Businesses like yours now days are rightfully fearful of cyberattacks. Breaches, malware, bots, viruses, and ransomware make regular appearances in the headlines and cost businesses millions of dollars while damaging reputations and shaking consumer confidence.

With billions of accounts have been compromised in recent years, and the costs keep adding up. Businesses lose customers and revenue with every attack. Each lost or stolen record costs $225 on average, and each major breach means businesses lose millions.  By 2021, cybercrime-related damages are projected to be over $6 billion.

Cyber insurance is one option that can help protect your business against losses resulting from a Cyberattack. We highly recommend that you obtain your own Cyber Insurance by discussing with your insurance agent what policy would best fit your company’s needs, including whether you should go with first-party coverage, third-party coverage, or both. Here are some general tips to consider.

What is Cyber Insurance?

Cyber insurance policies, just like any other insurance, are all about mitigating risk. In this case, it provides some financial protection in the event of a Cyberattack or other data breaches.

Cyber insurance policies usually cover:

  • Post-incident investigation costs
  • Business losses due to the breach (both the direct revenue and long-term reputation damage)
  • Ransomware-driven extortion costs
  • Customer notification and related costs
  • As well as protection from lawsuits that may arise as a result of the incident

Cyber insurance has been around for nearly 15 years, and premiums are expected to reach $7.5 billion next year. These products are offered by mainstream insurers such as Travelers, Chubb, Progressive, Nationwide, and Allianz.

Even though CSTG has Cyber Insurance, our policy doesn’t extend to our client’s business for Cyber Insurance. Each business needs there own Cyber Insurance as a part of your overall business security strategy.

What should your Cyber Insurance Policy Cover?

Make sure your policy includes coverage for:

  1. Data breaches (like incidents involving theft of personal information)
  2. Cyber attacks (like breaches to your network)
  3. Cyber attacks on your data held by vendors and other third parties
  4. Cyber attacks that occur anywhere in the world (not only in the US)
  5. Terrorist Acts

Consider whether your Cyber Insurance provider will:

  1. Defend you in a lawsuit or regulatory investigation
  2. Provide coverage above any other applicable insurance you have
  3. Offer a breach hotline that’s available 7/24

What is First-Party Coverage, and what should you look for?

First-party Cyber coverage protects your data, including employee and customer information.  This coverage typically includes your business’s costs related to:

  1. Legal counsel to determine your notification and regulatory obligations
  2. Recovery and replacement of lost or stolen data
  3. Customer notification and call center services
  4. Lost income due to business interruption
  5. Crisis management and public relations
  6. Cyber extortion and fraud negotiations
  7. Forensic services to investigate the breach

What is Third-Party Coverage, and what should you look for?

Third-party Cyber coverage generally protects you from liability if a third-party brings claims against you.  This coverage typically includes:

  1. Payments to consumers affected by the breach
  2. Cost for litigation and responding to regulatory inquiries
  3. Claims and settlement expenses relating to disputes or lawsuits
  4. Other settlements, damage, and judgments
  5. Losses related to defamation and copyright or trademark infringement
  6. Account costs

Comprehensive Business Cyber Insurance Checklist

CSTG Risk Assessments

This risk assessment service is a specific, dedicated engagement to ascertain how well protected your company is against security threats. The CSTG team will run through a battery of tests and surveys to ascertain what is up to par and which areas still need improvement.

Based on the results, your company profile and scores are shared with insurance underwriters, who will then determine if a company is adequately protected to qualify for coverage or make recommendations on what must be upgraded and improved to be eligible. Insurance companies can also use this data to finalize their rates and deductibles.