In 2014, five hundred million user accounts perished under a massive cyber attack. Personal data such as the users’ full names, birth dates, phone numbers and passwords were breached. And in March 2018, 32 million accounts were affected after another hacking. All these huge figures of data breach attacks were aimed at one of the world’s biggest companies --Yahoo.
You know Yahoo, I know Yahoo, we all know Yahoo. It’s a huge name in the social media and email realm, so surely such a big enterprise is giving their all to protect their data (which is OUR data)? Yahoo probably spends billions of dollars on cybersecurity and yet, they are still vulnerable to cyber attacks. In late 2017, Yahoo admitted that all of their three billion user accounts had been hacked in previous years. This speaks volume about cyber insecurity today.
As fast as technology, social media and business automation has moved forward, so too the increase of cyber insecurity and data breach risks. Through the years, many businesses, some very well-known such as Yahoo and Sony, have suffered the aftermath of a cyber warfare that ended up damaging and sometimes permanently destroying organisations. While a business might have some great first-line defences in place, such as firewalls, it’s important to also consider an insurance policy specifically to cover the financial impact of cybersecurity breaches, which can be devastating to an organisation.
If one day your business is faced with a cyberattack, are you confident that you have a strong enough first line of defence to prevent the worst from happening or a solid plan to put you back on track in worst case scenarios? Do you have a cyber insurance policy in place to cover you in the case of business interruption? If your answer is NO to these questions, read on to find out more about cyber insurance and where it’s placed in today’s cyber security scheme.
Have you heard of a cyberinsurance policy?
You no doubt already have an insurance policy for your business to cover theft on your premises, natural disasters, professional indemnity and other scenarios that a policy would offer protection from. But have you thought about cyberinsurance?
A cyber insurance policy is specifically designed to aid you in the event of a cyber security breach. Whilst still relatively new in the world of insurance policies, the rapid development of these cyber security-centred policies have had to evolve in recent years alongside the fast paced world of technology and increased number of cyberattacks.
If you approached an insurance broker a few years ago to discuss cyberinsurance, you might have received a short form asking you the usual business and financial questions before being given a quote and signing up for a policy. But as technology has evolved and risks have materialized into much greater threats, insurance companies are now assessing risk in greater depth. You may now find specific questions around how your business mitigates cyber risks, what kind of firewall you have in place, who manages your IT, what kind of network you have, etc. Clients are expected to understand the risks of a security breach and to recognize scams such as phishing emails. In fact, insurance providers may not even cover your business until they have confirmed that cybersecurity protections are already in place.
What does a cyberinsurance policy cover?
While cyberinsurance can differ from policy to policy, an insurer will generally provide coverage when a breach affects business operations and leads to financial losses. Areas of coverage may include:
- Business interruption loss due to a network security failure or cyberattack.
- Data loss and restoration
- Incident response and investigation costs
- Delay, disruption, and acceleration costs from event/s causing business interruption
- Crisis communications and reputational mitigation expenses
- Liability arising from failure to maintain confidentiality of data
- Liability arising from unauthorised use of your network
- Network or data extortion / blackmail (where insurable)
- Online media liability
- Expenses relating to regulatory investigations
It’s important to understand what you are covered for and what may be excluded. Some insurance policies may give you access to a 24/7 service where you can report cybersecurity incidents and receive professional advice from forensic IT consultants and other experts who can help with your case. Some policies may exclude damage instigated by existing staff members.
What does a cyberinsurance policy cost?
The cost of a cyber insurance policy will vary from provider to provider and will largely depend on the requirements of your business. Another factor that will contribute to the cost is your history of cyber attacks. There are multiple things to consider before costs are calculated and a good insurance broker should sit you through the process and negotiate with you to help you find one that fits both your budget and coverage needs. The big question is, can you afford to NOT be covered if your business experiences a cyberattack?
What is the true cost of a cyberattack?
Imagine for a moment that your business is hit by a ransomware attack and the ransom amounts to approximately $4,300. What if the cyber attack causes your operations to halt for an hour, what would that cost you in numbers? Data from datto.com states that it can go up to approximately $46,800! Per HOUR. An attack may freeze your operations and halt all incoming-producing transactions but, whether your business is at a standstill or not, you’re probably still paying your staff’s office hours. These are just some of the costs to consider in the event of a cyberattack.
Now go back to imagining all the screens in your office suddenly turning black and your IT provider tells you that the damage will take three hours to diagnose, before they even start fixing. That is $140,400 down the drain for your business due to downtime. Add in costs of diagnosing the actual breach, plus salary losses, and that is a whole lot of profits lost in less than a day.
This huge amount of loss in the case of cyber insecurity is inevitable as our business operations are largely relying on computers, the Internet and the cloud. Talk to a cyber security insurance broker so that you can assess actual costs and devise an appropriate action plan to prevent or mitigate negative consequences of a cyber attack before the worst scenario occurs.
Why not just rely on your current business insurance policy?
Many standard business insurance policies will not cover cyber security breaches. So if you want to put your mind at ease and ensure you are covered in the instance of a cyber breach, start talking to your insurance broker about cyberinsurance as soon as possible.
If you’re a business that stores your valuable data online or accesses cloud services via the internet (which is pretty much every business these days!), cyberinsurance is no longer an optional extra. Having a comprehensive insurance policy should work in conjuction with (not instead of) first line cybersecurity defences, which are vitally important, and can offer you peace of mind to know that you’re covered if the worst case scenario happens. So your homework this week is to get in touch with your insurance broker and put a cyberinsurance policy in place to protect your business. Don’t wait until it’s too late.
If you need help or assistance in finding the right solutions for your business, don’t be shy in reaching out to us. We’d be glad to help!