What Is Cyber Insurance?
Cyber insurance is an increasingly popular type of business insurance. Companies take it out to protect themselves from financial losses and damages relating to cybercrimes, data breaches, and other related incidents. Around 64% of companies now hold some type of cyber insurance coverage.
While the primary reason to take out cyber insurance is for coverage against financial losses, companies offering such insurance often offer value-added services such as assistance in recovering from a cyber incident, reputation management and legal assistance.
Cyber Liability Insurance vs Cyber Risk Insurance
Cyber liability insurance and cyber risk insurance are two terms that can be synonymous and are often sold as part of the same package. However, strictly speaking, there is a distinction.
Slightly more specific than cyber risk, cyber liability insurance is intended to cover financial costs that arise as the result of a cyber incident. This includes claims by third parties, and often also covers public relations costs required to restore the company’s reputation.
Generally speaking, cyber risk insurance casts a wider safety net over business infrastructures. Depending on the details of the specific policy, it could underwrite anything from recovering from a data breach to compensating for lost income while systems are out of operation.
There’s a nuance in terms of how different insurance companies name and describe their policies, and in relation to exactly what cover they provide. Data breach insurance is another widely used term that crosses over with cyber insurance.
How Does Cyber Insurance Work?
Cyber insurance typically works as follows:
- The insurer audits the company applying for insurance to ascertain whether they represent a safe underwriting investment, looking at their ability to prevent cybercrime through infrastructure and fraud detection software.
- Companies pay a premium (usually an annual one) for a defined amount of cyber insurance cover.
- Exactly what is covered depends on the policy details. This applies to the types of risks covered, the level of financial protection, and any supplementary services provided. For example, some policies may offer features such as reputation management, cover for legal costs, or even cyber awareness training for employees.
- In the event of a cyber incident, the company contacts its insurance company to lodge a claim. The insurance company provides the agreed-upon services to assist with recovery from the incident.
- The insurance company then processes any financial claim and pays out the agreed or negotiated sum if the claim is successful.
Cyber insurance can be purchased direct from insurance companies, or via insurance brokers. Often policies include an agreed excess figure, which must be paid by the customer in the event of a claim, or subtracted from any pay-out.
What Does Cyber Insurance Cover?
Exactly what is covered by a specific cyber insurance policy is dependent on the policy wording and any additional add-ons agreed between the company and the customer.
Items typically covered by a cyber insurance policy can include:
- reimbursement of sums paid out in the event of a ransomware attack
- loss of income cover if a cyber-attack interrupts usual business operations
- liability cover, should any third-party sue the business as a result of a cyber incident
- cover for damage to digital assets and theft of intellectual property
- post-incident support – providing access to specialists to aid recovery from a cyber incident
- cover for the costs of dealing with data breaches
- cover for incidents caused by human error
- support with any related legal costs
Cybercrime and its consequences for a business are complex, as is the insurance underwriting process. There may be many other factors relating to specific crimes, companies, or insurers.
Examples of Cyber Insurance Claims
Let’s take a look at two examples of typical claims that a business might make on a cyber insurance policy.
With every employee receiving an average of 14 malicious emails per year, phishing and spear-phishing incidents are a very common problem for businesses of all sizes. Such incidents could well give rise to a cyber insurance claim.
A staff member could unwittingly provide data to a fraudster that gives them access to an internal finance system. The fraudster could then arrange money transfers out of the business bank account.
In the event of a successful claim, the insurance company could pay out for the financial loss.
Ransomware incidents are common and can result in companies being locked out of their internal data. Fraudsters may also threaten to cause a wider security breach by leaking sensitive customer information.
A company is meant to contact its insurer as soon as it detects a ransomware attack. The insurer could help in various ways, such as:
- providing expert assistance to attempt to regain access to data
- providing reputation management services if customer data is leaked
- compensating for financial loss if it becomes necessary to pay the demanded ransom
Individual insurance policies will likely have particular methods or channels for reporting such attacks. Security teams should keep these protocols in mind in order to make sure their claims get respected.
Pros and Cons of Cyber Insurance
With the majority of companies now choosing to take out cyber insurance, it’s clearly seen as a wise step. The decision to integrate an insurer into company policies is a complicated one, however. Let’s compare some of the pros and cons of retaining cyber insurance.
|Cyber Insurance Pros
|• Holding cyber insurance can provide peace of mind.
• Cyber insurance should compensate businesses who suffer extreme financial losses.
• Add-on services can assist when an incident occurs, potentially providing the kind of expertise that’s not available in-house.
• Cyber insurance often includes cyber awareness training that can help to educate employees on related risks.
|Cyber Insurance Cons
|• Cyber insurance policies are an extra expense for businesses.
• Exclusions can reduce the likelihood of successful claims.
• Having a cyber insurance policy in place can result in complacency around cyber risks due to the somewhat false sense of security that it may bring.
Our fraud detection tool helps improve the customer experience, minimize the need for manual review, and boost your growth and revenue.
Read the Case Study
Does Cyber Insurance Protect You from Fraud?
It’s crucial to realize that cyber insurance, in itself, doesn’t protect from fraud. It simply reduces the risk of financial losses when online fraud events do occur and potentially provides some extra support when dealing with these incidents.
Every cyber insurance policy typically comes with a list of things that are not included, such as:
- intellectual property theft (often covered under a different policy)
- property damage
- incidents involving dishonesty by employees
- loss of future profits
Perhaps most importantly, a cyber insurance policy doesn’t cover the costs of maintaining a technical infrastructure that protects against fraud and cybercrime.
Companies still need to invest in software solutions that mitigate the risks of incidents occurring in the first place, indeed having a fraud prevention solution in place is part of many insurers’ requirements to be underwritten. For example, these can be risk management software or fraud prevention solutions.
Contact Us for a Demo
Feel free to reach out to us for a demo!