Understand what cyber insurance covers, doesn’t cover, and how to get a policy right for your small business.
In today’s world, it is increasingly difficult to keep personal and sensitive information safe. Data breaches are all too common, and it can be very difficult for companies to recover customer trust after an incident. Add in thousands of dollars of legal fees, digital forensics and incident response costs, and other fines, and you can easily see why it is so important for organizations to take steps to keep this sort of thing from happening.
Furthermore, it isn’t just large corporations that can take a huge hit from a cyber attack. Small businesses are often more susceptible to these incidents and can suffer even more damaging results when they happen. In addition to taking preventive steps to manage risk up front, it is crucial for companies to carry a special type of liability coverage called cyber insurance.
Cyber security insurance helps cover the liability associated with network compromise, privacy issues, and business interruption. For example, cyber incidents can include things such as malware infection, ransomware, business email compromise, and data breaches involving sensitive customer information, such as social security numbers, driver’s license numbers, financial information, and much more.
What does cyber insurance cover? In the event of a data breach, this type of policy can help pay for notifying customers about the incident, restoring identities to affected persons, recovering compromised data, repairing damaged computer systems, and more. It can also pay for any associated costs and legal fees for a lawsuit if the situation should arise.
That said, what does cyber insurance not cover? In most cases, a cyber policy won’t pay for loss of future profits due to a damaged reputation, upgrading your computer systems, or any loss of value of intellectual property.
This type of protection isn’t limited to businesses. There’s also the option to buy personal cyber insurance. What this type of policy does is protect you against any sort of data breach where you’re the victim and the personal information being leaked is your own.
Your destination may be achieving compliance in industry certifications such as SOC2 or ISO27001, but it doesn’t stop there. With Trava, our modern tools can help you bridge the gap between where you are and where you want to be by giving you the control to assess your risk, repair the most vulnerable areas, and transfer risk through insurance.
Now that you know the details of cyber coverage, it is important to talk about your options when looking at potential cyber insurance companies. Most major carriers that you would already trust for your home, auto, or commercial insurance also offer some form of cyber liability policy. In fact, when it comes to cyber insurance market share, these are often the companies that have the biggest piece of the pie.
Large carriers aren’t the only option, however, as there are a plethora of independent carriers out there ready and willing to meet your needs. The cyber insurance market is quite varied, and finding the right solution for your situation isn’t as difficult as you might think.
Furthermore, there are also software companies that can help you not only find your ideal cyber insurance carrier, but also assess your existing systems to help find vulnerabilities that you might not have considered. This is a great option if you haven’t fully explored your risk level or you do not know the various scenarios that could happen during a breach.
Is it a better idea to purchase a separate policy than to rely on your typical business liability policy to carry you through? Often, but not always. It will generally depend on your exact needs and situation, such as the industry you are in and the level of risk your company presents and can tolerate.
There are actually four categories of cyber and privacy insurance to consider: data breaches, denial of service events, viruses, and other related incidents. Any policy you purchase should cover these topics extensively. In general, cyber insurance agents are there to help you analyze your risk and determine the best level of coverage for your needs by asking in-depth questions about your current environment.
So, how do you get a cyber insurance quote? Well, you start by contacting a cyber insurance agent or specialist. They will ask you some questions to help determine the appropriate pricing for your risk level and needs.
Examples of questions many major carriers use to determine cyber insurance premiums include:
What are your coverage needs and limits?
Who has regular access to your data and computer infrastructure?
What level of network security do you currently maintain?
What is your profession, and do you have a higher than normal access to sensitive information?
Have you had a claim against a cyber insurance policy in the past?
Remember, cyber insurance premiums are largely dependent on the amount of risk you carry. In simple terms, this determines if what you’re currently doing puts you in a place where you could easily experience a data breach. The higher the risk level, the more expensive your cyber insurance payment is going to be.
And what do you look for in a cyber insurance quote? Here are a few things to consider when you receive an estimate:
What type of data is the policy protecting, and how does the policy define it?
Are first-party coverages included? Are third-party coverages included?
What exclusions are part of the policy?
Have you included all pertinent details so that the cyber insurance carrier can appropriately assess your risk?
Are there any sub-limits listed on the policy?
Are there requirements to use certain data security tools?
What is the carrier’s rating from other policyholders? Do these companies have any major complaints?
Of course, premium price alone should never be your only defining factor when purchasing a cyber insurance policy. Make sure to fully evaluate what you’re getting before committing to using a specific carrier or contract.
You can't protect yourself from risks you don't know about. Enter your website and receive a completely free risk assessment score along with helpful information delivered instantly to your inbox.
In essence, a cyber insurance policy isn’t much different from any other type of general liability policy that you might purchase. There’s still a deductible, terms, coverages, and exclusions. Determining your needs generally comes down to the size of your company, industry you’re in, and other similar factors.
Curious to see what a particular carrier offers? Ask to see a cyber insurance policy sample. Most will be more than happy to give you a contract to look over to ensure you’re comfortable with the terms and conditions.
Here’s a cyber insurance coverage checklist to help you figure out if the policy you’re considering meets the needs of your business.
Forensic Expenses: Are the costs associated with determining when and how the data breach or ransomware attack happened included as part of the policy coverage?
Legal Expenses: If you’re sued due to a data breach, are your legal expenses covered by the cyber insurance policy?
Notification Expenses: Does your policy pay to notify all parties exposed or included in the data breach?
Regulatory Fines and Associated Penalties: Will the policy pay for costs associated with any regulatory fines or penalties?
Public Relations Expenses: Does your policy help pay for costs associated with repairing your reputation after a major data breach?
When it comes to purchasing cyber insurance for an individual, the process is much less in depth than it is for companies. Generally, you’ll just be asked a few questions about your individual risk level.
How is a cyber insurance premium calculated? Generally, the process comes down to a few factors, including the type of industry you are in, your current computer and data protections, and the type of personal information you’re storing and/or collecting. Your staff, prior claims, and basic protocols will usually also play a role. The riskier your endeavor, the higher the policy premium. So, how much coverage do you need to make sure you’re adequately insured?
If you’re still unsure of how much cyber insurance to purchase, you’re in luck. There are plenty of cyber insurance cost calculator tools on the internet to help you determine your overall level of risk and plan accordingly. They are easy to use and generally just require answering a few questions honestly about your business. Examples of various inputs include the number of employees you have, the industry you’re in, the types of customers you service, etc.
It is important to remember, however, that a simple cyber insurance calculator can’t get a full picture of your absolute level of risk. In order to accurately get a full picture of how much you’ll pay for cyber insurance, you need to speak to an agent directly. They will be able to guide you to the best coverage options to protect your particular business.
If you’re looking to buy cyber insurance, the first step is getting in touch with an agent. From there, they will ask you a series of questions about your business including what you do, what tools you use to protect data, your employee history, details of any previous claims, and more. Then you’ll be given a quote based on this information to review before finally paying a premium and purchasing the policy.
Don’t feel you’re quite ready to take the leap into buying coverage? Most agents will be more than happy to provide you with a cyber insurance brochure, either in print or via a PDF download. These documents are designed to provide highlights of the most important features of a cyber insurance policy and to help you decide what’s right for you.
Who needs cyber insurance, really? Simply put, all businesses, even small and medium-size businesses. Corporate cyber insurance is designed to meet the needs of companies operating at an enterprise level. But that doesn’t mean startups and others can’t obtain it. Cyber security insurance for small businesses is just as important and readily available as policies designed for major corporations. Bottom line: This type of insurance is critical. As our dependency on technology increases, so does our need for total protection.