What Is Cyber Insurance & What Does It Cover?


What Is Cyber Insurance & What Does It Cover?


Every 11 seconds, a ransomware attack hits an unsuspecting organization. Rather than waiting around for disaster to strike, finding a good cyber insurance policy early on can protect your business assets and data in the long run. To guide you on your journey to selecting a cyber insurance plan that fits your needs, here are some key concepts to keep in mind.

Why Is Cyber Insurance Important?

Years ago, when a business’s network was encrypted with ransomware, leaders were often told to refuse their attacker’s demands in hopes of deterring this form of extortion. Because of this, insurance companies retained 60% of paid premiums and were happy to write policies for any organization, regardless of their security framework.

Fast forward to 2021 and ransomware attacks have become far more complex, forcing many businesses to pay up or suffer an extended period of downtime. As a result, ransomware attacks now account for $20 billion of the hacking industry total revenue. Depending upon the impacted organization’s size, ransomware payouts typically range from $300,000 to $15 million. In turn, many insurance companies are rethinking how policies are issued and how much coverage they will provide to high-risk organizations.

How to Enroll in Cyber Insurance

The process of enrolling in a cybersecurity policy has gone through numerous iterations. Whereas insurance companies previously enrolled any business without much vetting, most providers now request that businesses seeking coverage meet a series of strict security requirements. Through this change, providers want to ensure businesses are deploying solutions to proactively mitigate attacks and are not relying on insurance as the sole solution.

Often, these requirements vary depending upon the amount of protection requested and the potential risk associated with the organization’s industry.

Here are some examples of questions you might be asked:

  • Does your organization have multifactor authentication (MFA) and endpoint detection set up for your network?
  • Are employees required to verify their identities before logging onto company networks?
  • Is there a continual training program to help employees spot the most common and newest attacks?
  • Is there an established contingency plan in case the organization is compromised?

While this list is not exhaustive, failing to comply with any of the requirements set by a provider might lead to a complete denial of coverage.

What if My Request for Cyber Insurance Is Denied?

Should the applying organization struggle to meet the insurance company’s requests, it’s likely that they will be granted a remediation period to fix the problems prior to receiving protection. To assist in this request, cyber insurance providers often seek to connect these organizations with outside cybersecurity experts, such as Rocket IT.

Through these partnerships, the outsourced experts complete a full audit of the organization’s current security policies, address red flags, and help the business meet the requirements the cyber insurance company is requesting. This may be particularly helpful for businesses in high-risk industries, such as real estate and manufacturing, where business leaders often experience difficulty in acquiring a cyber insurance plan that meets their needs.  

What Does Cyber Insurance Cover?

At a quick glance, many cybersecurity policies can appear to be similar; with most designed to protect against privacy, security, operational, and service risks. However, there are subtle differences that’ll play a huge part if your organization ever needs to file a claim.

Privacy Risks

If your organization handles sensitive employee or customer information, you’ll want to make sure the policy you choose protects against privacy risks. Otherwise known as privacy liability coverage, it will safeguard your assets if you are sued due to that data being exposed.

Security Risks

No matter if your organization has one device or one thousand devices, security risks are always looming on the horizon. Choosing a policy that protects against common intrusions such as data breaches, malware infections, ransomware, and compromised business emails goes a long way to help recover expenses caused by a cyber incident.

Operational Risks

Moreover, each person, process, system, and external event in your organization provides a certain degree of operational risk. Whether it’s an employee clicking on a phishing email, a business process that fails, or even fraud, you’ll want to make sure your policy has this coverage included

Service Risks

And finally, if your organization is unable to continue daily operations because of an incident, a policy addressing service risks will come in handy. Not only will you be protected if a customer decides to sue because a contract has been broken, it could also cover the legal costs of defending your organization in court.

Additional Risks to Consider

Generally speaking, there’s no cookie-cutter policy that will work for every company. And although most policies are a combination of the elements listed above, it’s crucial to work with a cybersecurity expert that can help ensure even the most unique of risks are covered.

For example, social engineering attacks have become quite a concern for businesses in the financial industry. In turn, having a policy that protects your business from taking the full brunt of fraudulent wire transfers may be something to consider. On the other hand, for businesses that are publicly traded, brand reputation is an area that can become incredibly tarnished following a cyber-attack. Because of this, you might consider adding a clause that mitigates the lost revenue that can result from media attention.

What Does Cyber Insurance Not Cover?

While many cyber insurance policies cover a great deal, there are limitations to what is not covered.

  • Any future loss in profits due to recovering from an incident.
  • If your organization needs hardware replaced or software upgrades after an attack, those will mostly come out of pocket.
  • Finally, if intellectual property is stolen and your company’s value decreases because of it, your policy won’t cover the loss.

How to Protect Yourself

While this is not a comprehensive guide to cyber insurance, Rocket IT is here to help you address security concerns and ensure your network infrastructure exceeds the requirements of even the strictest cyber insurance guidelines. To start your journey towards a new industry standard and a better night’s sleep, give Rocket IT a call at 770.441.2520.

Posted in ,