In today’s internet-driven world, cyber criminals are always lurking around the corner.
There are three types of businesses when it comes to cyber security:
- those that have been the victim of a cyber attack and know it
- those that have been breached but do not know it
- those that are about to be attacked
Many businesses believe that data breaches only occur to other organizations. They mistakenly think that cyber criminals exclusively target big businesses with vast finances, yet this couldn't be further from the truth.
A survey found that 46% of all breaches impact businesses with fewer than 1,000 employees. Cyber liability insurance, combined with strong security measures, can be essential in this situation.
Continue reading to learn more about cyber insurance including: what it is, how it operates, the cyber events it covers, and its business cost.
What is Cyber Insurance?
Cyber insurance, also known as cyber liability insurance or cyber security insurance, is a form of insurance that protects businesses in the event of cyber-attacks and data breaches.
Your business may be the target of a phishing or ransomware assault, a data breach, or social engineering. Cyber insurance can help restore customer and employee identities, repair damaged networks and machines, and retrieve lost data.
Until recently, cyber insurance was just another add-on for companies to add to their standard business insurance. However, traditional insurance plans provided protection only if a cyber attack led to a breach of physical assets or business interruption.
Today, cyber criminals can cause major damage to a business in different ways. Since a standard business insurance plan cannot cover all of these events, as a business owner, you should consider taking out a cyber liability insurance policy. It will protect your business from financial losses not covered by commercial liability plans or other insurance products.
How does cyber insurance work?
Let's say, for example, you run a small online store that sells LED lights.
Since you're an eCommerce business, you collect customer data, including customer billing addresses and credit card numbers. Your company gets hit by ransomware, in which cyber criminals steal data from 1,500 customer accounts and completely blocked your online services and website.
They threaten to sell the financial details of your customers unless you pay a hefty ransom. You are worried about how you can maintain your company’s reputation and minimize the financial losses.
In this scenario, not only is your company held hostage by ransomware, but you are also losing customer trust. It is important you restore the stolen data and get your website up and running, but restoring everything will cost you money. This is where a cyber security insurance policy can help.
Cyber liability insurance works the same way as most other types of insurance. You start by assessing your financial risks and then take out coverage appropriate for you and pay premiums monthly, quarterly, or annually. If a covered event occurs, the insurer pays the promised benefits.
What Does Cyber Insurance Cover?
Today, almost every company, regardless of its size or business niche, faces cyber risk. The most notable cyber risks include:
- privacy risk
- service risk
- operational risk, and
- security risk
Typically, cyber security insurance plans protect businesses from these risks through three clear-cut insurance agreements. These are:
- network security and privacy liability
- errors and omissions
- network business interruption.
Network security and privacy liability can give you access to both first-party and third-party insurance.
First-party cyber security insurance safeguards your business' assets. If you suffer a monetary loss as a result of a cyber crime or lose data, intellectual property, clients, or software, insurance covers both direct and indirect costs. Depending on your policy, it can also include the price of informing your customers of the security breach.
Third-party cyber insurance protects the assets of your customers, business partners, and others. For instance, hackers may steal your customers’ financial data, block their bank accounts, or make changes to their websites and social media profiles. In this scenario, your policy will pay you for any legal costs and payouts you are legally liable to pay, up to your policy limits.
Depending on your business, you may opt for both first-party and third-party cyber security insurance or only one of them. Typically, if your company does not collect a lot of customers’ personal data, you may not need third-party insurance.
Now, let us look at each of the three distinct parts of cyber insurance in greater detail.
Network security and liability
Network security protects your business’s assets in the event of a data breach, ransomware, malware infection, business email compromise, cyber extortion demand, and more. Your policy will list all the network security failures covered by it.
Privacy liability, in contrast, protects your company from any liabilities that arise due to a cyber security breach.
Errors and omissions (E&O) insurance
This aspect of cyber insurance protects you if a customer sues you for mistakes or omissions in your services due to a covered cyber event.
Let's say five of your customers decide to take legal action against you because you could not meet all contractual obligations following a cyber breach. In this scenario, E&O coverage will pay for indemnification or legal costs resulting from a legal dispute with your customers.
Network Business Interruption
This type of cyber insurance helps you recover loss of income and expenses that you incur if your network goes down because of a cyber event.
What Does Cyber Insurance Not Cover?
