Organizations operating in today’s digital economy find themselves facing a wide range of cybersecurity threats. The World Economic Forum ranks cyber attacks as the third most significant risk facing business leaders today. Implementing measures to mitigate this threat is therefore essential. Technical, operational, and financial countermeasures are all readily available. However, cybersecurity professionals — especially those who support high profile companies — no longer consider if hackers will breach information security defenses, but when. Insuring against high-probability catastrophes only makes sense.
Insuring Against the Inevitable
When it comes to financial countermeasures, cybersecurity insurance is a popular choice. Designed to help organizations mitigate their risk exposure by offsetting the costs involved with the recovery process after a cyber attack, these insurance policies can be beneficial. However, is the cost of investing in such a scheme justified?
If we consider the practice of risk management, insurance plays a critical role in modern commerce. Businesses have always seen the benefit of protecting their assets from potential catastrophes such as fire, flood, or theft. However, in today’s online economy, business assets exist in the real world and the digital realm.
Prudence dictates that you need to protect your digital assets with an insurance policy that covers you from risks that exist through doing business on the internet. With data being the currency of the new digital economy, one could argue that cyber insurance should form part of any risk management strategy given the rising threat of cyber attacks. It’s important, though, to consider the real world benefits of cyber insurance and determine whether it applies to all business and industries.
Every Business Needs Some Form of Cyber Insurance
Cyber liability insurance is a good business for companies that offer the service to their clients. According to Aon, over the past five years, cyber insurance premiums had the most significant growth in their portfolio with a 23 percent increase annually. Eighty percent of this growing market consists of medium-sized to large companies. However, as previous studies have shown, small businesses are not immune to cyber attacks. The latest Verizon Data Breach Investigations Report states that 58% of data breaches are focused on small businesses. If we consider that over 60% of small companies out of business within six months of a cyber attack, cyber insurance is a necessity for every enterprise.
Commercial general liability policies do not cover the excess costs which usually accompany the restoration efforts after a cyber attack. Excluding cyber incidents from these policies is a standard industry practice. In some instances, businesses have successfully claimed a portion of the costs. However, these are the exception, and in most cases, organizations without any cyber insurance carry the entire financial burden created by an incident.
Adding Up the Costs of a Hack
According to the 2018 Cost of a Data Breach Study by Ponemon, the average cost of a data breach is $3.86 Million. The study also found that the higher the number of records compromised, the higher the toll. Incidents involving less than 10,000 compromised records cost approximately $2.2 million, and those above the 50,000 mark cost in the region of $6.9 million. With Ponemon concluding that the chances of a business experiencing a data breach being 1 in 4, the financial risk for organizations of any size is material. As such, investigating how much a cyber insurance policy will cost your business is worth the effort.
What Does Cyber Insurance Cover and How Are Your Premiums Calculated?
When researching various cyber insurance options, it is essential you understand what the intended policy covers, and more importantly, what it excludes. Like any other insurance policy, there is no blanket cover. You need to either implement specific measures or refrain from particular risk-taking activities to ensure you can submit a successful claim after a cyber attack. Even though these policies cover a wide range of security incidents, insurance providers have been known to deny claims if they deemed the organization failed in its duty to implement sufficient internal security measures.
Another aspect you need to consider when investigating cyber insurance is how much coverage you need. Investing time and money in ensuring your organization is implementing cybersecurity best practices not only minimizes your overall risk but can also result in lower premiums. Taking proactive action such as securing your network, providing your staff with security awareness training, running an enterprise anti-malware solution, and actively monitoring your environment for security threats shows prospective insurers that you are a low-risk investment for them. As such, they would be more willing to provide you with cyber insurance cover and offer you a reasonable premium.
Your internal security controls are only one aspect a potential insurer looks at before making their decision on the extent of the cover they are willing to provide and the cost of your insurance premium. Other factors such as your location, the industry you are operating in, your gross revenue, and the type of data you store are all taken into consideration before the insurer makes its final determination.
The final factor that determines the cost of your cyber insurance is the amount of cover you require and how much you are willing to pay for it. As is the case with any other insurance policy, the higher the value of your coverage, the larger your premiums. When deciding on the amount of cover your business needs, you need to strike a delicate balance between how much you are willing to pay and how much cover your business requires. Too much and you will end up overpaying for the service. Too little and you may find your business facing financial ruin should you become the victim of a devastating cyber attack.
Determining the financial damage of a cyber attack is a risk management exercise. Firstly you need to calculate the value of your technical inventory taking items such as your data and information systems into account. In addition to this, you also need to consider the potential liability from lawsuits which may arise from a data breach. Finally, you need to take a calculated risk and try to determine the probability of your business falling victim to some form of cyber attack. Based on these factors you can then determine the amount of coverage you need and how best to allocate resources to mitigate this risk.
Tailoring Cyber Insurance to Match Your Business Requirements Is Essential
There is no doubt that businesses of any size need to invest in some form of cyber insurance. However, the scope of the necessary coverage and the cost of insurance is unique to each organization. Factors like the industry you operate in and the level of security measures deployed within your business will determine your insurance risk. The amount of coverage you need in addition to these risk factors will then be used to calculate your premiums. As a business leader, you need to make a risk management decision and determine if the potential losses are worth the investment.
Coranet is a certified Woman-Owned Information Technology Organization that has been meeting the requirements of Enterprise and Government entities for over 30 years. Network Engineering and Technical Support is part of our foundation and we continue this proud tradition with a 360-degree approach to technology solutions and services in the areas of Audio Visual, Network & Physical Security, IT Infrastructure, and Consulting/Project Management. Coranet is ISO 9001 registered, Lean Six Sigma and WBENC certified.
Please contact us at Sales@coranet.com for more information