Is Cybersecurity Insurance Worth It?
As businesses continue to adjust to COVID-19 and remote work, cybersecurity breaches are increasing in frequency—one survey found 90% of executives saw digital attacks rise during the pandemic. In this environment, cybersecurity insurance is a must-have tool for many businesses to help manage today's most pressing risks.
The basics of cybersecurity insurance
Cybersecurity or cyber insurance is a special policy that protects businesses against losses that are related to a cyberattack. A cyber insurance policy can help minimize business disruptions caused by a data breach or a phishing scam and its financial aftermath. In the case of a ransomware attack, it can also cover the financial costs and help a business recover more quickly.
However, there are some things that a cyber insurance policy won't protect against. Most importantly, an insurance provider can't alert a business owner of a pending cyberattack. Businesses need to have their own cybersecurity measures and monitoring procedures in place. Although security specialists and consultants work to prevent cyberattacks before they happen, cybersecurity insurance policies provide coverage in case breaches occur.
What does cyber insurance cover?
Many of the most common cyberattacks are covered by cyber insurance policies, including ransomware, fraud attacks, malware and phishing scams.
In most cases, a cyber insurance policy will cover the costs of investigating and remediating security failures, including data recovery, system forensics, legal fees and any customer compensation. In the instance of ransomware, a cyber insurance policy should cover the ransom demand, even though most cybersecurity specialists and law enforcement officials warn against this practice, noting that it only encourages more ransomware attacks.
What companies need cyber insurance?
Any business that relies on technology to operate, particularly one that sends or stores electronic data, should consider cyber insurance—which is, basically, every business.
All data saved or stored on a network is tempting to a cybercriminal and could be at risk of being stolen. That includes personal contact data for staff and customers, financial information of a business, and intellectual property. Even healthcare data saved on a medical device can be weaponized for profit.
What to look for in a policy
First, a business owner should review their existing insurance policies to see if they already have cyber insurance in place or, alternatively, if they specifically exclude cyber-related incidents.
When looking at cyber insurance policies, it pays to ask good questions, like the following:
- Does it cover the most common security network failures, including business email compromise or phishing scams?
- Does it cover business interruptions and costs incurred while a network is down?
- Does it have strong privacy liability clauses to protect the business from third-party investigations?
- Does the policy cover legal defense costs or fees resulting from lawsuits brought by affected customers?
A number of factors are considered in the cost of a cyber insurance policy, including the size of the business and annual revenues. The type of sensitive data that the business manages, its history of previous cyberattacks and the overall security of the network are other factors that could come into pricing.
The industry that a business operates in could also be a factor. Industries that typically deal with sensitive or personal financial, legal or health data, for example, could find themselves paying more for cyber insurance.
Investing in peace of mind
According to the FBI's annual Internet Crime Report, cybercrime cost US businesses and individuals $4.2 billion in 2020. For most businesses, the cost of even a single cyberattack can make or break a company's future and reputation with its customers. Investing in the peace of mind of cybersecurity insurance can be a relatively small price to pay when weighed against the possibility that a data breach might occur and its associated costs.
Given the increasing frequency of data breaches, ransomware attacks and phishing scams, cybersecurity insurance can be a sound investment for companies operating in today's cyber environment. Talk to your business banker to learn how you can take action to safeguard your business.
Financial insights for your business
This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.