Cybersecurity Insurance: Everything You Need to Know
Cybersecurity Insurance is a hot topic these days, and for good reason. As attacks increase, so do premiums companies have to pay for coverage – but there is work you can do to cut those costs and keep yourself protected.
Cyberattacks are pervasive, happening every 11 seconds to companies both large and small. The headlines we see typically showcase the attacks that take place against some of the world’s largest companies, but 55% of small businesses say they have experienced a data breach (with 53% experiencing multiple attacks).
It is estimated that almost 30,000 websites are hacked daily and companies with at least 250 employees face a whopping 76% chance of being hit with a cyber-attack. In 2021, the average ransomware payment averaged nearly $300,000 and went as high as $40 million.
The need for strong, cybersecurity has never been clearer – but so too is the need for insurance if you fall victim.
What is Cybersecurity Insurance?
Much like insurance for your home or car, cybersecurity insurance is designed to mitigate losses from a variety of incidents. The main objective being to keep your business insured and provide protections against specific cyber incidents, like:
- Data Breaches – destruction and theft
- Business Interruption
- Network Damages
- Extortion demands
- Hacking
- Denial of Service (DOS) attacks
- Legal claims of defamation, fraud, privacy violations, etc.
Commercial general liability and property does not include cybersecurity. Cybersecurity insurance has become its own stand-alone line of coverage.
Why do we need it?
Worldwide, cyberattacks are expected to cost organizations about $6 trillion by the end of 2021 – up from $3 trillion in 2015.
Many states now require companies to notify their customers of any data breach that involves personal information – if you aren’t prepared for this, you risk major compliance issues. Insurance providers will often take the heavy lift of contacting your customers in this case.
Many businesses are still opting not to pay for cybersecurity insurance, however, often citing high premium costs, confusion on what is covered, and misunderstanding about what is needed to receive coverage.
What is needed for coverage?
Many insurance companies will not cover your business if you don’t have meet certain minimal technical and procedural requirements. This can be a daunting list if you are unprepared! Here is a list of just a few requirements your business might need to meet for coverage:
- Multi-factor authentication (MFA)
- Endpoint detection and response solutions (EDR)
- Monitoring of Environment (MDR)
- Incident Response Plan (IRP)
Often, businesses will seek the help of a broker to purchase cybersecurity insurance. These groups will help understand if you have what is needed, and if you will you be paying more than you need.
How can CDI help?
We recognize the pressure our clients are under to meet the new insurance qualification requirements while also trying to control costs. With our clients needs in-mind we have designed a number of security offerings that satisfy those requirements and also establish a risk-based approach to security.