Management, compliance & auditing

How Cyber Insurance Can Safeguard Your Business - A General Guide

Penny Hoelscher
January 5, 2018 by
Penny Hoelscher

Cyber insurance is also known as cyber liability insurance coverage. It helps businesses and individuals protect themselves from Internet- and IT infrastructure-based risks. Interestingly, these types of risks are not covered by traditional, commercial liability policies. This is the primary reason any business with any sort of online presence cannot afford to go without cyber insurance.

What Are the Differences Between Cyber Insurance & Traditional Insurance?

Cyber insurance is a growing market which was initially slow to become a mainstream type of business insurance. This is because it is a slightly more nebulous market than traditional insurance, as there is no hard and fast set of rules to assess a company’s cybersecurity. The problem is mainly due to a lack of statistical and actuarial data. The National Institute of Standards and Technology (NIST) developed a cybersecurity framework for critical infrastructure in collaboration with private industry, which helped insurers assess a business’s risk. However, it is not a simple process: risks, like reputational damage, are difficult to accurately forecast in advance of an attack.

Why Do I Need Cyber Insurance?

As reported by TechCrunch, the 2011 Sony PlayStation network breach compromised more than 77 million personal accounts. This cost Sony an estimated $170 million. While Sony thought their general liability insurance policy would cover the breach, the courts ruled against them.

On the other hand, the cost of the notorious 2013 Target data breach was close to a whopping $300 million. Luckily, a R100 million cyber insurance policy helped the company pay a relatively hefty percentage of these costs.

According to PwC, about one-third of U.S. companies purchase some type of cyber insurance.

What Are the Costs of Cybercrime?

Cybercrime, as valued by the Center for Strategic and International Studies, costs the global economy more than $400 billion a year. For many, insurance is a grudge purchase. Many businesses are complacent, believing their security procedures and policies are enough to avoid cyber attack. However, even if you are insured, chances are you will have to prove you did everything possible to prevent attack. The costs of cyber attacks include:

  • Loss of customers
  • First- and third-party theft and fraud
  • Forensic investigation
  • Business interruption
  • Extortion and ransom demands
  • Reputation loss
  • Loss of income
  • Notifications and public relations costs
  • Computer data loss and restoration
  • Crisis management expenses
  • Litigation by third parties, e.g., suppliers
  • Physical damage to equipment
  • Regulatory fines

Fortunately, these costs can be mitigated by cyber insurance policies.

What Are the Types of Cyber Insurance Coverage?

There are two main types of cyber insurance coverage: first-party coverage and third-party liability coverage.  

1. First-Party Coverage

First-party coverage usually covers direct costs associated with responding to a cyber attack:

  • Forensic investigation of the event
  • Crisis management
  • Device restoration or management
  • Business downtime
  • Legal advice
  • Notification to affected parties, e.g., customers

2. Third-party liability coverage

Third-party liability coverage usually covers costs associated with claims, lawsuits and regulatory liabilities:

  • Lawsuits by infected parties
  • Fines by regulatory bodies
  • Legal fees
  • Electronic media content liability, e.g., cost of copyright infringements

Why Do You Need Cyber Insurance?

  • No one is safe: No individual or company is immune to cybercrime, whether due to human error, software vulnerabilities or ineffective security. Facebook founder Mark Zuckerberg had one of his social media accounts hacked three times in 2016 alone. Google, Yahoo and Uber CEOs have all had accounts hacked in the past.
  • Costs are high if you are successfully attacked: A Ponemon Institute report indicates the global average cost of a data breach is $3.62 million. It is even more in the U.S. at approximately $6 million. The U.S. Securities and Exchange Commission estimates half of the small businesses that suffer a cyber attack go out of business within six months.
  • Cybercrime is growing exponentially:  Businesses that hold personal data are particularly at risk. Human error is a company’s biggest vulnerability and the most difficult to guard against.
  • Risk and liability: You can be held legally and financially liable if third party data is compromised in a breach.

What is the Average Cost of Cyber Insurance?

Howmuch.net estimates the average annual cost for various types of small businesses. For a small business, costs range from $750 to $8,000. Here are annual cost estimates for a few common small business types:

  • Healthcare office: $1,202
  • Tax preparation firm: $1,200
  • Retail store: $1,100

Data Breach Insurance also provides averages for medium-sized enterprises:

  • Call center: $19,800
  • Fiber optics communications provider : $47,000
  • Ecommerce retailer: $1,100

For larger companies, cyber insurance costs are significantly higher. Reuters reports premiums for a $10 million policy at financial institutions with under $1 billion in revenue can run between $150,000 to $175,000 per year.

What Are the Most Popular Cybersecurity Insurance Companies?

The Insurance Journal lists the top cyber carriers, according to Fitch ratings, as:

  • American International Group (AIG)
  • Chubb
  • XL Group
  • Axis Capital Holdings
  • Beazely Insurance Co

Conclusion

If you sell lemonade, you might wonder whether you need cyber insurance. Even if you never use the Internet to order goods from suppliers, pay invoices or market your product, the answer is still yes. Even an infected USB device can put your business computers at risk. After that, it’s a piggyback ride for cybercriminals. Cyber insurance can not only help mitigate the costs of a breach, but also actively help you in the aftermath of an attack to restore and secure your system.

Sources:

Penny Hoelscher
Penny Hoelscher

Penny Hoelscher has a degree in Journalism. She worked as a programmer on legacy projects for a number of years before combining her passion for writing and IT to become a technical writer.