Every company that uses computers or the Internet needs to protect their assets, but how can companies prepare for threats that are so new they’re not even recognized? New technology can open security holes that aren’t detected until after cyber criminals have already broken in. Hackers develop new viruses and other malware every day, faster than security tools can keep up. With the ever-increasing number of cybersecurity threats, some companies are turning to cybersecurity insurance designed to protect them.
What is Cybersecurity Insurance?
The Department of Homeland Security defines cybersecurity insurance as “insurance designed to mitigate losses from a variety of cyber incidents.” It is meant to cover the company’s financial losses in the event of a data breach, not to take the place of robust digital security. A data breach can have long-lasting effects on the business that no insurance policy can cover. For example, the costs of intellectual property loss and damage to the company’s public image can be difficult to estimate.
Types of Cybersecurity Insurance
Because there are so many possible threats, ways your network can be breached and related costs few companies can afford to cover everything. There is no universal standard for coverage, but cybersecurity insurance falls into two categories.
First-party insurance covers direct losses such as network infrastructure damage, business interruption and sometimes damage to the business’s reputation. Third-party insurance covers liability and secondary costs such as customer notification and compensation, forensic investigation, legal defense, lawsuits and regulatory fines.
Insurance companies offer both first and third-party cybersecurity insurance. In the United States, data-breach notification laws make third-party insurance more popular, while businesses in Europe favor first-party. That may change as the European Union begins requiring businesses to notify customers in the event of a data breach.
What to Consider Before Buying Cybersecurity Insurance
Cybersecurity policies can be complex, and it’s important not to rush into the decision. Making the wrong decision can leave your business paying for coverage you don’t need or worse, finding the policy didn’t cover what you thought it did when you need it.
Before considering a cybersecurity insurance policy to protect your network and data, review your existing insurance. Determine what is already covered by your existing policies, where the gaps are and which uncovered assets need the most protection.
Work with an insurance broker and don’t be afraid to ask questions. Because cybersecurity insurance is relatively new compared to other types of insurance it is subject to frequent changes. Policies are in flux due to changes in laws, regulations and best practice recommendations. A savvy broker who is familiar with cybersecurity insurance can help you avoid pitfalls and provide the necessary clarity to make the right decision.