A cyber insurance policy also referred to as cyber liability insurance or cyber risk insurance, is designed to mitigate risk exposure. This type of policy can offset the costs involved with recovery after a cyber-related security breach or similar event. Cyber insurance starting catching on in 2005, with the base being an E&O insurance policy.
Every business owner should consider the possibility of a cyber liability lawsuit being a reality. Your business may rely on the use of e-commerce and an online presence as a method of distribution. Maybe your not online but your employees carry mobile electronics that hold your customer’s commercial/personal information. In either of those two examples, cyber insurance is an important insurance coverage to protect your business.
If a cyber loss occurs within your business, the day-to-day operations of your business will be severely impacted. Your businesses focus will be spending the time and resources to contain the breach and working with customers affected. It could also have a damaging impact on hardware and software currently in use by your business.
- On average Canadian businesses paid $6.11 million per data breach
- On average to contain a data breach it took Canadian businesses 69 days (the same as the global average)
- On average it takes 181 days for Canadian businesses to identify the breach
- Per breached record, Canada has the highest direct cost of US$81 per compromised record. These costs refer to activities such as hiring a law firm, forensic experts or offering victims identity protection services.
With the growing numbers of cyber crimes, businesses are seeing a need for cyber insurance, but what does it cover? Typically cyber insurance covers cyber liability coverage or claims made by third parties. Currently, there are no standard insurance coverages for these types of policies, but the following are common reimbursable expense coverages:
- Business losses: Losses to your business as a result of the cyber attack may include network downtime, data loss recovery, business interruption and costs involved in managing a crisis, which may involve repairing a damaged reputation.
- Investigation fees: To determine what occurred, how to repair damage and how to prevent the same type of breach from occurring a forensics investigation is necessary.
- Notification & Privacy costs: This includes credit monitoring for customers whose information may of been breached and data breach notifications to customers and other affected parties, which as effective Nov 1, 2018 is mandatory by law.
- Legal proceedings and lawsuits: This includes legal expenses related to the release of intellectual property and confidential information, regulatory fines and legal settlements. This may include the costs associated with cyber extortion, such as a from ransomware.
What are hackers looking for?
Personal identification name, social, credit card, benefits info, etc. They may also be trying to find processing power. Hackers look for unused space on the business’ server system to distribute botnets, illegal storage etc. One of their main reasons for hacking businesses is to exploit customer data on your computer system.
Questions You Need To Ask:
- What would a cyber liability lawsuit cost your company?
- How many of your employees access your server from home or from a mobile device?
- What policy or system is in place to prevent family members from accessing sensitive data?
- What policy do you have in place to track sensitive data?.
- How does the cost of a data breach or a damaged brand due to a rogue employee impact your business?
What to look for when buying cyber insurance
Lots of well-known Canadian insurance companies offer cyber insurance policies. Insurance industry experts predict that clients will soon expect cyber insurance to be a part of every business insurance policy. However, like any business insurance, cyber liability insurance policies and their coverage vary by insurer.
When comparing insurers and their policies, find out which expenses they cover in the previous section and inquire about the following limits and special circumstances.
- What deductible options are available? Just like you do with your home, business or auto insurance be sure to compare your deductible options closely.
- Does the policy only cover targeted attacks against that business in particular? Or will it cover any attack to which a business falls victim to?
- Does the policy only cover network attacks or does it include social engineering? Social engineering plays a role in all kinds of attacks, including advanced persistent threats (APTs), phishing and spear phishing.
- APTs can take place over time sometimes months to years, does the policy include time frames within which coverage applies?
- Does the policy cover both first and third party service providers? Find out if your service providers have cyber insurance and how it could potentially affect your agreement.
- Is the coverage being provided an extension to a policy or are does the insurance company offer one or more types of cyber insurance policies? Stand-alone policies are generally the the best and most comprehensive. Another good thing to find out is if the policy can be customizable to your business.
- Part of a cyber insurance policy is E&O (errors & omissions) coverage. Does the cyber insurance policy cover non-malicious actions taken by an employee?
Methods To Cyber Risk Management
Preventative strategies include making sure that antivirus and anti-malware controls are installed and updated regularly. You will also want to include regular training on policies and procedures. You need to establish clear policies for employees on what information can and cannot be shared on social media outlets. You will also want to create an ability to capture all employee communication using a company management system. Finally clearly, state expectations for a response time.
Mitigation strategies include having a response plan alerting any customer whose information may have been compromised. This will also include detailing what your business is going to do about it. You will want to establish regular communication strategy. This communication will include your clients, media, and employees as to the progress on cleaning up the breach.
Transfer strategies include outsourcing to a firm who manages your online brand. This will include your social media, web presence and online data collection.
How To Start a Guild/HMS Cyber Policy
Click Get a Quote
Enter in your contact details
Tell us about your business
Submit your quote request and let one of our brokers take care of the rest