The short answer is yes, you do need cyber insurance for your business.
Exactly what kind of coverage and how much it will cost you will vary as you would expect with any kind of insurance.
Since we’re not insurance agents here at Infinity, we are not going to go into those specifics or try to sell you anything. What we can do, however, is walk you through some of the factors that come into play with cyber insurance–including what might keep you from getting covered at all–and we’ll give you some questions to ask your agent so you don’t feel overwhelmed.
There are typically some very detailed and technical forms that you need to submit in order to get coverage, and filling out those forms out can be tricky. We’ve done this with our clients and would like to make the process as easy as possible for you.
Watch this 2.5 minute video of our CEO explaining some of the main cyber insurance issues. And if you prefer to read, we’ve got a Q & A recap underneath so you can jump right to what you want to know.
What is cyber insurance, what is it for?
Cyber insurance is coverage designed to protect your business in the event of a hack or breach.
How do I know if I need it?
With the constant threats to our business networks, the rise in successful attacks, and the increase in payouts for ransomware, cyber insurance has become necessary for all businesses.
Just like you need car insurance if you’re driving, your business needs cyber insurance if you are connected to the internet for anything—emails, networks, servers, websites, etc. Cyber insurance is typically excluded from a general liability policy.
What kind of coverage do I need?
The kind of coverage you need will depend on various factors of your business such as your industry, the customer data you collect, what regulations you are subject to, and so on. Just like your house might require flood insurance depending on where you live, your cyber insurance will depend on your company’s liabilities. And the measures you have in place to mitigate them.
For example, over the past year many cyber insurance policies have started requiring that a business have MFA (or multi factor authentication) implemented. It has become so critical now as a measure of protection that renewals may double in cost or be flat out denied without it.
Some coverage types to ask your agent about include:
- data breaches such as theft of personal information
- cyber attacks on your network
- cyber attacks or breaches on one of your vendors or other third parties hosting your data.
Additional factors to discuss and details to cover include these takeaways from the Liability in the Digital Age panel.
What does it pay for?
Typically, cyber insurance will pay for the things you need to do after suffering a breach. This can include
- notifications to all your clients,
- credit monitoring services for those clients,
- the investigation into what caused the breach and how much was impacted,
- legal counsel,
- fees or fines related to the incident,
- possibly the loss of business opportunities due to damage to your company’s reputation,
- and the often very technical work that’s required to put the pieces of your business back together.
What happens if I don’t get cyber insurance?
If you don’t get cyber insurance, you could be wiped out by a ransomware attack. It sounds drastic, but it’s that simple.
A study by IBM and the Ponemon Institute says that the average length of time it takes to identify and contain a breach is 287 days. That’s 3 quarters of a year. Time that you might not have all your systems working right, that employees can’t do their work for you, that you have to pay experts to audit and analyze, and that you might not be able to get any new business. Could you survive that long?
How do I get started?
Talk to your insurance agent. Pretty much all the major carriers are offering cyber insurance, and a trusted agent would have already suggested you add cyber insurance.
If you don’t have someone like that, ask your IT company for recommendations. You’ll need them anyway to help fill out a detailed questionnaire in order to get coverage. And this needs to be done very carefully so you don’t get refused coverage or overcharged.
Our CEO has seen forms as long as 15 pages for cyber insurance, and the questions are not always the most straightforward. So ask for help. Talk to your IT company or reach out to us. Helping to protect our clients in every way possible is what we do.
Find more Network Security information here.