4 Reasons Why Your Organization Needs Cyber Insurance

In today’s digital landscape, organizations’ fight against cybercriminals can often feel like a high-stakes cat and mouse game.

Bad actors ranging from lone attackers to state-sponsored groups are constantly adapting their hacking techniques to defeat organization’s cybersecurity measures and gain access to precious data that can be leveraged to achieve their malicious goals.

Often times, these bad actors are successful at the expense of organizations. According to Juniper Research, the global cost of data breaches is predicted to be a whopping $2.1 trillion in 2019.  

To avoid being defeated by cybercriminals in a precarious digital environment rife with mobile workforce security challenges, preparing financially for a cyberattack is essential. Purchasing  cyber insurance — sometimes called cyber liability or cyber risk insurance — can go a long way to empowering organizations to recover in the wake of an attack.

Here are 4 reasons your organization needs cyber insurance.

General liability insurance won’t cover cyberattacks

Your intuition while reading this article up to this point may have been to go and review your organization’s general liability policy. The fact is that standard business liability insurance policies typically don’t cover losses incurred because of the internet. 

Your organization’s current insurer, however, may have additional policy offerings that cover cyber liability, so it can be a good place to start when shopping around for the right coverage.

Your organization’s cybersecurity is likely (to be) compromised

Now don’t fall into the trap of thinking, “Why do I need cyber insurance? Our organization is unlikely to be hacked” or “our cybersecurity posture is strong.” The data shows that, regardless of your organization’s size or security measures, breaches still happen.

According to a 2017 Accenture report, the average number of successful cybersecurity breaches per company each year is 130. That’s just over 2 breaches every week.

Organization size and industry doesn’t offer immunity either. Verizon’s 2018 Data Breach Investigations Report found that 58% of data breach victims were categorized as small businesses and 14% of breaches occurred within public sector entities.

The cloud is an uncontrolled risk too. Often organizations are storing data through third-party cloud services. The terms of use policies for these vendors state that the customer is liable in the event of a breach, even though the organization is relying on the service provider to protect its data.

Additionally, many cybersecurity experts will take the stance that even the strongest cybersecurity posture isn’t 100% hack-proof. A year after Equifax’s breach impacted 147 million people, the company’s Chief Information Security Officer, Jamil Farschi, said: “No matter how much you invest, how great your people are, any organization nowadays can be breached.”

Purchasing cyber insurance is about preparing for the worst and then hoping for the best.

It can be the difference between life and death for a business

Yes, it sounds dire, because it is. The National Cyber Security Alliance found that 60% of small businesses close within 6 months of a data breach. This is likely because the cost of a breach can be so expensive.

IBM’s 2018 Cost of a Data Breach study with Ponemon Institute found that, globally, the average cost of a breach is $3.86 million. In the US, the average cost of a breach is over twice that amount, at $7.91 million. It may sound high at first until you consider all of the expenses that occur after a breach. Costs of a breach include:

  • Business losses: Often a breach can lead to network downtime, in which business operations cannot be performed as usual. This can negatively impact revenues.

  • Investigation: Organizations that experience a breach typically hire third-party firms to perform digital forensics to identify a breach and resolve security vulnerabilities.

  • Privacy notification: Organizations are often legally required to disclose to customers when their personal data has been compromised. A campaign notifying these victims is an unplanned expense.

  • Credit monitoring: If credit monitoring for victims of a breach is part of the PR strategy, then payment to a third-party for this service will also be part of the expenses.

  • Cyber extortion or ransom: If intellectual property and other digital information is stolen via ransomware, then an organization may be forced to pay a ransom to recover its data.

  • Lawsuits: Victims of the breach may sue an organization for negligence in relation to data security. This can lead to expensive legal fees and, potentially, high payouts to victims.

  • Regulatory fines: Breaches often occur when an organization has fallen out of compliance with government regulations. This can lead to hefty penalties and fines.

  • Public Relations: Organizations looking to rebuild trust with the people they serve often enlist the help of a third-party PR firms for marketing campaigns.

While specific coverage varies with each policy, many cyber liability insurers cover these types of expenses.

It’s an affordable solution

The good news is that cyber insurance isn’t as expensive as you might think. Pricing is based on your organization’s size, industry, and coverage needed. For small businesses, insurance can start at between $500-$750, with prices going up for larger organizations.

Additionally, some insurers may reduce your organization’s premium for implementing strong cybersecurity practices and lower your costs each year a claim isn’t made. It pays to ask questions and have strong cyber protections in place.

Conclusion: Getting Started

Insurers often want to see that an organization has performed a cyber risk assessment and implemented best practices for fighting digital security threats. To perform a cyber risk assessment, you’ll need to estimate the value of your assets, including hardware and intangible data, evaluate the likelihood of losing those assets to a cyberattack, and then weigh the costs of protecting each asset versus its actual value.

Once security best practices are in place, you’ll need to develop a plan for a breach so that you can create of list of the expenses your organization would need covered. This list will provide a great starting point for evaluating insurers and selecting the right policy for your needs.

Purchasing cyber insurance is far from a one-size-fits-all model. Hiring a broker who can help you evaluate policies can go a long way to making the insurance selection process easier.