Risk & Compliance | Security | Technology

What is Cyber-Insurance? What Do You Need To Know?

There’s no denying it: We live in an age of insurance. 

Of course, there’s insurance for physical things, like our health, cars, homes, and jewelry. But just as notably, cyber insurance establishes a sense of security in an increasingly dangerous online landscape. 

Cybercrime is rising. An estimated $600 billion is lost yearly due to digital attacks, with the average data breach costing $4.5 million. These costs can be devastating, and reports show that 60% of small businesses fail within six months after suffering a data breach. But the news isn’t all bleak because as online threats evolve, the tools used to mitigate them are also advancing. 

Cyber insurance is crucial for limiting the effects of digital attacks. However, only 34% of businesses invest in cyber coverage, even though it can prevent a total collapse. At this point, any business using digital infrastructure must consider how cyber insurance can protect its customers and digital assets. 

An Illustration of a Digital Disaster

If you stay abreast of cybersecurity headlines, you may remember the 2021 ransomware attack on CNA Financial

CNA, one of the largest insurance institutions in the U.S., was struck in March 2021 when threat actors infiltrated the company’s computers and gained access to its private servers. From there, they stole immense amounts of customer data and held it for ransom. This put the company in a tailspin, causing CNA to shut down many of its systems for nearly two months. 

Ultimately, CNA paid the threat actors $40 million to regain control of its systems, which doesn’t include the money lost due to the operational downtime. 

There’s a lesson to be learned from this. If such an attack can happen to a company as large as CNA, one with its own internal security team, how devastating can a ransomware attack be for a small or midsize tech or e-commerce startup? 

Now, online attacks aren’t a matter of if; they’re a matter of when. Companies can’t afford to ignore the risk, meaning they must consider cyber insurance. 

Understanding Cyber Insurance

You may be wondering what exactly cyber liability insurance is and what it covers.

Simply put, cyber insurance offers protection against cyber attacks and minimizes financial and operational damage. This type of insurance covers a range of online threats, such as: 

  • Ransomware attacks 
  • Data breaches 
  • Phishing scams 
  • Computer viruses 
  • Extortion 
  • Online Theft 

Cyber insurance is similar to other types of coverage. For example, just as businesses choose to insure themselves in the face of natural disasters or theft, cyber insurance covers the cost of digital disasters.  

There are two components of cyber coverage, and the insurance policy you invest in determines what would be covered in the event of a digital attack. 

First-Party Insurance

First-party insurance covers costs within a business’s internal network. For example, in the case of CNA, first-party insurance could have fully or partially covered the $40 million ransom payment.

First-party insurance also covers expenses associated with:

  • Revenue losses resulting from operational downtime
  • Investigating the breach
  • Credit monitoring
  • Customer notification
  • Crisis management

The most common form of first-party insurance is called data breach insurance. This type of policy pays for things like notifying customers about data theft and supplying them with anti-fraud services. Data breach insurance also covers investigation and prevention expenses and lost income from downtime. It may also cover the PR expenses a business incurs while trying to restore its damaged reputation.
You may wonder: Do I need all of this? The answer is only sometimes, but you can’t just assume it’s unnecessary, either. It’s crucial to thoroughly evaluate your cyber risk, so a third-party risk assessment is recommended. 

Third-Party Liability Insurance

Third-party liability insurance protects businesses against lawsuits filed by clients or customers who are affected by a data breach. These policies cover things like: 

  • Attorney and court fees
  • Settlements
  • Fines for noncompliance

Another coverage category is technology errors and omissions insurance, which is commonly packaged into third-party policies. This form of insurance covers incidents due to the company’s errors. For example, if a coding issue within your product or service results in a data breach, this type of insurance would cover the costs of litigation and settlements.

The Limitations of Cyber Insurance

While cyber insurance covers many of the costs associated with data breaches, it won’t cover everything. Most policies have significant exclusions and limitations that need to be addressed. The common areas of exclusion include: 

  • Prior incidents: Insurance won’t cover the costs of any incidents that occurred before the policy agreement was adopted.
  • Intellectual property: Coverage for intellectual property losses typically isn’t included in cyber insurance plans.
  • Criminal activity: Cyber insurance will be rendered void if the breached company is operating illegally or outside of regulatory compliance.
  • Proactive costs: Insurance typically doesn’t cover data breach prevention tools, training, and software.
  • Unpatched software: Breaches caused by a failure to maintain up-to-date software and security patches usually aren’t covered.

Examining your policy and reviewing it with legal professionals is also crucial. Some insurance companies build loopholes into their agreements to limit the agency’s responsibility for payouts. They may attempt to build in fine print that allows them to void the policies under certain circumstances as well.

Who Needs Cyber Insurance the Most?

Understanding your need for cyber insurance always comes down to evaluating your risks. Certain businesses face significantly more risks than others, making a heftier insurance plan a wise choice. Cyber insurance is crucial for companies that heavily rely on digital infrastructure, handle sensitive customer data, have large customer bases, or face significant vulnerabilities. Below are four types of businesses that should urgently consider investing in cyber insurance:

1. E-Commerce Platforms 

Online retail hinges on fast and secure transactions and customer data transfers, often including credit card details and home addresses. Because of this, it’s always wise to have a robust insurance policy to protect the business against the potential fallout of a data breach.  

2. Health Care Providers 

The more sensitive the data is, the more hackers will covet it. Medical providers and healthcare agencies will always be prime targets. You might remember the 2021 Accellion FTA hack, in which over 3.8 million medical records were stolen and held for ransom. 

Hackers know that the more sensitive the information is, the more organizations will pay to retrieve it; this is why robust policies are wise for any medical institution.  

3. Financial Institutions 

The finance sector consistently ranks as one of the most highly targeted areas for online attacks, given that such organizations hold data often directly tied to massive sums of capital and bank accounts. Given this, insurance policies are essential to protect against downtime and ransom attacks. 

4. Startups and Small Businesses 

Did you know that 43% of online attacks target small businesses? Most smaller companies assume they’re safe from digital attacks because they have less to offer. However, startups and small companies pose specific vulnerabilities because they usually have fewer defenses. This makes them appealing targets for intellectual property theft, industrial espionage, and other cyber attacks. 

Protect Your Businesses From Devastating Cyber Attacks

Cyber insurance isn’t cheap, and purchasing a policy requires a thorough and honest assessment of a business’s digital network, security, assets, and data. However, it’s difficult to calculate how vulnerable the business may be, so many companies reach out to a trusted partner to guide them through the cyber insurance process.

Consider partnering with ISOutsource to select the right cyber insurance policy for your business. We specialize in strategic services across all major industries, provide businesses with a clear picture of their digital vulnerabilities, and match them with the coverage that best suits their needs.

Contact us today for a consultation and let us support your business as it adapts to the challenges of the modern world.