The last five years have seen a drastic increase in the number of phishing and malware attacks. This is, in part, due to changes in work practices – with more people working from home permanently or operating a hybrid model, endpoints have become harder to secure. On top of this, advances in technology have made cybercrime more accessible than ever. For example, it is now easier to buy malware from the dark web meaning that people with very little technical skill are able to orchestrate advanced attacks. With the prospect of a cyber-attack so likely, it’s important that organizations are prepared to deal with the consequences of a breach. And one way in which they can do that is by investing in cybersecurity insurance.
While cyber insurance itself does not directly strengthen your security or make breaches less likely, it can put your organization in a better position to respond and recover once an attack has happened. The financial impact of a cyber-attack can be catastrophic – IBM calculated that the average total cost of a data breach was USD 4.35 million in 2021. That is a 12.7% increase compared to the previous year. Cybersecurity insurance can help cover these costs and ensure that your organization returns to normal business operations swiftly.
Before a provider will agree to cover you, they will conduct a risk assessment to ensure that you are taking steps to proactively reduce your risk of cyber-attack. They will expect you to have certain tools in place—such as email security, endpoint security, and a firewall—before they agree to extend cover to you. While this is an indirect consequence of cybersecurity insurance, it does ensure you are better protected. This “belt and braces” approach ensures your organization is robust and flexible when it comes to responding to cyber-attacks.
In this article, we will cover some of the top US-focused cybersecurity insurance policies and providers. Once you have seen the broad trends and unique features of different providers, it is worth contacting the insurer directedly to ensure your policy is tailored and specific.
How To Choose A Cybersecurity Insurance Policy?
When it comes to cybersecurity insurance, you want to find an organization that will work with you in partnership.
- Speak to the provider. Insurance is not an off-the-shelf product but is a relationship. It is in both your, and the insurance providers’, interests that a cyber-attack does not succeed. It is worth taking the time to understand how your insurer works, and vice versa. This ensures that you are both on the same page and that you can get the most out of the relationship.
- Check what’s covered. There is nothing worse – in the insurance industry – than having expectations that are not met. Ensure you know what you are covered for and what is not covered. Armed with this knowledge, you can decide if you need to take out further insurance or implement any additional security infrastructure.
- Do the math. Cybersecurity insurance should not be used in place of proper security tools. In fact, it is quite the opposite. If you fail to have sufficient cybersecurity tools in place, you will be unable to take out an insurance policy. Insurance won’t make you inherently more secure, it will just ease the path to recovery after an attack. If your organization is unable to budget for both insurance and sufficient tools, always go for the option that is going to make your accounts harder to access.
What Does Cybersecurity Insurance Cover?
Rather than taking our word for it, it is worth reading the specific details of your policy to properly understand what you are and aren’t covered for. However, there are some common areas that are generally covered by insurance. These include:
- Business interruption as a result of cyberattack, human errors, programming errors, or network security failures
- Loss of data
- Expenses associated with public relations (PR) like customer notification and reputation control
- Legal costs – including contractual indemnity
- Costs incurred during a regulatory investigation
- Ransomware and extortion demands
It is also worth checking the value of insurance. For large organizations, ransomware demands are often in the millions of dollars. Does your insurance policy cover this value of attack? Do you need to take out multiple policies, or find multiple underwriters to cover your assets?