Many of us view insurance as a necessary evil. We loathe paying the premiums, but we all deal with it at some point—whether it’s health insurance, car insurance, homeowners/renter’s insurance or some other type of insurance. Add one more type of insurance to the list, now there is cybersecurity insurance too! Furthermore, some of us are familiar with different types of business and occupational insurance as well—whether we’re insuring a business/property against liability claims, or in some industries, even malpractice claims. For those of us who ever needed it, we’re thankful to have it.
General Liability Coverage
If you’re running a business and made what you thought was your final premium payment for the term, the last thing you probably expected to hear from your agent is “have you ever thought about adding a cybersecurity insurance policy?”. Or, maybe you thought it was already included in your existing business owner policy or general business liability policy, but more than likely, it is not (check with your agent to be sure).
Facing Cyber Risk
It’s not something many small to medium-size business owners or stakeholders even think about. Over the last year, I’ve heard “we’re pretty small, we won’t be targeted”. Some have stated “we have a managed firewall and Internet service; our provider is responsible”. Others have stated “we outsource our e-commerce solution and the vendor is responsible for securing all customer data”. Often, highlighting sections of the Verizon Data Breach Investigation Report (and Digest) changes perspective and tone rather quickly.
Some have stated “we have a strong cyber-security awareness and culture here, but what would happen if we actually were breached? We may not have the resources we need in-house.”.
Enter cyber-security insurance. Regardless of the level of risk you face, or the in-house talent and systems you may (or may not) have in place, having the right policies will allow you to transfer some risk and tap into resources typically afforded by larger enterprises.
Cybersecurity Mitigation and Response
Most reputable companies and underwriters who offer cybersecurity insurance policies will assist you and your business throughout the risk management process. In many cases, insurers will offer tools and recommendations to help secure your infrastructure against threats (after all, in most cases preventing a loss is much cheaper than responding to one).
In the (hopefully) unlikely event a breach or loss is detected within or traced back to your organization, having the right policies will assist you with revenue and reputational damages, including assistance with incident response, containment, public relations and legal action/defense.
Unfortunately, there is no one-size-fits-all policy that works for everyone. As with any type of insurance, there are different types of policies comprised by different types of coverage, exclusions and limits. If you’re a business owner or stakeholder, we recommend scheduling a meeting with your insurer and/or agent to discuss if cybersecurity is something your insurance company offers and has experience with. If you’re just getting started or are seeking second opinion specific to you and your business, give one of our skilled Sr. Network/Server Consultants a shout for an unbiased and objective recommendation!