What is Cyberinsurance?
by Nathan.Fouarge, on Mar 2, 2020 5:30:00 AM
Ransomware continues to make headlines. The progress of businesses, schools, and government agencies comes to a grinding halt for perhaps hours, often for days. This phenomenon, among other things, has brought a new popular term into the IT lexicon - Cyberinsurance. What is it? Do you need it? What must you do when looking for a policy? Today we begin a new multi-part series on this compelling topic.
The result of a recent Spiceworks survey revealed that 38% of organizations across North America and Europe have a cyber insurance policy. Cyberinsurance is liability coverage that insures against damages you might incur from events like cybercrime, and data breaches where customer data is exposed. Imagine the costs associated with the loss of private customer information such as social security numbers, credit card numbers and health records. Your recovery costs might include notifying customers as required by law, any resulting lawsuits, data recovery costs or even reimbursing the extortion costs of ransomware. With an ever increasing number of businesses signing Cyberinsurance policies, it’s wise to understand what is available and what to consider.
The realities of signing a Cyberinsurance policy:
Every cyber insurance policy is different, and there is no standard nomenclature.
This relatively new insurance offering is still evolving, and that means you will see a lot of variation from policy to policy. It is on you as a business owner and your customer’s technical advisor to get the details right. Policies should always be reviewed by a technology expert, either from within your company or with your security partner.
While there are some expert consultants in the field, you may find that a vast majority of those selling Cyberinsurance policies know very little about Information Technology. Bear in mind that these insurance agents are making tiny commissions on relatively small amounts. It’s likely that they are not even familiar with the finer details of the policy. Advanced preparation to understand your own needs and guide them towards a policy that best fits your organization will yield better results for your organization.
Let’s be honest, there’s no way to insure everything. Just because you have Cyberinsurance doesn’t mean you will be able to cover regulatory fines and penalties coming from gross non-compliance with HIPAA. Or let’s say your customer ignores your repeated security warnings and suggestions, then subsequently suffers a data breach. Making a successful claim in this scenario is a long shot. However, industry wide we are not seeing much declination of cyber insurance claims 'yet' for businesses making their best security effort. That could change, so preparation is key.
With these obstacles in your path, is Cyberinsurance even worth the effort? Quite possibly it still is! So how can you prepare yourself to locate and enter into the best Cyberinsurace policy? Read PART-2 in this blog series - Preparing to Sign a Cyberinsurance Policy.
NovaStor and NovaBACKUP have no affiliation with Cyberinsurance companies, however some popular choices include AIG (American Insurance Group), Travelers, AXA XL, Chubb Ltd. and Beazley.