In the wake of never-ending cybersecurity threats, our clients are always looking for ways to protect their businesses.
We’ve spent a lot of time talking about measures that companies can take to prevent an attack in the first place, but it’s also important to consider what would happen if an attack were ever successful. (Remember: even the best technical controls can be thwarted by a well-intentioned employee.)
This is why many businesses are considering cyber liability insurance. What do these types of policies cover, and how can you tell if the investment makes sense for your company? We’ll walk you through it below.
What is cyber liability insurance?
Cyber liability insurance helps cover the costs of recovering from a security incident.
According to the Ponemon Institute, the average cost of a data breach rose from $3.8 to $4 million in 2016. It is little surprise, then, that 60% of small businesses that suffer a breach go out of business within 6 months of an attack.
To help your business stay afloat after a breach, cyber liability insurance will cover things like:
- Legal fees
- Costs of investigating the incident
- Costs of notifying your clients
- Costs of helping your clients recover their identity
- Costs of restoring your data
- Costs of downtime
On top of this financial coverage, many plans will also provide assistance with the actual remediation process.
Is this kind of insurance right for your business?
This depends on your risk profile and tolerance.
For businesses that are subject to compliance regulations, there’s generally much more at stake; just last year, fines for HIPAA violations (or simply settling a potential violation) cost organizations nearly $23 million.
If, however, you’re in an industry that doesn’t rely heavily on technology to achieve its goals, and that doesn’t handle any sort of sensitive information, this level of protection could be overkill for you.
Ultimately, this coverage is another layer of business continuity; should you have a security breach, this will help keep you up and running. If this kind of protection is important to you, then it’s worth some investigation. If it isn’t, then it probably isn’t worth the investment for you.
How to choose the right insurance policy for your business
If you determine that moving forward with one of these policies is a good business decision, the next step is finding the right one.
While your IT team can help you determine your level of risk, we recommend starting the selection process with your company’s insurance agent. We say this for two main reasons:
- Your existing coverage may already address some level of cyber liability.
- This is a pretty new market, and it isn’t always easy to navigate if insurance isn’t your area of expertise.
Keep in mind:
even if your business does decide to move forward with cyber liability insurance, it’s still critical that you take proper preventative measures; insurance can help cover costs, but it can’t repair a damaged reputation.
A comprehensive security strategy will include:
- Regular risk assessments
- Risk prioritization and remediation
- Policy creation and enforcement
- Security awareness training for your staff
Stay vigilant, stay informed, and stay safe!