Why you should(n’t) get cyber insurance
As individuals, we pay for home insurance and auto insurance to provide coverage in case of a fire or car crash. Businesses often invest in liability insurance in case someone gets injured on their property.
But what happens when a cyber attack affects your home or business? High-profile incidents such as last year’s Equifax data breach highlight how some of the biggest threats in today’s world exist in a purely digital realm.
In an effort to protect themselves against the wide range of cyber security risks that exist in today’s marketplace, many companies are taking on the added measure of purchasing cyber insurance.
But should you invest in cyber insurance for your own business or personal needs? Here’s a closer look at some of the key facts you need to know when deciding if this insurance offering is right for you.
Who needs cyber insurance?
In general, if you process payments online, use cloud systems to store company information or store customer data in a computer system, you should probably invest in cyber insurance.
It can be tempting to assume that large corporations are the only victims of hacking and phishing attempts, but small businesses are frequently targeted as well.
In fact, a report by USA Today found that approximately 61 percent of data breaches target smaller businesses, with average costs ranging between $84,000 and $148,000. Even worse, a full 60 percent of startups affected by such incidents go out of business less than six months after the breach.
General liability insurance likely won’t cover all the expenses that could result after a data breach, either. Though Portal Healthcare Solutions was able to receive coverage for its court expenses through its commercial general liability policy following a class-action lawsuit related to its data breach, most general policies are unlikely to provide coverage for all expenses associated with cyber crime.
It’s worth noting that such considerations aren’t as pertinent to individuals. Those who use credit cards and bank accounts typically gain cybersecurity protection through their financial providers.
However, company founders and wealthy individuals are often targeted by hackers in an attempt to steal business information. For these people, personal coverage could add much-needed protection to digitally-accessed assets.
What is covered?
Cyber insurance is generally designed to help businesses address any expense that might occur as the result of a data breach, including forensic investigations, business losses and notification expenses, as well as addressing lawsuits and extortion attempts.
When purchasing a policy, you should be aware of how coverage applies to non-malicious employee actions, social engineering attacks and network attacks.
Though cyber insurance can provide coverage for a wide variety of security mishaps, insurance providers have been known to deny claims when a company failed to secure sufficient protective measures.
For example, in 2013, Cottage Health System was left financially responsible after a data breach, even though it had cyber insurance.
Their insurance provider cited Cottage’s failures to “re-assess its information security exposure and enhance risk controls,” as well as to “deploy a system to detect unauthorized access or attempts to access sensitive information stored on its servers” as signs that it wasn’t taking adequate steps to minimize its risk.
In other words, if you’re not willing to continually monitor your cyber security and make upgrades when necessary, you may not qualify for assistance if an incident takes place — no matter how high of a premium you pay.
Determining insurance coverage
While investing in cyber insurance is an important consideration for small and large businesses alike, it is essential that you understand how much coverage you actually need — and that you’re taking necessary actions to prevent breaches from happening in the first place.
Cyber security best practices, such as encrypting your information, training staff members to identify phishing attempts, installing anti-virus software and regularly auditing your network can go a long way in preventing a breach. These are also the indicators an insurance provider will look for to determine whether you qualify for coverage.
Of course, your perceived vulnerability to cyber threats isn’t the only factor that will be considered. Your company’s industry, service offerings and gross revenue will also determine the cost of your policy.
When determining what type of cyber insurance policy to buy, you should consider how much financial damage a data breach could cause so that you purchase adequate coverage. Insurance providers frequently provide cost estimates to help you determine how much coverage you actually need.
Failing to purchase enough coverage to fully cover your actual risk can lead to disastrous results. Sony Pictures already had a cyber insurance policy in place prior to its massive data breach, but the corporation’s policy limit had been set at $60 million.
At the time, most analysts agreed this was far below the level of coverage that Sony actually needed, and as a result, the company was left financially responsible for millions in damages.
Is cyber insurance right for you?
By taking the aforementioned factors into consideration, you’ll be better able to determine whether or not cyber insurance is a worthwhile investment for your unique situation.
Not every business will need millions of dollars of coverage, and for many individuals who don’t access sensitive data on their home computer, the costs can frequently outweigh the risks.
But in today’s world where even small mom-and-pop businesses are increasingly reliant on digital tools and cloud storage, this is one protective policy that is well worth your consideration.
Regardless of whether you feel cyber insurance is right for your current situation, as you start taking steps to improve your own cyber security practices, you’ll be better positioned to protect your data and financial assets from today’s digital threats.
Apply now to kickstart your career via PwC’s Cyber Security Fast Track and enter a competitive and extremely diverse working environment.
Published September 24, 2018 — 07:46 UTC