Cyber Insurance

Cyber insurance or cyber liability insurance protects companies from damages and liabilities that arise as the result of hacks, malware attacks or data breaches. It is a relatively new branch of the insurance industry, and because of this, there is often no standard for what a cyber insurance policy must and must not include. However, many policies typically cover costs that are directly associated with a security breach like: 

• Documenting and investigating the attack
• Data recovery and hardware repairs
• Notifying consumers and regulatory agencies
• Crisis management and PR damage control

Depending on your insurance provider, there is often unique criteria that companies must meet in order to be eligible for coverage.  This typically includes a third-party assessment — a risk assessment or a cybersecurity gap assessment – which will help identify vulnerabilities and risks within your organization.  Additional requirements can include:  

• Multi-factor Authentication (MFA) 
• Security Awareness Training
• Encrypted Backups
• Endpoint Detection and Response (EDR)

*This criteria continues to evolve with changes within the cybersecurity risk landscape, and businesses need to be proactive to ensure they meet the changes in policy requirements. There are also industry-specific compliance standards. 

If your business or organization does any of the following, you need to get cyber insurance.

• Accepts credit cards or other digital payment types
• Uses computers and mobile devices
• Keeps medical or financial data
• Stores confidential customer information

Cyber liability insurance can protect you from several first-party, third-party and additional costs that your company can face following a cyber-attack, depending on what your insurance policy covers. Cyber insurance is as dynamic as the companies it protects and is consequently far from standardized. However, some things that it typically covers include:

• Cyber extortion
• Data loss, recovery, and recreation
• Computer fraud
• Business interruption/ loss of revenue due to a breach
• Loss of transferred funds
• Digital asset management

No. Cyber insurance does not replace the need for cybersecurity.  Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks whereas cyber insurance is intended to provide services after a malicious attack is made. Cyber insurance generally covers fees and expenses involved in a breach and some policies include claims for ransomware. 

Your organization needs a cybersecurity plan. Without the correct protection in place, your organization’s most confidential information is left vulnerable and you may find it next to impossible to obtain cyber insurance without it. 

The most common types of cybercrime that impacts businesses are:

• Phishing – phishing is a type of cyber attack that uses email to try and trick you or your employees into revealing sensitive information or downloading malware. 
• Malware – malware often arrives through suspicious emails, files, downloads or links. Once opened, harmful software installs itself in your system, allowing attackers to spy on your activities and steal private data in the background. 
• Ransomware –Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
• Hacking – unlike the other three, hacking can happen without any action on your part. It involves skilled hackers finding vulnerabilities in your computer system and gaining unauthorized access into it.