Recently, Techsure held a conference in London, UK to acknowledge, inform of and celebrate many aspects of insurance. It’s designed to educate the attendees about the tools and tech of the trade, which can be passed on to their clients. ZeroGuard’s Founder and CEO, Cal Leeming, was invited to speak about a growing aspect of the insurance business, that of cyber insurance, and about some of the things to be wary of in terms of data protection and overall security posture.
“Companies in the UK need to be more flexible in their response,” Cal quips, “and in their proactive training and education towards attacking (cyber criminal activity).”
“If you look at (something like) Ransomware,” he continues, “the things that can actually help you recover from that are just simple back-ups; simple IT hygiene which as been lacking.”
While chewing on that food for thought, we thought we’d talk a bit about what cyber insurance actually is…
Cyber Insurance Basics
Cyber insurance is nothing new; it’s actually been around for more than a decade. It is a subset of general insurance that covers businesses and individuals against Internet-based liability and risks. And it’s big business. According to some market research firms, the global cyber insurance market is projected to hit $7.5 billion by next year and exceed $29 billion by 2025.
The main purpose of cyber insurance is to help you or your organization recover from a data breach or identity theft by mitigating all the costs that occur from the incident. Like traditional insurance, there are basically two tiers of cyber liability coverage: first-party and third-party. First-party coverage encompasses direct losses to an organization or individual, whereas third-party coverage extends to claims and legal action taken by customers or partners.
Naturally, coverage differs provider-by-provider, but common areas of coverage include data breaches, identity theft, and personal data theft. There’s also the potential for hefty legal fees, fines, and costs associated with recovering compromised data, repairing systems, restoring the personal identities of affected customers, and notifying customers of breaches. Coverage can also extend into business interruption, extortion, or forensic investigation (the costs associated with uncovering the cause and impact of an attack).
It's important to understand the difference between cyber insurance policies aimed at individuals and those covering an entire company.
Personal Cyber Insurance
While most providers prefer business policies, there are also personal plans which are mostly focused on identity theft coverage. This includes factors such as income protection and the expense reimbursement associated with recovering your identity, restoring your credit history, and legal action against identity thieves. Cyber insurance plans can also factor in computer virus coverage or actual physical computer damage reimbursement.
Business Cyber Insurance
For businesses, cyber insurance policies can get a lot more complicated, mostly because coverage plans can vastly differ from small to midsize businesses (SMBs) to large corporations and enterprises.
Coverage starts with the data you collect and store of customers, such as credit card or bank account numbers, or customer personal information. A basic coverage plan for SMBs might cover breach notifications, credit and fraud monitoring services, the costs associated with hiring a PR firm, and the cost of restoring and recreating data.
Corporate cyber insurance plans generally require more detailed coverage, mostly due to customer volume. On top of risk management for data loss mitigation and prevention, incident response, and third-party costs, the policies also need to scale accordingly.
What’s Next for Cyber Insurance?
While buying insurance through a website is nothing new, where online insurance is pivoting is through the use of cyber insurance apps to sign-up, get quotes, and even to make claims. The advantage here is speed. Users can buy a policy and utilize the cyber insurance protections in seconds rather than spending ages on hold or having to re-enter personal information every time to buy a policy or check status. Only time will tell whether or not consumers feel safe doing this or if it will catch on to become the norm.
Is Cyber Insurance Necessary?
With the amount of cyber crime occurring each and every minute, having protections in place can save you countless dollars, PR headaches and a tarnished reputation in the event of a breach. But really do your homework, find out your exact needs and what cyber insurance company caters to those specific needs.
Finally, it’s important to remember that cyber insurance is by no means a replacement for cyber security. It's not a tech solution; it’s a fail-safe/stop gap for if and when a breach or cyberattack occurs. You should still have effective and up-to-date security tools in place, including antivirus, ransomware protection, and encryption software. Also use password managers and two-factor authentication (2FA) to protect against identity theft.
And to reiterate Cal Leeming’s point that he hammered home at the Techsure conference, education and good IT hygiene are paramount.