Handling personally identifiable information (PII), such as names and Social Security numbers, can be nerve-racking for business owners. So, you need to protect the PII of your customers, vendors, and employees from hackers and data breaches. To defend your company from cyberattacks and their consequences, you might consider cyber security insurance. But, is cyber insurance worth it? Keep reading to find out.
What is cyber insurance?
Before we can talk about if it’s worth it to purchase a cyber insurance policy, let’s take a look at what cyber insurance is. So, what is cyber liability insurance? Cyber insurance coverage is general liability insurance that helps protect business owners from the effects of cyberattacks and hacking threats.
Cyber insurance is also known as ransomware insurance, cyber liability insurance, cyber risk insurance, data breach insurance, and cyber security insurance.
Businesses with a cyber insurance policy can use it to minimize disruption in business following cyberattacks. And, the policy typically covers some financial costs of the fallout, including addressing, resolving, and recovering from the attack.
However, businesses do not shift all responsibility for attacks to the insurance company when purchasing a policy. Businesses must also address their own cybersecurity internally. For example, a ransomware policy does not protect against hacking or cyberattacks. Policies only help address what happens after an attack.
Think of cyber insurance like an auto insurance policy. Having the policy does not protect you from a car accident. Instead, the auto insurance policy helps you with the costs of repairs in the event of an accident. Therefore, you must remain diligent in avoiding accidents even with an insurance policy in place.
Is cyber insurance worth it?
Who needs cyber liability insurance? In general, only companies who process personal information over the internet should consider a cyber attack insurance policy. In 2021, this means that almost every company, regardless of size, may find value in a ransomware insurance policy.
Cyber insurance is no longer just for the technology and healthcare industries. Instead, most businesses have various information they store digitally, increasing the risk of a data breach. The information businesses store online has grown to include:
- Credit and debit cards
- Bank account and routing numbers
- Social Security numbers (SSNs)
- Taxpayer Identification Numbers (TINs)
- Home addresses
- Full names
The list goes on and on. A single data breach can impact dozens, if not hundreds or thousands, of customers or employees. In fact, one study shows that there were 1,001 data breaches in 2020 with more than 155.8 million affected individuals. So regardless of what kind of business information you store online, protecting your company from an attack is of the utmost importance.
The bottom line is: Cyber insurance is worth it if you deal with any kind of PII, whether it’s payroll for one person or the information of thousands of customers.
What does cyber insurance cover?
A typical cyber insurance policy covers the basics of recovering from a cyberattack, including:
- Network security and privacy
- Media liability
- Errors and omissions
- Network business interruptions
When seeking a policy, check cyber insurance companies and their policies to determine what they do and do not cover in the event of an attack.
Network security and privacy
The network security and privacy portion of a policy covers your business if there is a network security failure. The security failure can include a data breach, malware exposure or infection, cyber extortion, compromised business emails, ransomware, and more.
This portion of the policy relates to the costs you directly incur from security failure. This may include:
- Data restoration
- Negotiation and payment of ransomware demands
- IT forensics
- Legal expenses
- Public relations
- Notifications to consumers
The privacy portion of a policy helps to protect your business from third-party costs, such as:
- Consumer litigation related to the data breach
- Fines, penalties, or legal expenses resulting from regulatory investigations from the government or law enforcement
Media liability helps to protect your business from intellectual property infringement and related losses. Most policies do not include patent infringement in media liability coverage.
The coverage typically applies to online and print advertising as well as social media posts.
Errors and omissions
If you face a cyberattack, you may be unable to fulfill contractual obligations to your customers. An errors and omissions policy item covers the claims related to any errors or failures in providing or performing services.
The policy can include non-technology professional services (e.g., lawyers) or technology-based services (e.g., software). If a cyberattack leaves you unable to perform contractually obligated services, this policy addresses any potential allegations of negligence or breach of contract.
Policies typically cover legal defense costs or compensation to impacted parties.
Network business interruptions
If your business heavily relies on technology to operate day-to-day, consider seeking a policy with a provision regarding network business interruptions. A policy that includes interruptions protects your business in the event of a cyberattack that affects daily operations.
Whether it’s your personal network or the network of a provider going down, the network business interruptions provision covers losses from:
- Third-party security failures (e.g., hacking)
- System failures (e.g., failed software)
Losses can include profits, costs incurred during the time of impact, or fixed expenses.
What does cyber security insurance not cover?
Data breach insurance does not cover everything related to the cyber world. So before you sign on the dotted line and say “yes” to a potential policy, understand what the policy excludes.
Generally, a policy does not cover:
- Costs of improving internal technology systems (e.g., security upgrades)
- Loss of value due to intellectual property theft
- Potential future profit losses
Because cyber risk insurance typically does not cover the above items, you may consider additional policies that do protect you and your business. Discuss options with your insurance policy provider to determine what you can do to cover any potential gaps in coverage.
What can you do to protect your business from cyberattacks?
Like with any type of insurance, you purchase a policy to protect yourself in case of an accident or emergency. But, prevention is key for cyberattacks because you can incur damage to your business’s reputation that an insurance policy might not solve. So, how can you protect your company against cyberattacks?
Make sure all employees are knowledgeable about cybersecurity. Conduct regular training with your employees regarding internet safety and the importance of protecting PII. Instruct your employees to remain aware of potential threats, like email phishing scams.
Implement security policies in the workplace and create training for remote workers. For example, you may encourage (or require) employees to use multi-factor authentication or passphrases in place of passwords. And, encourage employees to routinely monitor their systems.
For your own network security, consider:
- Routinely backing up data (e.g., nightly or weekly)
- Continuously testing the security of the network and data
- Activating data encryption
- Installing surge protectors in the event of power outages
- Using virtual private networks (VPNs)
COVID-19 increased the number of remote workers, so check in with your remote employees to refresh their knowledge, too. And, let them know if they should expect any technology changes.
To read the full article, click here.