Dealing with a data breach is starting to become standard practice for businesses. The attitude seems to be that either you’ve been breached or you just don’t know you’ve been breached yet. Cybercriminals are active and innovative. How to mitigate the risk of data breaches and potential breaches is a hot topic, and many businesses are looking to cyber insurance for the answer.
What is cyber insurance?
As the cost of data breaches increases, transferring the risk through an insurance policy is an attractive option. Cyber insurance policies protect companies against a number of legal issues and costs including those related to:
- Incident management
- Investigation
- Remediation
- Data subject notifications
- Call management
- Credit checking for data subjects
- Legal costs
- Court attendance
- Regulatory fines
Why buy cyber insurance?
If the list of potential related costs isn’t daunting enough, there are other reasons your company might consider purchasing cyber insurance.
- Data is one of your most important assets yet not included in standard property policies
- System downtime disrupts your core business and costs your company money
- Cyber crime is the fastest growing crime in the world
- You can be held liable for losing third-party data
- Your reputation is on the line in a data breach
- Mobile devices increase the risk for data breach
Tips for buying cyber insurance
Buying cyber insurance does not mean that your company should stop investing in data protection efforts. Understanding the scope of the policy you need to purchase will help keep cost down for this additional piece of security.
Cyber insurance categories
There are basically two types of cyber insurance that companies can purchase; first-party and third-party. First party covers loss of the company’s own data and protects you in case you are unable to run your business. Third-party cyber insurance covers loss of client or government data and covers lawsuits and claims resulting from the loss of their data. Depending on how much third-party data you collect and store, your company may or may not need both categories of insurance.
Unencrypted devices
If a lot of work is done on personal devices outside of the office, if information is stored unencrypted, making sure your policy covers the information accessed on those machines is important. Many policies will have language that specifically does not include data lost on unencrypted devices. Make sure you understand your needs and that your policy covers all of them.
Data restoration costs
Consider if you want to include the cost of data restoration in your policy. If your company uses a lot of data to conduct business, the restoration of that data to get you back up and running could be extensive but can be included in many policies.
When it comes to purchasing a cyber insurance policy, it’s important to understand all your risks and decide if they need to be covered in your policy or not. There are a lot of options. Make sure you get what you need to protect yourself against cybercrime.
Do you currently carry a cyber insurance policy? Which coverage would you recommend not be skimped on?
Leave a Reply