The average data breach costs Canadian companies $5.64 million–enough to shutter most small businesses and (at least) rock the boat for most medium-sized companies. The answer to lessening cyber risks has come in the form of cyber insurance, with over 59% of businesses having opted for coverage. But are you sure your cyber security insurance coverage will actually protect you in the event of an attack?
This article will tell you what should be in your cyber insurance coverage checklist, and what cyber insurance coverage policy requirements you should watch out for.
But Before We Do That, Let’s Recap What Cyber Insurance Coverage Is
Cyber insurance coverage represents a type of insurance that businesses can acquire to offset risk and expenses arising out of cyber attacks . Broadly speaking, cyber insurance protects your business against the losses from successful cyber attacks , including:
- Financial and direct losses suffered due to the attack
- Ransom or other payments made to regain sensitive data
- Covering the cost of remediation
- Dark web monitoring
- Legal costs
- Enhancing security controls
- Regulatory fines and penalties
- PR expenses and crisis management
Cyber insurance policies can differ significantly, which is why you need to understand your requirements of a cyber insurance coverage policy to find the right one for your business.
7 Essentials for a Cyber Insurance Coverage Checklist
Stop! Before you tick the little box to add cyber coverage with your business insurance, you need to ensure it addresses your business’s unique risks and requirements. The ideal policy for one company may not suit another.
Utilizing a cyber insurance coverage checklist to evaluate cyber security risk, and budget will help you understand your cyber insurance coverage policy requirements .
1. Know Your Infrastructure, Identify Your Needs
Cyber liability insurance needs differ significantly based on a business’s size, industry, and operations. Larger companies with more employees, customers, and physical operations, for instance, face greater financial impacts from events like ransomware attacks . Consequently, policy premiums and coverage levels for larger companies are higher.
Similarly, certain industries, such as medical, financial, and legal, face unique challenges due to handling vast amounts of sensitive client information, like personal health information (PHI). Companies holding numerous credit card numbers are also exposed to additional risks.
It’s essential that cyber insurance coverage provides adequate coverage for your business.
2. Understand What Risks You Are Facing
Identify and prioritize coverage for the most significant risks you face, such as data breaches, ransomware attacks, and mistakes by employees. Cyber insurance coverage is also excellent for safeguarding your business against the expenses of recovering from a cyber event.
Ransomware–where cyber criminals encrypt workstations, servers, and storage and demand a ransom to release access–make up more than half of cyber attacks in Canada. Social engineering attacks, such as the one that cost The Brick over $224,000, are common too.
Even things like employee negligence–like losing company devices or not using multi-factor authentication (MFA) –also open the company up to lawsuits.
3. Consider How Much You Want to Spend
Insurance is almost always a compromise between outlay and coverage. Cyber liability insurance is affordable, but the price has been steadily rising over the past few years.
There’s quite a range when it comes to coverage limits, policy caps, exclusions, and premium costs. The policy’s cost can vary depending on factors like coverage amount, company size and complexity, deductible, and any special characteristics of the insured business.
It’s advisable you speak to cyber security experts to evaluate the cost-effectiveness of a policy.
4. Know Exactly What Your Insurance Will Cover
Each policy is unique, but most of them cover claims like data loss or theft, cyber extortion or ransom demands, and denial of service requests.
The insurance can handle various expenses, such as:
- First-party coverage: This kind of insurance takes care of incident response , forensics, data and business recovery costs, and other expenses like legal or PR advice, customer notifications, or credit monitoring services.
- Third-party coverage: This deals with claims from third parties like customers and business partners affected by the cyber incident .
- Cyber extortion: This handles ransom negotiation costs or actual ransom payments. But be mindful, many policies now have sub-limits capping losses tied to ransom payments.
- Business interruption: This coverage addresses revenue loss when business operations are stopped or hindered for a significant period.
5. …And What it Will Not Cover
There are quite a few situations where cyber liability coverage won’t come to the rescue. Examples include losses stemming from riots, wars, terrorism, or civil unrest.
Not keeping up with proper or reasonable cyber security measures could also result in coverage denial. Sometimes, a previous act or data breach that happened before the coverage started might be grounds for denying coverage too.
Your conduct in the attack matters, too. For instance, in The Brick case, the company was denied coverage because their employee voluntarily transferred funds to someone posing as a vendor.
6. Complete a Vulnerability and Risk Assessment
Managing cyber risk effectively involves conducting annual cyber security risk assessments. Managed service providers (MSPs) excel at performing these assessments and carrying out necessary remediation and upgrades.
Cyber security risk assessments vary in scope and complexity, with larger or highly regulated companies requiring more rigorous evaluations. Regardless of size or sophistication, assessments are essential for improving risk management and securing cyber insurance cover age.
A well-executed assessment identifies major risks, potential impacts, and informs a roadmap or plan of action and milestones (POAM). Businesses conducting regular assessments typically meet insurance carriers’ cyber security coverage requirements more easily.
7. Do Your Research and Shop Around
Once a company grasps its risks, needs, and preparedness, finding the right cyber liability insurance is relatively simple.
Organizations should form a selection committee, including leaders from IT, legal, HR, risk management, and executive staff. If needed, external advisors like an MSP or outside legal counsel should review the policy before signing.
Keep in mind, getting and implementing insurance isn’t just a “set it and forget it” task. Many insurance carriers actively provide clients with extra resources, insights, and legal advice throughout the policy term. Staying ahead of cyber criminals to minimize risk is a collaborative effort.
Essential reading for reducing your risk exposure: |
Start Preparing Your Own Cyber Insurance Coverage Checklist
Now that you’re familiar with cyber insurance coverage checklists and what to look for, it’s time to find a policy for your business.
At Fusion Computing, we regularly assist clients in preparing for and obtaining cyber liability insurance. Our expert advice ensures you make well-informed decisions.
We’re eager to discuss your risk management needs. To learn how we can help with cyber insurance coverage and policy selection, contact us for a consultation today .