Your Insurance Probably Wouldn’t Cover the Costs of a Security Breach
Business insurance is a given, however many firms fail to realize their policy may not cover risks associated with a data breach. Cyber liability insurance coverage (CLIC) has been available for about 10 years. However, most security and IT professionals were unaware that it was offered or had never heard that such a thing existed. With the alarming amount of cybersecurity breaches in the last year, it was a surprise to discover that while insurance companies had policies, very few businesses were taking advantage of the option. Many of the insurance agencies that have been offering CLIC hadn’t sold a policy at all until recently.
What does a cybersecurity insurance policy cover?
- Liability for security/privacy breach — loss of confidential information.
- Costs associated with a breach — consumer notification, customer support, credit monitoring for affected customers.
- Costs of restoring, updating, and replacing assets stored electronically
- Business interruption.
- Liability associated with slander, reputation damage, libel, and copyright infringement
- Coverage for billing error.
The Cost of CLIC
These are just a few of the options that could be a part of CLIC policy. For cyber insurance to become truly effective and something that companies want to buy, insurance agencies need to come up with a better way understand risks associated with a breach and how to measure them. PwC has estimated that global spending on CLIC will reach $7.5 billion by 2020. Firms that are spending between $5,000 and $50,000 per year on their policies are being provided $1 million to $10 million in coverage. The costs of CLIC is easily out weighed by the benefits that it provides.
3 Areas to Consider
Jim Motes, VP for information security at Kohler, says there are three broad areas of cybersecurity companies consider when purchasing CLIC: “to protect against breaches of B2C e-commerce or a breach at a physical retail store, protect intellectual property, trade secrets and the PII of employees, and recover from a breach into a manufacturing facility, an IoT event.” Unfortunately, the value of intellectual property is hard to put a number on. This is where many enterprises struggle when trying to find the right policy for them.
Choosing the Best Policy is Difficult
(ISC)2 has made their focus giving companies the tools needed to make assessments on security breaches from a financial standpoint. This way businesses can more accurately choose a cyber liability insurance coverage policy. (ISC)2 has recently partnered with RiskLens to make this possible. RiskLens has a cloud based risk management product to help businesses determine specific values in a security breach. RiskLens uses Factor Analysis of Information Risk (FAIR) to do this. FAIR breaks down the breach into two separate categories: primary loss and secondary loss. A primary loss is costs associated with downtime, response, and replacement. Secondary losses focuses on fines and judgement from the crime, reputation damage, reimbursement of money stolen, and the costs of credit monitoring services for those involved. This system allows companies to not only see how much money could be lost but also what types of coverage they should be looking into.
With the massive rise of ransomware and IOT attacks, cyber insurance will continue to grow in popularity and will become a staple addition to insurance policies. If your company doesn’t already have CLIC, it might be time to look into this kind of coverage.