We’ve all heard about the various security measures our businesses should have in place to defend against cyberattack. We know this is something we need to invest both time and money into if we want to remain safe.
We know what we’re supposed to do before a potential breach… but what happens after the fact? Are there any protections left for victims of an attack?
This is where cyber liability insurance comes into play.
What is cyber liability insurance?
To put it bluntly, cyber liability insurance helps you not lose your business in the event of a security breach.
According to the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime each year, and of those businesses 60% will fold within six months of an attack.
Why? Breaches are expensive.
Cybersecurity Ventures predicts that global cybercrime costs will skyrocket from $3 trillion in 2015 (which is already frightening enough) to $6 trillion by 2021.
Outside of opportunity costs, one breach to one company could easily strip you of hundreds of thousands of dollars in:
- Legal fees
- Costs of investigating the incident
- Costs of notifying your clients of the breach
- Costs of helping your clients not have their lives ruined on account of the breach (i.e. identity recovery)
- Costs of restoring your compromised data
- Costs of downtime.
These are exactly the elements that cyber liability insurance will help with, both in terms of financial coverage and remediation services.
Does your business need it?
We may all be at some level of risk of cyberattack, but is the threat so large that we need to invest in a separate insurance policy?
If you company handles sensitive information, you have quite a lot at stake here; compromised ePHI or PII is a technical, administrative, and public relations nightmare. Compliance violations can cost you millions. Think of it as living in a flood plain – would you buy flood insurance?
Whether you’re dealing with protected data or not, I tend to think about cyber insurance as another layer of business continuity; if your company were to experience a disruptive security incident, this would help keep you operational.
If that’s important to you, I’d spend some time investigating your options.
How to go about selecting the right policy
Cyber insurance is still a relatively new field, so it will take some legwork to find a policy that fits your company’s needs while staying within budget (these policies can run you tens of thousands of dollars per month).
Before you get too deep into the weeds, however, make sure you give your existing insurance plan a look first. When I worked with my insurance agent to track down the right package for my own company, for example, we found that our existing errors and omissions plan actually had significantly better coverage than any cyber package we could find.
This may not be the case for your industry, but the process begins the same way: asking your insurance agent, “What if?”
No matter what sort of policy you end up selecting, remember: having a robust policy in place doesn’t mean you can sit back and forget about security measures going forward.
You’ll still need to protect your business against things like ransomware, email spoofing, and spear-phishing, and keep in mind that no matter how strong your technology is, your employees will always be your weakest link and need to be regularly educated.
Because not even the best insurance policy can magically restore a shattered reputation.
As originally published in the American City Business Journals.