Cyber insurance is a fast-growing insurance market—the total size of the market is projected to reach about $38 billion by 2030.
As a relatively new line of insurance, cyber insurance policies are constantly changing—as are cyber threats. In this article, we’ll explain what cyber insurance is, what’s covered, what’s commonly excluded, why you should review your policy at least annually, and how to review your policy.
What is cyber insurance?
Cyber insurance, sometimes called cybersecurity insurance, is a type of coverage that protects businesses from cyber attacks. Cyber insurance for small amounts (typically 50K or less) can sometimes be added to your commercial general liability (CGL) insurance for an extra annual fee. A separate, standalone cyber insurance policy needs to be purchased in most cases, however. These policies tend to provide greater levels of protection and cover more risks.
What’s covered?
Coverage varies depending on your provider. That’s one of the reasons we created this article: We want to encourage you to review your cyber insurance coverage. A typical plan may respond to various cyber attacks, including:
- Ransomware
- DDoS
- Spoofing
- Phishing
- Malware
- Brute force
The coverages extended by your policy may include:
- Regulatory defence expenses
- Legal/civil damages
- Notification expenses
- Crisis management/PR expenses
- The cost of hiring a firm to respond to the breach
- Data restoration expenses
- Negotiator/ransom payments
- Business interruption expenses
What’s excluded and denied?
Several factors may lead to coverage being denied. The most important of these is a form of negligence: If your company doesn’t have the proper security measures in place, your insurer may deny coverage. Additionally, data taken from a stolen device may not be covered by your cyber insurance—it may, however, be covered by your CGL policy.
Why you should review your cyber insurance policy
Cybercriminals are constantly developing more sophisticated tactics. Cyber insurance is a relatively new insurance market. The underwriters who create cyber insurance policies are constantly changing the exclusions, premiums, and prerequisites of their policies. That’s, in part, because data breaches are more common than these insurers initially expected and in part because young insurance markets are always volatile.
As such, it’s possible your policy terms have changed since you purchased it or that the policy itself doesn’t respond to some new cyber threat. Other factors, like the overall value of your data, may have also changed. In such a volatile insurance market, reviewing your policy before its renewal date each year is essential.
Questions to ask when reviewing your cyber insurance policy
Cyber insurance exists at the nexus of two very complicated topics: Insurance and IT. Both of these domains can seem daunting to learn about in their own right; put them together, and it can be almost impossible to wrap your head around. Consider these questions:
- How much is your data worth?
- What security measures do you have in place?
- What types of cyber attacks are most likely to affect your business?
- What protocols do you have in place to recover from a cyber incident?
- Who controls your data? Do third parties have access to unsecured data?
- What data needs to be encrypted? Do you have unencrypted data on your network?
- Who could be affected by a data breach at your company?
- What, specifically, does your current cyber insurance plan cover?
- Are you at risk of coverage being denied by your current insurance policy?
- How much could you stand to lose if your business was the victim of a cyber attack?
If your answer to any of these questions was “I don’t know”—and you don’t think other people on your team will know the answer—you’ll need to talk to an IT professional.
Take the first question, for example: Understanding the value of your data is, in an abstract sense, simple enough. Assigning a dollar amount is, on the other hand, much more difficult. Then there’s understanding how much money it would take to recover that data—PR, ransoms, notification, data restoration—it all adds up very quickly.
Review your coverage with an IT professional
One excellent way of answering these questions is to review your policy with an IT professional to ensure that you have the right coverage—and that you have security measures in place to decrease your risk of having to actually use the coverage.
We recommend reviewing your coverage with an IT professional and an insurance broker simultaneously. Working together, they’ll be able to review both the insurance and the IT side of your cyber insurance policy.
At Constant C Technology Group an IT support company with a head office in Winnipeg we can help you review and understand your cyber insurance policy. We can also audit your IT security protocols and provide ongoing support to help keep your staff informed and your data safe.