Cyber insurance: what is it, why do you need it, and how much do you need?

Someone is working on their laptop. Beside the laptop is a piece of paper featuring the word “Insurance” in blue text over the image of a blue umbrella

Cybercrime is no longer the imaginary villain in a summer blockbuster. It’s very real, and it’s here to stay. Threats like ransomware are on the rise and can potentially bankrupt unprepared organizations.

So, what can you do to protect your business from cybercriminals?

We all know that following the proven processes of a recognized security framework is a major part of fending off attackers and reducing risk, but what happens if an attack is successful? Does your company have the resources to get back online and recover financially? This is where cyber insurance can play a role.

WEBIT Services has helped clients reach their IT and cyber security goals for over 25 years. In that time, they’ve been vital assets in executing incident response strategies, bringing companies back online, and advising on how to respond to cyber-attacks. They are passionate about educating clients about cyber threats and the value of cyber insurance.

As an IT provider, WEBIT Services strongly recommends businesses consult with an insurance provider that has expertise in cyber insurance to help give them potential additional financial protection from cybercrime. However, we understand that this is a decision that every business must make for itself.

By the end of this article, you’ll know what cyber insurance is, what events it does and does not cover, and how it can benefit a business.

What is cyber insurance?

Cyber insurance covers financial and reputation losses due to security breaches. As cybercrime grows, so does the need for additional protection against it. Within a cybersecurity framework, cyber insurance comes into play in the Respond and Recover phases.

A photo of the NIST framework cycle with an arrow pointing to "Recover." Beside it is the text "Cyber Insurance comes into play in the Respond and Recover phases

Cyber insurance does not act as another brand of cyber security. Its focus is not on the practical defense or strategy to prevent cyber-attacks. Instead, cyber insurance addresses financial losses and reputation damages if an attack occurs.

What events does cyber insurance cover?

Cyber insurance is often broken into four branches:

  • Network security and privacy liability
    Coverage for a breach in your system that opens private information or violates privacy compliance
  • Network business interruption
    Coverage for a breach that halts productivity through encryption (ransomware) or other means
  • Media liability
    Coverage for lawsuits against acts of libel, slander, defamation, Copywrite infringement, invasion of privacy, or domain name infringement
  • Technology errors and omissions (tech E&O)
    Tech-specific coverage for a professional mistake within your company that led to a cybercrime against a client

What does cyber insurance not cover?

There are, of course, certain losses or actions that cyber insurance will not cover.

To put it simply: cyber insurance can help with initial financial losses, but it cannot recover lost data or subsequently lost profits.

Below are four examples of claims cyber insurance will not cover.

  • Social engineering
    If a hacker tricks an employee into giving away private information or credentials, it’s difficult, if not impossible, to recover lost funds, lost data, and customers’ trust.
  • Loss of customer-sensitive data
    Cyber insurance is not cyber security or an IT service. If data is lost, it very likely cannot be recovered. Cyber insurance cannot cover the continued financial losses resulting from losing data.
  • Loss of customer recipes, formulas, or schematics
    Suppose a hacker steals secret recipes, formulas, or schematics for a customer or product. In that case, cyber insurance cannot find or reclaim that lost information, nor will it cover subsequent financial losses resulting from this breach.
  • Incorrect application answers
    Cyber insurance providers require all potential customers to fill out applications with requirements and guidelines for cyber security practices. If you answer incorrectly or dishonestly, any related claims will be denied.

The sad reality is that data lost to cyberattacks is often lost forever. Even if ransoms are paid to recover the information, there’s no guarantee that cybercriminals have deleted their copies of those files.

Cyber insurance is not a miraculous recovery method. It is a backup plan to help keep your business intact after a cyberattack. 

A woman with short red hair and glasses is looking at a computer monitor. Her hands are at her temple in frustration.

Why do I need cyber insurance if I have good cyber security?

Of course, solid cyber security practices and tools are a good start in building practical system defenses.

However, if an attack breaks through your cybersecurity defenses, the damages can devastate a business.

A ransomware attack can demand tens of thousands or even millions of dollars in payment. Sometimes, the financial damage is enough to bankrupt a business.

Even if an attack doesn’t demand payment, business productivity can be delayed or halted for days or even weeks while system damages are corrected.

Cyber insurance is the other side of the coin: it can help with the recovery of your resources and reputation if you experience a cyber-attack. It can also help recommend experts for faster resolutions and potentially help cover the cost of productivity delays or losses so your business does not go bankrupt.

Unfortunately, as cybercriminals develop more advanced and intelligent hacking techniques, it’s less of a question of “if” and a question of “when” businesses are attacked.

Who benefits from cyber insurance?

The more we rely on the internet to store and access information, the more cybercrime grows.  Today, it is nearly impossible to run a business without these systems.

If a company is connected to the internet, it will benefit from cyber insurance, regardless of its size.

While the news media only focuses on significant breaches of well-known corporations, cyber insurance providers regularly encounter hundreds, if not thousands, of breaches from businesses of all sizes.

No business is too small to fall victim to cybercrime. If you have information, cybercriminals want it.

If you aren’t using the internet in your business or storing data on computers, you are less of a cybercrime target and may not need cyber insurance.

How does cyber insurance benefit businesses?

A cyber-attack can cost not just tens of thousands but millions of dollars.

2021 saw incredible increases in the costs of cyber-attacks. The cost of remediating a single ransomware attack increased in the United States to $1.85 million in 2021. And the price of these attacks is expected to rise.

Cyber insurance can provide aid beyond the financial.

In the face of an attack, cyber insurance can:

  • Help cover the costs of the attack.
  • Provide emergency contacts and planning to help get companies back online as quickly as possible for minimal losses.
  • Assist in ransomware negotiations.
  • Alert you if paying the ransomware fee is legal and help find solutions.
    Sometimes, countries sanctioned by the U.S. perform ransomware attacks, and paying these fees is considered a violation of OFAC regulations.
  • Provide reimbursement for social engineering cyber-attacks.
  • Help your organization stay in business after an attack.

Next steps to determine if a cyber insurance plan is right for your business

Cyber insurance helps businesses recover from the aftermath of cyber-attacks in various ways. Not only can they provide excellent counsel and resources, but they help cover financial damages to keep companies afloat.

If you’re looking to sign up for a cyber insurance plan, here are some steps you can take to find the best plan for you.

  • Assess your risk of attack and your company’s data.
    Knowing your risks can help you determine what kind of plan(s) you need to stay safe. Conducting a regular risk assessment is strongly recommended.
  • Have a Cyber Incident Response Plan and proper cyber security in place.
    Not only does this help you assess your risk, but cyber insurance providers now require all customers to have these plans and systems in place before they will offer coverage.
  • Talk to other cyber insurance customers.
    Spend time with customers answering applications, talking to underwriters, and working with brokers to gain a better understanding. Making useful contacts and having industry knowledge can help you obtain better coverage at lower costs.
  • Talk to your IT Provider
    IT providers can help you interpret cyber insurance applications, ensure proper cyber security procedures are in place and address risks. Many will also have advice and insight regarding cyber insurance and providers.

WEBIT Services is passionate about helping its clients improve their cyber security and develop incident response plans to keep their assets safe. WEBIT Services has also helped clients find cyber insurance to match their needs and budgets.

If you would like to learn more on topics like IT strategy and cybersecurity, we recommend the following articles:

Interested in talking to a professional from WEBIT Services? Schedule a thirty-minute consultation today.