Cyber Liability Insurance
May 24, 2016
Author: Megan Gotto
There are two types of companies: Those that have been hacked, and those that will be. And extending that thought further: Those that have been hacked, and will be again. With more and more companies going digital, the risk for a cyber attack increases. Every system upgrade, remote device, and incoming email exposes a company. With the average cost per cyber attack in 2013 at $5.4 million, companies can’t afford not to protect themselves.
There are a number of preventative measures companies can take to protect themselves from cyber attacks. Having a plan in place to combat these attacks is the first key. A digital security assessment will give the complete picture of an organization’s security posture that focuses on policy, controls, procedures, and effectiveness of the plan implementation. Once an assessment is done and a plan is in place, continuous testing and improvements are necessary. One of the biggest exposures to cyber attacks is a company’s own employees. Making sure employees are educated and know what to look for when an attack may be happening is crucial. This includes suspicious emails and requests for information. If a company’s employees know what to watch for, this will decrease the chances of a successful cyber attack.
Other than the human element, companies should also look into other attack areas. Some of these areas include providing IT with information on security measures and software updates limiting employee access to sensitive information, recognizing the risks of employee’s personal devices for company data, and limiting the number of third-party vendors that have access to company information. Data backups of company information are important and developing a secure culture within an organization is a good plan to have in place. However, a company can take all of the steps possible and still have a data breach and lose all company information. What protects them when the preventative measures don’t? Cyber Liability Insurance.
Cyber Liability Insurance protects a business when all preventative measures have been taken and a cyber attacker still gets through. The cyber risk can then be transferred to an insurance policy. There are three basic elements to a good cyber insurance program: legal liability, business interruption, and coverage for breach notification costs. The legal liability component will protect the insured from lawsuits that arise out of a data breach. Business Interruption Coverage will replace lost revenue from downtime while a breach is being looked into, which could take months to complete. Breach of notification costs is the cost to notify the public that a breach has happened. While a cyber liability policy can be tailored to each individual company’s needs, it is crucial that a cyber liability policy encompass all three elements in order to provide adequate coverage to the insured.
With an average of 10% of companies buying cyber liability insurance, and nearly 90% of businesses having a cyber attack within the last 12 months, it is obvious cyber liability insurance is an important coverage to purchase. Not only are there substantial financial costs associated with a cyber attack, a company can suffer considerable damage to its reputation. Cyber Liability Insurance is the perfect way to remedy those damages.
|Megan Gotto, AAI
Account Administration, Transportation
- Travelers Wrap Cyberlink Coverage Checklist
- Findings from the Chubb 2013 Private Company Risk Survey
- The Risk Report, Cyber and Privacy Insurance Coverage, Volume XXXVII No 11, July 2015
- The Risk Report, Plan to Protect Digital Assets, Volume XXXVIII No. 2 October 2015