Is Cyber Insurance Worth the Investment?
Cyber-attacks have become a top threat to businesses both big and small in the last decade. Social engineering schemes, malware, and ransomware have all seen a significant uptick, especially since the start of the pandemic. According to the Identity Theft Resource Center, 2021 has already hit a record high for cyberattacks, exceeding the total amount in 2020 by more than 17%. So, with cyber threats (and the cost to mitigate them) skyrocketing, its time to consider investing in Cyber Insurance to protect your business.
Cyber Security Statistics for 2021
A new cyberattack occurs every 2 seconds, according to CyberSecurity Ventures. The schemes are becoming more strategic, more impactful, and increasingly difficult to detect. The latest FinCen report reflects this rapid growth of ransomware-related filings:
- Ransomware-related SARs filed monthly have grown to 635 SARs filed and 458 transactions reported between January 1, 2021, and June 30th, 2021 (“the review period”).
- A whopping 30 percent increase from the total of 487 SARs filed for the entire 2020 calendar year.
- The total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million).
- The mean average total monthly suspicious amount of ransomware transactions was $66.4 million and the median average was $45 million.
Recent analysis predicts that the total cost of ransomware loss will exceed $265 Billion by 2035. Upwards of 70% of businesses should expect to fall victim to an attack each year. While not every single attack threatens the financial stability of a company, more often than not it does. And with businesses being so heavily rooted in technopoly, a company that cannot adequately protect and remediate cyber events is likely to lose trust and reputation.
In response to these rising threats, the global cyber security market will reach $1.75 Trillion in service and product spending. To protect the digitized market, the Internet of Things (IoT), and client’s personal information, businesses need to invest in a robust Cyber Insurance plan.
What Is Cyber Insurance?
Cyber Insurance is a type of insurance policy that protects individuals and companies against the effects of cyber hacks. Cyber policies have a few different names, including ransomware insurance, data breach insurance, cyber risk, and cyber security insurance.
Purchasing a cyber insurance policy can help minimize the risk of cyber threats. It does not, however, minimize the chance of experiencing a cyber attack. Like any insurance plan, the intent is to help cover the cost of expenses incurred as a result of a breach.
Companies are expected to lower their risk of experiencing a cyber threat through training, education, secure software, and other security measures.
What Does Cyber Insurance Cover?
Each insurance carrier will have a slightly different coverage plan for their cyber services, but in general, they should protect against:
Network Security and Privacy
Network Security and Privacy will cover the costs incurred from a data breach, legal expenses, breach notifications, class action litigation expenses, regulatory investigations, and PR costs.
In 2021, Kaseya suffered a ransomware attack compromising up to 1500 companies with a ransom note of $70 million. In 2020, MGM suffered a breach that resulted in the leak of 142 million guests’ personal information. These are both instances where security measures were in place and an attack still occurred.
Network Business Interruption
Network interruption will cover losses incurred from system failures and operational difficulties. This includes fixed expenses, and profits lost. Usually, you won’t need a full system shut-down to trigger this coverage. A network slow-down or partial loss of use will trigger the coverage.
For reference, in 2016, Delta Airlines faced a network outage that lasted only five hours, but cost the company $150 million.
Media Liability will cover intellectual property, including defamation, invasion of privacy, and negligence in advertising.
Errors and Omission
Errors and Omission coverage is professional liability coverage that deals with losses arising from failing to perform your duties or accurately communicate your services. E&O covers negligence, breaches of contract, and human error. It can cover technology and software but also covers traditional professionals like doctors or lawyers.
Oftentimes there are specific exclusions that make coverage more narrow than how it may appear at first. For example, a “conduct” exclusion usually states that coverage will not be triggered if a loss was incurred from an intentional act. This means negligence must be proven in order for the policy to enact coverage.
Cyber policies should include first and third-party costs. But in most cases, there will be different triggers, limits, and coverages for different types of claims. A careful review of the language in a policy will help identify any coverage gaps. Speaking with an agent and doing some research should help you figure out what kind of plan is best for your business, and where you might be experiencing gaps.
Is Cyber Insurance Worth the Cost?
Do you actually need cyber insurance? In general, every company can benefit from a cyber insurance policy. With cyber-attacks becoming the top threat to businesses, cyber isn’t just for technology and healthcare anymore. Emails, phone numbers, stored client data, personally identifiable information (PII’s), social security numbers, and banking information are all subject to a data breach.
When thinking about the cost to mitigate a cyberattack, it’s important to note that it’s not just lost money that is being protected. Personal information and security have a monetary value, and if a client’s privacy is breached, there’s going to be a payout for more than just funds lost.
Depending on what type of policy is purchased, cyber insurance may also cover the cost to notify clients of a breach, the cost of a PR firm, credit monitoring services, business income, and extra expense, prior acts, and extortion coverage.
If you’re questioning whether or not you can benefit from cyber insurance, ask yourself these questions:
- Do we collect, store, or receive personally identifiable information?
- How comprehensive is our data security plan?
- How would you respond to a cyber attack today without cyber insurance?
For most, the answer to question one is yes, the answer to question two is not 100% secure (because that’s nearly impossible), and the question to number three is it would be a financial burden.
Remember, even the largest, most secure companies in the world experience data breaches that incurred millions in remediation costs. Unfortunately, it’s an unavoidable risk in today’s digital landscape. A good cyber insurance policy, however, can help protect you.
How to Protect your Business from Cyber Attacks
A cyber insurance policy will make sure that in the event you experience a cyberattack, your business does not suffer huge financial losses. The average cost of a breach in the United States is $4.24 Million. So yes, it’s highly suggested that your business considers a standalone cyber policy or an endorsement of an existing policy.
Most insurance companies will require you to take standard measures in protecting yourself from an attack. This will include things like:
- Having written policies and procedures in place in the event of a breach
- Regularly updating software and IT Security measures
- Company-wide training on phishing schemes, social engineering, and security
- Requiring strong passwords and multi-factor authentication
- Data encryption
Cyber attacks can’t always be avoided, but they can have their risk reduced significantly. More workers are going remote, the professional landscapes are digitizing, and more information needs protection.
While a cyber insurance policy alone is not enough to protect you from the threat of an attack, in conjunction with adequate procedures and security measures it can add significant value to your risk management plan.
Interested in Learning More?
Contact one of our designated cyber professionals for more information on how we can help you better protect your business from cyber threats.