Much like any other type of insurance policy, the idea behind cybersecurity insurance is that it covers problems if, or when, they occur. Think about it in terms of your homeowner’s policy. You pay for coverage in the hopes that you will never have to use it. But if a tree falls on your house or something else unexpected or dire occurs, it is there to help you cover the cost of repairs and make your home whole.
Simply put, cybersecurity insurance helps reduce the financial risks associated with doing business in today’s online world. With the increase in the amount of phishing emails with embedded malware, ransomware, and even social engineering attacks – as well as the cost to recover from a data breach often reaching into many thousands (and even millions) of dollars – it makes good business sense to have a policy in place.
What does cybersecurity insurance cover?
Overall, cyber policies protect your company from the following:
- Network Breaches: A good policy will cover your business if you experience a network security failure such as a data breach, extortion demand, ransomware malware infection or email compromise. A good policy will also cover the costs involved for hiring a cybersecurity consultant, data restoration, legal expenses, forensic investigations, customer notifications, public relations assistance and other things that will be needed to recover from a breach.
- Business Interruption: In many cases, a cybersecurity attack means your business grinds to a halt until the breach is repaired. A cybersecurity policy can cover your lost profits, fixed fees and other costs associated with being unable to conduct business due to an attack.
- Privacy Liability: One of the worst impacts of a breach is when customer and/or employee information is stolen, exposing private information to the bad guys. Policies can be written to cover the legal fees, fines and penalties associated with the release of this sensitive data.
There are other areas that can be included in the coverage as well, but these are the primary areas of concern.
What can you expect when applying for cybersecurity insurance?
As you can expect, insurance companies require a good deal of information when writing these policies. Much like a medical exam when applying for health or life insurance, the underwriters ask a lot of questions, and your answers to those questions determine the policy’s coverage and cost. Below if a partial list of some of the areas you will be asked about on a typical application:
- If you have multi-factor authentication (MFA) enabled on all remote access points (email, portals, etc.)
- How often, where, and how, you back up critical data and a description of your data retention policy
- How your IT infrastructure is managed (internally, using a managed services provider or a combination of both)
- If you have had any cyber incidents that were not successfully blocked (typically within the last 3 years)
- What you spend on IT security on an annual basis
- The number employees in your IT department and how many are responsible for IT security
- The type of data stored on your network and an estimate on the total volume of unique individuals on whom you store data
- The manner in which you secure remote access to your network
- Frequency of vulnerability scans and penetration testing
Gathering all this data is important to the security of your data and company. If you don’t know the answer to these questions (and there are quite a few more too), you likely need to review your overall cybersecurity situation and make sure you are as protected as possible.
If there is anything we can do to help, or questions we can answer for you, we are happy to set up a time to discuss your current cybersecurity protection layers, detail the solutions we offer to our clients, and recommend some cybersecurity insurance companies that you may want to interview.