Cybersecurity threats are becoming more common for small to medium-sized businesses.
According to a cyber security report published by PurpleSec, 43% of small businesses had at least one cyber attack in the past year. Of these, 44% had two to four attacks. It's also important to note that many instances of cybercrime go unreported for fear of reputational damage, so these statistics are lower than the actual numbers.
In another survey conducted by Thales and published in Forbes, it was found that nearly two-thirds of US retailers have been victims of some data breach.
With cyberattacks growing in frequency and sophistication, businesses from budding startups to Fortune 500 buy cyber insurance to protect themselves from cyber threats.
But what exactly is cyber insurance, and why should you care?
In this post, you'll learn everything you need to know about cyber insurance, including what's covered, what's not covered, and which businesses need cyber insurance. Let's dive in!
What Is Cyber Insurance?
Due to the increase in cybercrimes, insurance companies are now offering monthly plans to help cover the cost of a data breach.
Cybersecurity insurance or cyber insurance is a type of insurance designed to protect companies against cyber risk. Cyber risks include risks related to:
- Information privacy
- Information governance
- Information technology infrastructure
Cyber security insurance helps protect organizations against the adverse effects of cybercrime incidents like data breaches, cyber-attacks, card fraud, etc. In fact, 23,775 complaints of BEC were filed with the FBI last year, with losses resulting in $1.7 billion. Cyber insurance also covers the recovery cost from such events and helps companies cope with lawsuits.
Cyber insurance has grown in popularity over the past few years due to its ability to mitigate risks in a dangerous world of the dark web and cyber security threats.
PwC data shows that cyber insurance premiums were projected to grow from $2.5 billion in 2014 to $7.5 billion in 2020. Today, more than a third of companies in the US have some form of cyber insurance.
Who Is Cybersecurity Insurance For?
No company is too big or too small for cyber insurance.
If your business stores important data such as social security numbers, credit card numbers, routing numbers, private documents, phone numbers, financially sensitive, personally identifiable data, or regulated information—either online or on a computer—you're at risk of cyberattack. You could benefit significantly from cyber security insurance.
In a nutshell, you need cyber insurance if your business:
- Uses computers and mobile devices
- Accepts cards and other digital methods of payments
- Stores confidential customer information
- Keeps medical or financial data
Besides stealing confidential business or personal data, attackers can also cripple a network with ransomware interrupting business operations for you and your customers. A cyber security insurance plan that covers ransomware attacks could go a long way in bailing companies out of such predicaments.
What Does Cyber Security Insurance Cover?
Cyber insurance policies vary by company and coverage. A Fortune 500 company, for example, wouldn't purchase the same level of cyber insurance as a startup.
A basic cyber security insurance plan can include:
This covers costs associated with responding to a breach.
It may include forensics costs to confirm and identify the threat, credit protection services, costs to notify the affected individuals, etc.
This coverage can protect you should you fall victim to CFO/CEO fraud. It can come in handy, especially for employees who fall victim to phishing schemes.
This covers costs to resolve claims associated with personal or corporate confidential information. This may include costs related to negligence, breach of contract, violation of privacy or consumer protection law, and regulatory investigations.
In the event of a cyber-attack, this covers costs to restore, replace, and repair damaged data (if possible) and software. In a digital world, property isn't exclusively tangible, so cyber coverage is needed to pay for intangible property such as software programs. Backup and disaster recovery plans are also important when considering the repercussions of lost data, as sometimes data cannot be recovered. A check from an insurance policy will help, but it will not be able to restore your data and operations.
This helps to pay for the ransom in the event of a ransomware attack. Where a business is under an extortion threat, cyber extortion coverage helps to cover that.
What's Not Covered
While cyber insurance can help mitigate the risks associated with a cyber-attack or data breach, it doesn't cover everything. Here's what's typically excluded from cyber insurance.
Cyber insurance usually only covers monetary damages. That means it won't cover hardware damages stemming from a cyber-attack, such as fried hardware during the incident. These types of damages are usually covered in commercial property insurance.
Intellectual property losses and any lost income are usually excluded from cyber insurance. A business will need separate intellectual property insurance to get this coverage.
Cyber insurance does not cover any bodily injury resulting from or associated with the incident. Like property damage, bodily injury falls under general liability insurance.
Self-Inflicted Cyber Incidents
If it's determined that the cyber incident was intentional or self-inflicted, no insurance company will pay for the purported damages.
How Much Does Cyber Insurance Cost?
The cost of a basic cyber security insurance plan will depend on many factors, including:
- Your industry
- The amount of the protected data
- Your yearly revenue
- The cybersecurity measures you have implemented
The amount you pay for a cybersecurity plan can vary between industries and from one business to another. However, cyber policies are currently very affordable due to the competition in the market. They can start at under $1,000 per year for a startup.
The Bottom Line
Cybersecurity threats continue to wreak havoc on businesses with weak security infrastructure. You can protect your organization by following cybersecurity best practices and purchasing a cyber insurance policy that best suits your business needs. Stay tuned for part two of this series on cybersecurity insurance: How to Get Cyber Insurance in 5 Simple Steps.
If you need assistance determining whether or not your business needs cyber insurance or meeting the best practice requirements to get insured, don't hesitate to get in touch. We're here to help!
Disclaimer: Blueteam Networks is not an insurance provider, and the information expressed here is the opinion of Blueteam Networks representatives. This content is for informational purposes only.
Reply Chain Phishing: What Your Business Needs to Know
Cyber crimes reached new heights and drew more attention than ever in 2021.
12 Ways to Optimize Security for Office 365
If you own a business or run an IT department, you and your staff are probably using Microsoft...
How Multifactor Authentication (MFA) Protects Your Business Against Cyber Threats
Cybercrime is on the rise and poses a significant threat to businesses of all sizes. Breaches in an...