Cyber Insurance Complexity & Coverage

Cyber Insurance Basics

Cyber insurance sometimes referred to as “cyber risk insurance” or “cyber liability insurance” coverage, is an insurance product that enables businesses to transfer the costs related to recovery from a cyber security breach or similar events. The most important aspect of cyber insurance will be network security coverage that covers the cost of recovery in the event of a network security failure – such as data breaches, malware, ransomware attacks and business account, and email compromises. 

Cyber Insurance Coverage

The coverage may or may not cover the cost associated with the liability claims and ancillary expenses of an attack or breach.

For example, one area that most cyber insurance policies do not cover is the property damage and hardware such as network appliances, servers and workstations replacement costs.

If your company spread malware to your suppliers, customers and vendors you may be liable for damages on top of damages that occurred in your own organization.

Here are the elements that need to be discussed with the insurance company when purchasing cyber coverage. Always remember to ask the insurance agent or company what is covered and what is in the exclusion list. The coverage may or may not include Forensic, Legal, Notification, Regulatory Fines and Penalties, Credit Monitoring and ID Theft Repair, Public Relations Expenses and Liability and Defense Costs.

The insurance company can deny a claim for many reasons but here are the most common reasons:

• You lied on your application when you signed up or renewed your insurance
• You did not meet all our IT security requirements
• Your security policy was not fully implemented or enforced
• Your network contains old or EOL software and OS or not on an isolated segment
• This claim is on our Exclusion List (something like Zero Day)  

How Much Coverage Do You Need?

It depends on many elements such as your company size, Industry, State, your data (does it include PII or not) Regulatory Compliance (PCI, HIPAA, …) and many other factors.

As an example, a data breach of 1,500,000 individual data could cost cyber risk underwriters around $5 Million to $40 Million i.e. around $25 per record!!! So do you store PII and if yes, how many PII are stored in your systems?

The cost of cyber risk insurance is due to increase by 40-75% in the coming year. That’s alongside a constantly growing threat of ransomware, supply chain attacks, and more. Is your business ready to address these challenges?

How Can You Minimize the Risk?

When you purchase car insurance you are not seeking accidents because you have coverage. The reason you purchased the insurance is that you just want to have peace of mind in case an accident happens! At the same time, you do everything you can do to avoid any accidents because accidents in any shape and form are nothing but headaches.

The same is true when purchasing Cyber Security Insurance.  Let’s face it downtime caused by ransomware or cyber attack is a headache that you don’t want to have. So you want to avoid them as much as possible.

The way you can avoid cyber and breach incidents is to identify your cyber risks and vulnerabilities and fix them before a breach!

With a Cyber Security Risk Assessment, your organization will be well equipped to identify your organization’s vulnerabilities so you can plan to fix them and minimize the risk of a breach!