What is Cyber Liability Insurance?
We’re all familiar with the idea of insurance — with many of us paying monthly car, health, homeowners, and life insurance bills every month. But did you know that there is insurance for your business’ network and data?
It’s called cyber liability insurance, and it helps to protect your business from the fallout of a cyber attack.
THE DAMAGE CYBER ATTACKS CAUSE
Cyber liability insurance isn’t cheap — a simple plan will cost your business about $1,000 per month — and for every type of cyber attack and security risk you have covered, your costs will go up. There is, however, a big difference between a monthly payment of $1,000, and a one time penalty of hundreds of thousands, or maybe even millions of dollars.
Did you know that sixty percent of small-to-medium sized businesses fold six-to-eight months after a security breach? They don’t go out of business because of a loss of access to data, or because their network is no longer working — the financial burden of a cyber attack is just too much for most SMBs to handle.
Let’s imagine a restaurant’s network is hacked, and its customers’ credit card information is stolen. This imagined restaurant then follows federal laws, and alerts their customers about this breach, and that their personal and financial information was stolen. The customers then make claims to their credit card providers or banks.
The credit card providers won’t pay for the new cards, and they won’t pay for the damages — the attack that was responsible for the theft of their customer’s information wasn’t under their watch — it happened at the restaurant.
And because of this, the restaurant will be liable for the damages incurred by this breach; meaning paying for new credit cards, any stolen funds, and possibly even fines from state and federal government.
Often, these expenses are too much for the business to handle, and after a short period of struggling to stay afloat, the business goes under. Their computers and network still function fine after the attack — their books, not so much.
HOW CYBER LIABILITY INSURANCE WORKS
Way back in the past, there was no such thing as homeowner’s insurance. There was fire insurance, storm insurance, flood insurance, theft, and many others for homeowners to choose from. These were coalesced into a package when insurance agents noticed everyone would usually purchase the same plans; everyone is worried about fire, storms, floods, and theft.
Cyber liability insurance is still in this non-packaged stage, and therefore, your cyber liability insurance will only cover certain aspects of cyber attacks.
Some common offerings from cyber liability insurance policies are:
- • Cyber Extortion
- • Data Restoration
- • Public Relations
- • Computer Fraud
- • Social Engineering Fraud
- • Telecom Fraud
- • Reputation Harm
There are many more options from which to select as well — it will depend on your needs as a business, and what options your insurer offers.
So, what do all of these different options mean for your business? Basically, you’ll want to be covered for any cyber attack method that you and your insurer think is likely to happen. For example, if your business receives outside communications in the form of emails, you’ll want to make sure your policy includes protection from phishing scams.
If you don’t have phishing covered in your policy, and your business falls prey to a phishing scam, your insurance won’t cover the damages associated with it.
This is why it’s important to consult three people when deciding on a cyber liability policy: your insurance agent, your lawyer, and your CIO or vCIO. Your agent will help you understand what is available, and what those options will cover, your lawyer will provide you with a second opinion, and your CIO or vCIO will help you identify what are the most likely risks your business’ network will face.
CYBER LIABILITY INSURANCE, AND REMOTE WORKING
Luckily, as long as your company is working remotely from trusted devices (a device subject to the security level of your work environment), your daily operations should be covered by your current insurance policy. This means that if you have Social Engineering Fraud protection, and an employee working remotely falls to a phishing scam, you will be covered.
Just make sure that your employees treat their trusted device like they are still at the office. Following security guidelines is a must right now: only allow visits to HTTPS websites, don’t click on links from untrusted sources, and only connect to the business network securely, by using a VPN or KVM software.
CYBER LIABILITY INSURANCE REQUIRES CONTINUOUS UPKEEP
Due to the ever-evolving nature of cyber attacks, you’ll want to occasionally revisit your cyber liability insurance policy with your CIO. Be on the lookout for new types of security threats that you may not be covered for. You never know when a financially crippling cyber attack may take place, and you’ll be thankful for the coverage when you need it.