With cybersecurity threats on the rise, many companies are turning to cyber insurance for protection and peace of mind. Cyber insurance offers protection for technology-related losses, which are not included in general liability insurance. Learn how cyber insurance can help your business get up and running after a cybersecurity incident, and how to reduce premiums if you decide to invest in protection.
How Cyber insurance Protects Your Business
Cyber insurance offers protection for a range of IT disasters, from a fire in the data center to a data breach. The insurance covers both direct losses and claims made against your business by others who were impacted by an incident.
It can devastate your business financially if you are the victim of a data breach or cyber attack and have to cover the losses yourself. As many as 60 percent of small businesses are forced to close after a cyber attack due to cash flow problems resulting from the attack.
While cyber insurance is a relatively new category, it is projected to grow from $2 billion in 2015 to over $20 billion by 2025 as companies protect themselves.
Insurance premiums differ by many factors, including:
- Annual gross revenue
- Type of data stored
- Security measures used
- Privacy policies
Companies that have few safeguards against a cyber attack pay much more than those that are trying to protect their business, yet view insurance as some extra peace of mind. If you want to get cyber insurance for your business, but need a low premium, you can take steps to reduce your rate.
Since the industry is new, offerings differ widely by insurer. While standardization is expected to occur with maturity, businesses that want insurance now must carefully consider how offerings of insurers meets their needs. By tailoring insurance protection to your company’s needs and comfortable spend, you can find an affordable cyber insurance policy that protects your business from common risks.
How to Shop for Cyber Insurance
When selecting a cyber insurance provider, it’s important to weigh the premiums against the coverage you’ll receive and the experience of the insurer in this market.
Ask the insurance broker about their experience with cyber insurance. Since there is no “one size fits all” policy, a qualified broker should ask questions about your needs and direct you toward a policy that covers your specific cyber or data risks. Find out whether they have tools or resources you can use to learn more, mitigate your risk, and protect your business.
Ask specific questions about what breaches are covered and which claims are excluded. Make sure you understand the answers in plain language. If you’re trying to comprehend tech jargon, you may misconstrue the meaning of something and wind up with a coverage gap.
Before you select a policy, ask about discounts that could lower your premiums. Many cyber insurance providers reward customers who make demonstrable cyber security investments with lower premiums. For instance, if you have threat protection, data protection, or data security in place, you can enjoy a lower rate. You’ll also get a discount if you have a strong data recovery plan that will reduce your risks and recovery time, frequently.
While providers will usually have specific benchmarks for discounts, these best practices will help you gauge your likelihood of getting a discount on cyber insurance. In some cases, insurers may not even want to take on the risk of insuring your business until you’ve reduced your risk by incorporating some of these practices.
- Educate your employees – Humans are the weak link in the cyber security game. Invest in educating staff about risks, reinforcing good habits, and creating a risk-averse culture to stay safe.
- Update and patch regularly – Is your software out of date or missing the latest patch? If so, you’re at risk of a cyber attack. Work with IT to make sure that every device that connects to your network is kept up to date. Institute policies for enterprise devices and employee devices if you allow BYOD.
- Build security into new initiatives – It’s much easier to build strong systems outright than shore up vulnerable IT systems. Always build security into your initiatives prior to launch, then test regularly to make sure everything is working as it should.
- Monitor access – Many workplaces are too permissive with access control, which increases the risk of a malicious attack. Make sure that employees have only the access they need to do their jobs. Manage access when employees change roles or leave the organization to reduce risk.
- Invest in a strong disaster recovery strategy – Disaster recovery is key to getting back up and running after a disaster. It’s more than simply having an automated backup. It’s making sure you have the data you need, know how to get to it, can rebuild quickly, and have redundant copies of business assets in case of emergency. Implement a strong disaster recovery strategy to lower your risk and make your business look more attractive from an insurance perspective.
Trends show that attackers will get more creative and determined in 2017, changing your data or holding your assets for ransom. By taking steps to improve your cyber security position and investing in cyber insurance in case you are attacked, you can protect your business from risks and ensure continuity in case of emergency.