Cyber security insurance is a relatively new form of liability coverage that protects a business against direct and third-party financial losses resulting from a breach of the business’s electronic networks. Simple enough, right? Wrong. Cyber security insurance, while not as nuanced as the very cyberattacks it aims to stop, isn’t exactly as straightforward as say, auto insurance.
Check out these seven FAQs about cyber security insurance so you can confidently look around and compare policies.
- Does Cyber Security Insurance cover the same risks as a Commercial General Liability (CGL) policy?
CGL policies compensate a business for bodily injuries and loss or damage to physical property, but it does not cover economic losses associated with a business’s failure to protect customer data and personal information. Cyber security insurance covers losses due to fraudulent electronic transactions and liability to customers whose personal information has been compromised.
- Do small businesses need cyber security insurance?
Small to mid-sized businesses account for up to half of all cyberattacks and data losses. Almost two thirds of all small businesses that are the targets of a successful cyberattack are out of business within six months after an attack. Even a limited loss of data can lead to a multimillion-dollar liability to customers. Cyber security insurance can prevent a small business from failing after it suffers an attack.
- Is cyber security insurance necessary if a business has implemented internal software solutions and network monitors to prevent cyberattacks?
Hackers and cybercriminals are organized and efficient, and are able to keep ahead of common software solutions and monitors to launch attacks that can take down even the most highly protected network environments. Even the White House experienced a limited cyberattack in 2015 when a hacker piggybacked on a State Department staffer’s email to break into a non-confidential email system. Businesses should take all reasonable steps to prevent a loss of data from a cyberattack, but they should not assume that every attack can or will be prevented. Cyber security insurance is the last defense against crippling losses associated with those attacks.
- How can a business assess its risks of experiencing a cyberattack?
Consider the type of information that the business collects and stores. Personal, financial, and medical records create the greatest exposure. Look at how the information is stored and who has access to the information. Finally, consider the procedures used by the business to protect the information, including training of employees who have access to the information, and how its networks and email servers are secured.
- What industries are most susceptible to a cyberattack?
According to a recent report published by IBM the top five cyberattacked industries in 2015 were healthcare, financial services, manufacturing, government, and transportation.
- What is the average financial loss from a cyberattack?
The answer to this question varies by industry and per the type of information that each industry stands to lose. A study of data breaches in the health care industry, for example, put the cost of a cyberattack at $200 per lost patient record. Thus, even a small medical practice with 5,000 patient records stands to lose $1 million from a theft of those records.
- How much does Cyber Security Insurance Cost?
Again, the cost will vary by industry and as a function of the number of records held by a business. The same study that assessed the value of lost medical patient records estimated that cyber liability insurance for a healthcare business would cost approximately $8.00 per record, which is less than 5 percent of the cost of the data breach itself. Companies like CyberPolicy provide cyber security insurance that can help a business reduce its cyber liability insurance risks and control any major losses associated with a cyber breach.