What Is Cyber Insurance And Who Should Get It?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.iamwire.com/2015/12/cyber-insurance-it/127346


In this digital age, cyber security is a pressing need for each and every
one of us as data breaches have become a fact of life. But even after
knowing it, only a few have invested in cyber insurance to prevent cyber
attacks.

Now we might not be absolutely alien to the term Cyber Insurance but, we
are definitely not clear how it works, where do we get it, who should get
it, why we should get it, etc. So, to begin with:

What is Cyber Insurance?

Reputed companies like the Sony Pictures, TJX, and Heartland have already
been the victims of the cyber crimes and have faced losses as huge as
hundreds of millions. And the fact that the cost was almost entirely paid
by the insurers brought the term ‘Cyber Insurance’ to the forefront.

A cyber insurance policy protects businesses and individuals from web-based
risks which are related to IT infrastructure and activities. Such types of
risks are not covered by traditional commercial liability policies and are
undefined in other insurance policies. Gartner defines cyber insurance as
protection against losses that stem from data theft and loss or
interruptions in business caused by a malware or malfunctioning of a
computer.

Cyber insurance policies have been most successful in countries where data
breach notification laws are in place. The United States of America is the
perfect example as 46 out of the total 50 states in the country have
mandatory data breach notification requirements.

What are the types?

Primarily, there are two types of cyber insurance. The first is the one
that covers the first-party risk which is the loss or damage to one’s own
data. The second one covers the third party risks which involves the
liability to government and regulatory entities or clients. While the first
party coverage could help with the losses of breach notification, business
interruption, extortion, data restoration or remediation, etc., the third
party coverage could help with regulatory fines and fees, lawsuits filed by
victim customers, etc. Almost all businesses should go for both these types
of coverage and those in the education and healthcare sector should lay
major focus on third party coverage.

What do these policies cover?

With a cyber insurance policy, business owners can offset the cost of the
breach and safeguard the blow to finances caused by a security breach. Such
policies provide coverage for loss or theft of personally identifiable and
other sensitive information and loss in income as ramification of a network
intrusion or breach of security. To elaborate further, cyber liability
insurance cover includes:

 Data Breach / Privacy Crisis Management Cover which comprise of expenses
related to data subject notification, incident and call management,
investigation, remediation, regulatory fines, court attendance, legal
costs, etc.
Multimedia Liability Cover comprising website defacement and intellectual
property rights infringement.
Extortion Liability Cover which provides protection from losses due to
extortion threats, fees paid to deal with extortion, etc.
Network Security Liability providing cover from third party damages as a
consequence of denial of access, costs related to data theft on third party
systems, etc.

Some elements of a cyber insurance policy are interconnected or overlap
each other but a decent policy ensures that all the cyber risks are
attended to.

Who should you get Cyber insurance?

The more any business or individual transacts online, the more protection
they need from cyber breaches and cyber insurance to combat those. But the
smaller businesses are the ones who should definitely get such policies as
the consequences of a breach for them is more wide-reaching, especially the
ones caused by business interruption.

Where can one get cyber insurance?

As the field is developing at a burgeoning pace, business owners and
individuals can get a cyber insurance policy easily in the market. There
are a plethora of insurers who are offering it at low premiums. However,
one must keep in mind that the larger the amount of data stored in the
cloud, the higher will be the premiums. Also, they must keep in mind that
their security procedures are as robust as possible so that the costs are
lower. Some basic things to ensure security from one’s end can be limited
access, double verification methods, frequent password changing policy, etc.

Why should one get cyber insurance?

There is a lot of news doing the rounds about cyber breaches and cyber
insurance policy is most certainly one of the best defenses against such
attacks. So business and individuals alike should get it, not only to
protect oneself from a huge monetary setback, but also to:

Mitigate Risk: In this modern era, no one has the time to manage their web
security. In such a scenario, cyber insurance policies come to the rescue
by providing periodic reviews and other special assistances.
Reimbursement: The cyber insurance policy also covers providing
reimbursement for hiring additional staff to recover from cyber attacks,
filing fees, etc. Furthermore, the cyber insurance policy also covers the
reputational risks. When a company’s security systems are hacked, customers
lose trust which harms the business even more than the financial losses. In
such events, cyber insurance policies not only helps in paying the costs of
a engaging public relations firm to restore the image, but also in
compensating the future loss that may arise as a direct result of consumers
instilling their faith in competitors.
Legal Support: Generally, a data breach doesn’t result in legal action, but
in case it does, the cyber insurance policy comes to the aid.

Anyone looking forward to get the cyber insurance policy should also know
that it is quite affordable for the benefits that it offers.

The Future of cyber insurance

It would not be wrong to say that the way technology is advancing and
digital is entering all walks of lives, cyber insurance safeguards the
future of mission-critical data.

To conclude, cyber insurance is the most practical option to transfer risk
in the cases of cyber-security breaches. Regardless of the nature or size
of business, it’s best to have a cyber insurance policy after a thorough
risk assessment.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!