Cyber Insurance: Good News & Bad News

Even though the cybersecurity insurance market is barely 20 years old, cybersecurity insurance companies have already collectively grossed more than $2 billion in premiums. 

This implies both good news and bad news. The bad news is the demand for cybersecurity insurance demonstrates that hackers and data thieves are stepping up their game. Businesses and industries of all sizes are being targeted. 

The good news is that large organisations and small businesses alike are taking proactive steps to protect themselves from cyber threats.

As the cybersecurity insurance market continues to expand, SMBs will want answers to questions before procuring this insurance for their operations. Below are a few common questions companies consider before selecting a provider.
How likely is it for an SMB to be targeted by a cyber attacker?

By one measure, more than half of all cyberattacks target SMBs. Sure, SMBs typically do not store or maintain the same volume of data that is held by larger companies. But that doesn’t mean they are out of the wood. Small businesses generally have fewer resources and defensive technologies as compared to their larger peers. In other words, SMBs hold less data, but that data is easier to steal.

What does cybersecurity insurance cover?
Cybersecurity insurance policies can cover multiple different losses and liabilities associated with a data breach. This includes business downtime, extortion, data recovery, and fines levied by regulatory bodies. 
Some policies go even further to provide against third-party liabilities. Prime examples include a failure to protect their confidential data and legal fees. Of course, exact coverage details will depend on your policy. So be sure to suss out the specifics during your initial conversations.

Do all cybersecurity insurance carriers cover the same types of losses and liabilities?
Coverages from different insurance carriers do overlap, but some carriers offer different services and underwriting policies than others. Many of the world’s top commercial general liability insurance carriers(including Liberty Mutual, Beazley Insurance Co., Chubb Ltd.) are now offering cybersecurity riders on their policies.

Other insurance entities have been formed by individuals that have more technical knowledge of cybersecurity threats. Companies like Root9B, RSA, IBM Security, Dell Secure Works, and Palo Alto Networks all boast top-notch technical cybersecurity expertise. 

Meanwhile, companies like CyberPolicy offer SMBs an opportunity to shop through cyber insurance companies according to specific needs. Carriers include Hiscox, Aspen Insurance, and Hanover.

How much should an SMB budget for cybersecurity insurance?
Cybersecurity insurance policy premium costs will vary as a function of each SMB’s network systems environment. Annual premiums for one  million dollars of coverage will generally be between $5,000 and $50,000. Given that an SMB incurs an average loss of $200,000 from a single data breach, these premiums are readily justified on a cost-benefit basis.

Will cybersecurity insurance companies offer cyber threat abatement consulting services?
Many cybersecurity insurance companies work closely with their clients to detect likely cyber penetration points and to make suggestions to close off those gaps. 

Root9B, for example, will pursue cyber attackers that have broken into a system and will expunge those attackers while closing off the gaps that let them in. Dell Secure Works audits client systems to identify weaknesses. Palo Alto Networks works to stop a security breach as it is happening with threat-intelligence and other protection tools. 

Cybersecurity insurers are as interested in ending data breaches as their clients are in preventing them, and good carriers will always work with their clients to reduce threat levels.

What is an SMB’s ultimate risk if it fails to procure cybersecurity insurance?
Believe it or not, the worst case scenario is bankruptcy. The costs associated with even a low-level data breach are often large enough to wipe out an SMB’s profits. 

Cybersecurity insurance is critical. Without this essential service, you could suffer a cyberattack that kills your SMB for good.

The Times T2

You Might Also Read: 

Companies Are Buying Cyber Insurance 'in mad panic':

Cybersecurity Tips For Smaller Businesses:

Cyber Insurance Report 2017 - 2018 (£):


 

 

« Employees Are Key To Cybersecurity
Russia Will Create Its Own Internet »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Cytenna

Cytenna

Cytenna Signal is a suite of SaaS (Software-as-a-Service) products that use AI and machine learning to automatically aggregate the latest information about software vulnerabilities.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.