Technology, social media, transactions play a major role in how organizations conduct their business and reach out to their customers but they also act as gateways to the cyber attacks. Cyber attacks are likely to occur and when they occur they can cause moderate to a severe loss for an organization. Cyber-insurance also is known as Cyber risk insurance or Cyber Liability Insurance Coverage (CLIC) is a specialized insurance product used to protect businesses and individual users from Internet-based risks and more generally from risks relating to Information Technology infrastructure and activities. Cyber-insurance started to become a popular concept in 2005.
Please note Cyber-insurance cannot protect your business from cyber-crime, rather it can keep your business on a stable financial footing in case of cyber-crime event.
Do I need Cyber Insurance?
The Answer is- Most Likely you do need cyber-insurance. As the number of devices, applications, etc increases in an organization, it becomes more vulnerable to attacks. Just like businesses need insurance against natural disasters, business problems, in the same way, cyber-insurance is required to safeguard against cyber attacks.
Who need Cyber security Insurance?
Cyber attacks against all businesses are increasing. Small organizations think that they are completely safe from such attacks but according to a survey it is found that over 40 percent of phishing attacks in 2018 were launched against organizations with less than 250 employees. Any organization that:
- Stores customer details.
- Collects online payment.
- Uses cloud for storage.
- Has increased number of devices connected to the business network.
- Should consider opting for cyber security insurance.
What does Cyber-insurance covers?
Cyber insurance covers expenses related to the first parties as well as claims by third parties. Although there is no standard for formulating these policies, below are some common reimbursable expenses:
1. Investigation: A forensics investigation is included in the cyber-insurance. The investigation is necessary to determine:
- What Occurred.
- How to repair damage.
- How to prevent the same type of cyber attack occurring in the future.
- It involves services of third-party security firm.
- It also involves coordination with law enforcement.
2. Privacy and Notification: This includes data breach notifications to the customers and other affected parties and credit monitoring for customers whose information was or maybe breached.
3. Business Losses: This includes monetary losses due to network downtime, business interruption, data loss recovery, and cost involve in a managing crisis like cost involve in repairing reputation damage.
4. Law suites and Extortion: This includes legal expenses associated with the release of confidential data and intellectual property and legal settlements.
What do Insurance companies look for while deciding the coverage?
An insurance company wants to see that:
- A company has accessed its vulnerability to cyber attacks.
- Company follows best practices by enabling defenses and controls to protect against attacks as much as possible.
- Employee Education especially in the areas of Phishing, Social Engineering, should be a part of a protection plan.
- Organization uses threat intelligence services to acquire the latest information on zero-day and targeted attacks.
- Organization has a team of ethical hackers to reveal security weaknesses.
- In some cases cyber risk insurer can request the audit of organization’s processes and governance as a condition of coverage.
Can I replace the Cyber security defense with Cyber Insurance?
NO. Cyber insurance is a way to compensate for the losses that occur due to a cyber breach but it cannot be considered as a substitute for cyber security solutions. Cyber risk insurers first analyze your company’s cyber security solutions before issuing a policy. This means the more time and money you have invested in developing cyber security defenses in your organization or we can say Stronger the cyber security defenses in your organization, more coverage can be given by cyber risk insurers.