Cybercrimes are a serious issue when it comes to commercial companies and it is getting worse by the day. The cost of cybercrime is expected to reach $21 trillion by 2021. Cybercrime represents a threat for companies no matter what their size or industry and no company is immune. This means that every company should develop a method to prevent attacks as well as protect themselves from losses in the event an attack happens. The first step for any company would be to develop a comprehensive strategy to combat cybercrime. This would include software to protect your electronic aspect as well as best practices for your employees to follow. The second step is to acknowledge that no matter what your strategy is, protection is never guaranteed. This is where cyber insurance comes into play. Cyber insurance exists to protect companies from the unexpected and can assist in covering the costs associated with an attack. This checklist will help you to focus on the most important issues, ask the needed questions, and make the best decision about cyber insurance for your company.
Evaluate Your Level of Risk
Every company is at risk of being the victim of cybercrime but there are some companies that are at a higher level of risk than others. These would be those that handle sensitive or secret data, are dependent on complex technologies, have limited resources for cybersecurity, or have a history of being cyber attacked in the past. You should also consider if your company collects or stores customer data that could lead to legal issues if leaked or if your company uses external devices such as phones or laptops that could be stolen. It is important to understand your level of threat and the consequences you would face in the event of an attack. Being able to estimate the damage will help you estimate how much cyber insurance you may need.
Determine Your Needs
Once you have evaluated your risks, you can begin to determine your needs. Cyber insurance policy coverages can differ depending on your needs and it is important to discuss all aspects with your insurance agent. Some companies may need more coverage than others, but all companies must understand when, where, and why they need coverage in over to avoid gaps in coverage that could be costly. Areas where you might need coverage include:
- Network security, including hardware and software
- Incident response in the wake of a data breach
- Insurance for lost or stolen laptops and mobile devices
- Business interruption as a result of a cyber event
- Coverage for types of cyber extortion like ransomware
- Crisis management and public relations
- Losses in 3rd party systems
- Forensic investigations
Cyber insurance has no real set standards and it can be difficult to determine what exactly you need in a policy. Consider the following questions and discuss them with your insurance agent. How much insurance do you need and how much can you afford? What are your unique risks and what type of coverage do you need? What should trigger your policy? What should your policy exclude? What data must be covered and where is this data stored?
Learn About Cyber Insurance
When considering cyber insurance and what your company may need in coverage, it is important to do your research. You can do research on your own or go a step further and contact your local insurance agent and have a discussion. While cyber insurance is still relatively new to the insurance world, it is very complex and diverse. However, most cyber insurance will still fall into two types of coverage.
The first type is first-party coverage. This type of cover is designed to cover costs associated with the direct response to a cyber-attack. This means that if an attack occurs, first-party coverage will provide funds to help immediately. Some examples of first-party coverage include:
- The cost of calculating the size or cost of an event
- The cost of credit monitoring and crisis management
- The cost of legal advice related to an event
- The cost of hardware replacement or data restoration
- The cost of business interruptions or diminished operations
- The cost of notifying affected parties
The second type is third party liability. This type of coverage is designed to cover associated costs that arise from a cyber event. This means that if an attack occurs, third-party liability will provide funds to help with delayed costs. Often, the costs of a cyber attack exceed the first party coverage amounts. Some examples of third-party liability include:
- The cost of privacy liability lawsuits brought by employees or customers affected by a data breach
- The cost of copyright lawsuits filed after intellectual property is exposed
- The cost of a breach of contract or negligence lawsuits
- The cost of investigations, fines, and penalties levied by regulators
Speak with Your Insurance Agent
Once you have determined your risks and needs and you have done your research, the next step is to meet with your insurance agent. Your insurance agent is a vital source of information and can help to walk you through the complex world of cyber insurance. The following are examples of questions you should ask them. By asking targeted questions you can make sure that you have the exact coverage that your company needs and that you understand what your responsibilities are.
- What types of incidents are covered? For instance, does your provider cover unintentional and non-malicious attacks?
- What are the deductibles? In this area, cyber insurance works similarly to health, vehicle or home insurance.
- Exactly how do coverage and limits apply to first and third parties? For instance, do legal costs cover your business liabilities only or are your customers covered, too?
- Does the policy cover any attacks on your company, including as an unintentional victim, or only those which were targeted directly at you?
- What are the timeframes within which you are covered? Some cyber-attacks are not discovered right away. Are you going to be covered after the fact if this is the case?
- Are any third-party vendors, suppliers and business associates you do business with covered?
- Does the policy cover you globally? For instance, it may exclude data theft or loss that occurs outside national borders.
- What kind of response time can you expect in the event of a data breach?
Look for the Best Policy
Now that you have met with your insurance agent and had a discussion to cover your needs and questions it is time to pick a policy. There are some things to consider when determining which policy is best for you.
Don’t overdo it. Cyber threats are endless, and one could purchase extensive coverage for every possibility but for most companies that are not necessary. Most companies won’t need coverages that cover rare or unlikely risks and since you have determined your needs previously you can determine which coverages work for you. The right coverage is not always the most expensive.
Beware of broad exclusions. Read the fine print and make sure that you are aware of any exclusions in your policy. You may think that a policy provides broad coverage but then the fine print proves otherwise. If you have concerns with the exclusions, you can discuss these with your insurance agent.
Beware of provisions. Some policies require you to work with pre-approved parties in the event of an attack. You may prefer to work with your own parties. Make sure that you are aware of the provisions are okay with them. If you have any concerns, make sure to address them with your insurance agent.
Cover your vendors. Make sure that your policy doesn’t exclude coverage for third parties which leaves large gaps in coverage.
Revisit and Revise
Once you have committed to your cyber insurance and developed your strategy, make sure that you have a plan to revisit and revise over time. It is important to sit down with your insurance agent around renewal time and revisit your needs and coverages. The cyber world is ever evolving and so are the protections against attacks within it. Your strategies and coverages need to change as your needs do.
Cyber insurance can be confusing, but it is important to make sure that you are protected. Call Gannon Associates Insurance today at 844-GANNONS and speak with an agent to get your cyber protection search started.