Where Cyber Insurance Came From, and Why it MattersThe cyber insurance market emerged when it became clear traditional policies weren’t covering cyber attacks. Typically, this kind of insurance comes with first-party coverage for data loss, DoS attacks, theft, and hacks. Third-party insurance is available too. This deals with any associated costs to an attack, such as legal fees for not compensating your customers properly. Sounds helpful, right? Well, it seems like a lot of SMBs aren’t bothered by it. A report by Beaming showed that just 51% of companies employing 10 – 49 people had a documented cyber insurance policy. Meanwhile, only 38% had insurance for breaches and data theft at the start of 2018. To make things worse, smaller companies appear to be even less fussed. Only 51% of those with under 10 employees were using a network perimeter firewall to stop threats from reaching their systems. And just 30% had intrusion detection systems for spotting malicious activity or policy violations. With cyber-attacks, it’s not a matter of ‘if’. It’s a matter of ‘when’. A lot of SMBs seem to be doing little to protect themselves from a breach or to plan their recovery in the event of one. There’s so much these companies could be doing to reduce the chances of an attack being successful, like sandboxing and patch management. But reducing the chances doesn’t eliminate them entirely. That’s why you need to have a cyber insurance policy in place to help you recover from a breach. Read more: 6 Ways to Stop Common Network Security Threats
How to Choose a PolicyBefore choosing a policy, figure out how you’d respond to a cyber attack. This will help you find one that covers everything you need. Here’s what you should do before picking insurance:
- Estimate how much a data breach will cost you. Think big. Consider what a cyber breach would cost you in terms of cash and assets lost, your employees’ time spent resolving the issue, time spent informing customers and responding to their complaints, compensating customers, paying legal fees, and dealing with poor cybersecurity practices.
- Decide between first or third-party insurance. We talked about what first and third-party insurance policies cover above. Decide which one is right for your business, or if you need a combination of both.
- Work hard to protect your business. Your policy isn’t an excuse to be lazy with cybersecurity practices. Like we said before, there’s a lot you can do to protect your business.
- Educate your employees on cybersecurity. Technology isn’t everything. Your people can be just as helpful in stopping data breaches. But they need to know what to look out for and avoid. One wrong click can be devastating.
- Then, do a cybersecurity audit. Take a look at your people, procedures, and technology. Do they have any cybersecurity knowledge gaps? What action would you take in the event of an attack, and how effective would it be? Is there any way you could be using your technology more securely? An audit can answer those questions for you, and give you advice on how to improve. Our free cybersecurity health check is one such audit.
- Know what your policy covers, and doesn’t cover. Seems obvious, but many of us love to ignore the small print. So read your policy carefully. As your business changes, review your insurance regularly. This will help you ensure your policy’s still fit for purpose, or if it needs a change.