Cybersecurity Insurance – What Is It? How Does It Work?

Uploaded on 2016-07-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Cyber insurance has been around for almost a decade, but  is only now becoming  a popular safeguard against hackers.

Cybersecurity insurance is an insurance policy that is designed to help with the losses from a variety of cyber incidents, such as data breaches, business interruption or network damage. Each cybersecurity insurance policy, while similar to another policy, is never exactly the same as other insurance policies.

Almost every industry, from agriculture to healthcare, is using online data for its services. The so-called “Internet of Things” (IoT) — the network connectivity of everyday objects — will lead to new capabilities that could yield a $3 trillion a year economic increase by 2025, according to a McKinsey Report. Businesses have to keep up with the rest of the market and adapt to the online world.

“Cyber Insurance has been around for many years; however, it has been mostly focused on hardware or physical damage as a result of a cybercrime so most companies do not have coverage for data loss even today,” Joseph Carson, director of Global Strategic Alliances at Thycotic, a US.-based cybersecurity firm.

“With more and more companies becoming dependent on IT and data” there has been “a significant change with data becoming more tangible and having significant monetary value where we have seen the likes of Facebook, Airbnb and Uber becoming multibillion dollar companies almost purely based on information and data,” he continued.

Cybersecurity insurance is only one arrow in your quiver used in the protection of your organization’s electronic protected health information (ePHI). It is only one part of your organization’s mitigation and it is important to remember that it is not the solution to a HIPAA security incident or a HIPAA breach event.

There are two general categories of risks and potential liabilities for ePHI breaches, those that happen within your organization and those that happen with one or more of your vendors or business associates. Since there are two categories, your organization should consider purchasing both first-party and third party cybersecurity coverage. With these two types of coverage your organization would be the first-party and your vendors and business associates would be the third parties.

First-party losses may include loss or damage to your organization’s ePHI; corrupted, lost, stolen or ransomed ePHI by loss or stealing of devices or due to a virus; network interruption or denial of service attack, or; the inability to conduct business due to an ePHI breach or loss.

Third party risks include your organization’s liability to its clients or patients, and in various states and on the federal level, regulatory investigations and fines.

What incidents might be covered by insurance?

  • Unencrypted devices
  • ePHI in the control of a third party;
  • Human error, mistakes and negligence;
  • External attacks by cyber criminals;
  • System, data center, or business process failures;
  • Malicious or criminal insiders; and
  • Credit cards.

What benefits, or protections, might be covered by insurance?

  •      Notification costs to data breach victims, media and other;
  •      Legal defense costs;
  •      Forensics and investigative costs;
  •      Regulatory penalties and fines;
  •      Revenue losses;
  •      Third party liability;
  •      Communication costs; and Productivity losses. 

There are also very specifically outlined and defined exclusions in a cybersecurity policy. They often include the following:

  •  Breaches of PHI in paper files;
  •  Claims brought by the government or regulators, including the Office of Civil Rights, the Department of Health    and Human Services, and the Office of a state’s Attorney General, plus various state’s laws;
  • Vicarious liability, for data entrusted to a third-party vendor, when the breach occurs on the vendor’s system;
  • Unencrypted ePHI; and
  • If your organization waits too long to report the event to the insurance company.

The cost of cybersecurity insurance continues to increase, as is the dollar amount deductible that your organization will have to pay up-front before any insurance payments will kick in. The deductible excess is now $25,000.00 on many policies.

Cybersecurity insurance is quickly becoming a necessity for many healthcare organizations, but it is only one piece of an organization’s mitigation. Other parts of mitigation include: a yearly HIPAA Security Risk Analysis/Assessment, a yearly internal or external HIPAA Audit, and a yearly HIPAA Security, Privacy and Breach Training, plus constant, on-going vigilance.

The need for cyber insurance is more urgent as every sector of society becomes more interconnected through internet. “Almost all data has a monetary value,” Carson stated. “Absolutely any company that is helping organizations protect and provide cybersecurity to their business and will help reduce the risk of cybercrime” will reap the rewards.

Conclusion: Your organization must understand all the provisions of the cybersecurity insurance policy before it is signed and paid for.

Litmos:  Daily Caller

« Chilcot: False Intelligence Led To Iraq Invasion Which Spawned IS
Brexit Fallout Continues – ePrivacy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

FortiGuard Labs

FortiGuard Labs

FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.