Cyber insurance: the risk-reduction remedy some companies want and need

Unfettered mayhem, raining down from cyberspace, has birthed the need for new protection few would have envisioned just a few years ago: cyber insurance coverage.

As coverage goes, cyber insurance is still a relatively new and emerging option that, despite its newness, is rapidly gaining traction among threat-weary businesses in every sector—healthcare, in particular, where protecting high-risk information in EHRs (electronic health records) is among the top priorities.

Why cyber insurance?
For most, the goal of adding cyber insurance is to mitigate threats, liabilities and costs sustained from (what else?) “cyber incidents” – a broad term covering an ever-growing range of mishaps and misuse, from hacked accounts and stolen credentials to pilfered laptops and wayward thumb drives.

Given the frequency and severity of recent breaches, and the financial fallout that invariably results, who can blame companies for wanting an extra layer of protection?

Certainly not attorneys Theodore J. Kobus III and Kimberly M. Wong, data security experts and co-authors of a new paper entitled “Risk Management: Cyber Insurance & Your Data Response Plan.” In fact, Kobus and Wong strongly suggest that, depending on budget, exposure profile and potential loss scenarios, cyber insurance may be a risk-reduction remedy that businesses sorely need.

Surprisingly customizable coverage
Companies seeking first-party cyber insurance coverage have a surprisingly diverse range of choices, say the authors, including protection against losses stemming from: data destruction and theft, extortion and hacking, and revenue lost from network intrusion or interruption.

Notification expenses, such as printing, mailing, credit monitoring and call center support may be included in a policy, along with third-party cyber liability coverage for vendors and partners.

Procuring the proper policy
The paper also includes suggestions for working with your broker, including:

  1. Determine what coverage you have under current general commercial liability or professional liability policies.  Identify potential gaps and opportunities to increase long-term protection.
  2. Assess your current level of exposure and types of cyber incidents that pose the biggest threats.
  3. Inventory the nature and location of all sensitive data. Is it stored in areas that are vulnerable to physical or digital theft? Knowing this will inform cyber coverage decisions.
  4. Step through potential employee/non-employee loss scenarios, such as: hacking, theft of data or computer equipment and unauthorized publication of information online.