Cyber Insurance FAQs
What is Cyber Risk?
All business regardless of their size or the industry they operate in rely on complex technology. That technology is vulnerable to a wide range of attacks, and when systems are compromised firms are forced to operate abnormally. Whatever financial consequences result from this abnormality are known as cyber risk.
An example helps to illustrate the issue. Imagine that your firm was hit by a ransomware attack and denied access to important or sensitive information. The firm must either pay the ransom or accept the consequences of operating without essential data. In either case, the firm is negatively affected, and both cases represent forms of cyber risk.
Cyber risk is currently greater than ever as hackers become more sophisticated and more tenacious. Estimates suggest that cybercrime will cost global industries $6 trillion annually by 2021. In 2017 alone the cost of just ransomware attacks topped $5 billion internationally. Perhaps most alarmingly, 43 percent of attacks are targeted at small business, and 60 percent of those businesses close within six months of the attack. Cyber risk is real, likely, and highly disruptive.
What data is covered?
Cyber insurance is available to cover almost every type of data. What is important to realize, however, is that individual policies do not necessarily protect all the data your company relies on.
Again, understanding what you need to protect and what kinds of coverage you are getting is the only way to eliminate coverage gaps and cracks in your policy.
What if an event occurs that might be covered by Cyber Insurance?
The insurance provider should be notified as quickly as possible in the wake of an event. Reporting events sooner has many benefits, and there is no incentive to wait. Firms should make contact even if they are unsure that an event is covered by a cyber insurance policy.
Acting quickly is important because cyber insurance provides resources that are most valuable immediately after an event. Insurers often have relationships with security firms, specialist legal teams, and other professionals who help recover from a breach.
Ideally, your firm has relationships with these vendors in advance to help expedite the recovery effort. It may also be possible to work with vendors of your own choosing, but you must get this approved by your insurer.
What is the claims process like?
The claims process is largely a cooperative effort between your company’s legal team and the insurance provider. There may be some temptation to avoid contact with the insurer following a breach out of fear that the policy will be ruled invalid. This is always a mistake because cyber insurance companies provide expertise and resources that help mitigate the damage.
Once the recovery process is underway both parties work to determine the cause of the breach and devise defence strategies for the future. Insurers may make future coverage contingent on your company putting new protections in place, but generally, the insurer can’t mandate your company to invest specific amounts in specific protections.
Will my premium rise after I make a claim?
As with most types of insurance, premiums are likely to rise after making a claim. The amount your premium rises depends on market conditions and the specific terms of the policy. The benefit of the coverage outweighs the increase in the premium, and firms can avoid that worst instances by prioritizing cybersecurity generally.
A cyber insurance policy is an important piece of the puzzle, but comprehensive protections are the only way to insulate a firm from the worst of todays and tomorrows threats.