Cyber Insurance vs Cyber Threats

Avatar photo
Jared Sholley

Cyber insurance is no substitute for prevention, but it should still be treated as a preventative step, often a step (or several steps) behind zero-day threats.

team of two women and 3 men looking at computer for cyber insurance

What Does Cyber Insurance Cover?

After a ransomware outbreak, it’s common to think, “insurance will cover this, right?” Well, that really depends on your policy. Most general liability insurance can be purchased with an additional rider or endorsement that covers cyber threats. However, most general liability plans do not cover losses due to cyber threats (malware, ransomware, breaches, destruction of data, etc.). Implementing cybersecurity protections that complement cyber insurance is important.

What Losses Can Happen?

  • When a client on a lower management tier (which does not include a virus-fix guarantee) needs us to clean up and restore their data (assuming they have backups), this is often tens of thousands of dollars in labor. An incident response can include our whole team pulling all-nighters for several days.
  • If a client loses data to a breach, all the expenses of a breach notification to all affected victims falls on the clients’ shoulders.
  • Some of the breach victims will sue the client for privacy violations.
  • Forensics work to determine the vector of attack and attempt to prosecute can be over $100,000.
  • If the client does not have backups of critical systems and must pay the ransom, then they have to fork over tens of thousands of dollars in ransom.
  • Systems can be down for days or weeks, causing loss of productivity for all staff and zero cash flow.
  • Oftentimes, a hacker steals intellectual property or cash (via wire transfer), which can’t be recovered.
  • The client suffers from bad press and a hit to their reputation.

None of this is covered by your normal business general liability insurance.

To mitigate some of these risks, a cyber insurance plan or cyber rider is needed. A breach protection/data compromise policy will work, too. How many of these potential losses can be mitigated varies depending on your cyber policy. For instance, the policy may not compensate for lost productivity or for time spent recreating intellectual property.

Again, keep in mind that these policies are evolving with the threats and business risks. Some policies may cover breach notification, fines, and forensics, but none of the clean-up and data restoration involved. So, discuss the policy you are looking at with a qualified rep.

What Can Be Covered?

There is no standard for underwriting these policies, but these are common reimbursable expenses:

  • Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage, and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.
  • Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons). It may also cover monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
  • Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
  • Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements, and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.

Have questions? Need help with cyber insurance? Contact us now!

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Resilience – Airiam Cybersecurity Webinar

Topics From patches to passwords, vulnerabilities to who is vulnerable, listen in to Jason Rebholz (Corvus Insurance), Conor Quinlan (Airiam), and Art Ocain (Airiam) talk about how companies can best protect themselves. October is Cybersecurity Awarene
Avatar photo
Bill Bowman
>>Read More

Podcast: 2023 Resolutions for Resilience

 Episode Summary People often make resolutions and set goals for the new year. In our first episode of 2023, we sat down with 13 IT and cybersecurity experts from Airiam, Secureworks, and Corvus Insurance. We wanted to know what their resolutions are
Avatar photo
Bill Bowman
>>Read More

Microsoft Office 365 – Outlook Web Access

Start using Outlook Web App for email and calendars Office 365 includes Outlook Web App so you can get to your email whenever you are online, even if you are away from your desk or using your mobile phone or tablet. To get to Outlook Web App, sign in t
Jess Watters
Jessica Watters
>>Read More