Cyber Insurance: Protecting You From Cyberattack Mayhem
Posted October 20, 2022 by Chris Glanden
What exactly is Cyber Insurance?
Also known as Cyber Liability insurance, Cyber Insurance can offset some of the financial damages that result from cyberattacks. Costs associated resulting from a cyber attack may include data recovery, damage caused to other systems, or damages from loss of customer data.
Are organizations really BUYING THIS??
Yes! In fact, cyber insurance has become the fastest growing product for U.S. insurers. Fitch Ratings recently reported that cyber insurance premiums increased by 74% in 2021 to over $4.8 billion. Also, premiums for standalone cyber coverage increased by 92% to over $3.1 billion for the year. This data also indicates that reported claims increased by 100% annually in the past three years and payments furnished from closed claims grew by 200% over the same period.
The frequency of ransomware events between 2018 and 2020 quadrupled, and last year, 86.2% of US based organizations fell victim to at least one cyberattack. Organizations are more cognizant than ever of the threat of a cyberattack, and therefore taking a multi-layer approach to protect themselves, which includes cyber insurance.
Ok, but why should I consider cyber insurance for MY organization?
Most general liability policies do not cover cyber-related losses, find out what your coverage includes, understand your premiums and ensure you are paying the least amount for the best protection. In addition, ensure your organization has an effective cybersecurity program that can minimize or eliminate the needs to execute on an insurance claim. Being proactive will significantly reduce disruption, brand damage and maintain or lower premiums.
Sounds good, although what TYPE OF COVERAGE will I get?
Although various providers offer different coverage tiers, a general cyber insurance will cover/include:
- Legal fees
- Lost income due to business interruption
- Coverage of all devices that could be stolen or lost (mobile, PCs, etc.)
- Protection if you’re a victim of a cyberattack
- Forensic services
- Crisis management (public relations assistance, brand-rebuilding efforts)
- Fees, ﬁnes, and penalties related to the cyber incident
- Breach notification
- Restoring personal identities of affected customers
- Recovering compromised data
- Repairing damaged computer systems
- Breach Hotline
Is my existing security posture good enough to GET APPROVED for cyber insurance?
Your application for a cyber insurance policy won’t be reviewed and approved if you implemented the proper security controls to become “cyber compliant.” Fortunately, taking measures to meet requirements can be achieved by understanding what underwriters will be assessing.
Here are the top 5 Focus areas that a cyber insurance underwriter will focus on:
- Identity and Access Management (Multifactor Authentication, Privileged Access Management)
- Endpoint Detection and Response
- 24/7 Network Monitoring and Security Operations Center Capabilities
- Network Backup and Recovery
- Network Segmentation
Once I get approved, how much will this actually COST me?
Depending on the coverage you select, it cost could certainly vary and the premium for insurance depends on the size of the company. Although, A recent study performed by AdvisorSmith Solution Inc. found that the average cyber insurance cost in 2021 was $1,589 per year or $132 per month. For comparison, US-based organizations spend almost $4 million dollars on average to respond to data breaches, according to IBM. For small businesses, the cost averages around $36,000 to recover from a data breach, according to First Data, and for SMBs, the cost rises to an average of $86,000 per Kaspersky.
Keep in mind, the fractional cost of cyber insurance could potentially prevent insurmountable costs if your organization were attacked, both monetary and reputational.
How can Sayers help?
Sayers understands the nuances of how cyber insurance works, and what an organization can do to demonstrate a comprehensive cybersecurity program maturity, hygiene and continued focus. We will guide you through what makes sense for your business and goals around cyber insurance.
We offer guided services to help you navigate the process of obtaining cyber insurance, such as:
• Cyber Liability Policies. Sayers will explain the process of obtaining a cyber insurance and what the core differences are between the most commonly used policies and coverage areas.
• Mapping your business needs. There are many different types of coverages available, such as Payment Fraud, Customer/ Employee Data Loss, Third-Party Lawsuits, Business Interruption and Extortion. You may not all of these, so it’s important to understand the specific offerings and what elements are needed to protect your organization in case of a cyberattack.
• Framework adherence. Cybersecurity Insurers are interested in attestation to adherence to frameworks, regulations, laws, and best practices. Sayers can assess and prepare organizations to these frameworks and provide the information necessary to hand over to your insurance providers.