Tag: cyber insurance

What difference does $4.40 make? It can’t buy you much on its own, but it can make a world of difference when you’re handling the aftermath of a data breach or other cyberattack. That’s how much cyber insurance protection reduces the per-record cost of a data breach, according to the Ponemon Institute’s 2015 Cost of a Data Breach report. Whether you’re a small business owner with just a few hundred customers or a global corporation with records in the millions, the cost of being without cyber insurance in the wake of an incident can be extreme. When you consider the sheer number of records involved in recent mega-breaches — more than 78 million in the Anthem breach alone — the cost reduction can easily soar into hundreds of million dollars saved. And while smaller businesses may have fewer records to be breached, the impact of an attack can be even more devastating to them than to global entities when they experience a mega-breach. Yet less than one-third (32 percent) of businesses surveyed for Ponemon’s study reported having cyber insurance. The percentage was a bit better when the Risk Management Society (RIMS) asked 284 of its members about cyber insurance; 51 percent reported having stand-alone cyber insurance policies. Even fewer small businesses report having cyber insurance. Just 5 percent of small business owners surveyed by Endurance International Group said they carried cyber insurance, despite 81 percent believing cybersecurity is a concern for small business. Those who have cyber insurance clearly understand its value. RIMS members said they bought policies to: Reduce the risk of an incident damaging their company’s reputation (79 percent). Minimize the potential impact of business interruption (78 percent). Aid in data breach response and notification (73 percent). What’s more, of the RIMS members who didn’t have cyber insurance, 74 percent said they were considering buying it within the next 12–24 months. While small business owners also appear aware of the risk, they seem less cognizant of the benefits of cyber insurance and other cybersecurity measures. Endurance found that although 94 percent of small business owners said they do think about cybersecurity issues, and nearly a third have experienced an attack or an attempt, just 42 percent have invested in cybersecurity in the past year. A widely reported study by the National Cyber Security Alliance asserts that 60 percent of small businesses that experience a data breach go out of business within six months. Cyber insurance premiums vary widely and are largely tied to a company’s revenues and exposure. Policies typically aim to address risks commonly associated with a cyberattack, including: Liability for loss of confidential information that occurs through unauthorized access to a company’s computer systems. Data breach costs including notification of affected consumers, customer support and providing credit monitoring to affected customers. The costs of restoring, improving or replacing compromised technologies. Regulatory compliance costs. Business interruption expenses. Of course, like virtually any other type of insurance, cyber insurance policies can be customized to address the risks facing the individual policy holder. Many in the insurance industry feel that cyber insurance products have matured, evolving into a type of protection that businesses both large and small simply can’t afford to do without. When you consider the devastating risk of facing a cyberattack without insurance, that simple per-record cost savings of just $4.40 takes on a much deeper meaning. While more large companies are seeing the value of cyber insurance, small business owners need to begin incorporating this valuable type of protection into their overall cyber security plans. Learn more about our Data Breach solutions

The growing cost and number of data breaches has spurred more interest in cyber insurance. While companies often increase investments in technology and training programs to reduce the likelihood of a breach, a recent Ponemon Institute survey of risk-management professionals found that 31 percent of companies surveyed have cyber insurance and 39 percent plan to purchase cyber insurance in the future. Learn how to outline your response plan with our data breach response guide. Source: Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

The purpose of any type of insurance is to protect your most valuable assets. To combat the prevalence of cyber attacks and data breaches, an increasing number of businesses in the health-care, financial services and technology industries have purchased cyber insurance policies to protect themselves from the crippling cost of a data breach.  This is especially popular among start-up tech companies in Silicon Valley in order to safeguard their intellectual property (IP) since their IP is the backbone of their livelihood1.  Since small businesses generally don’t have a risk manager and IT department dedicated to data security, a good cyber insurance policy can help mitigate cyber security risks. Although accepted in some sectors, cyber insurance is still not an established part of many companies’ IT data security strategies.  This is commonly due to a lack of agreed risk management standards and the challenge of substantiating and quantifying losses, in addition to finding objective data to back up cyber insurance claims.  Some security experts feel that the federal government needs to kick start growth in this market by requiring government contractors to purchase cyber insurance to set a standard for other businesses, sending a message that any company who has cyber security insurance is a signal that the company is competently managing its data security. As the cyber insurance industry evolves, here is a list of what the policies generally cover and what to look for: First-party claims – Costs incurred by the loss of trade secrets and intellectual property. Third-party claims – Damages a business must pay to customers who sue them for lost or compromised personal information. Business interruption coverage – In the event a data breach incident prevents the company from operating or functioning, the company would receive payment reimbursement for expenses incurred due to loss of business. A forensic IT investigation – Policies can cover the cost of an examination into how the data breach occurred and some may even cover the costs of regulatory fines and penalties in addition to the crisis management control which includes data breach notification letters. Security professionals stress that cyber insurance is not meant to be a substitute for data protection and security policies.  In fact, before underwriting a policy, an insurance company will be hyper vigilant in determining that their customers have proper protections and policies in place since the insurance company will want to reduce its own risk. And since insurance has been a positive influence on other industries to improve performance and safety due to risk mitigation, the theory is if a company has cyber insurance, the hope is they will implement proper preventative measures to ensure that they will never have to use it. Learn more about our Data Breach solutions  1http://www3.cfo.com/article/2013/4/data-security_cyber-attacks-cybersecurity-liability-insurance-smb-growth-companies-risk-hogan-lovells