What does cyber insurance typically cover?
Pandemic or no pandemic–cyber insurance is a must-have. And, not just that, some of your clients may insist that you have cyber insurance coverage before they trust you with their data–especially if you are operating in the B2B market. Cyber insurance can break the fall in case you become the victim of a cyber attack or some gross malfunction that causes data loss. Here’s a list of things cyber insurance policies typically cover.
Forensic analysis
After a cybersecurity attack, you need to conduct a root cause analysis to identify what went wrong and where, so you can take corrective action to prevent the possibility of it repeating.
Notification expenses, penalties & lawsuits
Along with data breaches come a lot of liabilities including timely notification, fines, penalties, and perhaps even lawsuits for which you will need legal representation.
Revenue loss–direct and indirect
If your business is a victim of cybercrime, you will likely have to shut down your IT infrastructure for some time even as the issue is being resolved or contained. This downtime can cost you quite a bit in terms of lost sales and also employee productivity. Not to mention the damage to your business’s brand name which will have some effect on your sales revenue for at least a few months to come–and add to that the costs of employing a good PR agency to create some positive buzz around your brand to overcome the bitter taste left by the data breach incident.
Apart from the items covered above, which is more like a consequence of data loss, there are two big risks that cyber insurance policy can protect you against–cyber extortion and fund diversion.
Cyber extortion
Remember the WannaCry Ransomware incident that happened in 2017? Cybercriminals used a worm, a form of malware to infiltrate more than 200,000 target computers and freeze user’s access to the data therein. The losses caused by WannaCry are estimated to be in the range of billions of dollars. What would you do if someone held your data hostage or worse still threatened to leak it online? As a business owner, you have no choice but to pay up the ransom amount.
Fund diversion
This is another form of cyber attack, though not as obvious as cyber extortion. Fund diversion is when you or your staff accidentally end up diverting your business funds to a fraudster. For example, your accountant clicked on a phishing link that took them to a clone site of the bank where your company has its account, or they made a payment by clicking on a fraudulent email sent by a cybercriminal posing to be your vendor.
It is important to remember that cyber insurance is still NOT a replacement for cybersecurity. You cannot invest in a cyber insurance policy and not bother about putting data security measures in place. In fact, like any other insurance, cyber insurance will also have exclusions and any laxity on your part in terms of data security can cause your cover to become null and void. This is where a trusted managed services provider can be of help. An experienced MSP can help you pick the right cyber insurance policy based on your needs. They will be able to explain the exclusions clearly to you–in your terms and help you design and maintain the security mechanisms and processes necessitated by the cyber insurance policy.