Essentials of a Cyber Insurance Policy

If you’ve heard the many news stories about cyber breaches, you know cyber insurance is essential for businesses in todays digital landscape. Let's break down essential cyber insurance coverages.

Be sure that your policy includes the following:

1. Regulatory Defense and Penalties Coverage

Covers the costs of fines by State or Federal agencies for breaching consumer privacy

2. Notification Costs

Covers the costs to notify affected individuals after a data breach

3. Cyber Extortion Coverage

Covers damage and ransom payments from an attack

4. Cyber Crime Coverage

   1. Funds Transfer Fraud – criminal deceives a bank to transfer funds

   2. Social Engineering Fraud – criminal deceives you to transfer funds

   3. Telephone Fraud – theft of long distance phone service

   4. Invoice Manipulation – hackers deceive your customer to transfer funds

5. Data Restoration/Recovery

Covers the cost of recovering or recreating lost data

6. Business Interruption/Reputational Harm

Covers the lost revenue due to the inability to operate at full capacity

7. PCI

Covers the fines/penalties imposed by banks or credit card companies

How much is cyber insurance?

Always the question: How much will this insurance cost?  Pricing ranges from $2,000 to $10,000 for mid-sized companies that carry a limit of $1,000,000. Factors that effect the price include:

1. Business Size

Small business face different risks than larger ones. Cost can very based on the number of employees and the type of customer data handled.

2. Industry Impact

Businesses handling more sensitive data, such as credit card numbers of Social Security numbers, may pay more.

3. Security Measures

Companies with robust security defenses may qualify for better rates.

4. Policy Limits and Deductibles

Typically, the more extensive the coverage the higher the premium will be. 

How do they get my information?

Cyber criminals have a number of sneaky tactics to try and get your information. 

1. Data Breaches and Dark Web Markets

Hackers frequently access breached data from previous security incidents. They collect emails, usernames, and passwords from these breaches and then attempt to reuse them on popular websites.

2. Phishing Emails

Hackers send deceptive emails that appear legitimate. These emails trick users into revealing sensitive information, such as log in credentials or credit card details.

3. Social Engineering

Hackers manipulate people into divulging confidential information. They may impersonate a trusted individual or use psychological tactics to gain access to personal data

4. Malware

Malicious software infiltrates computer, often disguised as legitimate updates or attachments. Once infected, hackers can access and steal sensitive data

Ransoms are now growing higher and higher in value as the cyber criminals get better at what they do.  The amount of criminals caught in this space is limited and rare.  The event is usually developed and completed within 48 hours, and money is transacted and gone.  The “mules” that pick up the monies will get caught on occasion, but the rapid pace of the event leads to tough sting operations at the banks.

Every state has separate guidelines for what to do when a breach happens.  You have to comply with each state requirement or face penalties.  This is a moving target and very hard to determine.

The cost of a breach is huge if a lawsuit develops.  Consider this: Target had one of the largest breaches a few years ago.  They settled with their customers for $10,000,000, or roughly 15 cents per breached customer.  That is nothing, but Target spent $290 million on other costs to get to that point.  Then on top of that, their PCI vendors (Payment Card Industries) such as Visa and MasterCard added another $200 million of cost to the lawsuit.    

Now what?

Protecting your data is Priority #1.  Buying Cyber Liability Insurance is Priority #2.  Check out our article on Phishing Schemes to help prevent your system from a cyber crime.  Even with all of the protection in the world, buying Cyber Liability Insurance is a prudent and responsible purchase to protect your data, your clients, and your business.