Your business probably has several types of insurance policies to protect against the worst if something goes wrong. But you might have questions about a relatively new form of insurance: cybersecurity insurance, also known as cyber insurance.
Let's look at what cyber insurance is, what it typically protects, and why your business should consider it.
What Is Cyber Insurance?
Cyber insurance is simply an insurance plan designed to protect from liability and losses related to IT. Traditional insurance policies usually don't include any kind of protection from digital threats.
An IT infrastructure disruption can drastically affect your company's productivity, or even cause a legal issue with people outside your organization. To avoid these potentially huge problems, cyber insurance can help your business recover from an attack more efficiently and at a much lower cost.
Why Is Cyber Insurance Important?
No matter the size of your business, you probably house electronic data that are considered sensitive. You also rely on computer systems for your business to run smoothly every day.
A cyber attack can leak protected information or take down your entire infrastructure in a moment. Consider the following catastrophic events:
- All customer order information on your server is accidentally deleted, and you don't have a backup
- A hacker breaches your system and steals protected information about your clients
- An employee inadvertently introduces ransomware to your network, which locks up a dozen systems and drastically slows down productivity
- A botched software patch takes your network offline for two days
- A thief tricks the CFO into sending a large sum of money to a scammer
All these situations and more can cause real harm to your business. Restoring critical data without a backup can take weeks, if it's even possible. It's also quite costly to pay professionals for the recovery process.
Some of the above situations are even worse since they affect customers. Most states require a company that suffers from a data breach to notify everyone affected. This can become extremely expensive, and you might need to hire a lawyer in order to approach the situation wisely.
These mistakes could crush your business financially, through reduced productivity, or by a tarnished reputation. This is why cyber insurance exists to help your company pay for and recover from these damages.
What Does Cyber Insurance Cover?
Most cybersecurity policies distinguish between first-party and third-party coverage. They may include both or make plans available for these separately. Of course, the exact coverage will differ by plan, so we'll mention some general types of coverage.
First-party coverage protects you from liability for damages that directly affect your company, such as:
- Recovering your data after a virus wipes it out
- Loss of income due to computer systems going offline after an attack
- Costs associated with cyber extortion, which are usually related to paying the ransom during ransomware attacks
- Paying for an investigation into the breach to determine the cause and prevent it in the future
- Damage to your company's reputation after a publicized data breach
- Covering the costs of notifying affected users after a data breach
On the other hand, third-party coverages include liabilities your company owes to other people. This includes:
- Coverage of lawsuits brought against you for not adequately protecting user data
- Online media lawsuits where you're sued for online libel, defamation, copyright infringement, or similar
- Costs associated with restoring identities of affected customers
Exploring Cyber Insurance Costs
Now that you know a bit about what cyber insurance offers, what can you expect to pay for it? Like most forms of insurance, this will depend on the depth of coverage you select. You'll also generally pay a higher premium if you work in an industry (such as healthcare) that handles lots of sensitive information.
To get an estimate, we walked through Progressive Commercial's quote generator. Because it asked, we gave an example of an accounting service with 20 employees and projected annual revenue of $400,000. This sample company handles sensitive information for 1,000 people and follows good security practices.
We provided samples for all the info this tool required, but it's important to note that for most insurance carriers, the number of employees is not hugely relevant. In most cases, insurance companies will base their rates on the revenue a company generates, as well as the amount of personally identifiable information (PII) they handle.
Progressive recommended three companies for cyber insurance. The cheapest one was $531/year, while the most expensive was $2,824 per year.
Each one had a $1 million coverage limit. While the most expensive plan had a $5,000 deductible, the others had a $1,000 deductible. All of them covered general cyber incidents, such as cyber extortion and data recovery.
You can see a summary of what each plan includes below. As you'll notice, the language across these plans is not consistent. It's thus important to know exactly what you're getting with a coverage plan before signing up.
We spoke to an insurance expert while working on this article, who had the following recommendation:
If an insured is going to jump in on cyber insurance, they should get a comprehensive program from the beginning. Understanding cost is a factor, it is my belief that having a comprehensive program with a lower limit to start is better than only having portions of coverage with higher limits.
Should You Consider Cyber Insurance?
We're not an insurance authority, so we can't make a recommendation on this. But it's good to consider what your company's plan is if a digital disaster were to happen. That can help you figure out the potential costs of a catastrophe and make a smart decision on purchasing insurance.
If you work in an industry that carries a high risk of criminals breaching your stored data, the peace of mind might be worth the cost. Between restoring data, handling lawsuits, and losing customers, the few thousand dollars per year you pay for insurance would likely be worth it after one incident.
Remember that cyber insurance is designed to protect you from liability from attacks on your IT system. It won't help prevent those attacks from happening, though. You should have a smart IT setup with frequent backups and multiple layers of protection in place to reduce the chance of breach in the first place. Not only will this help reduce your insurance rates, but it can help prevent you from having to use your insurance.
Thanks to James Miller of ESS NexTier Insurance Group for his assistance with this article.