Cyber liability insurance can be a critical weapon in your war against cyber criminals. We often get asked by our clients, “Do I really need cyber liability insurance?” It is often prefaced with the comment ‘I have general business insurance coverage and a really good IT team.’ The short answer is Yes – you do need cyber liability insurance especially if you connect to and perform business on the internet.
If you are on the fence about whether you need coverage, ask yourself the following questions:
- How long could I run my business without a functioning network?
- Can I afford to pay for a cyber incident out of pocket?
Let’s examine those questions in more detail.
How long could I run my business without a functioning network?
Given the nature and complexity of the attack, the time to restore your systems to a fully functioning state; could range from a week to several months. Ransomware attacks are becoming the norm. In a ransomware attack, malicious threat actors release code that encrypts the data, which remains in this state until you either pay the ransom or restore the data from a prior backup. The latter assumes that the backup data is not encrypted as well.
Can I afford to pay for a cyber incident out of pocket?
According to IBM, the average cost of a data breach in 2023 was $4.45 million dollars. While premiums can certainly be high, they are nowhere near the cost noted above.
What do I get with Cyber Liability Coverage?
While cyber coverage doesn’t protect you from reputational damage, it can cover several critical elements, such as:
- Stolen devices
- Hacking and ransomware attacks
- Data corruption and theft
How Do I Keep My Premiums Down?
Premiums can range based on the size and complexity of the organization looking for coverage. Generally speaking, businesses are required to complete the insurance carrier’s extensive questionnaire which can be wide ranging. The questionnaires constantly ask / require organizations to perform the following basic security protocols:
- Annual penetration testing performed by a qualified third party
- Regular vulnerability scans
- Documentation and distribution of a comprehensive information security policy
- Multi-factor authentication for all remote user access
- Annual information technology risk assessments
- Encryption of data at rest and during transmission
Cyber criminals have endless amounts of time and resources, and your business can’t afford to be a step behind. Purchasing cyber liability insurance is critical when it comes to defending your company against the inevitable cyber-attack.
While cyber insurance is critical, so too are the security controls outlined above. That is why they are outlined in the insurance questionnaire. If you haven’t implemented these items and are unsure of how to proceed, please feel free to reach out to FoxPointe Solutions.