Cyber insurance is a growing industry, and for good reason. With business practices going increasingly digital, cybercriminals are adapting to the latest technologies, making the need to protect
your business from virtual threats ever more pressing.
According to Eireann Leverett, senior risk researcher at Cambridge, “there is a net gain in society as cyber insurance starts to show the true cost of cybercrimes and help business or civil society organizations survive events they otherwise would not.” Despite the advantages of cyber insurance, the evolving field is still a little confusing for most business owners.
This week OTELCO focussed on clearing up some common cyber insurance questions, like what precisely these policies cover and how we can help your company qualify for one.
What is covered by cyber insurance?
Consider the businesses you rely on to run your operation. Say, for example, that one of your suppliers fell victim to Ransomware or a customer data breach. Through no fault of your organization, you could be facing a significant interruption in your productivity. That is where cyber insurance comes in. Third-party cyber-coverage could compensate your business for any losses derived from your partner’s cyber breach.
There is a lot more than just third-party claims covered by cyber insurance though. For example, most cyber policies also include the following:
- Cyber Extortion
- Identity Theft
- Investigation and Legal Costs
- Affected Party Notification
- Data Asset Protection
- Business Interruption/Losses
Some insurance providers offer individual cyber policies as well. These can protect private citizens from the same threats faced by business but on a smaller more personal level.
Do You Need Cyber Insurance?
More often than not the answer to this question is yes. Cybercrime continues to rise and with it the likely hood that your business will be a victim of a cyber attack. According to Risk Based Security, 2018 was the second most active year for data breaches, with over 5 billion records compromised globally. Every day there are reports of major data breaches at this notable company or that, yet so many companies maintain a cavalier approach to cybersecurity. They think “it won’t happen to me” and by doing so leave themselves open to attack.
If your business stores sensitive customer data (e.g., health-care records, payment information, social security number, etc.) a cyber insurance policy is essential. Without it, you are leaving yourself on the hook for the financial fallout that will inevitably follow when those angry customers blame you for the loss of their information. Considering how many Professional-Liability or General-Business insurance policies exclude cyber risks, cyber insurance could be the difference between bouncing back after a breach and closing your doors for good.
Where can you go for cyber insurance?
Many well-known insurance companies already offer cyber insurance, and experts predict more and more companies will follow suit in the next few years. Your first step when looking for a cyber insurer should be to check with your existing institution to see if it is something they already offer. If they are not yet offering a cyber package, you might want to look online. The Balance, a trusted online finance site, has already created a helpful list of the top five cyber insurers on the market right now that we would highly recommend.
Wherever you choose to go, do your homework first. If you have an IT team, go to them and ask what they see as security vulnerabilities. If you do not, then it may be prudent to go to a third party for a vulnerability assessment. Once you have a firm idea about what your risks are, you will be better positioned to know what you need from a cyber insurance policy.
How do you qualify for cyber insurance?
While it can provide a safety net for businesses who have already taken the appropriate measures, cyber insurance isn’t a standalone solution to cybersecurity. According to Arctic Wolf security expert Marc Keating, most insurers won’t offer this type of insurance if you can’t prove that you’re taking the right measures to protect against a virtual attack.
These are the types of things insurers are going to look for from you:
- Existing Cyber Protection: As Marc stated, you will need to prove to your insurer that you have already made an effort to protect yourself from cybercrime. At a minimum, you should have a Firewall and Anti-Malware software. Depending on your industry, or the size of your business, you may want to invest in a more mature security system.
- Employee Education: All businesses should be educating their employees on cybersafety, whether they are seeking insurance or not. If successful, just one ransomware phishing scam could be the end of your entire operation. There are services that offer educational materials, including quizzes that employees can take to test their cybersafety knowledge.
- Vulnerability Assessment: A vulnerability assessment will give you insurer a clear idea of your business’s existing security posture. As previously stated, an assessment will also give you a stronger sense of the protections your company will need from a policy. You can assess in-house, but most experts recommend going to a third party for an unbiased evaluation.
OTELCO Can Help
Cyber insurance does not negate the need for security monitoring for your organization. OTELCO has partnered with Arctic Wolf to offer a state-of-the-art Security Operations Center as a Service. Our solution, Security as a Service, uses AI technology and a team of security engineers to provide 24/7 network monitoring of your IT infrastructure. We can also aid you in your vulnerability assessment.
Here are some other services provided by our SaaS solution:
- Managed Threat Detection
- Patch Deployment
- Ransomware Protection
- Industry Specific Compliance Reports
Managed Services Consultation
If you are considering a Managed Service solution, it may be beneficial to schedule a complimentary Managed Services Consultation.
This obligation-free assessment can help you:
- Establish your existing technology environment.
- Determine your business’s unique technology needs.
- Find the most cost-effective solutions.
- Gauge your ability to manage those solutions.