Cybersecurity Insurance Explained

Cybersecurity insurance is a relatively new concept for many small and medium-sized businesses (SMBs). It was initially introduced in the 1990s to provide coverage for large enterprises, covering issues such as data processing errors and online media.In recent years, however, the scope of coverage has expanded to include the costs associated with a data breach – which can be extensive. Cybersecurity insurance now covers things like:

  • Remediation of malware infections and compromised accounts
  • Recovery of compromised data
  • Repair of computer systems and network infrastructure
  • Notifying customers about a data breach
  • Provisioning personal identity monitoring
  • IT forensics and breach investigation
  • Legal expenses
  • Ransomware payments.

Obviously, data breaches are becoming more frequent and costly. In 2021, a record number of data breaches occurred, and in the first quarter of 2022, the number of breaches increased by 14% compared to the prior year.Small businesses are particularly vulnerable, with approximately 60% of such businesses closing within 6 months of a cyber incident. The growing threat of cyber attacks and the rising costs of breaches have led to changes in the cybersecurity insurance industry.It is important for businesses to understand the different types of cybersecurity insurance policies available and to choose the option that best fits their needs and budget.

  • Standalone policies are dedicated cybersecurity insurance policies that provide coverage specifically for cyber risks.
  • Endorsements to existing liability policies are additions to an existing policy that provide coverage for cyber risks.
  • Package policies combine multiple types of coverage, including cyber risk coverage, into a single policy.

Standalone policies may be the best choice for businesses with a high level of cyber risk, while endorsements or package policies may be more appropriate for businesses with lower levels of risk.  Furthermore, here are some key trends to be aware of as you review your options:

Increasing demand for cybersecurity insurance

As the cost of a data breach increases, so does the demand for cybersecurity insurance. The global average cost of a data breach currently sits at $4.35 million. In the U.S., it’s more than double that, at $9.44 million. Companies of all types are recognizing that this type of insurance is as important as their business liability insurance. With demand on the rise, there is likely to be more availability of cybersecurity insurance policies, as well as more policy options that meet the needs of small and medium sized companies.

Rising premiums

Cyber insurance premiums have increased significantly in response to the rising number of cyber attacks and the resulting payouts. In 2021, premiums rose by 74%. Insurance companies are seeking to cover the costs of lawsuits, ransomware payouts, and other remediation measures.

Coverage exclusions

Some insurance carriers are excluding certain types of coverage from their policies. For example, coverage for “nation-state” attacks (those launched by a government) may no longer be available. In 2021, 21% of nation-state attacks targeted consumers, while 79% targeted enterprises. Many governments have ties to known hacking groups, so a ransomware attack that hits consumers and businesses can very well fall into this category.Additionally, some insurance carriers are excluding ransomware payouts from their policies, due to the increasing frequency of these attacks and the burden on organizations to have a robust backup and recovery strategy in place.

Stricter cybersecurity insurance qualifications

Insurance carriers are taking a more cautious approach and are more likely to reject coverage for companies with poor cyber hygiene. Factors that may be considered when determining eligibility include:

  • Network security
  • Use of things like multi-factor authentication
  • BYOD and device security policies
  • Advanced threat protection
  • Automated security processes
  • Backup and recovery strategy
  • Administrative access to systems
  • Anti-phishing tactics
  • Employee security training

You’ll often need to fill out a lengthy questionnaire when applying for insurance. This includes several questions about your cybersecurity situation. It’s a good idea to have your IT provider help you with this.This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks.

Emerging coverage options

Some insurance carriers are introducing new coverage options to meet the evolving needs of their clients. For example, some are offering coverage for business interruption caused by a cyber attack, as well as coverage for the cost of hiring a public relations firm to manage the reputation of a company following a breach.

Which policy is right for your business?

When selecting a cybersecurity insurance policy, there are several key considerations for businesses to take into account. One important factor is the type of coverage needed. Different policies may offer different types of coverage, such as data breach response, business interruption, and reputation management. It is important for businesses to carefully review the coverage options available and to choose a policy that meets their specific needs.Another important consideration is the level of risk faced by the business. Higher risk businesses may need more comprehensive coverage, while businesses with lower levels of risk may be able to opt for a more basic policy.Budget is also an important factor to consider when selecting a cybersecurity insurance policy. Businesses should carefully review the premiums and deductibles associated with different policies and choose an option that fits within their budget. It may also be worthwhile to shop around and compare quotes from multiple insurance carriers to find the most affordable option.Finally, it is important for businesses to carefully review the fine print of any policy they are considering, to ensure that they fully understand the terms and conditions of coverage. This will help businesses to choose a policy that meets their needs and provides the protection they require.

Need Help Making Sense of Cybersecurity Policies?

Cybersecurity coverage and insurance applications can be complex. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should.If you’re considering cybersecurity insurance, don’t go it alone. Give us a call and schedule a consultation. We can explain the policy details and provide guidance.

Jeff Hughes

Jeff Hughes

Having a reliable and enthusiastic partner in the IT services and solutions sector is imperative for achieving sustained business growth through effective technological strategies. Jeff Hughes, the CEO of Hermetic Networks, is wholeheartedly committed to assisting clients in optimizing their technology resources to maintain a competitive edge within their respective industries. Within Hermetic Networks, Jeff collaborates closely with a team of dedicated professionals who are deeply committed to delivering exceptional IT security services and solutions. Leveraging his extensive expertise and practical experience, Jeff ensures that clients receive unparalleled support and guidance for their IT security initiatives. When you choose Hermetic Networks as your partner, you can have confidence in our ability to enhance your business systems, helping you stay at the forefront of today's highly competitive business landscape.