It is hardly breaking news that the rate of cybercrime is increasing at an alarmingly rapid pace. It's also no surprise that no business is completely risk-free. Unchecked cybercrime can result in financial loss, lost business opportunities, and a tarnished reputation for a company of any size or market.
As you may recall, Colonial Pipeline was the target of a large ransomware attack in May 2021. The oil distribution company was forced to shut down 5,500 miles of pipeline, creating major disruptions throughout the Southeast. Colonial Pipeline paid the cybercriminals roughly $5 million in ransom, allowing the firm to eventually recover from the attack and restore fuel distribution after days of heavy press attention and quickly climbing fuel costs. By early June, the FBI reported that they were able to recover $2.3 million of the ransom given to the organization.
The sheer size and scope of the problem, as well as the discovery of the true cost of paying ransom demands, has generated more discussion regarding the role of cyber insurance as an aspect of a layered security approach.
So, what is cybersecurity insurance and how does it work?
Cybersecurity insurance, also known as cyber liability insurance, covers losses you might experience because of cybercrime. Cyber insurers typically cover first-party, third-party, and cyber extortion. Optional add-ons include policies that cover workplace data theft and device theft coverage.
You can also get insurance coverage for any of your proprietary software or hardware. You'll need to look for a carrier that provides software/product liability insurance.
It's important to note that there are no mandated coverage requirements, and most policies contain extra coverage extensions that allow you to buy more if needed.
Isn't it expensive?
Sure, but cyber insurance can help you avoid being sued for exposed data due to viruses or ransomware. When you include the cost of legal expenses, reputation restoration, and all the other mitigating expenses, the price appears to be pretty affordable.
You can reasonably expect that the cost of premiums will be determined by a variety of factors, including the size of your organization and its exposure to cyber threats, among others. If you're looking for cyber liability insurance, it's a good idea to look for a policy that is tailored to your industry.
We also need to remember that clandestine marketplaces like the dark web offer stolen data, login credentials, and other information to the highest bidder. The buyers are intent on making money from the extortion or theft of this information, which makes the cost of recovery even higher. Considering a policy that provides credit monitoring services to victims of identity theft can end up saving you in the long run.
Some providers can also help you with breach containment. This can help reduce the impact by quarantining any compromised systems, preventing the malware from spreading, and stopping opportunistic bad actors from gaining access.
Cyber insurance fills in the digital gaps left by your general liability insurance, which does not cover loss caused by viruses, ransomware, and other cyber dangers. It may even help cover fines and penalties imposed by the government.
Cyber insurance is sometimes disregarded in many businesses’ continuity plans. You need to include this because many businesses are still being forced to spend enormous sums of money on expensive recovery services after an incident.
The Disadvantage of Cyber Insurance
Many firms have made the decision to pay for cybersecurity insurance or invest in effective layered security solutions because doing both appear to add a lot of extra costs. Sadly, insurance is not a substitute for proper cyber hygiene and will not shield you from a security attack.
In addition to your other security measures, you need to incorporate cyber insurance into your overall layered security strategy. In an increasingly complicated threat landscape, this approach actually helps minimize the total cost of doing business.
What other components are important for layered security?
Cybersecurity is a hot topic and has been for some time now, but many businesses still don't know where to start. Add the complexity of constantly changing threats, and it makes understanding your options for protection difficult, but don't worry! I've got you covered with a few questions to get you started.
Do you promote a culture of security? How does your team handle work in public locations?
Do you have a documented policy regarding your backups? How often are you backing up your data?
Do you practice good password hygiene? including policies around how often you change your password and how complex your password is. Also, multifactor authentication must be part of this. Does it add more time to logging in? Yes, but it adds more security, making you a less attractive target.
Do you train and test your staff on security best practices? You can identify knowledge gaps by sending your team test emails and then following up with training.
Remember that training, monitoring, and testing are all part of the process.