The Case For Cyber Insurance For New York Businesses

What do you know about cybersecurity insurance? Do you know whether you need it? Is it included in your general coverage? If not, can improved cybersecurity qualify you for coverage or even lower premiums?

Start with the basics in our latest video:

Key points in this article:

  • Cybercrime is so prevalent that cyber insurance has become a necessity
  • Qualifying for cyber insurance can be difficult if you don’t have the right cybersecurity standards
  • Coverage and payouts are not guaranteed; make sure to invest in your defenses as well

Cyber Insurance 101

The cybercrime landscape is getting more unpredictable and complex every day. Cybercriminals are finding more effective ways to infiltrate business networks and steal critical business data—but you already know all this.

There’s not much point in the “doom and gloom” cybercrime discussion anymore because it’s so common and well-understood. The global cybercrime industry is booming—by the end of last year, it was estimated that cybercrime caused up to $6 billion in damages alone.

Cybersecurity insurance is a relatively new type of protection designed to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment if you know how it works.

The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection. It’s becoming increasingly necessary, as many insurance providers have begun drawing a clear line between typically covered losses and those incurred by cybercrime-related events.

That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think.

What Is Cybersecurity Insurance?

Often referred to as cyber liability or data breach liability insurance, cybersecurity insurance is a type of stand-alone coverage. It’s designed to help businesses cover the recovery costs associated with any kind of cybersecurity incident, including:

Breach And Event Response Coverage:

A very general and high-level form of coverage, this covers a range of costs likely to be incurred in the fallout of a cybercrime event, such as forensic and investigative services; breach notification services (which could include legal fees, call center, mailing of materials, etc.); identity and fraud monitoring expenses; public relations and event management.

Regulatory Coverage

Given that a range of organizations (such as The Securities and Exchange Commission, the Federal Trade Commission, the Department of Homeland Security, and more) have a hand in regulating aspects of cyber risk in specific industries, there are usually costs that come with defending an action by regulators

This covers the costs of insufficient security or “human error” that may have led to a privacy breach. Examples may include an employee losing a laptop or e-mailing a sensitive document to the wrong person.

Liability Coverage

This coverage protects the policyholder and any insured individuals from the risks of liabilities resulting from lawsuits or similar claims.

Put simply, if you’re sued for claims within the insurance policy’s coverage, this type of coverage will protect you.

Cyber Extortion

This type of cybercrime event is generally a form of a ransomware attack, in which a cybercriminal keeps encrypted data inaccessible (or, alternatively, threatens to expose sensitive data) unless a ransom is paid.

Coverage of this type addresses the costs of consultants and ransoms, including cryptocurrencies, for threats related to interrupting systems and releasing private information.

Does Cybersecurity Insurance Offer Complete Protection Against Cybercrime?

A common misconception is that a cybersecurity insurance policy is a catch-all safety net, but that’s simply not the reality. Without a comprehensive cybersecurity strategy in place, a business may not qualify for a policy in the first place.

Furthermore, in the event of a hack, a business may not qualify for full coverage if its cybersecurity standards have lapsed or if it can be found responsible for the incident (whether due to negligence or otherwise).

The core issue is that as cybercrime becomes more common and damaging, insurers will become more aggressive in finding ways to deny coverage. It’s in the interest of their business to pay out as little as rarely as possible, which means the policies will tend to rely on a series of complicated clauses and requirements that covered parties have to comply with.

A vital example is when Mondelez International was denied coverage for the $100 million of damage they incurred from the NotPetya attack. Their insurer, Zurich Insurance, cited the obscure “war exclusion” clause, claiming that Mondelez was a victim of a cyberwar.

This is not an isolated incident. As discovered by Mactavish, the cybersecurity insurance market is plagued with issues concerning actual coverage for cybercrime events:

  • Coverage is limited to attacks and fails to address human error
  • Claims are limited to losses that result directly from network interruption and not the entire period of business disruption
  • Claims related to third-party contractors and outsourced service providers are almost always denied

All this shows why business owners need to look carefully at the fine print of their cybersecurity insurance policy and ensure their cybersecurity standards are up to par. No one should assume they’re covered in a cybercrime attack — after all, for every $1 million paid in premiums, insurance companies only pay out $320,000 in claims.

Do You Need Cybersecurity Insurance?

You may not be required by the law to have cybersecurity insurance. However, depending on the industry, specific compliance regulations recommend it. Various insurers offer cybersecurity insurance policies, and policy prices and exclusions vary widely among providers.

Oddly, you’ll likely need cybersecurity insurance in one form or another at some point, which is why it’s wiser to invest now. At the very least, you should get a quote on a policy so you can make a properly informed decision.

Don’t Overlook Proactive Cybersecurity Protection

As important as cybersecurity insurance is, don’t forget that it’s simply one part of effective cybersecurity defense. You also need to protect your organization proactively.

Network Outsource can help. Our team provides cybersecurity and technology services for organizations like yours—we are available to help you develop a robust cybersecurity defense, minimizing the chance you’ll ever have to claim your cybersecurity insurance.

You can start improving your cybersecurity and get the insurance policy you need by getting in touch with the Network Outsource team.