by Scott Jack
Content Contributor, E-N Computers
7+ years experience in healthcare IT and tech support.
Without a doubt, small businesses are a popular target for cybercriminals. The Department of Homeland Security estimates that between one-half and three-quarters of small businesses are victims of ransomware. Even worse, it is estimated that over 60% of those fail within 6 months of a successful cyber attack. This can be attributed to financial losses like lost revenue, recovery expenditures, ransom payments, and legal fees.
Cyber liability insurance is one way some businesses choose to protect themselves against the financial losses associated with data breaches. Large corporations in particular make use of these specialty policies to mitigate the cost of recovering from a cyberattack.
However, as cybercrime continues to become more widespread, small and midsize business leaders must contemplate whether such a policy would be a wise investment. Let’s discuss cyber insurance in more detail—what it is, some potential downsides, and an additional way to reduce security risks.
QUICK ANSWER:
What Is Cyber Insurance?
Cyber insurance is a liability insurance product designed to handle expenses incurred from cyber attacks like business interruption costs, breach notifications, disaster recovery, legal expenses, and direct losses such as electronically stolen funds and ransom payments. It is usually separate from or in addition to a general liability policy.
What is Cyber Insurance?
Cyber liability insurance is a specialty policy distinct from your general liability policy. A general liability policy covers bodily injury and property damage that result from your products, services, or operations. On the other hand, cyber insurance is designed to handle expenses incurred from cyber attacks like business interruption costs, breach notifications, disaster recovery, legal expenses, and direct losses such as electronically stolen funds and ransom payments.
These policies do not cover all costs associated with security breaches, though. For example, they will not cover computer system upgrades designed to enhance security after the attack. A cyber insurance policy will not cover future lost profits, devaluation resulting from compromised intellectual property, or reputational harm. And it will not cover activities on your computer systems by authorized users that result in losses. Therefore, it is important to be thoroughly familiar with your policy’s limits and exclusions and not rely too heavily on it.
Although all insurance policies contain limits and exclusions, cyber insurance is somewhat unique as a relatively new product that only appeared in the late 1990s. This newness means that insurance underwriters are working with limited information and adjust policies as they learn more about cybercrime and risk mitigation techniques. To determine your rates, insurers factor in information about your company including how much sensitive data you handle, your industry, and how many employees you have. Rates are also heavily influenced by the frequency, severity, and cost of remediating cyber incidents.
As a result, premiums are expected to increase by 20% to 50% during 2021—after experiencing a marked increase during the last half of 2020. Insureon, a marketplace for small business insurance, reports that their customers pay a median price of $1,675 per year for cyber liability insurance regardless of coverage limits. With the basics of cyber coverage in mind, let’s look at some of the challenges that it can present.
Get the Cyber Insurance Quick Reference
Cyber insurance can be complicated. We’ve boiled down the most important parts into a quick reference doc, which you can download for free right here.
Don’t have time to read the quick reference right now? Enter your email address (totally optional!) and we’ll send you a link so you can download it later or share it with your team.
Cyber Insurance Challenges
The limits and exclusions imposed by insurance companies to limit their risk may present difficulties for you as the insured. For example, a claim may be denied or your coverage limits may not meet your total losses. Consider the following examples of companies that were victims of by cyber crime.
In 2013, a seafood importer named Aqua Star was compromised. A hacker monitored their email exchanges with a vendor, then sent fraudulent emails directing Aqua Star employees to change banking information on record for future transfers. Aqua Star employees did so and the company was defrauded of more than $700,000. Their insurer, Travelers, denied coverage because the changes were made by authorized users. This case went to United States District Court, and was decided in favor of the insurer.
Another example is the high-profile hack of Target in 2013. An eastern European crime syndicate targeted a third-party HVAC company with access to the company’s network. Using a spear phishing email, they were able to acquire credentials that ultimately gave them access to Target’s debit and credit card data. As a result, 110 million customers had their data compromised or stolen. Target’s cyber insurance policy paid out $90 million, or about 30% of their direct losses as a result of the breach. Payouts for settlements with payment card networks were subject to a sublimit of $50 million, less than 60% of the company’s settlements with Visa and MasterCard.
Insurance companies do not cover every cyber threat and may require additional documentation before covering others. For example, they may not approve claims for state-sponsored attacks as these are considered acts of war. With the rapid increase in frequency, severity, and cost of ransomware attacks, insurers are scrutinizing companies’ information security protocols more carefully. They may request documentation that describes the controls you have in place to prevent, detect, and remediate a ransomware attack. Without sufficient safeguards in place, they may deny you coverage.
How to Reduce Your Risk
Cyber insurance may be a useful supplement to a broader security plan, but it is not a substitute for good cybersecurity practices. Insurance is a reactive remedy; it only helps after damage is done. On the other hand, implementing strong cybersecurity now proactively shields your business from damage caused by cyber criminals.
E-N Computers can help you decide whether cyber insurance coverage is a worthwhile investment for your business. Our focus, though, is helping you build a reliable computer system with modern security controls like multi-factor authentication, firewalls, web filtering, and antivirus. When implemented properly, these tools can make you less susceptible to an attack—and more insurable.
Training staff on how to recognize and handle malicious websites and emails will further protect your business. Once staff learn to identify untrusted links, attachments, and messages, they will be less likely to download malicious software, give away sensitive information like login credentials, or make changes to payment information. When technology and training work in tandem, you are in a better position to avoid the headaches that come with a cyber breach and business disruption.
Next Steps: Cyber Liability Insurance
READ: What Is a Network Security Breach?
READ: What Is the Cost of Downtime in 2021?
The cyber insurance market is reeling from an explosion in ransomware attacks and more expensive extortion payments. As a result, premiums are increasing, policy terms are become more exact, and expectations are increasing for business that want coverage. Whether you purchase cyber coverage or not, you need to understand your company’s risks, develop a plan to mitigate them, and implement information security controls. Doing so now is an investment in your company’s stability and reputation.
E-N Computers is a trusted partner for many companies seeking to build and maintain an up-to-date, secure computer network. We support businesses across a variety of industries not limited to manufacturing, healthcare, law, and accounting. Contact us today to discuss how we can help you!
Get the Cyber Insurance Quick Reference
Cyber insurance can be complicated. We’ve boiled down the most important parts into a quick reference doc, which you can download for free right here.
Don’t have time to read the quick reference right now? Enter your email address (totally optional!) and we’ll send you a link so you can download it later or share it with your team.
Industries
Locations
Waynesboro, VA
Corporate HQ
215 Fifth St.
Waynesboro, VA 22980
Sales: 540-217-6261
Service: 540-885-3129
Accounting: 540-217-6260
Fax: 703-935-2665
Washington D.C.
1126 11th ST. NW
Suite 603
Washington, DC 20001-4366
Sales: 202-888-2770
Service: 866-692-9082
VA DCJS # 11-6604
Locations
Harrisonburg, VA
45 Newman Ave.
Harrisonburg, VA 22801
Sales: 540-569-3465
Service: 866-692-9082
Richmond, VA
3026A W. Cary St.
Richmond, VA 23221
Sales: 804-729-8835
Service: 866-692-9082