Why Do I Need Cyber Liability Insurance?Katherine Bodendorfer
Without proper protection or coverage, an online crime and fraud event can have a major impact on a company or organization's revenue and reputation, potentially bringing their operations to a standstill.
While cyber attacks against larger institutions and Fortune 1000 companies often dominate the headlines today, America's Small and Midsize Businesses (SMBs) and their employees are just as vulnerable as their larger counterparts. Attacks occur daily across smaller organizations because they are easier targets, have few to no defenses in place and don't know what to protect first.
-Data breaches are amongst the leading risks to business operations globally.
-Half of all SMBs have experienced a data breach within the last year.
-40 percent have experienced a ransomware attack.
-In 2017, it was reported that the average cost of cybercrime amounted to $21.22 million U.S. dollars.
-Hiscox's risk report states that larger companies are more likely to buy an insurance policy than SMBs.
-SMBs purchasing cyber insurance is estimated to be only 16 to 20 percent.
As with business property and casualty insurance, it is now pragmatic for a majority of companies to have cyber liability coverage, so that cybercrime and fraud will not bring your organization to its knees.
Consider the SamSam ransomware attack in March 2018. Atlanta's municipal government and its critical systems across the city were taken down by a sophisticated attack. Police departments were prevented from using certain databases; city courts couldn't process ticket payments; inability to validate warrants; court appointments had to be canceled, and airport Wi-Fi service and many others were taken offline.
Atlanta's officials bought insurance the year prior to protect the public from such a breach and maintain control of personal data. The attack is still painful, potentially costing taxpayers $17 million, but when hackers sought a ransom, the government was able to refuse and relied on its cyber insurance policy to cover damage incurred by the incident.
Many articles say cyber insurance is a lot like purchasing flood insurance though it's a bit more complex. That is because cyber insurance is relatively new and somewhat fragmented. There is no consensus in the market about how to price premiums. What actuarial standards to follow.
What You Need to Know:
As an SMB, obviously cyber insurance does not prevent an attack or breach. But it can help to mitigate the financial risks and prevent financial disaster. It can help cover an assortment of costs, including investigation of an attack, recovering your data, credit monitoring for impacted clients, coverage costs for business interruption, legal fees, and other expenses.
The first place to start is by consulting an Insurance Broker who sells cyber liability insurance, like our partner, Clarke; Sampson. As the popularity of liability insurance increases, more policies become available to cover all aspects of your industry regardless of size, age, or business. Out of the thousands of known cyber threats, a complete and tailored cyber policy covering a variety of threats would be best.
From there, you need to lower your risk and ensure you receive a cost-effective plan.
Determine what aspects of a cybersecurity plan is critical to your organization. What data do you need to protect first e.g., like financial transactions, proprietary data and Personally Identifiable Information (PII).
Inquire about discounts from your prospective cybersecurity insurance provider. As pointed out in a previous WhiteHawk article, cyber insurance can trigger better practices and behavior, expose weaknesses of a policy, and enhance your cybersecurity posture. If you can demonstrate you have installed proper threat preventions, you may be able to lower your premiums. For more information about best practices, check out these posts, here and here.
It is no longer a question if you need cyber insurance, but rather how do you effectively and affordably incorporate it into your cybersecurity and disaster recovery plans.