Another way to ask this question is, “Do you like to gamble?” That’s usually what the decision to purchase any type of optional insurance comes down to. It’s no different for cyber insurance, which every size business needs to consider.
To determine what’s best for your business, here are the key factors to investigate:
- Potential consequences of a successful cyberattack
- Coverage areas offered by cyber insurance policies
- Cost of cyber insurance policy premiums
It’s important for businesses of all sizes to consider each factor. Large enterprises are targeted because they handle more information that’s valuable to hackers. But hackers also know small- and medium-size businesses likely have weaker IT security postures.
Smaller companies that exchange data with large companies within a supply chain also often provide a weak link that can allow hackers to infiltrate larger companies. One lax security posture can impact an entire supply chain and its customers—no one is immune!
Start with the Consequences
The consequences are a good place to start when considering cyber insurance, especially given the many impacts on your business. If a hacker successfully breaches your IT infrastructure and compromises your digital assets, you could be looking at several severe outcomes:
- First, there’s the cost to stop, quarantine and mitigate the attack. If you’re lucky, you already have IT security experts on your staff that know how to respond and possess the technology to do the job correctly. If you’re not so lucky, you will have to pay an outside consultant to rescue you. You may also need to purchase software and hardware depending on the nature of the attack.
- The second cost comes from the impact on your day-to-day operations. Is the attack shutting down any of your key business processes? Are you restricted from generating revenue because the sales team can’t communicate with customers? Are you prohibited from manufacturing and shipping products?
- You may also face the cost of a ransom if a hacker holds your IT infrastructure hostage. Your entire business may be shut down until you pay—most likely in untraceable bitcoin—and the initial ransom could just be the tip of the iceberg. A hacker who gets you once likely knows how to get you again and may victimize you multiple times, always asking for a bigger ransom than the time before.
- Next in line are the potential compliance violation fines. If HIPAA, GDPR, or FINRA regulators come knocking following a breach, the monetary penalties can easily reach into seven figures.
Perhaps the most significant cost of all for a cybersecurity breach is the reputational damage in the eyes of your customers and your partners. If customers or partners fear your ability to handle sensitive information, they may very well take their business elsewhere. And that can lead to business failure. According to the National Cyber Security Alliance, 60% of SMBs go out of business within six months of a cyber breach.
Understand What Cyber Insurance Covers
Although relatively new to the insurance industry, cyber policies are growing in popularity and continue to expand what they cover. This can include preventative measures to proactively protect your business from a breach and reactive incident-response measures if a breach occurs.
Besides legal fees and expenses, cyber insurance policies can cover the cost of notifying customers about a data breach, restoring customer personal identities, recovering compromised data, and repairing damaged IT systems. Other covered items can include credit protection costs and regulatory defense costs, including fines and penalties.
Assess the Cost of Cyber Insurance
Cyber insurance costs depend on several risk factors. For small businesses, an annual policy might cost as little as $500 while medium to large businesses may need to pay $5,000 or more.
Premium cost factors include coverage needs and limits, which will likely be driven by how much revenue your business generates. Data access is another key factor, based on who has access to your systems, such as customers and third-party partners. It’s also important to limit access among your internal employees to sensitive data as much as possible.
Another factor insurance carriers will evaluate is your IT security posture, to see just how well you protect sensitive information. The stronger your security defenses, the lower your premium. This is where antivirus, firewall and password policies can prove beneficial.
Your industry will likely play a role in your premium as well. Firms in the financial, healthcare and IT sectors typically handle large amounts of sensitive information, which makes it more difficult to recover from a breach. And just like other forms of insurance, your claims history will influence your premium. Expect cyber insurance costs to be more if you filed a claim in the recent past.
The Ultimate Pay-Off: A Stronger Security Posture
Given the dire consequences of a successful cyberattack, it’s definitely a gamble to go without insurance. And one of the benefits of going through the process is that it typically gets businesses to think about their security posture.
Your insurance carrier will also likely audit your security measures, and that will help you identify your risks and any gaps in security controls that you need to apply. That’s a good thing because, in the end, you don’t ever want to rely on your insurance policy. You want to take every step you can to make sure you won’t have to use it!