With the number of cyberattacks occurring today, it’s especially important for companies to be knowledgeable when it comes to cybersecurity best practices, how to create and nurture cybersecurity culture, and how to hunt for threats on the network. But no organization – large or small, public or private – is immune to a data breach, even with appropriate security measures in place.
Cyber liability insurance can help protect your business from major expenses, business losses, and regulatory fines or penalties. Should a data breach occur, it is designed to cover losses related to hacking that other business policies will not cover. By transferring that risk, it can help organizations survive if a major security disaster takes place.
Organizations must be covered with cyber liability insurance before the breach happens. Cyber policies are different from a typical business policy and require prior research because they continue to evolve. Let’s delve into a basic overview of cyber liability insurance.
Types of Coverage
There are different types of cyber liability coverage out there (depending on the carrier) that you should be familiar with in order to make an informed decision when you’re shopping around for the policy that’s right for your organization. Typical coverages include:
- First-Party Cyber Coverage – Protection for the information that you own and have in-house, such as information that pertains to your customers or employees.
- Third-Party Cyber Coverage – Protection for if you are found responsible for causing a security or privacy breach to a third party, for example you sent an email with a malicious attachment to one of your vendors.
- Cyberextortion Coverage – According to TechTarget, “Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack.” Think ransomware. This component of a policy offers coverage for extortion expenses incurred and extortion monies paid as a direct result of a cyberextortion threat, such as ransomware.
Cyber Liability Insurance Myths
Insurance can often be confusing to understand and it’s difficult to get the facts straight. Let’s explore some myths around cyber liability insurance.
Myth #1 – “I have coverage under my property, commercial general liability, and other commercial properties so I don’t need cyber liability insurance.”
Truth – That’s not true. In fact, you must have cyber liability endorsed on the policy or purchase a separate policy for it. Cyber liability is not usually covered in the standard coverage.
Myth #2 – Coverage that would enable my company to provide a professional response to a personal data breach requires a lengthy application and various audits.
Truth – This is not true and shouldn’t be the reason why you wouldn’t purchase the coverage. The insurance agents do most of the application process for you, explain risks in depth, and ensure you have the coverage that works best for your organization.
Myth #3 – I don’t need cyber liability insurance if I spend more on IT security.
Truth – While it’s true that you should invest in a strong cybersecurity program and building a resilient organization, there is no silver bullet. No organization can be 100% secure. With the constantly changing threat landscape, it’s best to implement security measures as well as cyber liability insurance.
Stay Informed & Know Before You Buy
Before buying cyber liability insurance, there are three main questions you should ask in order to figure out if there are any gaps in the coverage.
- Does the policy cover payments to hackers who demand money to release their encrypted data (i.e., ransomware attacks)?
- Does the policy cover payment orders for violating data privacy laws?
- Does the policy cover data loss if caused by a foreign state or government agency?
Knowledge and understanding your policy before an incident occurs is key. Work with your agent to truly know the limitations of the policy before making any decisions.
Follow Best Practices
Once you have decided on the cyber liability insurance plan that works best for your organization, it’s still necessary to always follow cybersecurity best practices on top of having the insurance. Remember, you are not immune, and although insurance is a must, you must stay up to date with your practices.
- Only keep the data that you need and reduce the volume of information you collect and retain.
- Safeguard your data. Lock physical records containing private information in a secure location and restrict access to that information to only those employees who must have access.
- Destroy your data before disposal. Shred paper files with private information you no longer need before disposal. Destroy portable media and use software to permanently wipe hard drives.
- Train employees by establishing a policy regarding privacy and data security; put the policy in writing and communicate it to everyone.
- Control computer usage by restricting employees to use their computers for business purposes only.
- Secure computers; implement password protection and “time out” functions for all computers. Train employees to never leave their laptops unattended.
- Keep computers and network devices up to date with the latest security patches and firmware. Maintain anti-virus and anti-spyware software at latest versions; update the virus and spyware definitions daily.
- Stop unencrypted data transmission by mandating encryption of all data in transit, using a security email or Data Loss Prevention tool.
- Manage use (and keep track of) of portable media. DVDs, CDs and USBs are more susceptible to loss or theft. This can also include smartphones and other personal electronic devices that sync to a computer or network.
- During the underwriting process, insurance companies will most likely inquire about the strength of your firewall, viability of your back-up files, etc., over your whole network, so be sure they are up-to-date and functioning correctly.
These days, a good combination of implementing good security measures and a reliable cyber liability insurance policy is essential to any organization, and contacting an agent is the first step. Happy policy shopping!