Cybersecurity insurance policies are not all the same, and it’s important to understand the requirements and coverage details.
Let’s start with what cybersecurity insurance (sometimes referred to as cyber insurance or cyber liability insurance) actually is.
Cybersecurity insurance policies are meant to cover all of the expenses that a firm incurs when it's the victim of a data breach. It doesn’t mean that if a hacker accesses your banking and steals $50k, that you’ll get that money back, unfortunately.
Traditional insurance policies exclude cyber risks, which is why cybersecurity insurance is typically a separate type of coverage.
So how do you choose the right coverage? I asked our CISO for some guidance on that, and here’s his advice:
It’s important that the company and salesperson you bought coverage from (or are considering) really understand what they’re selling. If they’re telling you “this is what most companies are doing”, instead of actually discussing coverage options based on your risk, then you might want to look for a different provider who specializes in cybersecurity insurance policies.
Here are some commonly vague points in cybersecurity insurance policies. You want these points to be spelled out as much as possible:
We think that any firm that has data that is attractive to criminals should seriously consider cybersecurity insurance. If your company accepts digital payments or stores personal health or financial data about your clients, you need to seriously consider adding a cybersecurity insurance policy.
Cyberattacks are not slowing down, and even small businesses are targets. Ransomware attacks alone increased 700+% year over year in 2020.
As of a few years ago, cyberattacks were costing businesses $200,000 on average. Cybersecurity insurance policies are important, and can keep you in business even if you are dealing with a cyberattack.
Cyberattacks can seriously hurt your business, but cybersecurity insurance can help cover the expense of downtime related to cyber incidents. Make sure your policy provider understands cybersecurity insurance. They need to properly evaluate your risk – a one-size-fits-all policy is typically a horrible idea. Use the points above to identify vague or confusing language in your policy.
We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity. Most of our clients need to comply with major cybersecurity regulations like HIPAA, CMMC, NIST-800-171, SEC, NYDFS, IRS, FFIEC, etc. Learn more about our Virtual CISO services and contact us for more information: https://adeliarisk.com/virtual-ciso-service/