As businesses steadily become more aware that cyber risks pose a very real threat, with the potential for expensive, damaging consequences, a new demand for cyber insurance has emerged. Business leaders know that most insurance policies do not adequately cover their company’s cyber risks, so the best way to protect company assets may be with specialized coverage.
What Does Cyber Insurance Cover?
The specific cyber insurance coverage your company may need, as well as its cost, will vary depending on the size and scope of your business operation, the number of customers you have, your company’s presence on the Web and the type of data you collect and store. As a result, cyber risk policies tend to be more customized than other types of coverage, and also more expensive. Generally speaking, a typical cyber liability policy might include any of the following coverage
Liability for breaches of security or privacy. This includes loss of confidential information by allowing or failing to prevent unauthorized access to computer systems.
Costs associated with a privacy breach, including consumer notification, customer support and costs of providing credit monitoring services for affected customers.
Cost of restoring, updating or replacing electronically-stored business assets and data.
Expenses caused by interruption of business after a security or privacy breach.
Liability associated with damage to others in the form of libel, slander, copyright infringement, etc., when the allegations involve a business website, social media or print media.
Expenses related to cyber extortion or cyber terrorism.
Shopping for Cyber Insurance
If your business decides to seek a cyber liability policy, it may not be quite as easy as taking out other insurance policies. Cyber insurance is a relatively new arena and some of its standards are still being established.
However, the National Association of Insurance Commissioners (NAIC) has proposed an Insurance Data Security Model law that will help set standards that insurance providers can follow. The NAIC has also developed a Cybersecurity Consumer Bill of Rights detailing what consumers can expect from their insurance company following a data breach.
When you seek a cyber policy an insurer will be interested in the risk management practices your business follows to protect its network and its data. They will likely want to see your business’ disaster response plan with respect to its networks, website, physical assets and intellectual property. At the very least, they will probably want to know about antivirus and anti-malware software, the frequency of software updates and the performance of network firewalls.
Each business will decide what kind of cyber protection they want to acquire. With the continuing rise of data security breaches and their associated costs, having some type of coverage is a wise move. As the standards for cyber coverage become more firmly established and insurance companies expand their coverage options, cyber insurance is bound to continue becoming more commonplace for businesses worldwide.
www.NAIC.org (Nat’l Assoc. of Insurance Commissioners) and the Center for Insurance Policy Research.