Organizations carry insurance covering a host of different risks, from accidental injury to property damage to negligence. However, a recent survey conducted by research firm Ovum found that only half of U.S. businesses have cyber insurance, and only 16 percent have cyber policies that cover all risks. And while 61 percent of U.S. executives expect cyber threats to increase in the next year, 27 percent say they have no plans to take out cyber risk coverage.
That’s unfortunate given the high and rising cost of a cybersecurity breach. In its 2016 Cost of a Data Breach Study, the Ponemon Institute found that organizations incurred $158 per lost or stolen record containing sensitive and confidential information. These expenses include the cost to notify affected individuals, legal fees, data forensic services, breach cleanup costs, regulatory fines and customer churn, among other costs.
The average consolidated total cost of a breach, according to the Ponemon study, is $4 million. While you might think that your business would never incur such expenses, consider that the loss of just 1,500 records could cost a quarter of a million dollars.
Cyber insurance can help defray some of the costs associated with the investigation, notification and remediation of a security breach, as well as crisis management and any legal or regulatory issues that arise. Network security coverage may also apply to the costs of downtime and the loss of company or customer data, including both first-party and third-party liability.
Many cyber policies also include media liability, which covers legal issues that arise from your company website or other electronic information or services. In addition to libel and slander, this typically covers copyright and trademark infringement. Data privacy coverage can protect against the wrongful collection of data and similar claims, as well as a security breach.
There are number of factors to consider and questions to ask when buying cyber insurance. You should take the time to understand the component costs of a security breach and the specific risks to your business in order to ensure that you get adequate coverage. All insurance policies have thresholds, exclusions, definitions and other fine print. Cyber policies must be read carefully with an eye toward any loopholes that might void the coverage or enable the insurer to deny a claim.
You should also recognize that cyber insurance is not a replacement for a well-thought-out security strategy and incident response plan. Insurance is simply a form of risk management that shifts a portion of the financial cost from your business to the insurance company. Certain expenses will be covered, but you still have to deal with the inevitable business disruption and impact to customer relationships.
Verteks can help you assess your current cybersecurity posture, and take steps to shore up your defenses and close any gaps. You’ll reduce the risk of a breach and be in a better position to select the right cyber insurance policy and obtain the most cost-efficient coverage.
Cyber insurance is becoming a business necessity, but it’s not something to be taken lightly. We’ll be happy to discuss the various options with you and refer you to one of our trusted insurance partners.
