Falling victim to a cyberattack isn’t an experience anyone wants to deal with. However, cyberattacks are always a potential threat and cause devastating consequences. Just in the first half of 2020, 36 billion records were exposed in data breaches. The effects of those breaches will be felt for quite some time.
To help mitigate the devastating losses that arise from cyberattacks, cybersecurity insurance policies have started to emerge.
At first, cybersecurity insurance policies might seem like a luxury you can ignore as long as you have a strong cybersecurity posture. However, even the strongest cybersecurity posture in the world won’t stop determined insider threats. Insider threats can easily bypass the strongest security measures and cost your organization heavily in fines and lawsuits.
If this subject is new to you, you’re not alone. Here are some practical tips to get a handle on cybersecurity insurance for your organization.
1. Get cybersecurity insurance quickly. The sooner you get cybersecurity insurance, the better. You’ll probably end up getting hacked before you get vandalized or a customer becomes injured on your property.
Get a policy that covers your risks in the following areas:
- Errors and omissions (events that prevent you from fulfilling your contractual obligations)
- Network interruptions (downtime that interrupts business)
- Media liability (lawsuits alleging copyright infringement, libel, slander, etc.)
- Network security and privacy
A strong policy will cover you in case of a network security failure like a data breach, a ransomware attack, a malware infection, or a compromised email account.
In addition to covering your direct expenses (like legal fees, data restoration, PR, and credit monitoring), try to find a policy that covers third-party costs to protect your clients or customers from identity theft.
2. Realize that businesses need cybersecurity insurance like humans need water. There are multiple types of insurance policies you can get to protect your business. While some are optional, some are required. Your budget should include obtaining the required insurance policies according to state and local laws. However, when it comes to optional business insurance policies, cybersecurity insurance should take precedence.
3. Don’t rely on your insurance paying ransoms. When you get a cybersecurity policy, you might notice a clause that indicates your insurance policy will pay a ransom up to a certain dollar amount should you fall victim to a ransomware attack. Don’t rely on this clause to get your data back.
Always keep current offline backup copies of your files and databases so you never have to worry about paying a ransom to unlock your files. If you cash out on this part of your policy, you can guarantee your premiums will go up for a couple of reasons. First, that’s how insurance works. And second, ransom demands will rise once cyber criminals realize they can make more money.
Experts are advising cybersecurity insurance companies to stop paying ransoms because it encourages future incidents. It’s like paying a pirate – once they get paid, they’ll keep attacking.
4. Compare rates. Since cybersecurity insurance is relatively new, there’s plenty of competition out there. Compare rates between as many sources as possible. You’ll find companies offer different policies that vary widely. For example, some companies:
- Charge more for the same coverage as their competitors
- Cover more and charge more (naturally)
- Cover less and charge more
- Limit the types of damages they’ll cover
- Only cover certain industries
- Eliminate coverage for certain types of attacks
- Won’t pay out if the attack was caused by human error from inside the company
Not having cybersecurity insurance creates exponential risk
Cybersecurity insurance is critical; one incident can destroy your entire organization. For example, in 2016, a group of hackers destroyed the FlexMagic consulting company from Colorado after gaining access to an administrator’s login credentials.
FlexMagic had been in business since 1987 and maintained an A+ rating with the Better Business Bureau (BBB) since joining in 2006. Still, hackers brought the company to its knees by opening fraudulent credit accounts in the millions. The hacker was convicted and sentenced to 70 months, but that conviction had zero ability to save the company. The damage was already done.
If you ignore this reality, it can only take one incident for you to realize your mistake. Don’t let it get to that point. Get cybersecurity insurance as quickly as possible and preserve everything you’ve worked hard to create.