Based on research from the Allianz Risk Barometer, businesses everywhere are more concerned about cyber threats than other types of threats to their operations. Data breaches, cyber attacks, malware, and ransomware have been in the news, and organizations understand the risk of loss and damage to their brand reputation if this happens.
What’s the best way for organizations to protect themselves? Along with a stringent cyber security protocol, cyber insurance can be used to help businesses mitigate risk and gain protection for the threat of cyber crime.
Still, it’s important to understand what cyber insurance has to offer and whether it’s the right choice for your business.
What Is Cyber Insurance?
Cyber insurance is a type of insurance that covers business liability for a data breach that includes sensitive customer data, such as account numbers, payment information, health records, and social security numbers.
Most organizations rely on general liability insurance for this, but that doesn’t cover cyber breaches. It’s limited to property damage or bodily injury from products, services, or operations, not cyber crime.
What Does Cyber Insurance Cover?
Cyber insurance covers:
- Legal expenses and fees
- Recovery of compromised data
- Repair to computer systems
- Measures to restore the identities of affected customers
- Notification of the breach
Only some states require notification of a breach that involves sensitive data, but it’s a good business practice. It can be expensive, however, and this is where cyber insurance can be an asset.
Should a Small Business Have Cyber Insurance?
All businesses should consider cyber insurance if they handle sensitive customer data. The cost may seem unnecessary, but the legal fees can cripple a business if a breach occurs.
Cyber breaches are a looming threat. Taking a proactive position with a cyber insurance policy offers numerous benefits, including:
- Protection from malicious hackers or viruses that compromise data or disrupt processes
- Forensic assistance to uncover cyber incidents
- Coverage for theft and data corruption
- Assistance with public relations to rebuild a brand image
- Coverage for stolen or damaged electronics like mobile phones and laptops
What Isn’t Typically Covered by Cyber Insurance?
Cyber insurance is a comprehensive coverage option for different cyber threats and the ramifications, but some things are excluded or might be limited:
- Loss of future profits
- Loss of value
Cyber insurance comes in first-party liability coverage and third-party liability coverage. These policies may be purchased separately or together.
First-party liability coverage protects your business from the expenses that come from a breach. Third-party coverage protects your business if a vendor, partner, customer, or another party sues your business for the breach.
Cyber insurance continues to evolve as the risks grow and change. It’s vital to review your options and evaluate what your insurance offers and what it doesn’t, so you know you have the coverage you need.
Does My Business Need Cyber Insurance?
The size of your business isn’t as important as what you have to protect. Cyber insurance is a smart choice if you:
- Use point-of-sale systems
- Store sensitive information for clients
- Provide hardware or software services
- Store data on computers in the cloud
- Your business relies heavily on digital services
Is Cyber Insurance the Same as Data Breach Insurance?
Cyber insurance and data breach insurance are quite different, even if they both relate to digital data and security. insurance protects your business from first-party and third-party incidents, but data breach insurance merely covers any damage that occurs to data.
Applying for Cyber Insurance
No matter the type of insurance, insurers want to understand the risk they’re undertaking with a client. Cyber insurers understand the risk of cyber threats continues to grow, and they want to be sure that businesses are taking their own cybersecurity seriously.
When you apply for cyber insurance, your security controls and risk management practices will be evaluated, including your protocols for web content filtering and multi-factor authentication. The insurer will evaluate a number of factors, including malware defense, access management, administrative privileges, and network segmentation. They’re looking for one thing – proactive and robust cybersecurity risk controls.
The criteria for cybersecurity may vary by industry, but general steps to implement security protocols and controls will increase your chances of being favorable to the insurance company and receiving a competitive rate.
Here are some considerations:
- Implement a least privilege strategy to ensure privileges are limited to certain activities and time frames to mitigate the damage a hacker can do with a compromised account
- Automate password management to protect against weak or outdated passwords
- Proactively rotate, monitor, and audit privileged account access with privileged access management software
- Train your employees on security protocols, defense, and cyber risks
Privileged access management (PAM) is one of the best solutions to protect and manage access with user accounts, minimizing the weaknesses in your organization.
A PAM solution can monitor all administrator account usage to identify odd or unusual behaviors, such as logins that occur outside of normal working hours or application executions. Another potential concern is an account that’s suddenly accessing a lot of sensitive information or if multiple privileged accounts are accessed simultaneously. This could mean accounts were compromised or the user is taking security risks.
PAM also offers an added layer of protection with multi-factor authentication, which helps to prevent unauthorized access for privileged accounts.
With all these capabilities, PAM protects businesses from both external and internal threats to reduce risk. This is a good sign for cyber insurers. Having a measure like PAM in place shows insurers that you take your organization’s cyber security seriously and use the appropriate tools to protect yourself.
Address Growing Cyber Threats
Cyber insurance will continue to evolve to meet the demands of cyber security and the growing risks. Insurance policies are part of running a business, and cyber insurance offers a layer of protection and confidence that you’re covered if a breach occurs. These insurers want to assess their risk, however, and having security controls in place makes your business more “insurable” and favorable to an insurance company.
Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.