Like most insurance products, cyber insurance comes with some exclusions. The exact exclusions vary by policy, but usually the following things are not covered:
- Potential future lost earnings
Cyber security insurance covers loss of income if your business experiences downtime due to a covered event. However, the coverage does not include future lost earnings.
Let us say your online business was disrupted for two days in April because of a cyber attack, which resulted in a loss of income of $10,000. Depending on your policy limits, you will be able to recover all or part of this lost income. However, if at the end of the year, your company's annual revenue misses its projected target by $35,000 due to the April’s cyber attack. The insurer will not pay for this "missed revenue" loss.
- Indirect and hidden costs related to intellectual property theft
Intellectual property (IP) theft may result in significant long-term losses for a business. Examples of long-term losses include loss of a competitive edge, devaluation of your brand’s name, slower business growth, and loss of customer trust. Your cyber insurance policy, however, will not pay for these indirect and hidden costs associated with an IP theft.
- Betterment costs
After a data breach, you may decide to upgrade your business’s network security to prevent future attacks. While this is a step in the right direction, your insurer will not cover these expenses.
Cyber insurance typically covers the cost to repair your current systems, investigate the cyber attack, and notify your customers about the breach. It may also help cover legal fees. But it will not pay for any technology upgrades to minimize your future risk of cyber security attacks.
Who Needs Cyber Liability Insurance?
Your business can benefit from cyber insurance if:
- it stores confidential data on its network or in a cloud
- it provides hardware or software services
- it stores customers’ data, like credit card information, on its computers
- it uses point-of-sales systems
If you fit any of these descriptions, consider getting cyber liability protection. This is true whether your company is online, offline, or a hybrid business.
Also, keep in mind small companies need protection against cyber attacks and breaches just as much as large corporations, if not more.
How much does Cyber Insurance cost?
Cyber insurance needs are not one-size-fits-all. How much it costs epends largely on:
- how much financial assistance you will likely receive in the event of a cyber attack
- your annual turnover
- your business size
- your industry
Cyber insurance policies for small businesses usually cost $550 per year and up. For large enterprises, you can easily pay over $1 million per year or more.
Before you take out a policy, speak to an independent cyber security broker who can help you correctly assess your insurance needs. This is important because, when it comes to cyber insurance, buying too little coverage is not a wise financial decision.
Cyber insurance provides financial assistance to businesses in the event of a cyber incident, including data breaches, ransomware extortion payments, system hacking, and denial of service attacks.
Without cyber insurance, even a small cyber incident can disrupt your business in several ways. A major attack, in turn, can have significant financial consequences or even put you out of business.
Today, almost every business, regardless of size, needs cyber insurance. The right coverage can provide comfort in the knowledge that your business will be adequately covered if it ever comes under a cyber attack. At Dundas Life, we can help you assess your insurance needs and secure the right policy at the lowest-possible price.
Frequently Asked Questions
Do small businesses need cyber liability insurance?
Small businesses need cyber insurance to the same degree as big companies.
Cyber criminals do not discriminate between large and small corporations. With big companies becoming harder to target and the cost of replicating a piece of malware software being low, small businesses may get attacked more in the future.
According to one study, roughly 65,000 cyber attacks are attempted on small businesses every day. The right cyber insurance policy can protect your business — and your customers — in the event of a cyber attack.
Does cyber insurance provide protection against ransomware?
Ransomware is a type of cyber attack in which malware blocks a victim’s data, generally by encrypting it. Cyber criminals then demand a payoff to provide the victim access to their data.
Since the number of ransomware attacks is growing, many cyber insurance policies include ransomware protection. Others may provide it as a paid add-on.
Check with your provider to find out whether this protection is included in the base policy or needs to be purchased additionally. Also, do not forget to ask if your policy will cover the total costs of a ransomware attack or a part of it.
Does my business need cyber insurance?
Does your business store crucial data like credit card numbers, billing addresses, or phone numbers?
Does a good part of your business come from online customers?
Will your business face potential regulatory fines in the event of a data breach?
If you said yes to any of these questions, you probably need cyber insurance, regardless of size.
As a small business owner operating on slim margins, you may regard cyber insurance as more of a luxury than a necessity. But that is not the case since studies show that the impact of a breach can be even more devastating for small businesses.
For example, for small companies having 250 or fewer employees, the average cyber attack cost is roughly $25,600. Can you afford to spend so much per attack? If so, consider getting cyber insurance coverage today.