Cyber insurance is an important element for companies as it covers the damage and liability caused by a hack, which are usually excluded from traditional liability coverage.
Stricter data privacy notification laws, government incentives, cloud adoption and the increase in high-profile hacks and data breaches have all contributed to the significant increase in the number of companies offering and buying cyber insurance.
All companies face varying levels of risk, which warrants the need for a cyber insurance policy. You can look at two candidates for such a policy: first, companies that store data from external sources like retailers, healthcare companies and financial services firms; and secondly, any company that stores employee data.
Customer information, such as payment details and addresses are gold to hackers. Obviously, companies that store internal and external data should seriously consider a policy as they have the most to lose. However, according to PWC’s June 2014 Managing cyber risks with insurance report, risks can often come from within – which puts both external and internal data at huge risk. According to the report, “a systemic cyber risk can stem from internal enterprise vulnerabilities and lack of controls, but it can also emanate from upstream infrastructure, disruptive technology, supply-chain providers, trusted partners, outsourcing contractors, and external sources such as hacktivist attacks or geopolitical actors.”
In 2014, cyber-attacks and cybercrime against large companies rose 40 per cent globally, according to Symantec's annual Internet Security Threat report. Unfortunately, for many organisations across the US and UK, the complexity in finding a suitable cyber insurance policy, coupled with the underwriting process can be daunting and considered too much hassle.
What executives are not aware of is that purchasing cyber insurance is affordable and ultimately a good exercise that provides the opportunity for them to take a closer look at their internal technology and security policies – ensuring they are up to snuff for underwriters. This is why a strong cybersecurity measures such as two-factor authentication need to be considered as a security measure for all businesses.
Companies need to make sure they have the best technology in place to protect their information, before implementing a cyber insurance policy. Without the right protection in place, companies will find it incredibly difficult to procure an affordable insurance policy and could potentially lose millions if they suffer a data breach. This is significant to any business when you consider that the total cost of a breach is now $43.8 million (£28.7 million), up 23 per cent since 2013, according to Ponemon’s 2015 Cost of a Data Breach Study.
Selecting the right policy is not as hard, nor as expensive, as some may think. Yet, when it comes to cyber insurance, not having a strong security system in place is the equivalent of admitting that you left the front door open when your house was robbed.
The right systems need to be in place before CIOs, CFOs and risk managers can make such an important purchase. Security acts as the vaccination, while insurance is a cure should the worst happen.
Steve Watts is co-founder and sales director of SecurEnvoy
Image source: Shutterstock/nito