Organizations of all sizes and sectors have become increasingly at risk of cybercrime. Our dependence on technology carries growing exposures and liabilities to our businesses. There are many questions about the need for cyber insurance as firms grapple with risks at the technological and employee levels. That’s why we invited our friend Logan Simios, Vice President at J. Krug, to answer some of the common questions we get asked as an MSP about cyber-insurance and how it can protect your business.
Does my business need cyber insurance?
It is important to remember that no organization is immune to the impact of cybercrime. When cyber-attacks like data breaches and hacks occur, they can result in devastating damage. Businesses must deal with business disruption, lost revenue, and litigation. As a result, cyber-liability insurance has become an essential component of any risk management program.
General liability policies don’t always protect organizations from losses related to data breaches. What’s more, data is generally worth far more than physical assets, and it’s important to have the right protection in place.
What are the benefits of cyber insurance?
Having a cyber insurance policy in place can protect against financial, operational, and reputational losses that may result from a range of cyber incidents, including data breaches, ransomware attacks, and phishing scams.
What does cyber insurance cover?
Typically, there are two types of cyber insurance—first-party coverage and third-party coverage.
First-party cyber insurance can offer protection for losses that an organization directly sustains from a cyber incident. Such as:
- Incident response costs
- Data recovery costs
- Business interruption loss
- Contingent business interruption loss
- Cyber extortion
- Reputational damage
- Financial theft and fraud
- Physical asset damage
Whereas, third-party coverage can provide protection for claims made, fines incurred, or legal action taken against an organization due to a cyber incident. Such as:
- Data privacy liability
- Regulatory defense
- Multimedia liability
- Network liability
- Technology errors and omissions liability
Data breach coverage. In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach, and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cybercriminals.
Business interruption loss reimbursement. A cyber-attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber-attack may also be covered.
Cyber extortion defense. Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
Forensic support. Following a cyber-attack, your organization will have to investigate to determine the extent of the breach and what led to it. The right policy can reimburse the insured for costs related to forensics and seeking out expert advice.
Legal support. In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber-attack.
What does cyber insurance not cover?
Individual insurance carriers have their own policy restrictions. There are also differences in coverage if a stand-alone policy is purchased versus just an add-on endorsement. Not all policies/coverage are the same so we recommend that one partner with a reputable insurance carrier and broker advisory firm that can properly select and explain the coverage.
How much does cyber insurance cost?
For small- to medium-sized businesses, premiums usually start at a few thousand dollars annually. Premium is calculated based on policy limits, coverage terms, and completion of underwriting application to show what cyber protocols are in place along with annual revenues.
Can’t my MSP take care of all these things?
From a security viewpoint, an MSP should be protecting you from many of these security threats. However, you read and see breaches happening daily from large organizations that spend millions of dollars on cyber security. If a breach does occur, it is important to be able to rely on cyber insurance coverage and their experts to handle the situation properly and effectively.
What happens if I self-insure or go without insurance?
If there is a cyber breach incident, you will not be able to rely on the insurance carrier or have access to their experts to help guide you through the resolution. In addition, there could be significant out-of-pocket costs to your organization. Lastly, dealing with the incident will be time-consuming and your business won’t be running as it should be…which can also lead to business income loss.