But cybersecurity isn’t the responsibility of the government alone. It’s also the responsibility of large corporations, small businesses and individual consumers, all of who are vulnerable to malicious attacks by internet criminals.
Reflecting on his experience teaching the next generation of IT leaders, Sebastian Goodwin, the chief security officer at hybrid multicloud software company Nutanix, said the complexity of the technologies that businesses and organizations use has increased exponentially in recent years.
“Security teams have to not only understand a multitude of technologies that operate across disparate substrates and platforms but also understand how those technologies can be exploited and how to protect them,” he said. “With unique vulnerabilities in each platform, it’s a constant challenge to prioritize and mitigate risk.”
What Does Cyber Insurance Cover?
The short answer: It depends. However, coverage generally is divided into first-party (i.e., yourself and your business) and third-party (i.e., your customers or others who might be affected) coverage.
Among other things, policies might pay the cost of:
- Cybersecurity professionals who can investigate the crime;
- Losses from business interruptions;
- Customer communications;
- Data recovery;
- Media liability;
- Infringement of intellectual property;
- Legal fees;
- Government fines; and
- Customer settlements.
Insurance companies may offer various cyber insurance packages catering to companies of different sizes and risk exposures. These can be standalone options or added to existing policies. For example, a data breach is the most concerning cyberattack for an individual or small business, so small businesses might invest only in data breach coverage. Meanwhile, a larger enterprise may opt for an extensive cyber liability insurance policy that’s more comprehensive.
Because cyber coverage is not cut and dry, cybersecurity expert JohnE Upgrade – a pseudonym that he uses to protect his identity from hackers – suggests that businesses chat with an unbiased third party before investing in cyber insurance coverage.
“Have an assessment of your defensive abilities done by a cybersecurity company that doesn’t provide insurance,” he said. “This way, you can examine the policy and see exactly what isn’t going to be covered.”
But is Cyber Insurance Enough?
Cybersecurity insurance can help your company recover from a cyberattack, but it won’t prevent one from happening in the first place. And if the worst does happen, it can’t protect your company’s reputation; trust in your brand will almost certainly erode.
For those and other reasons, cyber insurance shouldn’t replace good cyber hygiene; instead, it should complement it.