Being a victim of a security breach can be quite costly, from all aspects, ranging from downtime to even having a tarnished brand image. But the unfortunate truth is many SMBs are still not fully equipped, or even prepared to handle a security breach of any kind. A reputable managed service provider, like RESULTS Technology, can help protect you with a cybersecurity program, but there’s still a chance that your company will be compromised. That’s where a cyber insurance policy comes in.
Many of the major insurance carriers do offer such policies, but just because you think you have one in hand, doesn’t necessarily mean you will be covered 100% if you file a claim.
In this article, we will examine some of the key components that are part of a Cyber Insurance Policy, as well as some of the key questions that you need to be asking as you select one for your SMB.
What Is Covered?
When you shop around for a policy, your broker or insurance carrier will probably go over with you what are known as First Party Coverages and Third-Party Coverages. Here is what they are all about:
1. First Party Coverages:
These are the types of losses and expenses that your SMB will highly likely experience during the time that you have been impacted, and as you to try to restore mission critical operations. For this kind of coverage, you will have to pay a deductible:
- Loss or Damage to Electronic Data:
This part of your policy will directly cover any financial losses that could be incurred if any digital data that you have stored in your databases has been impacted in any way. This includes the Personal Identifiable Information (PII) of your customers, your own corporate data, and even data that is external to your SMB. But the key to keeping in mind here is that if you expect full coverage, your business must have been impacted by an actual hack, malware (such as a virus), or a Distributed Denial of Service (DDoS) attack. You must also make use of forensic experts to see what really happened and try to reconstruct all that data the best that you can.
This typically occurs when a Cyber attacker breaks into your IT infrastructure and threatens to further harm and damage. A good example of this is Ransomware, where your computer is held hostage until you make payment using virtual currency, such as that of Bitcoin. If you do end up paying any money to avoid further damage, your policy will compensate you for this. But make sure that you keep good records of what happened so that you can provide evidence as you file your claim.
- Costs associated with notification:
Many states now require that if your SMB has been impacted, you must notify all relevant stakeholders in a short period of time(especially your customers) of what has happened, and what is being done to correct the situation. Any costs associated with this are covered, including any credit monitoring services you offer to your customers.
- Reputational Damage:
This is more of long-term damage and is much more qualitative in nature to determine the true costs. Examples of this include brand damage, loss of customers, failure to launch any new planned product or service launches, etc. Because this number is harder to gauge, not all Cyber Insurance Policies will cover this, so you need to make sure that this will be covered in the plan you select.
2. Third-Party Coverages:
This kind of policy is usually termed as “claims made”, in the sense that if you face any lawsuits or settlements, these costs will typically be covered, which are as follows:
- Network Security:
This will cover your SMB for negligence, errors, or omissions on your part that led to the Cyberattack occurring. A good example of this is a failure to deploy software patches and upgrades in a timely manner, and thus, this left a back door for the Cyberattacker to exploit. This also includes the failure to implement the adequate controls needed to protect your customer’s confidential information and data.
- Electronic Media Liability:
This will protect you from any lawsuits such a slander, defamation, or even libel, violation content copyrights (which even includes domains as well). For example, if one of your employees posts something on a company-owned social media site in which he or she did not get the exclusive permission to reproduce from the third party, you will very likely face a lawsuit if this has been caught. But it is important to keep in mind that this kind of coverage only protects you from material posted on the Internet, not in print.
- Regulatory Issues:
If your SMB ever faces an audit by a regulatory agency, this part of your Cyber Insurance Policy should be able to cover any costs that are associated with the costs of any fines that may be imposed, as well as any legal expenses that you may incur.
Key Questions You Need to Ask
As you start to explore the various Cyber Insurance Policies that are available for your SMB, there are key questions that you need to ask and have answered before you make a final selection:
- Is this policy a one size fits all, or are there smaller, multiple pieces to it that I need to be aware of?
- Will this policy also cover me for any damages that an external third party may experience that I use for my SMB?
- Are all types of Cyberattacks covered in my policy, or just a select few? (VERY IMPORTANT TO UNDERSTAND!!!)
- Are mistakes made by employees that led to a security breach (for example, downloading an attachment or clicking on a malicious link) covered?
- Is Data Compromise Insurance also covered in my policy? For example, this will include the costs in making sure that the databases that house your customer’s PII is safe and secure.
- Are insider attacks covered, or is it just only external attacks?
Remember, Cyber Insurance Policies are still new to the marketplace. There are still many gaps and holes that need to be filled, and because of this, you need to make sure that you are covered to the maximum for your security needs.
The insurance carrier will ask you about the security policies that you have in place, as well as the controls that you implemented to protect your SMB and will followup with audits. RESULTS provides comprehensive cybersecurity solutions that includes everything you need to satisfy your insurance requirements.
With a cyber breach, prevention is key. RESULTS has been protecting SMBs from cyber threats for 25 years. Contact us today to see how we can help.
About the Author: Ravi Das is a Cybersecurity & Business Development Specialist for the AST Cybersecurity Group in Chicago. He has written five cybersecurity books and is currently the owner and group moderator for Cybersecurity Trends and News.