Cyber Security Insurance

Cyber Security Insurance is a difficult topic with many varied viewpoints.

XCELIT’s view is that the choice to obtain Cyber Security Insurance is a personal business risk question.

Most Government Organisations and Cyber Security Firms argue against obtaining Cyber Security Insurance as it only rewards successful Threat Actors, and therefore encourages those Threat Actors to go on and continue their criminal activities. In tis regard Cyber Security Insurance only benefits Insurers who charge premiums and Threat Actors when they receive pay-outs.

Many companies however carry Cyber Security Insurance, and many companies pay out policies annually following threat actors taking control of their systems.

Cyber Security Insurance and why you need it

One big benefit is the peace of mind that comes with having it.

Cyber Security Insurance can potentially act as a safety net in the event of a successful breach of cyber defences. However, it is important to keep in mind that even paying a ransomware demand may not result in files being returned.

Prevention is better than the cure.

What is Cyber Security Insurance

Cyber Security Insurance is a sub-category of general insurance that covers businesses and individuals against internet-based liability and risks. Technology, social media and transactions over the Internet play key roles in how most individuals and organisations conduct business. Those vehicles also serve as gateways to cyber attacks. Whether launched by run-of-the-mill hackers, criminals, insiders or even nation states, cyberattacks are likely to occur and can cause moderate to severe losses for individuals and organisations large and small. As part of a risk management plan, organisations routinely must decide which risks to avoid, accept, control or transfer. Transferring risk is where Cyber Security Insurance comes into play.

Market research firm, Progressive Markets, projects the global Cyber Security Insurance market to hit more than $29 billion by 2025, while PwC estimates it would reach $7.5 billion in 2020. Cyber Security Insurance can’t protect you from cyber crime, but it can keep you and your business financially stable should a significant security event occur.

There are generally two levels of Cyber Security Insurance coverage: first-party and third-party.

First-party coverage encompasses direct losses to an organisation or individual, whereas third-party coverage extends to claims and legal action taken by customers or partners.

Coverage differs by provider, but common coverage areas include data breaches, identity theft, and personal data theft. This coverage has expanded more recently to scenarios like data damage, network failure leading to business interruption, cyber extortion, the failure of outsourced cloud service providers and forensic investigation costs. Meaning the costs associated with uncovering the cause and impact of an attack. There are also the hefty legal fees, fines, and costs associated with recovering compromised data, repairing systems, restoring the personal identities of affected customers, and notifying customers of breaches. The core idea behind Cyber Security Insurance is to help you recover from a data breach or cyber attack by mitigating all the costs that crop up in the aftermath.

How to Get Cyber Security Insurance Coverage

There’s a laundry list of Cyber Security Insurance plans out there offered by traditional providers and security-specific companies. Here are four popular global plans and providers and what the liability coverage entails as an example:

AXIS Capital: Business cyber liability coverage including not only the basics—data breaches, extortion and loss, data recovery, third-party defence, etc—but also factors such as intellectual property infringement, employee fraud, DDoS attacks, and introduction of malicious code into a company’s system.

AIG: According to credit rating agency Fitch’s “cyber insurance market share and performance” report, insurance giant AIG is one of the top three cyber insurers on the market. AIG offers a number of different cyber insurance plans including personal identity coverage and its CyberEdge plan for businesses covering first- and third-party recovery, loss prevention, extortion, and more. There’s also a CyberEdge Plus plan that covers bodily injury or property damage associated with a cyberattack, as well as business interruption costs and product liability.

Chubb: Another top insurer according to Fitch, Chubb offers a wide array of Cyber Security Insurance products and services including loss mitigation and incident response, and customisable risk management policies covering privacy, network breaches, media, and claims related to errors and omissions.

Travelers: Travelers Insurance offers a number of different plans and related services. The plans include a CyberEssentials package for SMBs, CyberFirst plans for tech companies and public entities, and CyberRisk plans for larger businesses. The insurer also has so-called “cyber coaches” plus an online academy and risk hub, and offers pre-breach services such as assessments and training through a partnership with Symantec.

Is Cyber Security Insurance worth it?

Cyber Security Insurance is not a replacement for cybersecurity.

It’s not a tech solution. Cyber Security Insurance coverage is your personal or professional fail-safe for if and when a breach or cyberattack occurs, and you’re left with a mountain of costs to restore your business, deal with customer lawsuits, or reclaim your digital and financial identity.

You should still have a comprehensive suite of security tools in place, including antivirus and ransomware protection, as well as encryption software. Not forgetting password managers and two-factor authentication (2FA) to protect against identity theft.

As for whether buying Cyber Security Insurance is worth it or not? It’s all about peace of mind and if this fit’s within your overall Cyber Security plan.