You didn’t used to need cyber insurance, but now you do if you want to make sure that your cybersecurity strategy does what it’s supposed to do. The goal of cybersecurity isn’t just to prevent cyber attacks. It’s to give you the ability to bounce back if and when you have an intrusion.
No one can 100% guarantee that you’ll never be a victim of cyber crime. The technology that cyber bad guys use is always evolving. Mix sophisticated technology up with tried and true social engineering tactics that use manipulation and trickery to get people to do things they wouldn’t ordinarily do, and you’ll recognize that you can never completely remove your risk exposure.
The topic of cyber insurance is relatively new, so we recently had a webinar for our clients to help them learn how cyber insurance fits into their cybersecurity and risk management strategies. Ruth Sliviak, President of ICS Insurance, was our guest speaker and she brought up three myths about cyber insurance that are holding business leaders back from making informed decisions about cyber insurance.
NOTE: This article is not intended to advise you on your unique cyber insurance situation. Contact your insurance rep for information specific to your business.
Replace Cyber Insurance Myths with Facts
Cyber losses are covered under my business office or professional liability package.
While there could be a small amount of overlap with cyber insurance coverage and your business, crime, property or professional liability coverage, these will typically fall short because they lack the depth and breadth that a standalone cyber policy would have.
For example, a traditional policy won’t give you access to an experienced cyber claims rep who’s used to dealing with the processes involved in a cyber loss. Likewise, a property policy could cover data restoration costs but may not include the expertise needed to handle a data theft claim. And a crime policy could have limited coverage for social engineering but would be more restrictive than a true cyber policy.
Professional liability may potentially cover data theft but not first party costs associated with responding to the event. This is important because when you’re in the middle of something like a ransomware attack, you’re going to need help with crisis management in the heat of the moment.
Our IT provider has cyber insurance so we don’t need our own.
Your IT support company certainly should have insurance, but you are still ultimately responsible for keeping all the data that you gather and store safe and secure.
Your IT vendor’s insurance wouldn’t cover your loss of business income and extra expense. There will be limits to any type of liability in the event of a breach or system outage. You would also be responsible for notification requirements and any regulatory investigations and fines.
Think of it this way – just because you have a security system with high-quality locks, that doesn’t mean you don’t need property coverage. Likewise, even if you have a fire alarm and sprinkler system, that doesn’t mean you don’t need fire coverage.
The purpose of an insurance policy is to respond in the event that the worst happens. While utilizing the services of an IT company may make your organization less vulnerable to threats, you still have risk.
We don’t need cyber insurance because we’re not a target for cyber criminals.
Every business is a target for cyber criminals. In fact, small businesses may actually look like low hanging fruit for cyber bad guys because they know that many of these organizations haven’t invested sufficiently in security.
Another argument that goes with this myth is that businesses don’t think that they store sensitive data. They should instead be asking themselves, “How long could we run our business without our data?” The answer is probably “not long” when you consider lost sales and idle employees because they can’t do their jobs.
Furthermore, it’s not just your data that’s a target, it’s the access that your network gives cyber criminals to other companies like your customers and vendors. It’s possible for cyber intruders to snoop around in your network for months without detection and while they’re there, they’re figuring out how they can get the biggest payoff whether it’s ransoming your data or using you to get to bigger fish.
The Goal of Cybersecurity is Resilience
The goal of both cybersecurity and cyber insurance is resilience. On that dark day when something bad happens, you want to be able to bounce back to do business another day. When you’re filling out an insurance application, you’re going to have to communicate all the things that you’re doing to prevent cyber attacks. If there are boxes that you can’t check, you could have vulnerabilities that are increasing your risk.
Get a FREE IT Consultation
At XPERTECHS, we advise our clients on how to create a security strategy that matches up to their level of risk – and we sometimes help them with their insurance applications. Contact us for a free IT consultation to explore how you can get confidence in security and use IT to improve operations and enable your success.