Cyber Insurance – What you need to consider.

Whether your team exclusively works remotely, is in-house or a hybrid of the two, Cyber Insurance is an important aspect of your overall Business Continuity program.   As the early days of COVID hit and more employees were sent home to work remotely, bad actors took advantage of various situations and, according to the FBI, U.S. Internet Crime went up a whopping 70% in that single year (2019 – 2020). In fact, ransomware attacks continued to surge in 2021: https://fortune.com/2022/02/17/ransomware-attacks-surge-2021-report/   As a result, it became increasingly obvious that there was a need for broader coverage than basic corporate general liability insurance.  Enter the world of Cyber Insurance.

Cyber Insurance can help mitigate your losses when the unexpected occurs.

Cyber Insurance differs from General Liability Insurance, so it’s important to review your policies, or consult with your provider and understand what is included in your specific situation.   Most General Liability policies exclusively cover tangible assets.  In most cases, data is not considered a tangible asset. Additionally, Cyber Insurance does not replace the need for good cybersecurity, nor is it a reason to become lax in your practices, either.  Cyber Insurance is simply an additional tool in an organization’s arsenal to help mitigate damages should something unexpected occur.  Insurance itself cannot protect your organization from phishing attempts, malware, ransomware, hackers, or internal bad actors. You are still your best and first line of defense, so, individuals need to remain vigilant in their practices, irrespective of your insurance status.  If you need a review of your cybersecurity practices, or need cybersecurity training for your organization, please contact your UniVista Account Rep. Cyber Insurance merely helps minimize the financial damages as a result of security breaches and similar situations.  

Though it may be tempting, because “hey, you’re covered”, don’t look at using Cyber Insurance as an excuse to reduce your organizations need for good cyber security practices and keeping systems and software up to date.  In fact, in many cases the cost of your insurance is largely dependent upon the strength, quality and level of your cyber security measures – and, the cost is significant if your cybersecurity measures are found lacking.  Typically, Cyber Insurance requires a “risk assessment” for underwriting.  For smaller companies, a simple questionnaire may suffice.  For larger organizations an actual on-site, detailed analysis, carried out by a third-party specialty firm, may be required.  If you have any questions on how to handle Cyber Insurance risk assessments, please contact your UniVista Account Rep.

Cyber Insurance can cover both first-party and/or third-party damages, and it is important to understand the distinction between the two.  First-party damages would include things your company would face as a direct result of the attack; cost of repairs, data recovery, lost revenue, etc.  Third-party damages would include more broader losses like; legal expenses for privacy lawsuits and/or negligence claims, both from private users and regulatory agencies, in addition to any agency fines which may arise from a breach.  Additionally, third-party coverage may also include benefits for Data Breach Consultants along with specialty PR firm expenses to help with the recovery of your business’s image, to not only your customers, but also the general public.  There’s more than just company down time and recovery time to consider in these situations.

Because online threats will unfortunately continue to be a problem for everyone, it’s important to ensure your organization mitigates its risk in every way possible.  Cyber Insurance is an excellent additional tool to utilize in your Business Continuity plan. Again, if you have any questions on how best to handle cybersecurity, cyber insurance assessments and overall Business Continuity, please don’t hesitate to contact your UniVista Account Rep.