Finding Cyber Insurance Coverage for Your Small Business
There are two types of businesses out there: those that have been a victim of a cyberattack and those that will become a victim of a cyberattack. The prevalence of cybercrime has skyrocketed in the past few years, and the sophistication and severity of attacks have increased dramatically. Even with robust cybersecurity in place, a previously unknown vulnerability or exploit can open the doors to an attack in just a matter of moments.
When your company is the victim of a cyberattack, how will you ensure that your company is financially able to survive the aftermath? Between settling with customers who have had their data compromised, paying fines or levies to regulatory bodies, and managing the reputational damage that arises from a breach, the costs can run into the millions.
Last month, we gave an overview of cyber insurance and how it helps protect your business from losses associated with a data breach or other cyberattack. This month, we will look deeper into the types of coverage you can expect to find so that you can make a better determination as to what kind of policy your business needs.
Two Main Types of Cyber Insurance Coverage
Cyber insurance policies typically protect against one or both types of loss resulting from a cyberattack: first-party losses and third-party losses.
First-Party Losses
First-party losses are those that are sustained by the company that was attacked. Losses can include:
- Loss of revenue from disruption of service
- Forensics services
- System/data recovery expenses
- Cyber extortion payments
- Public relations expenses to mitigate reputational damage following an attack
Third-Party Losses
Third-party losses are those that are sustained by customers and other third parties outside of the primary target of the attack:
- Compensation to customers or vendors for breach of their personal information
- Compensation to employees whose data was released as part of a breach
- Legal expenses and settlements in the event of litigation against the company associated with the attack
Generally speaking, you’ll want to explore cyber insurance options that cover both first- and third-party losses, since nearly any successful cyberattack will leave you exposed to losses and liabilities on both fronts.
Cyber Insurance Coverage to Look For
The cybersecurity landscape changes constantly, with new threats emerging every hour. Generally, when it comes to cyber insurance (or any insurance), the best policy for your business is “the highest coverage you can afford.” But there are some particular things to be on the lookout for when shopping for a cyber policy.
Cyber Extortion Coverage
Common and becoming more so, ransomware attacks are incredibly costly for businesses. In a ransomware or cyber extortion attack, an attacker gains access to a company’s data, locks off the company’s access to that data, and then demands a ransom to return the data to its rightful owners.
Ransoms for data can run anywhere from thousands to millions of dollars, and in many cases, companies are driven to decide between paying a ransom and closing their doors for good.
You want cyber insurance that will help cover the costs of paying the attackers in the event of a ransomware attack.
Event Management Coverage
Even a minor attack can cause significant expenses. When your company's data is compromised, you can be on the hook for more than just the cost of restoring your data or settling with customers whose personal information was compromised. You can also incur expenses associated with:
- Hiring forensic specialists to assess the scope of the damage and identify the attackers
- Bringing in PR consultants to help mitigate the reputational damage that almost inevitably follows an attack
- Sending notifications of the breach to all affected stakeholders
- Providing free credit check and identity security solutions for customers whose data was accessed
Legal Support Coverage
Your cyber insurance policy should provide coverage for legal expenses associated with a breach. Following an attack, customers or vendors may sue your company for a breach of data security, or you may face inquiries from state or federal regulators. You want a policy that will help cover legal bills, fees, fines, settlements, and other legal costs. When reviewing policy details, look for language that refers to the insurer's "duty to defend."
Loss of Intellectual Property and Defamation Coverage
Far more damaging than the upfront loss associated with an attack is the possibility that your sensitive intellectual property might be released to the public. If any of your products or services rely on trade secrets, the release of that data can mean the end of your enterprise altogether. Even the release of market research or sales data can have a negative effect on your business.
But your trade secrets aren’t the only thing in jeopardy from an attack. If you’ve ever made an unflattering remark about a competitor in an email to a colleague, ever left a less-than-polite note on a customer file, or complained on your project management system about a vendor, data breaches can be harmful to your reputation or even expose you to defamation claims.
When shopping for coverage, make sure your policy covers losses due to theft of IP or defamation claims resulting from an attack.
Need Help Deciphering Your Risk?
Finding the right coverage means understanding the nature of the data that your company is responsible for, knowing what a loss of that data will mean to you and your customers, and knowing the myriad threats that emerge consistently in the world of data security.
Enlisting the help of a skilled managed IT services provider can help you make sense of your cyber insurance needs. When you partner with Nocwing, we’ll work with you to understand your business, help you define your needs, and establish a robust cybersecurity protocol that will help you secure the best rates possible.
Your Cybersecurity Is Incomplete Without Cyber Insurance. Schedule a Call, and Let Us Protect Your Data AND Your Business.
With cybersecurity services from Nocwing, you can rest assured that your company’s data is protected by a robust, next-generation stack of defenses, including human-monitored threat detection. Our team also understands insurers' requirements for cyber insurance policies and can help you find the right coverage to meet your needs.
Nocwing is a full-service managed IT services company based in Griffin, Georgia, providing robust cybersecurity, IT management, business continuity/disaster recovery, user support, and VoIP solutions for companies throughout the Southeastern United States.