Insurance Insurance Basics

Cyber-Insurance is the Future of Business Insurance

Written by Frank Addessi

The news is full of stories of celebrity photo hacks and mega-retailers having customer information stolen by cyber-thieves. The danger of cyber attacks includes more than theft of information. It includes business interruption that is the result of both undirected and directed malware that can be covered by cyber-insurance.

Just as wearing a seat belt reduces your risk of serious injury in a car accident, there are measures that businesses can take to reduce their risk of breach. At the end of the day cyber attacks, like car accidents, are going to happen and cyber-insurance goes a long way to limiting the effects.

What is cyber-insurance?

“Cyber-insurance” is a catchall phrase. It includes a variety of policy configurations that protect against a range of threats. In other words, different policies from different insurers may cover different threats.

Cyber-threat or cyber-liability insurance coverage may include these threats:

Data breach — The extent of the coverage will vary from policy to policy and can include some or all of the following:

  • Expenses related to managing the breach.
  • Cost of investigating the sourcecause of the breach.
  • The cost of repairing the vulnerability.
  • Notifying affected parties.
  • Increased call management costs.
  • Credit checks for affected customers.
  • Legal costs, including fines.

Multimedia or media liability — This includes damages to third parties. For example, celebrity photo hacking, defacing of websites and intellectual property infringements.

Extortion liability — Protects against losses due to the threat of extortion. These include the cost outside help to deal with the extortion.

Network security liability — Covers the costs associated with a denial of access or denial of service attack, including their impact on third-parties.

There may be some areas of overlap in coverage between a cyber-insurance policy and other forms of business insurance. That’s why a careful evaluation of your risks and coverages is essential.

What to know before buying cyber-insurance

Before you can shop for a cyber-insurance policy, you will need to gather some information. Starting with what it is you want to protect against.

Not all businesses collect customer credit card information or personal information. If your business is primarily B to B you will likely not have anything more personal than the names of contacts. An understanding of what can be stolen and how it may be used is the fist step in determining what such a breach would cost in financial terms.

Since cyber-insurance is a relatively new product each policy may be underwritten on a case by case basis. You will have to furnish detailed information about what sort of security risks you believe you’re vulnerable to. What you have done already to prevent them from occurring?

Like auto insurance companies requiring your vehicle pass a safety inspection, companies that issue cyber-insurance want assurances that your systems meet or exceed their standards for security.

Shopping for coverage

Performing your own comprehensive risk assessment is the first step in shopping for coverage. The next step is finding a broker who has experience working with cyber-insurance. Someone who is familiar with your needs and already works with insurance companies that issue cyber policies.

Your broker is not only going to help you find the best price, but the right coverage for your risks. There’s no point in paying for insurance that you won’t be able to use if and when the time comes.

Insurers will often ask you for an independent system security audit before finalizing terms of a policy. Insurance companies may include a provision that allows them to assign someone to handle the response to a breach. They would take over as soon as a claim is filed.

This can be an important factor in deciding between competing policies. It requires granting access for a third party to deal with your customers.

The bottom line

The rules for cyber-insurance are evolving as rapidly as the threats of a cyber attack against your business.

The most important rule of thumb for this type of business insurance is to educate yourself. Your best defense is a thorough understanding of your potential exposure, what you can do to prevent an incident. With that information in hand, you are ready to consider what your options are for coverage.

About the author

Frank Addessi

Frank Addessi has been a serial entrepreneur and a licensed insurance agent for more than 20 years. He writes primarily about personal finance, small business and all types of insurance. His work has appeared on websites such as Smart Asset and The Simple Dollar. He can be found on his website frankaddessi.com.

Leave a Comment