Cybersecurity nowadays is not something to be taken lightly. With new developments in criminal tactics, including ransomware that targets hospitals and puts patient lives on the line, the seriousness of protecting yourself and your assets is something that should never be lost on the modern businessman/woman.
It’s not just the big bugs that people need to worry about either. Common and preventable exploits show up everywhere, from poor employee practices leading to insecure vectors to IT departments that need to learn how to manage tickets and requests better. The simple fact is that in the world we live in today, you’re almost guaranteed to be hit with malware or some type of cybercriminal activity. The question facing many businesses today is: who is liable for the inherent risks of operating in our connected world?
Many businesses have begun to subscribe to the idea of “cyber insurance” which is also known as cyber liability insurance coverage (CLIC). The co-founder of insurance technology provider Advisen, David Bradford, believes that the cyber insurance market could be worth $5 billion by 2020. That’s double what it is today. Other estimates point to it tripling to $7.5 billion.
What Are You Covered For When Purchasing Cyber Insurance?
Currently there aren’t really any underwriting standards for CLIC, though many near-universal trends have popped up. CLIC generally covers first and third party claims with the ability to reimburse businesses for:
- Forensic Investigations: Whenever a business suffers a breach, especially when HIPPA or PCI compliance is involved, an investigation is required to figure out not only ‘whodunnit’, but also how, and sometimes when. A breach investigation may be long and arduous, and they are by no means inexpensive.
- Customer Breach Notification: After forensics completes their investigation, companies are required to notify both customers and other affected parties that a breach has occurred and that they may be at risk.
- Errors and Omissions: Normal E&O coverage protects against negligence and reimburses for damage and business losses that may be caused by it. In the case of Cyber E&O, financial loss due to interruption of standard services due to downtime, loss associated with costs of data recovery, business interruption–all of these will be covered by the most comprehensive CLIC providers.
- Other: As mentioned before, there are no set standards for CLIC, so you’ll see various other expenses that may be covered. These include the costs of lawsuits that may arise after private customer information is breached, and even the costs of cyber extortion due to ransomware and the like. When it comes to shopping around for CLIC, assume nothing is covered as a standard, and make sure you understand the terms and what is covered to the highest degree before purchasing.
Do You Truly Need CLIC?
When it comes to asking yourself whether or not you actually need cyber insurance, or whether you can afford it, look at it this way: IBM’s 2016 Cost of Data Breach Study shows that the average consolidated total cost of a data breach is a whopping $4 million. On top of that, the global study found the likelihood of a material data breach involving 10,000 lost or stolen records in the next 24 months at 26 percent.
The point is that the chances of a data breach are actually pretty high, and the costs of said breach can be even higher. The same IBM report found that the average cost incurred for each lost or stolen record containing sensitive material is around $158. Even for small businesses, the cost of losing just 100 of these records can add up to over $16k. Couple this with Symantec’s Intelligence Report 2015 and their 2016 Internet Security Threat Report showing that over 30 percent of all phishing attacks in 2015 were aimed at businesses with less than 250 employees, and that 43 percent of general attacks targeted the same organizations.
If you’re still wondering whether or not CLIC is for you, try creating a cyber risk profile to estimate how much the cost of a breach would put a dent in your organization, and compare that to the cost of your average provider. Make sure you investigate every potential situation and look at each provider for what they offer. In the end, you may find that the costs of CLIC are far cheaper than even a minor breach.