As a provider of managed IT services and cyber security to Miami area businesses, Internos often advises clients on their cyber insurance needs as part of their overall cyber security. We do not provide policies or have any relationships with insurers.
You know you need cyber insurance because of the flood of hacks and data breaches surfacing almost on a daily basis. But in addition to knowing what your policy covers, it’s equally important to know what it will not cover.
For example, will it cover your losses during your downtime? What about fines incurred because of compliance gaps? Some insurance specifically rules out fines incurred by PCI gaps.
Then there are software updates, new hardware, property damage (e.g., a shipment of perishables perishes during the downtime) and bodily damage.
All too often, businesses are only aware of the bullet points of their cyber insurance coverage. Unless some things are specifically spelled out in your contract with your insurance company, you might get an unwanted surprise after a data breach. For instance, did you know there are actually two kinds of cyber insurance?
Types of Cyber Insurance
It’s possible to have a homeowners policy that includes liability, hurricane coverage and flood insurance—but that’s not always the case. Cyber insurance is similar. Don’t make assumptions. Know which types of cyber insurance coverage are in your policy. Here are the three main categories:
Network Security Insurance
Sometimes called data breach insurance, network security insurance is first-party coverage of the direct costs associated with the breach. This may include the costs of:
- Hardware or software repair or replacement.
- IT investigations.
- Restoring data.
- Notifying your customers.
- Setting up a call center.
- Offering credit monitoring to those impacted.
Negotiation and payment of a ransomware demand may also be included, depending on the policy.
>>Know what to do in a ransomware attack with this free checklist
Cyber Liability Insurance
Also called privacy liability coverage, a cyber liability policy is what you’ll need if someone impacted by the breach decides to sue. It offers third-party coverage of attorney fees, settlements or judgements and possibly regulatory fines.
Cyber Crime Costs
This category of insurance deals with losses as a direct result of cyber crime, such as if a hacker stole funds from your business account. It also covers losses due to fraud, such as when an employee is duped by social engineering into changing a payment address on an account, diverting funds directly to a malicious actor.
Your Cyber Insurance Checklist
Your cyber insurance needs may be very different from other companies. Whether you are purchasing a new policy or dusting off an existing one, make sure you know where you stand on the following coverage areas:
- Business Interruption: Coverage for costs incurred due to business interruption as a result of a cyber event, such as the inability to provide services for a period of time when you’re unable to access your systems or data—whether the cause is a cyber crime or simply human error.
- Cyber Extortion: Coverage for types of cyber extortion like ransomware. This can include the cost of hiring a negotiator and investigators and even the ransom payment.
- Social Engineering: Coverage for losses due to employees being tricked into taking actions that either direct money to criminals or allow cyber criminals into a network to act for themselves.
>>Don’t take the bait! Download our Phishing Prevention Cheat Sheet
- Reputation Harm: Damage to your brand, reputation or business due to a security breach. It is usually limited to a certain period of time after an event and may include the costs of implementing a PR agency’s recommendations (if not the agency fees themselves).
- Forensic Expenses: Costs associated with investigating, isolating and eliminating a threat.
- Legal Expenses: Lawsuit defense and settlement costs as a result of a data breach.
- Regulatory Expenses: Fines and penalties levied if regulators determine that your business failed to adequately protect sensitive consumer data.
- Notification Expenses: Costs related to notifying clients that their data might have been compromised in a data breach. It may include the cost of setting up a call center or to field client concerns.
- Credit Monitoring and ID Theft Repair: Costs for your business to set up these services for impacted customers.
No matter how good your cyber insurance is, you never want to use it. Having a proactive and complete cyber security plan is best for your business’s reputation, continuity and growth. Need help? Contact us or book a meeting today.