Cyber Insurance vs Cyber Threats

Avatar photo
Jared Sholley

Cyber insurance is no substitute for prevention, but it should still be treated as a preventative step, often a step (or several steps) behind zero-day threats.

team of two women and 3 men looking at computer for cyber insurance

What Does Cyber Insurance Cover?

After a ransomware outbreak, it’s common to think, “insurance will cover this, right?” Well, that really depends on your policy. Most general liability insurance can be purchased with an additional rider or endorsement that covers cyber threats. However, most general liability plans do not cover losses due to cyber threats (malware, ransomware, breaches, destruction of data, etc.). Implementing cybersecurity protections that complement cyber insurance is important.

What Losses Can Happen?

  • When a client on a lower management tier (which does not include a virus-fix guarantee) needs us to clean up and restore their data (assuming they have backups), this is often tens of thousands of dollars in labor. An incident response can include our whole team pulling all-nighters for several days.
  • If a client loses data to a breach, all the expenses of a breach notification to all affected victims falls on the clients’ shoulders.
  • Some of the breach victims will sue the client for privacy violations.
  • Forensics work to determine the vector of attack and attempt to prosecute can be over $100,000.
  • If the client does not have backups of critical systems and must pay the ransom, then they have to fork over tens of thousands of dollars in ransom.
  • Systems can be down for days or weeks, causing loss of productivity for all staff and zero cash flow.
  • Oftentimes, a hacker steals intellectual property or cash (via wire transfer), which can’t be recovered.
  • The client suffers from bad press and a hit to their reputation.

None of this is covered by your normal business general liability insurance.

To mitigate some of these risks, a cyber insurance plan or cyber rider is needed. A breach protection/data compromise policy will work, too. How many of these potential losses can be mitigated varies depending on your cyber policy. For instance, the policy may not compensate for lost productivity or for time spent recreating intellectual property.

Again, keep in mind that these policies are evolving with the threats and business risks. Some policies may cover breach notification, fines, and forensics, but none of the clean-up and data restoration involved. So, discuss the policy you are looking at with a qualified rep.

What Can Be Covered?

There is no standard for underwriting these policies, but these are common reimbursable expenses:

  • Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage, and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.
  • Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons). It may also cover monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
  • Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
  • Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements, and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.

Have questions? Need help with cyber insurance? Contact us now!

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Airiam Acquires Vantage Point Solutions Group, Expanding its Footprint in SME Cybersecurity and IT Management

Airiam Acquires Vantage Point Solutions Group Airiam, a managed IT and Digital Transformation company with a strong focus on cybersecurity, today announced its acquisition of Vantage Point Solutions Group, a leading provider of managed IT services (MSP
Vivian Lee
>>Read More

Why Data Backups Are Important (And How to Do Them Right)

Most businesses know data backups are important, but they still treat them as an afterthought. However, backups aren’t just important—they’re essential.  Losing your system data isn’t just an annoyance or a setback. It could break your business overnig
Jesse Sumrak
>>Read More

Strong Passwords Are Strong Defense Against Cybercrime

You may have seen the game show Password, where one partner gives clues and the other guesses the secret word. With the right hints, it’s easy for the guesser to get the password right. The same holds for cybercriminals trying to hack into your network
Avatar photo
Ryan Palermo
>>Read More