The reason companies need dedicated insurance for cyberattacks is simple: Most insurers won’t cover cyber incidents as part of your general liability policy, which covers bodily injuries and property damage. Meanwhile, many cloud service providers structure contracts to limit their own liability, putting the burden of attack mostly or entirely on partners and users. So, special and dedicated protection is needed.
What Does Cyber Insurance Cover?
The short answer: It depends. However, coverage generally is divided into first-party (i.e., yourself and your business) and third-party (i.e., your customers or others who might be affected) coverage.
Among other things, policies might pay the cost of:
- Cybersecurity professionals who can investigate the crime;
- Losses from business interruptions;
- Customer communications;
- Data recovery;
- Media liability;
- Infringement of intellectual property;
- Legal fees;
- Government fines; and
- Customer settlements.
Insurance companies may offer various cyber insurance packages catering to companies of different sizes and risk exposures. These can be standalone options or added to existing policies. For example, a data breach is the most concerning cyberattack for an individual or small business, so small businesses might invest only in data breach coverage. Meanwhile, a larger enterprise may opt for an extensive cyber liability insurance policy that’s more comprehensive.
Because cyber coverage is not cut and dry, cybersecurity expert JohnE Upgrade – a pseudonym that he uses to protect his identity from hackers – suggests that businesses chat with an unbiased third party before investing in cyber insurance coverage.
“Have an assessment of your defensive abilities done by a cybersecurity company that doesn’t provide insurance,” he said. “This way, you can examine the policy and see exactly what isn’t going to be covered.”
But is Cyber Insurance Enough?
Cybersecurity insurance can help your company recover from a cyberattack, but it won’t prevent one from happening in the first place. And if the worst does happen, it can’t protect your company’s reputation; trust in your brand will almost certainly erode.
For those and other reasons, cyber insurance shouldn’t replace good cyber hygiene; rather, it should serve as a complement to it.
At its best, that’s how all insurance functions. For example, consider the origin of fire insurance.
“Ben Franklin started a civic proposition about controlling fires because the creation of electricity led to more fires,” said Tim Andrews, vice president at cybersecurity solutions provider Booz Allen Hamilton.
“Insurance companies have an obvious interest; they have to pay if things go poorly, so they instituted building codes to ensure businesses and homeowners are taking proper precautions. Cybersecurity insurance is similar – you’ve got to show you have reasonable processes in place.”