The online world grows more risky with each passing day. That’s why cyber security insurance is important for any company that stores, processes, or manages personally identifiable information (PII). This includes:
- Names and addresses.
- Social Security numbers.
- Driver’s license numbers.
- Credit scores.
- Purchase history.
Imagine what might happen if this information was stolen from your database by cyber criminals. Cyber security insurance provides a powerful shield against the costs you’re likely to incur in such a situation.
Is cyber security insurance different from EO insurance?
Yes. In fact, no traditional form of insurance can protect your business from digital threats, even if your policy includes a technology rider. The Sony Corporation found this out back in 2011, when hackers broke into its PlayStation network and gained access to the PII of 77 million users.
At the time, Sony carried traditional business insurance designed to protect its physical assets. But it had no coverage for its digital resources. So the company ended up paying more than $170 million in damages out of its own pocket.
Needless to say, Sony now carries an extensive cyber security insurance policy.
Is cyber security insurance only for big corporations?
No. In fact, hackers target smaller firms more often than big ones, since they see them as easier targets.
Cyber security professionals have the special training needed to prevent online attacks. But most of these experts work for large organizations that offer attractive salaries and benefits. They can devote their full efforts to fighting cyber criminals.
On the other hand, a small to medium-size business (SMB) may have only a tiny IT staff that wears many hats throughout the day. Cyber security insurance is a great way for these companies to supplement their existing protection.
What Does Cyber Security Insurance Cover?
A typical cyber security insurance policy can include the following types of protection:
- Meeting the financial demands of ransomware attackers: which add up to more than $20 billion each year, according to cyber security organization Sophos.
- Contacting and counseling customers in the event of a security breach.
- Hiring computer forensics experts to recover lost, stolen, or corrupted data.
- Fixing or replacing damaged computer hardware.
- Paying fines, attorney expenses, and other associated legal fees.
- Reimbursing customers whose data was compromised.
- Helping to prevent future cyber attacks from occurring.
Many cyber security policies also include reputation rehabilitation services. These can help your business to minimize the damage caused to its good name by a cyber attack. Otherwise even your most loyal customers may drop your company for one of its competitors.
How Much Does Cyber Security Insurance Cost?
The answer to this question will vary from one policyholder to the next. Some of the factors that affect the cost include:
- The company’s annual revenue.
- The industry to which it belongs.
- Deductions and coverage limits.
- The company’s existing safeguards: companies that are proactive in preventing cyber-attacks are likely to enjoy lower premiums as a result.
Typically, applicants for cyber security insurance must allow a complete security audit, usually performed by the insurance company’s staff of experts. This is a perfect opportunity for the policyholder to learn more about its strengths and weaknesses where information security is concerned.
How Can I Protect My Company from Cyber Attacks?
While a cyber security policy is essential for most businesses, it’s still up to the company to follow basic IT safeguards. These include:
- Backing up your data: including daily incremental backups, end of week server backups, and routine tests to ensure that data can be restored on demand. A cloud account is ideal for this purpose.
- Maintaining the company firewall: firewalls need regular updates to address the latest security threats.
- Keeping a close eye on your portable devices: this includes companies with a bring your own device (BYOD) policy. Simply put, any device that can access your company’s network must be protected by your company’s firewall.
- Training your employees on the threats of cyber attacks: teach them how to recognize spam, phishing emails, and other forms of malware. Ask them to report any potential cyber security threats to management.
- Limiting network access by contractors and other non-employees.
- Removing ex-employee’s network privileges immediately: disgruntled former workers are a chief source of cyber security threats.
- Encrypting key information: this prevents third parties from using your data, even if they gain access to it.
- Enforcing sensible passphrase restrictions: company employees should use passphrases that are at least 12 characters long. Each passphrase should include a mix of numbers, letters, and special characters. Passphrases should be changed on a regular basis.
Summing It All up
Nothing can prevent criminals from launching online attacks against your business. But cyber security insurance, combined with sound information management, can cut your risk of falling prey to these schemes. The rewards will include both peace of mind for you and a healthier bottom line for your company.