What is Cyber Insurance? And Who Needs It?
Every business has a fiduciary responsibility to safeguard its customers’ data, especially if you’re processing online transactions. Part of that responsibility is ensuring your business has the financial means to recover and re-secure customer data in the event of a security breach. In 2016 alone, security experts at Kaspersky concluded that “attacked enterprises suffered an average of 23 hours of downtime, resulting in an average loss of $1.4 million.” Cyber security attacks threaten the reputation of a business; however, they are also very expensive to recover from. This leaves many business owners asking “what is cyber insurance?” And, “is cyber insurance the right financial solution for my small-business?”
What is Cyber Insurance?
Sometimes referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), cyber insurance is “designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.” Think of cyber insurance as a policy that protects your business from the potential costs associated with a security breach.
Who Needs Cyber Insurance?
According to CIO, “Any organization that stores and maintains customer information or collects online payment information, or uses the cloud, should consider adding cyber insurance to its budget” You may be thinking, “that’s just for large corporations … a cyber criminal wouldn’t be interested in my small-business.” However, the reality is that the number of cyber attacks is continuing to increase among businesses of all sizes.
As CIO notes, “Small-businesses tend to think they are safely-tucked away from exposure, but Symantec found that over 30 percent of phishing attacks in 2015 were launched against organizations with less than 250 employees.” In 2015, more than 40 percent of all cyber attacks were aimed at small-businesses, with an average cost of $130 per person to notify each customer of the security breach.
What Does Cyber Insurance Cover?
Cyber insurance and the risks it covers are still evolving, so no real standard exists for underwriting such policies. That said, common reimbursable expenses include:
- Forensic investigation to determine the mode of attack and how to prevent it from happening again
- Losses stemming from downtime, negligence, data loss and recovery
- Notifications required by law to inform customers and third parties
- Legal expenses associated with lawsuits and ransomware
What Do Cyber Insurers Require?
Like any insurer, cyber insurance providers want to know that your business is doing everything it can to reduce its vulnerability to a cyber attack. As CIO states, “An insurance company wants to see that an organization has assessed its vulnerability to cyber attacks (created a cyber risk profile) and follows best practices by enabling defenses and controls to protect against attacks as much as possible.”
If you’re interested in evaluating cyber insurance for your business, you should consider hiring a cybersecurity expert (for example, a Certified Ethical Hacker) or firm to conduct a threat assessment. If such an assessment is beyond your business’ means, penetration testing and online tools such as Metasploit and Wireshark may be of use.
At the bare minimum, you should consult with an IT professional before you purchase cyber insurance. A managed IT service provider can help you determine whether cyber insurance makes sense for your business, evaluate coverage types, and help with IT planning and budgeting. They can also help make recommendations and introductions to cybersecurity firms if needed. All Phases IT specializes in IT security and our team can perform a comprehensive network and data security analysis to ensure your business is protected. Contact us today to request a 30-minute phone consultation and evaluation of your IT environment.