By: Ryan McLaughlin, CPCU | Account Executive
When mitigating the damage of a cyber-attack, a timely response is paramount. To have an experienced insurance carrier as part of your support network goes a long way toward quickly mitigating loss.
How Insurers Measure Your Cyber Risk
Insurance companies start with revenue when measuring the cyber risk of a company. Revenue is a big driver of your final premium. Additionally, the amount of personal data stored on company devices must be considered, as it directly impacts the scope of a data breach. Additionally, carriers want to see certain controls in place such as anti-virus software, firewalls, encryption, and third-party agreements.
Cyber Coverage Is Not Just for Tech Companies
A major misconception about cyber insurance is that it’s something only tech companies need. The idea that cyber insurance only benefits companies that store large amounts of third-party data is false. The reality is, regardless of size, every company has a cyber exposure.
There are three main categories addressed with cyber insurance:
- Standard Security Breach – A breach involving the theft of personal information.
- Cyber Extortion – An attack where a hacker disables your computer system or steals your data and requires a ransom.
- Cyber-crime – The theft of money or securities which can take the form of computer or funds transfer fraud, where a breach allows a hacker to force the transfer of money. Additionally, a social engineering loss is when hackers trick unsuspecting employees into sending money to the wrong recipient.
A cyber-attack can take many forms. For example, while a manufacturing company may not store large amounts of personal information, their machinery is dependent on a functioning network. An event that shuts down production would be devastating to this company and would not be covered by your standard property insurance or equipment breakdown policy.
You Can Still Get Covered Even If You’ve Been Breached
You are not in trouble for suffering a breach in the past. In fact, submitting a claim does not mean your rates will go up. Claims that get closed for little or no money will show that the proper controls are in place and that you are on top of any irregularities.
For those who have been breached, insurance providers want to make sure that you’ve addressed any shortcomings that allowed the attack to occur. New security measures will need to be implemented, including two-step verification when a money transfer is requested. Additionally, you’ll need to establish better internal controls to identify an attack quickly and encourage communication from employees to IT.
Get Insured While It’s Still Affordable
Cyber insurance premiums are low right now, but attacks are increasing dramatically.
Small businesses are usually quoted within 24 hours with minimal questions. A $1M limit is likely to be in the $2k -$5k range. Larger companies and technology-focused companies have more risk, which leads to higher premiums.
Overall, cyber insurance is still very affordable given the potential exposure in the event of a claim.
Examples of Cyber Insurance Application Questions
- What is the total number of customer, client, employee, or vendor PII stored by you or a third party, either electronically or in a physical form?
- In the past 3 years, have you sustained any unscheduled network outages, intrusion, corruption, or loss of data?
What mission critical suppliers do you depend on to conduct your business activities?