Cyber Insurance: What is It, and Do You Need It?

Share This Article

Every day, there are news stories about data breaches and cybercrimes committed against retailers, banks, governments, health systems, universities, and countless other businesses. The breaches and attacks are increasing in frequency and intensity, and the trend shows no signs of slowing.

The modern economy has increased every organization’s reliance on technology and the Internet to transact business and reach customers. It has also created an entire underground industry: cybercrime.

Lone-wolf hackers, career cybercriminals, and even foreign nation-states have used technology to launch attacks against businesses of all sizes. These cyber-attacks can take the form of espionage, stealing and ransoming of business data, and theft of assets through banking and financial fraud. Cybercrime can create large financial losses and major legal fees for businesses, and to make things worse, substantial non-compliance fines can be levied against organizations that are in highly regulated industries. Cybercrime also creates significant data breach liability issues for company Boards and executive leadership.

Put simply: when hackers win, we all lose.

It’s not only large organizations that are susceptible to cyber-attacks, data breaches, or ransomware. 43% of cyber-attacks target small businesses (Verizon) and 47% of small businesses say they have no understanding of how to protect themselves against an attack (Ponemon Institute.) Any organization that utilizes technology as part of doing business or manages digital information is at risk of a cyber-attack.

One way for organizations to protect themselves against cybercrime is to carry cyber insurance.

Large companies and organizations view cyber insurance as a crucial part of their risk management program, but businesses of all sizes should seriously consider it. Frighteningly, only about one-third of U.S. companies currently carry cyber insurance (PwC.)

What Is Cyber Insurance?

Cyber insurance is designed to help an organization or business mitigate their cyber risk exposure by covering expenses associated with a cyber-attack, security breach, or ransomware event. Generally, cyber insurance covers first party and third-party expenses and claims involving personally identifiable information (PII) such as Social Security numbers, account and credit card numbers, as well as medical and health records covered by the HIPAA Security Rule.

By the way, cyber insurance is also commonly referred to as cyber risk insurance, cyber security insurance, and cyber liability insurance.

What Does Cyber Insurance Cover?

Cyber insurance claims typically cover:

  • Forensics investigations to determine what happened and how to repair damage
  • Notifications sent to customers and credit monitoring for affected customers
  • Recovering of damaged and compromised data and repairing information systems
  • Business losses caused by downtime and business interruption
  • Lawsuits and legal costs associated with the release of confidential information
  • Regulatory fines
  • Cyber extortion costs, such as ransomware attacks
  • Crisis management and reputation management costs
  • Civil damages resulting from lawsuits  

What’s the Difference Between General Business Insurance and Cyber Insurance?

General business insurance usually covers injuries and property damage resulting from use of a business’s products, services, or operations. Cyber insurance is not typically included in general liability insurance policies.

Who Needs Cyber Insurance?

Businesses that operate in highly regulated industries such as healthcare, banking, finance, and insurance, or that store customer data (such as personally identifiable information like names, addresses, credit information, or Social Security numbers) onsite or offsite, have a regulatory responsibility to keep that data secure. Cyber insurance is a must-have for these organizations.

Any business that uses technology or digital information to run their business or create intellectual property needs cyber insurance. We might be a bit biased since we help protect our clients’ data, but if ransomware infects your system and deletes or encrypts your data, cyber insurance can help you remediate the damage and rebuild your technology systems after the incident. Without it, you’re responsible for 100% of the costs to repair and rebuild your technology as well as any losses the business suffered.

Fortress Security Risk Management is a global data protection company that helps organizations dramatically minimize their risk of disruption from unforeseen events like cyber-attacks. Although we don’t sell cyber insurance, we do recommend it as part of an overall security risk management strategy. Our goal is to help every client achieve the highest degree of security and the least amount of risk their organization can afford, or what we call, SecurityCertaintySM.