For many organizations cybercrime is a constant and unavoidable threat. Though it is possible to effectively limit risk through a combination of security training. protocols, and software, the odds are that most businesses will still eventually experience a data breach or other malicious attack.
To limit the damage associated with these cybercrime threats, cyber liability insurance has become popular for all sizes of business and all industries.
A relatively new branch of insurance, cyber liability insurance is designed to protect an organization from the financial damages associated with data and security breaches — and these damages can easily number in the millions of dollars.
However, cyber liability insurance covers a broad spectrum of insurance options, and organizations interested in procuring this type of liability insurance will need to be clear on the product that they are receiving.
► What Is Cyber Liability Insurance Intended To Cover?
Cyber liability insurance has existed for over a decade, but it’s only seen widespread demand in the last five years. Throughout 2012 and 2013 cyber liability insurance saw an increase in demand of 21%, and today it is offered by over fifty of the major insurance providers throughout the United States.
As a relatively new type of insurance, the type of coverage can significantly differ from provider to provider. There are two major types of risk that are generally covered by cyber liability insurance policies: short-term and long-term.
♦ Short-Term Risks – When a data breach occurs, an organization often finds itself with lost customers, increased administrative costs, a loss in profits, and costs associated with data loss and management.
These are all short-term costs that occur directly following a data breach. Other immediate costs can include the cost of notifying customers regarding the data breach and the cost of any concessions made towards consumers, such as free identify theft protection. Many companies will also see their stocks fall immediately following a data breach.
♦ Long-Term Risks – The consequences of a data breach attack may linger for some time. Following a breach, companies may face damage to their brand, widespread system upgrades, legal fees associated with the breach, and other expenses such as credit monitoring. Long-term risks to an organization or a brand can be difficult to quantify, such as lowered stock prices. Nevertheless, they can have a serious impact on a business.
An organization needs to do their own due diligence regarding which items are actually covered by the policy they are being quoted. As there are no “standard” cyber liability insurance policies today, a given policy may include any assortment of the above risks associated with cybercrime.
Just as there are different types of property insurance, fire, flood, theft, and more, there are also different types of cyber liability insurance — in addition to completely inclusive policies.
Cyber liability insurance can be purchased to protect against specific types of cybercrime, and some organizations may find themselves more susceptible to one type of crime than another. The major types of cyber insurance include:
♦ Data Breach And Privacy Coverage – This is what most people think of when they think of cybercrime — an attack that is specifically designed to breach sensitive data.
Data breach attacks often occur for the purposes of identity theft and target the consumers of a business rather than the business itself. Data breach and privacy coverage is designed to protect a business in the event that they are compromised and private, personally identifiable information is stolen .
♦ Extortion And Ransomware Coverage – Modern cyber criminals may threaten to take a business down with a Distributed Denial of Service (DDoS) attack or may lock and encrypt an organization’s records, all with the goal of receiving a ransom. Extortion and ransomware coverage is designed to protect against this type of cybercrime, which is quickly growing.
♦ Multimedia Liability Coverage – Many organizations have a web presence that is vital to their brand and their profit centers. Multimedia liability coverage is designed to protect a brand against damage and defacement to their owned property, which can include websites, social media accounts, and other intellectual property.
♦ Network Security Coverage – The network infrastructure of a modern business is often the backbone of their operations. Should a DDoS attack or other data breach occur, the organization may not be able to operate as it should. Network security coverage — also known as network liability insurance — protects against the costs associated with network intrusion.
As mentioned, organizations of different industries and sizes may have different insurance needs. Larger enterprises are more likely to experience widespread network security issues that reduce their profits, whereas small businesses and small business owners are the more common targets for extortion and ransomware.
Meanwhile, healthcare providers and retail organizations are most likely to experience data breaches related to privacy and identity.
Understanding the different types of coverage and the threats and risks facing a business is essential to determining the appropriate type and level of cyber insurance policy.
► The Limits of Cyber Liability Insurance?
As with all policies, there is a coverage cap that comes with cyber liability insurance, which will be determined by the policy provider and will affect the premiums. Cyber insurance policies, like other insurance policies, will also often have a deductible amount that must first be met.
Today the maximum amount of cyber insurance coverage that a single company can have is estimated to be approximately $300 million, which includes multiple policies with a variety of insurers.
Most organizations will not have this much. For larger enterprises, cyber liability insurance may not be able to cover the full amount of a data breach or other malicious attack, but it can still reduce the total amount paid by a significant amount.
Organizations interested in cybercrime insurance will need to determine their own unique risk factors when identifying whether cybercrime is a significant risk to them. Business owners and IT professionals may want to ask themselves some of the following questions:
♦ Is cybersecurity a major issue within my industry? There are some industries that are less likely to experience intrusion — and there are some industries that are very appealing targets. Banking, financial, health, and education sectors are all frequently targeted by cyber criminals.
♦ Are there potential vulnerabilities in my network? Many organizations find themselves experiencing cybersecurity intrusion not because of their own network but instead because of third-party applications and vendors.
For instance, retail chains that do not use their own proprietary point-of-sale system may be vulnerable to intrusion through their third-party PoS software.
♦ What would an attack do to my organization? If your company’s network was down for a day or two, what would the total financial impact on your business be? Don’t just look at the immediate costs, such as a lack of sales; you also need to consider a potential loss of consumer faith.
Cyber liability insurance is still relatively new, but it’s quickly gaining traction. Most organizations today rely on their network infrastructure, digital records, and owned media for their core business operations in addition to brand identity and customer care.
Still, organizations should conduct a thorough risk assessment before committing to any changes to their insurance policies, and they should review any new policies very carefully. Cyber insurance policies are still in a state of flux, making it necessary to thoroughly review the actual coverage provided.
docLock allows you to password protect any file or folder on your computer with ease. Keep sensitive information completely secure from anyone who may access your computer and keep your personal information in your control at all times. Need to take your secure file with you? docLock is simple to transport via disk or portable drive for use on any PC!
- Kesan, Jay P.; Majuca, Ruperto P.; Yurcik, William J. “The Economic Case for Cyberinsurance”. Workshop on the Economics of Information Security (WEIS), 2004.
- Johnson, Benjamin; Böhme, Rainer; Grossklags, Jens. “Security Games with Market Insurance”. In Proceedings of GameSec, 2011.
- Morriss, Sean (6 January 2015). “Is Your Business Vulnerable to these Cyber Threats?”.
- Anderson, Ross; Moore, Tyler. “The economics of information security: A survey and open questions”. Proceedings of 5th International Symposium on Human Aspects of Information Security & Assurance.
- Pal, Ranjan; Golubchik, Leana; Psounis, Konstantinos; Hui, Pan. “Will Cyber-Insurance Improve Network Security: A Market Analysis”. In Proceedings of IEEE INFOCOM, 2014.
- Schwartz, Galina; Bohme, Rainer. “Modeling Cyber-Insurance”. In Proceedings of WEIS, 2010.
- Lelarge, M.; Bolot, J. “Economic Incentives to Increase Security in the Internet: The Case for Insurance”. In Proceedings of IEEE INFOCOM 2009.
- Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean. “Competitive Cyber-Insurance and Internet Security”. In Proceedings of WEIS, 2009.