Should I look into cyber insurance?
Among those firms who take risk management seriously, there is a growing awareness of the need to consider some manner of insurance to protect against the costs of cybercrime. Standard commercial property insurance policies do not generally include provisions for the damages from cybercrime. Cybercrime can be thought to include any digital or internet-based attack that compromises you and/or your customers’ data and/or causes disruption to business operations. A non-inclusive list might include Denial of Service (DoS) attacks, phishing scams, adware, ransomware attacks, system/website cloning, viruses, and other malware, and viruses. So what is it that so worries business leaders? In a growing number of commercial policies, cyber events are specifically excluded. The consequences can be serious. Fines and penalties, loss of customer confidence, and liability lawsuits can shut a business down for good, especially smaller businesses that lack the deep pockets to hold out until the worst of the storm passes. Cybercrime creates a large range of potential first- and third-party losses that few businesses can hope to absorb on their own. As a result, executives who recognize the catastrophic damage that a cyberattack can inflict on their business are looking at cyber insurance to transfer the financial losses to a third party.
Because of the severe consequences of cybercrime, businesses are now exploring cyber insurance policies in hopes of protecting themselves against financial ruin. However, these policies represent a bit of a minefield as this is a relatively new and unsettled area of insurance. Insurance firms trying to write policies face a lot of unknowns at this point, which means coverage may differ dramatically between insurers and there may be many areas where you remain exposed to considerable risk. Just two examples to get you thinking. Some policies may create requirements and security standards you must meet before an event will be considered a covered loss.
- How would you handle those requirements internally to keep your company in compliance? And what about ransomware?
- If you had to pay the ransom, would the policy cover that payout?
There are a lot of weeds to get into when looking for a cyber insurance policy and it is important you recognize the complexity of the issues. Cyber insurance has a lot of moving parts. In the meantime, cyber insurance doesn’t absolve you of the ongoing need to be vigilant about network and data security. Contact a managed service provider to learn more about what you can do to keep your business safe.