Shopping for Cyber Insurance? 5 Tips to Help You Get Started
Although it has been available for almost twenty years, cyber security insurance is still a relatively new form of insurance coverage for businesses. A business that is shopping for cyber security insurance will be better able to select the right coverage by asking a few questions about the different components of these types of policies.
1.- How does cyber security insurance interact with comprehensive general liability (CGL) and other types of business insurance?
At least one recent court decision ruled that some existing forms of CGL insurance does cover damages from a data breach. Other decisions have come to contrary conclusions and in any event, insurance carries are amending CGL policies to exclude data breaches and cyberattacks. As a result, a business should not assume that its CGL policy is broad enough to cover claims for damages from a cyberattack. A business should review its CGL policy for exclusions and exceptions and confer with its insurance agents to procure a standalone cyber security insurance policy.
2.- What damages does a cyber security insurance policy cover?
Cyber security insurance generally covers two broad categories of losses: direct losses that affect a business’s balance sheet, and third party liabilities for losses suffered by a business’s customers and clients whose data might have been compromised in a cyberattack. Within each of these categories, cyber security insurance can cover specific loss categories. Direct losses, for example, might include lost income, ransom payments to unlock frozen data and software, and costs of notifying affected parties. Third party liability coverage can include defense costs and attorneys’ fees, and settlements for payments in lawsuits based on errors and omissions claims as they relate to the business’s negligence in protecting confidential customer information.
3.- How much does cyber security insurance cost?
Cyber insurance premiums are a function of the industry in which a business operates and the services that it offers, as well as the type of data and information it retains, its cybersecurity policies and procedures, and its annual gross revenues. Annual premiums for a policy with a coverage limit of $1 million can be as low as $1,000 for a service provider that has annual revenues of $500,000. Financial and healthcare firms with revenues in a range of $25 to $100 million can expect annual premiums in the range of $25,000 to $50,000 or more.
4.- Is cyber security insurance retroactive?
Many cyberattacks go undetected for extended periods of time, and damages from the attack can begin to accrue long before a business makes a claim under its cyber security insurance policy. Retroactive coverage to the commencement date of an attack is available, but a business may have to specifically negotiate for that coverage.
5.- Does every business need cyber security insurance?
Even a minor data breach can be very expensive. The most recent analysis suggests that a breach can cost an average of $141 per lost data record. Thus, even a small or medium size business that loses only 1,000 customer records can face an average cost of $141,000. Moreover, businesses of all sizes face at least a one-in-four chance of experiencing a successful cyberattack. In almost every case, the risk and cost of an attack far exceeds the annual premium for cyber security insurance. That insurance is one way to keep a company in business in an increasingly dangerous interconnected world.
A business’s insurance agents can help it to answer these and other questions when it is comparing similarities and differences in multiple cyber security quotes. No two policies are likely to be the same, but every business can find a cyber security insurance policy that fits its needs and protects it against the ruinous consequences of a cyberattack.