The increasing number and sophistication of cyber incidents affect companies and organizations of all sizes and remediation of cyber incidents can be costly. Can insurance help cover the cost of cyber incidents?
Cybersecurity insurance is one option that can help protect your business against losses resulting from a cyber attack. Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.
A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack.
Traditional commercial general liability and property insurance policies typically exclude cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand-alone” line of coverage. That coverage provides protection against a wide range of cyber incident losses that businesses may suffer directly or cause to others, including costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Few cybersecurity insurance policies, however, provide businesses with coverage for an area of growing private and public concern: the physical damage and bodily harm that could result from a successful cyber attack against critical infrastructure.
In recent years, the Cybersecurity and Infrastructure Security Agency (CISA) has engaged key stakeholders to address this emerging cyber-risk area. Since 2012, CISA has engaged academia, infrastructure owners and operators, insurers, chief information security officers (CISOs), risk managers, and others to find ways to expand the cybersecurity insurance market’s ability to address this emerging cyber-risk area. More broadly, CISA has sought input from these same stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates. CISA is currently facilitating dialogue with CISOs, Chief Security Officers (CSOs), and insurers about how a cyber incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.
Types of Cybersecurity Insurance Coverage
First-party cyber coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:
Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:
For cyber-security resources small businesses, please visit www.insureuonline.org/smallbusiness
To Learn More
Policy Smart provides independent retirement and insurance advice by reviewing your current plans to improve coverage and reduce cost. Through our proprietary database – The CMR Database® (comprised of some 13,000 brokers and specialists globally) – we maximize access to the retirement and insurance industry for greater options that will translate to better coverage and lower cost. Since 1999, we have saved clients over $120 million.
Please email CMR Associates or call 877-447-4301 or 212-447-4300 for more information about cyber insurance and a “cyber risk assessment” consultation.