How Much Cyber Insurance Do I Need?
By now, every business owner should be aware of how vital cyber liability insurance is for their business. Even if you think you are not storing valuable information in your systems and therefore aren’t a desirable target for cybercriminals, you might be wrong.
A good practice would be to hire a cybersecurity expert who can evaluate your case. But it’s as simple as this: if you have computers connected to the Internet, you are at risk of a cyberattack. The question is only how significant your risk is and how to deal with it.
You might be wondering: So, how much cyber insurance do I need? Is it really necessary to devote time to look closely into policy limits? Let’s look at one large-scale example that shows how crucial it is to have the proper policy limits.
In 2013, the retail giant Target Corp. suffered a data breach attack that cost them $292 million. The incident happened in 2014, but the consequences and costs kept adding up even long after the event itself. Target had a cyber insurance policy that covered $90 million, but they had to cover the remaining costs, leaving them with a $202 million loss.
You can scale this example down to a company your size, but the extent of damage doesn’t change much. Target’s $202 million loss could equal a $2 million loss for your company, but why would you be willing to risk your company’s future in the first place?
Let’s discuss what benefits cyber liability insurance could bring your business and how to ascertain the best amount of coverage for your business.
How Cyber Insurance Protects Your Business
Every business is at risk of a cyberattack, regardless of the company size or the customer base it keeps. Bigger, more prominent companies are indeed more lucrative targets than smaller ones, but hackers have different things in mind when choosing their victims.
It is a common opinion among them that smaller businesses have weaker security measures and their systems are more vulnerable and easily breached. If the hackers are not looking to prove a point by targeting big players out there, they may decide to hit small- and medium-sized businesses and make their profits there. And it can be extremely difficult to recover from a cyberattack.
Keeping your data hostage, stealing it from you and selling on the black market, bringing down your website, and causing long downtime — those are just some of the ways cybercriminals can hit your company and cause you financial losses.
Prevention is, of course, the best defense from cyberattacks. First, you should design a cybersecurity risk management plan and educate your employees on how to spot and prevent cyberattacks. Hire a cybersecurity expert to help you purchase adequate antivirus software and develop your cyber defense and a cyber incident response plan.
Perfect protection from cyberattacks doesn’t exist, and you should think of insurance as your ultimate line of defense and your financial safety net. A policy that would best respond to a cyberattack on your company is a cyber liability insurance policy with a data breach policy extension.
Cyber insurance would respond if a hacking attack, data breach, or social engineering attack led to a network security failure. Your policy would cover the costs of data recovery and recreation, business interruption, cyber extortion, and loss of transferred funds, for example.
If the data breach compromised any confidential client or partner information, the policy would pay for a slew of things, from notification costs and credit monitoring to potential litigation costs and awarded damages, for example.
Your insurer would also help you hire cybersecurity experts to investigate the incident and remedy and reinforce your system to prevent future exposure. Your insurance would also cover the cost of hiring PR experts to help minimize the damage to your reputation.
How Much Cyber Insurance Do I Need?
The answer to this question is not simple, and no one solution fits everybody. A few factors influence the amount of premium you should obtain for your business. We will help you understand how your insurer determines how much cyber coverage you need and how they find just the right amount of premium for your business.
Questions Insurers Ask About Your Business
What Is Your Risk Exposure?
The type of business you run tells your insurer about the basis of your risk profile. However, every company has unique risk exposure. For example, suppose you store clients’ personally identifiable information (PII), such as names, dates of birth, or social security numbers. Maybe you also store bank and credit card information.
The logic here is simple – if you store valuable personal information, you are at risk of becoming a target for cybercriminals. In case of a successful attack on your system, you would stand to lose a lot of money, which means that your business is in the high-risk category.
Then again, if you only store names and emails, your exposure is not so significant, your risk is lower, hence your insurance premium is lower. Based on the amount of risk you face, your insurer will suggest your policy limits.
How Good Are Your Cybersecurity Practices?
You should never underestimate the importance of prevention and strong cybersecurity measures. When your insurer sees that you’ve invested a lot in your cybersecurity practices and that your employees receive proper training, they will appreciate that greatly.
Sound cybersecurity practices start with a robust cyber risk management plan. Of course, having a plan without implementing it means nothing, so you should ensure that you follow all the best practices defined in your document. A cyber incident response plan is an essential part of the risk management plan, and it’s there to ensure your business would respond adequately to a successful cyberattack.
What Policies Do You Need?
We already mentioned that a cyber liability insurance policy with a data breach extension would best respond in the event of a successful cyberattack. If you are responsible for other people’s information that could get exposed, you should consider a third-liability cyber insurance policy. It would pay for third parties’ losses when your system was compromised.
A first-party policy would cover your expenses related to the breach, including the cost of repairing your system. Your policy will also protect you from liability lawsuits from other breach victims if it includes privacy liability coverage.
Another policy that could also come in handy if you run a technology business is the tech E&O policy. It will indemnify you if you get sued over an unintentional error that led to the data compromise.
What Is the Adequate Policy Limit for Your Business?
The amount of cyber insurance you need will depend on the amount of data you store and your security exposures. You can assess your risk on your own, but unless you have prior experience in the insurance industry, that might not be a good idea.
Suppose you set your policy limit too high, “just in case.” You would then risk paying too much money for the amount of insurance you don’t need. That money would be better invested in another policy you might need that could provide protection for your other exposures.
On the other hand, if you set the limit too low, that could lead to you not having sufficient coverage in case of a massive cyberattack on your company. Such an attack could be devastating for your business, and you might not be able to bounce back from it if your insurance doesn’t cover your losses.
Most small businesses set their policy limits at $1 million, which is enough coverage for a company with average risk exposure. If your company’s line of business indicates that you carry more risk than an average company, the best course of action would be to consult with an insurance expert to help you determine your policy limit.
Insurance brokers have worked with companies like yours before, and they are your best ally when it comes to choosing the best available coverage for your business.
The Cost of Being Underinsured or Uninsured
If you are underinsured or completely uninsured, and you suffer a cyberattack, you could be in a lot of trouble. The average total cost of a data breach was $4.24 million in 2021, according to IBM and Ponemon Institute’s Cost of a Data Breach Report 2021. This number is probably influenced by Cognyte, LinkedIn, Colonial Pipeline, and other incidents, but you shouldn’t take it lightly, even if you are a small company.
Being underinsured would mean that you have to cover some of the costs related to the cyberattack or data breach. How much you’d have to pay for yourself would depend on your cyber insurance or data breach policy limit. It would also depend on the scope of the attack and damage your business suffered.
An even worse scenario would happen if you were completely uninsured. That would mean you would have to cover all the related costs, which could bankrupt your business. Even if you go around thinking a data breach could never happen to your company, you couldn’t be more wrong. Everybody is at risk, and some reports even indicate that everybody will suffer a cyberattack at some point in the company lifecycle.
It is a fact that your insurance policy costs a lot less than a cyberattack would. Carefully evaluate all the implications before deciding what to do about your cyber insurance.
If you think you are underinsured, feel free to reach out to one of our expert brokers who will help you determine your risk profile and the amount of coverage you need. If you are ready to purchase a policy for your business, sign up to Embroker’s digital platform and get your online quote.