as you read this, extremely dangerous...