Most companies today possess valuable digital data. In the event this data is compromised, insurance companies have developed a special type of insurance, called cyber insurance, which mitigates the damage done as a result of cyber attacks or technical issues that interrupt the cash flow of a business. By covering the costs of investigation and repairs, these plans often help companies reduce financial damage as data problems are resolved.
While most companies handle some form of digital data, cyber insurance doesn't make sense for everyone. For businesses that rely heavily on digitized files or online data, there is almost certainly utility to this coverage. Healthcare companies that host very private data and financial companies that rely heavily on digitized information, for instance, would be wise to invest in cyber insurance (whether independently or as part of generalized insurance) because the value and sensitivity of their data makes them targets of cyber attacks.
It’s important to consult with counsel before deciding whether a cyber insurance plan makes sense for your company. Further, counsel will help you understand what your plan covers and what practices you must follow in order to ensure coverage if the need arises.
Here are some factors to consider when thinking about whether cyber insurance is right for your company:
Value Add
If your company’s existing non-cyber insurance scheme does not cover its digital welfare, cyber insurance could be very beneficial, particularly if your company places great value on its data or digitized materials. Some non-cyber insurance policies may include protections that duplicate those in cyber insurance plans, thereby reducing the value of both plans. For example, your existing non-cyber plan may have an “errors and omissions policy,” which can cover digital errors brought about by employee negligence. Be sure to review existing policies before sealing the deal on a new cyber insurance plan. Also keep in mind that a cost-benefit analysis may reveal cyber insurance plans are more expensive than they’re worth to your company if your company does not invest heavily in a digital presence. Premiums will vary depending on how much data your company manages, the sensitivity of the data, and what the insurer decides is the risk of a cyber attack against your company. As with other types of insurance, the higher the risk, the higher the premium. Cyber insurance premiums can climb up to $41,500 for a company that focuses on IT Consulting, whereas a restaurant that has very little digital data may pay a premium of around $10,000.
Despite these high premiums, cyber attacks put companies at risk of even greater costs through immediate financial detriment and ongoing legal costs. If your company relies on digital information for its daily operations, these plans may be well worth it.
Transfer of Risk
While the risk of cyber threats is still relatively unknown, it is clear that hacking is becoming more common. Any willing person can find a hacking kit online and carry out a data breach with little perseverance on an unprotected company. For this reason, take care to confirm that your business has appropriate safeguards in place. Cyber insurance can allow companies to share ownership of risk with insurance companies. When purchasing a plan, be sure to gather information on what your company would be responsible for in the event of an attack. Oftentimes, plans will require your company to have specific security responsibilities in order to recover if a breach occurs.
Fine Print
On that note, many insurance policies will dictate how data should be handled in order for you to access your benefits, such as the ability to transfer risk. Always read the fine print to ensure compliance and to be sure at the outset the clauses will work for your business without causing any undue burden. Further, cyber risks are unpredictable, constantly changing, and very difficult to measure and calculate. Because of this, industry standards and best practices are still lacking in this area. Consult counsel before purchasing cyber insurance to negotiate favorable contractual terms and ensure you’re covered in case of emergency and to prevent your plan from becoming obsolete.
In summary, if your company handles digital data, it’s important to consult a lawyer to assess whether cyber insurance is a good idea and, if it is, to make sure you are getting long-lasting, broad coverage and doing what is necessary to reap the benefits. As part of your assessment, consider whether cyber insurance will benefit your business in the long run, especially when evaluated against the cost of premiums. Reviewing existing insurance policies and contractual obligations prior to purchasing cyber insurance will prevent you from paying twice for duplicative coverage. Given the fast-paced development of cyber threats, a more general insurance policy might do a better job of keeping your company covered in the long term.