Nearly every company, large or small, and in any industry, from education to technology, to manufacturing has a cyber risk. The larger the organization, the more opportunities there are for vulnerability. Almost every day we hear another report of a cyberattack. As a result, many companies are obtaining cyber insurance to mitigate cyber risk.
What is Cyber Insurance and What Does it Cover?
It used to be that cyber insurance was a niche risk transfer tool that only large companies considered using. However, these days, it is becoming a go-to option for enterprise-level risk management for organizations of all sizes. Generally speaking, cyber insurance protects your company from losses in five primary risks:
The network security portion of your cyber insurance protects your company from a data breach, ransomware, malware, or an email compromise. Your coverage includes expenses you incur as a direct result of the cyber attack. The costs can include legal fees, data restoration, Public Relations expertise for Brand rebuilding, negotiation of a ransomware demand, and more.
Your company stores sensitive information regarding both your clients and your employees. A data breach puts both of them at risk and exposes your business to liability. Privacy liability coverage protects you from privacy law violations. This level of coverage protects your company from a class action lawsuit, providing funding for a settlement which can be costly. It also pays for fines, penalties, and legal fees should your company become subject to an investigation in which case a penalty was levied against you from a government agency, either foreign or domestic, due to a privacy violation.
This coverage protects against intellectual property infringement. Depending on the policy, your social media posts, as well as print and digital advertising, are all covered.
How much would it cost your company for every hour your network is down? Business interruption coverage helps you to recover fixed expenses and lost profits as a result of a cyberattack. The policy could protect your company from a multitude of events such as an outright cybercrime, a failed software patch, or even human error.
Errors and Omissions
A cyber attack could prevent you from your contractual obligations to deliver products and services to your customers. An Errors and Omissions policy cover claims against breach of contract as a result of a cyber-attack. Coverage can include legal costs associated with defending your company, indemnification from lawsuits, and other disputes with customers.
What Does Cyber Insurance Cost?
Premiums vary from provider to provider, policy coverage, and risk factors. On average, small business owners can expect to pay annual premiums between $1,500 and $7,500. Four primary factors impact the cost:
- Industry: Industries such as Healthcare, Finance, and Information Technology companies that store sensitive personal and health information and have regulatory mandates to secure confidential client information are at higher risk of data breaches.
- Annual Revenue: Businesses with high yearly revenue have a higher risk of cyber attacks than companies with lower yearly revenue. Therefore, their cyber liability premiums will be higher also.
- Coverage Limits: The higher the coverage limits, the higher the premium businesses will need to pay.
- Type and Amount of Data Stored: Storing sensitive client information increases the companies risk of a cyberattack, thereby increasing the amount of coverage needed.
The Problem with Cyber Insurance
An increasing number of risk management professionals agree that the recent spike in ransomware attacks are a direct result of insurance payouts. Evidence is mounting that shows cyber insurance companies eagerness to pay these ransoms are encouraging hackers to continue their efforts. Cybercriminals are requiring even higher and higher payouts. In short, cyber insurance isn’t making cybersecurity safer; it’s making it more difficult.
But why are insurance companies so quick to pay the ransom? The decision is simple: How long would it take to solve the problem and get the company’s systems back online as opposed to paying the ransom so that the hackers release their grip right away? Would it take days? Weeks? How much would the downtime cost the company?
Truthfully speaking it’s typically cheaper, easier, and faster to hand over the money. Hackers do their homework and are fully aware of an organization’s costs, which is why paying their ransom demand is the better option. That said, there is a proliferation in ransomware attacks, and paying them is a short-term fix to an endless cycle of ransomware problems.
Currently, cyber insurance is estimated to be a $7 billion market here in the United States. Insurance companies are jumping on the bandwagon, collecting insurance premiums from fearful businesses. For them, it’s like grabbing all that free money floating around inside the phone booth, at least upfront. The only question left is; does it make sense for your business?