BreachExchange mailing list archives
What Is Cyber Insurance And Who Should Get It?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 1 Dec 2015 13:46:42 -0700
http://www.iamwire.com/2015/12/cyber-insurance-it/127346 In this digital age, cyber security is a pressing need for each and every one of us as data breaches have become a fact of life. But even after knowing it, only a few have invested in cyber insurance to prevent cyber attacks. Now we might not be absolutely alien to the term Cyber Insurance but, we are definitely not clear how it works, where do we get it, who should get it, why we should get it, etc. So, to begin with: What is Cyber Insurance? Reputed companies like the Sony Pictures, TJX, and Heartland have already been the victims of the cyber crimes and have faced losses as huge as hundreds of millions. And the fact that the cost was almost entirely paid by the insurers brought the term ‘Cyber Insurance’ to the forefront. A cyber insurance policy protects businesses and individuals from web-based risks which are related to IT infrastructure and activities. Such types of risks are not covered by traditional commercial liability policies and are undefined in other insurance policies. Gartner defines cyber insurance as protection against losses that stem from data theft and loss or interruptions in business caused by a malware or malfunctioning of a computer. Cyber insurance policies have been most successful in countries where data breach notification laws are in place. The United States of America is the perfect example as 46 out of the total 50 states in the country have mandatory data breach notification requirements. What are the types? Primarily, there are two types of cyber insurance. The first is the one that covers the first-party risk which is the loss or damage to one’s own data. The second one covers the third party risks which involves the liability to government and regulatory entities or clients. While the first party coverage could help with the losses of breach notification, business interruption, extortion, data restoration or remediation, etc., the third party coverage could help with regulatory fines and fees, lawsuits filed by victim customers, etc. Almost all businesses should go for both these types of coverage and those in the education and healthcare sector should lay major focus on third party coverage. What do these policies cover? With a cyber insurance policy, business owners can offset the cost of the breach and safeguard the blow to finances caused by a security breach. Such policies provide coverage for loss or theft of personally identifiable and other sensitive information and loss in income as ramification of a network intrusion or breach of security. To elaborate further, cyber liability insurance cover includes: Data Breach / Privacy Crisis Management Cover which comprise of expenses related to data subject notification, incident and call management, investigation, remediation, regulatory fines, court attendance, legal costs, etc. Multimedia Liability Cover comprising website defacement and intellectual property rights infringement. Extortion Liability Cover which provides protection from losses due to extortion threats, fees paid to deal with extortion, etc. Network Security Liability providing cover from third party damages as a consequence of denial of access, costs related to data theft on third party systems, etc. Some elements of a cyber insurance policy are interconnected or overlap each other but a decent policy ensures that all the cyber risks are attended to. Who should you get Cyber insurance? The more any business or individual transacts online, the more protection they need from cyber breaches and cyber insurance to combat those. But the smaller businesses are the ones who should definitely get such policies as the consequences of a breach for them is more wide-reaching, especially the ones caused by business interruption. Where can one get cyber insurance? As the field is developing at a burgeoning pace, business owners and individuals can get a cyber insurance policy easily in the market. There are a plethora of insurers who are offering it at low premiums. However, one must keep in mind that the larger the amount of data stored in the cloud, the higher will be the premiums. Also, they must keep in mind that their security procedures are as robust as possible so that the costs are lower. Some basic things to ensure security from one’s end can be limited access, double verification methods, frequent password changing policy, etc. Why should one get cyber insurance? There is a lot of news doing the rounds about cyber breaches and cyber insurance policy is most certainly one of the best defenses against such attacks. So business and individuals alike should get it, not only to protect oneself from a huge monetary setback, but also to: Mitigate Risk: In this modern era, no one has the time to manage their web security. In such a scenario, cyber insurance policies come to the rescue by providing periodic reviews and other special assistances. Reimbursement: The cyber insurance policy also covers providing reimbursement for hiring additional staff to recover from cyber attacks, filing fees, etc. Furthermore, the cyber insurance policy also covers the reputational risks. When a company’s security systems are hacked, customers lose trust which harms the business even more than the financial losses. In such events, cyber insurance policies not only helps in paying the costs of a engaging public relations firm to restore the image, but also in compensating the future loss that may arise as a direct result of consumers instilling their faith in competitors. Legal Support: Generally, a data breach doesn’t result in legal action, but in case it does, the cyber insurance policy comes to the aid. Anyone looking forward to get the cyber insurance policy should also know that it is quite affordable for the benefits that it offers. The Future of cyber insurance It would not be wrong to say that the way technology is advancing and digital is entering all walks of lives, cyber insurance safeguards the future of mission-critical data. To conclude, cyber insurance is the most practical option to transfer risk in the cases of cyber-security breaches. Regardless of the nature or size of business, it’s best to have a cyber insurance policy after a thorough risk assessment.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- What Is Cyber Insurance And Who Should Get It? Audrey McNeil (Dec 02)