busisness owner purchasing cyber insurance

How to Choose a Cyber Insurance Policy

A cybersecurity breach can be detrimental to a small business. In fact, according to the National Cyber Security Alliance, 60% of small businesses that are targets of a cyberattack close within six months.

In their 2021 report, the Government Accountability Office found that more insurance clients are opting-in for cyber coverage—up from 26% in 2016 to 47% in 2020. At the same time, U.S. insurance entities saw the costs of cyberattacks nearly double between 2016 and 2019.

There are some important factors to consider when choosing the right cyber insurance for your business. Consider these variables so you are sure you acquire the right coverage for you.

What is Cyber Insurance?

Cyber insurance, also called cyber security or cyber liability insurance, covers businesses against losses resulting from data breaches. This form of insurance primarily applies to businesses that run secure networks as part of their daily operations.

A cyber attack on a business without cyber insurance may result in legal fees, compromised data, and the loss of computer systems. 42% of small businesses have experienced a cyberattack within the past year and 53% have experienced multiple data breaches. 

What Do Most Cyber Insurance Policies Cover?

Coverage varies depending on the policy. However, cyber insurance generally covers: 

  • Fines, legal fees, and penalties
  • Credit and fraud monitoring services
  • Finding and addressing the security defect
  • Notifying customers of a data breach
  • Restoring the personal identities of affected customers
  • Recovering compromised data
  • Repairing damaged computer systems

What Do Most Cyber Insurance Policies Not Cover?

Cyber insurance is a must for anyone depending on a digital infrastructure to run their business. These coverage policies help protect businesses against the financial devastation of a cyber attack.

What Happens to My Business If I Don’t Have Cyber Insurance?

A cyber attack on a business without cyber insurance can result in the loss of hundreds of thousands of dollars between:

  • Various legal fees and fines
  • Recovery of compromised data
  • Damaged computer systems, and
  • Other necessary costs

The average small business pays $690,000 to recover from a cyber-attack. Middle-market companies can pay upward of $1 million.

How To Choose the Best Cyber Insurance Policy For Your Business

Choosing the right policy, like choosing your car insurance or health insurance, will depend on your company’s size and your industry’s threat levels.

First, Make a List of What You Want Covered

There are many reimbursable expenses that these insurance policies can cover, such as:

  • Investigations into the Cause of the Breach
  • Business Losses Arising from the Breach
  • Privacy Protection and Breach Notification
  • Lawsuits and Extortion

We recommend deciding which –if not all– of these expenses you want covered in your insurance. Your broker can also be a valuable asset in explaining what can be covered while you are selecting your policy.

Take a Look at Deductibles

Just like any other insurance policy, cyber insurance will have deductibles. Be sure to compare deductibles closely among insurers, just like you do with health, vehicle, and facility policies.

Understand if the Policy is a Stand-Alone Policy or an Add-On

Your existing insurance provider may offer cyber risk insurance as an add-on to your current policy. However, a stand-alone policy will provide more comprehensive coverage than add-on policies.

Does the Policy Cover Accidental Actions?

For business owners looking into purchasing cyber insurance, it is important to choose a policy that covers unintentional employee actions. Why? Employees often inadvertently cause cyber breaches and attacks. This can happen through staff responding to a phishing email, clicking an infected attachment or visiting the wrong website. 

While not all cyber attacks are a result of these actions, these mistakes are still common and can happen quickly and often to almost any member of staff.

The good news? Your business may be eligible for a discount for employing preventative measures –such as a cyber security training course for staff – to reduce the risk of a cyber attack.

Understand Your Third-party Risk

According to TechTarget, “ risk extends beyond traditional technology perimeters. A third-party risk management program is critical to understand supply chain risks and collect the relevant signals to inform organizations about their attack surface, security hygiene, insurance coverages, and data protection and privacy practices.”

A supplier risk assessment should look closely at the insurer’s own security hygiene, governance, policies and controls.

You may want to ask:

How do coverage and limits apply to both first and third-parties? For example, does the policy cover third-party service providers? On that note, find out if your service providers have cyber insurance and how it affects your agreement.

Speak With an Experienced Insurance Broker

Choosing the right cyber insurance policy can get tricky, especially with the  constantly evolving nature of cyber attacks. By partnering with a broker who understands your business and its risk level, business owners can better ensure that they are receiving the coverage they need as well as taking the proper steps to prevent cyber attacks.

Have More Questions About Cyber Insurance?

Apex Risk & Insurance Services was specifically founded to fill the service and consultative gap left by agency consolidations in the insurance marketplace. These consolidations have left customers who are used to a boutique service approach with no personal connection to their team.

Apex brings the high-touch service proposition back to the San Diego business community and beyond.

Read on to learn more about how to protect your business from a ransomware attack.