Any company that pumps their business through the internet must be aware of all the threats that exist in cyberspace. Most make a valiant effort to stay safe by investing in basic security technologies such as anti-virus software, password protection, and email encryption. Every little bit helps, but with global data breaches on the rise, both the SMB and enterprise sectors have to start thinking beyond the basics. Cyber insurance is an outside-the-box concept that can help better manage the risks, and the huge financial losses that follow.
Cyber insurance is a form of liability insurance designed to protect businesses from the damages that may ensue after a security breach. Go crying to your current insurer about how a DDoS attack crippled your network and more than likely, they’re going to tell you to read the fine print of their coverage policy before sending you on your way. Buy a cyber insurance policy, and you could be covered for the revenue you lost during those unfortunate periods of downtime.
While cyber insurance isn’t exactly new, it is shrouded in so much mystique that even dedicated security experts know very little about it, or have no clue what it is. Mysterious aura aside, it’s picking up steam and gaining attention from the audience that appears to need it most. U.S. businesses are reportedly on pace to pour $2 billion into cyber insurance policies in 2014 – 67 percent more than the $1.2 billion spent last year. It’s an even bigger jump up from the $600,000 in premiums tallied in 2010.
Sample Cyber Insurance Policy
So what does cyber insurance cover? It depends on the policy, but the following breakdown will give you an idea:
Security breach management: All expenses associated with managing the aftermath of a security breach may be covered. This typically includes the investigation, legal fees, and any costs you may incur in compliance penalties.
Data loss: Chances are, your existing insurance policy covers physical damages to your servers and network equipment. A cyber insurance policy is what you need to cover the actual data they store and transport.
Online media: Just about anything connected to your web presence may be covered under a policy. This goes for your website and blog as well as copyrights and intellectual property.
Business interruption: Anything from a virus to a natural disaster can put you out of commission long enough to impact your bottom line. The right policy will help you recoup the revenue you lost while you were forced to shut down.
PR management: Once a security breach strikes, you may have to quickly shift into PR mode in order to calm customer concerns and keep your brand image intact. The budget you pour into hiring a PR specialist or marketing firm may be recoverable under a cyber insurance policy.
Keep in mind that certain policy elements may overlap with existing insurance products. For instance, you may currently have IT insurance that covers copyright infringement on your software product and other technology assets. Don’t let this discourage you. Cyber insurance does an admirable job of mitigating substantial risks and in many cases, is flexible enough to tailor to your specific needs.
Who Sells Cyber Insurance?
The cyber insurance vertical is still quite young, so vendor options are limited in comparison to what you’d find on the traditional coverage market. This could be to your advantage, though, when considering that having more options tends to make for a more overwhelming selection process. In any event, taking the time to find the right provider is crucial because each firm brings a little something different to the table.
In addition to offering policies in both standalone and integrated coverage formats, insurance giant Traveler’s provides access to resources and tools that help clients avoid security breaches. MSP Alliance, who you may know for its contributions in the IT solutions space, is also active in this market. In fact, the organization just recently rolled out a cyber insurance program fit for the needs of companies that provide cloud and managed services. Alliance members can purchase a policy that covers them for up to $10 million in claims.
No matter what firm you decide on, most insurers will ask to take a look at your existing data security strategy or disaster recovery plan. Basically, they want to know that you have the measures and policies in place to protect your company. For example, they may ask whether your website requires multi-factor authentication to grant access or if you use any security products from third-party vendors. By conducting a thorough audit of your own infrastructure, you can make sure you get the right coverage and lower the cost of your premiums as well.
Insurance in general is merely an option that gives you a way to transfer risks. Whether we’re talking coverage for car accidents or floods, you still need to be diligent in anticipating threats and avoiding those risks in order to mitigate them best as possible. With that said, if you conclude that your current security strategy and coverage policy aren’t enough to offset your biggest risks, then cyber insurance may be a worthy investment.
Photo Credit: Jeff Keyzer via Flickr