Every tech-enabled business must manage cyber risk, especially since the number of ransomware attacks continues to rise. Once much of the corporate world shifted to a work-from-home model in 2020, cyber criminals saw an opening to exploit those working remotely. Small businesses are particularly at risk for data breaches, with Verizon’s 2021 Data Breach Investigations Report finding 43% of cybersecurity breach victims were small and medium-sized businesses.
If you’re a small-business owner who hasn’t invested in coverage yet, start looking at cyber insurance companies. Traditional liability and property insurance policies don’t include cyber risks in their terms, but a cyber insurance policy can help fill those gaps. To help you determine what coverage is best for you, we’ve compiled some of the most commonly asked questions about cybersecurity insurance coverage.
The different types of cyber insurance
A 15-person small business doesn’t need the same cybersecurity insurance coverage a large, billion-dollar company like Equifax, LifeLabs, or Marriott requires. Ask your provider about their cyber insurance benefits, cyber insurance coverage limits, and process for determining cyber risk. It’s important to understand the various types of cyber insurance, since there is no one-size-fits-all policy. A robust cyber insurance policy covers three main categories of financial risk:
- First-Party Coverage: This type of coverage helps organizations cover expenses incurred as the result of a data breach or privacy incident. First-party cyber insurance coverage includes PR services to uphold your organization’s reputation and costs associated with notifying affected parties.
- Third-Party Coverage: This type of coverage helps organizations cover the costs associated with defending liability claims made by people who were affected by a data breach. Think: legal fees, fines for violating HIPAA, and unintentional copyright infringement.
- Cyber Crime Costs: This category deals with financial losses resulting directly from criminal activity such as theft via digital fraud.
What it covers:
Each type of cyber insurance (First-Party Coverage, Third-Party Coverage, and Cyber Crime Costs) covers different costs. First-Party Coverage reimburses organizations for costs they’ve already incurred. This includes incident response and digital forensics services, reputation management, repairs to damaged software or hardware, the cost of notifying affected parties, and loss of income due to an interruption in services.
Third-Party Coverage helps organizations defend against lawsuits and legal claims made by people who were affected by a data breach. This includes privacy lawsuits, regulatory fines, claims of defamation and other media liability claims, and breach of contract.
Cyber Crime Costs help cover financial losses that are the direct result of criminal activity. One example is the theft of funds as a result of digital fraud.
What it doesn’t:
While cyber insurance covers a range of incurred costs, it doesn’t cover every possible risk. Typical cyber security insurance coverage policies exclude the following:
- Upgrades: If you decide to upgrade your systems or software after a data breach, your policy may not cover the cost.
- Future Profits: In general, cybersecurity insurance doesn’t cover potential future lost profits.
- Decreased Valuation: A cybersecurity policy may not cover the loss of company value due to theft of your intellectual property.
- Social Engineering: When cyber criminals trick people into transferring company funds, it’s called “social engineering.” Not all policies cover social engineering, but it might come as an optional add-on.
- Loss of Property: Losing a piece of property, like a computer or a phone, is generally covered by commercial property insurance, not a cyber policy.
- Bodily Injury: Claims of bodily injury are not included in cybersecurity insurance coverage. A general liability policy can cover these claims, however.
- Criminal Activity: While some cyber policies cover cyber crime costs, if you want comprehensive coverage against fraud, employee theft, robbery, or other crime, look into acquiring a commercial crime insurance policy.
What it costs:
For the most part, cyber insurance policies depend on the amount of risk you carry. If, say, your small business could easily experience a data breach, your cyber insurance premium will likely cost more. If, however, you take steps to secure your network and improve your cyber maturity, you can potentially lower your premium.
To determine your risk level and need, contact a cyber insurance specialist. They’ll help you conduct a risk assessment, which will identify vulnerabilities. Some of the questions cyber insurance brokers use to determine premiums are:
- What are your coverage needs and limits?
- Where does sensitive data reside, and who has access to it?
- Do you currently protect all the areas where sensitive data is kept?
- Do you have access to highly sensitive information because of your profession or industry?
- Have you had a claim against a cyber insurance policy in the past?
Keep in mind that premiums should not be your only defining factor when selecting cybersecurity insurance coverage. As part of your vendor vetting process, ask if it’s possible to amend a policy—you don’t want to be paying for one that doesn’t provide all the coverage you need.
You may want to consider putting together a list of your own questions to ask a provider—a cybersecurity insurance checklist, if you will. Questions could include:
- Are first-party coverages included?
- What about third-party coverages?
- What exclusions are part of the policy?
- Are there requirements to use certain data security tools?
You’ll want to fully evaluate a policy before committing to it.
Get a quote
You can get free quotes from up to eight different carriers in a matter of minutes using Trava’s cyber quoting tool. You can also talk to a licensed agent, who can help you get a cyber insurance quote online. If you’d like to review your current cyber insurance policy—or get a new one—contact Trava’s team of licensed cyber insurance brokers for a free consultation.
Cybersecurity insurance coverage is a critical piece of a strong cyber risk management strategy, but buying it doesn’t have to be overwhelming. Make sure to enlist help from a professional if you have questions or need guidance as you evaluate policy options, and you’ll be able to get the coverage you need at a price you can afford.
Insurance brokers, let Trava uncover cyber risks and help patch them before you write a policy.
Partner with Trava