With the growth of the internet in the past two decades, cyber risks like social engineering attacks, data breaches and cyber extortion (i.e. ransomware) have also grown exponentially. Because of this, many insurance carriers now offer dedicated cyber coverage policies. Keep reading to learn everything you need to know about cyber insurance.
- Cyber insurance is crucial for any business, especially those that handle confidential or sensitive data.
- Private individuals generally don’t need a dedicated cyber insurance policy, though individuals with a specific cyber risk might want to consider getting a policy.
- Cyber insurance covers things like liability resulting from data breaches, network interruption and media liability.
- Cyber insurance pricing varies wildly depending on what you want covered, the size of your deductibles and how large your business is. These factors can change the price from a few hundred dollars a year to thousands.
Given the relative youth of cyber insurance markets, there’s a great degree of variability in both what’s covered and policy cost. This makes it difficult to generalize the entire field, but we’ll discuss what a cyber insurance policy generally covers, as well as what you might expect to pay for it.
For private individuals, it’s probably not worth it to purchase cyber insurance. That said, for any business with an online presence (and even those without), it’s a necessity.
The four main agreements that make up most cyber insurance policies are: network security, network interruption, media liability, and errors and omissions.
Businesses need cyber insurance to protect themselves from potentially catastrophic losses as a result of cyber attack or downtime.
What Is Cyber Insurance?
Cyber insurance is a type of insurance policy that covers losses and damage caused by cyber attacks or related types of incidents, such as infrastructure failure or service downtime. Most cyber insurance is intended for businesses, as they face much greater risk and potential for loss from a cyberattack than private individuals do.
What Does Cyber Insurance Cover?
Cyber insurance generally provides protection against four distinct types of risk: privacy, security, operational and service risk. These risks represent the biggest cyber threats to a business, and are usually protected against with four different types of insurance agreements as part of a cyber insurance policy.
Network Security & Privacy Liability
Network security and privacy covers the most obvious risks and dangers posed by cyberattacks. On the security front, cyber insurance policies will generally cover forensic efforts to identify the route of attack, legal expenses related to the attack, ransomware payments, data restoration, consumer outreach and public relations costs.
Privacy liability, on the other hand, covers you if your business stores confidential or private data that is governed by regulations or contract. For example, if your business holds a bunch of medical records that are stolen in a cyberattack, privacy liability insurance will cover you should the people whose medical records were stolen seek compensation.
Network Business Interruption
For a lot of businesses, server downtime can mean a catastrophic amount of lost revenue. Because of this, cyber insurance will cover lost profits for the duration of a network interruption that results from a cyberattack or system failure.
If your intellectual property gets stolen as a result of your media presence, whether that’s advertising or something else, then cyber insurance can also help with that. Policies generally won’t cover lost profits as a result of this, but they will cover things like legal fees relating to the enforcement of your intellectual property.
Errors and Omissions
In the event of a cyberattack or a system failure, there’s a good chance that your business won’t be able to continue to provide its services, at least temporarily. If this happens, cyber insurance will generally cover any liability you face from customers.
What Doesn’t Cyber Insurance Cover?
Now that we’ve covered what cyber insurance will generally cover, let’s take a quick look at what usually isn’t included in its protection.
Future Lost Profit
The first of these is any future lost profit that arises from a cyber security incident. Whether this is the result of an exodus of users due to a significant data breach, lost data or anything else, cyber insurance generally won’t cover lost profits that aren’t a direct and immediate result of the cyber attack or incident.
Losses From Intellectual Property Theft
Next up are losses related to theft of intellectual property. For example, if someone steals your IP and uses it to create a product that competes with yours, those lost profits won’t be covered by your insurance.
Proactive Cybersecurity Measures
Finally, cyber insurance generally won’t include coverage for any proactive cybersecurity measures such as upgrading infrastructure or software or improving security practices.
What Does Cyber Insurance Cost?
The price of cyber insurance will vary wildly depending on the size of your company, the insurance provider you go for and what you want your policy to cover. Because of this, it’s hard to predict exactly what an individual policy costs, but we can look at some averages.
Cyber insurance for private individuals generally costs between $25 and $100 per month. Most private individuals have no need for cyber insurance though, as regular theft or homeowners insurance will often cover the aspects that are most useful to personal users.
Businesses, on the other hand, can expect to pay anywhere between $500 and $5,000 per year for cyber insurance. As mentioned, there are numerous factors that decide where in that price range you end up, and the largest companies likely pay far more than this.
Should You Get Cyber Insurance?
Unless you’re handling some very sensitive data or have a particular reason to believe you’re at risk of attack, you probably don’t need cyber insurance as a private individual.
If you’re worried about the fallout of potential cyber attacks or data breaches affecting you, a better option might be finding a home or theft insurance package that includes some coverage for these types of events.
For many businesses though, cyber insurance is an absolute necessity. Cyber security statistics show that attacks and breaches are on the rise in recent years, and businesses both large and small are routinely targeted by cyber attacks.
This can take the shape of ransomware, where your systems and infrastructure is shut down until you pay the hackers a fee, or a more traditional hack aimed at creating a data breach or stealing confidential information.
With a 600% increase in cybercrime since the start of the COVID-19 pandemic, it’s clear that this has become a common enough problem that it should be considered alongside other “analog” threats like break-ins, fires and the like.
That’s it for our guide to the cyber insurance space. Hopefully we’ve given you a better understanding of what cyber incidents are covered by cyber risk insurance as opposed to traditional insurance policies.
Most, if not all, modern businesses should consider looking into cyber insurance providers and getting a cyber liability insurance quote. The cyber insurance market is still a relatively young one and not every insurance company offers cyber insurance coverage.
What did you think of our guide to cyber liability insurance? Do you feel like you understand how cyber policies work and what cyber threats are generally covered? Do you have a cyber insurance policy? If so, has it helped you protect your business from various cyber exposures? Let us know in the comments below. Thank you for reading.