Entrepreneurs: Worth buying cybersecurity insurance? Key factors to weigh before investing in one

Keeping your data is safe and beyond the reach of hackers is a must Image Credit: Supplied

Dubai: Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that your business can purchase to help reduce the financial risks associated with doing transactions online.

Cybersecurity insurance can help protect your business from financial losses caused by incidents such as data breaches, ransomware attacks and hacking.

If, for example, your payment system is hacked and the hackers release the stored credit card information of your customers, this policy would cover the losses incurred because of the incident.

This includes the cost of notifying your customers, investigating the incident, and providing credit monitoring services. It would also cover legal fees or settlements if a customer sues you as a result.

Limit crime-induced financial loss

However, insurance experts evaluate how the best cyber insurance carriers in the market currently, are more than a backstop to financial loss.

These insurers will not only provide a comprehensive policy, but will also help evaluate your systems, offer advice on how to better protect your data, and connect you with additional security partners.

Cybersecurity insurance is a new and emerging industry. Companies that purchase cybersecurity insurance today are considered early adopters.

Cybersecurity policies can change from one month to the next, given the dynamic and fluctuating nature of the associated cyber-risks.

As of last year, the cybersecurity market is still young, and many companies are choosing to forgo this type of insurance because of its uncertain return on investment.

Cybersecurity insurance cover?

Unlike well-established insurance plans, underwriters of cybersecurity insurance policies have limited data to formulate risk models to determine insurance policy coverages, rates, and premiums.

Who are insurance underwriters? He or she is someone who manages the insurance underwriting process. An underwriter represents the insurer, not the customer, in the purchase transaction.

As of last year, the cybersecurity market is still young, and many companies are choosing to forgo this type of insurance because of its uncertain return on investment (ROI).

So as cybersecurity insurance is new, policies will vary widely from one provider to the next. To choose a policy, companies should closely review policy details to ensure it contains the necessary protections.

In addition, companies should evaluate whether policies provide protection against known and emerging cyber incidents and threat profiles.

Global push for cyber insurance

Regulators worldwide are encouraging businesses to improve their cybersecurity in return for more coverage at more affordable rates.

The loss, compromise or theft of electronic data can have a negative impact on a business, including the loss of customers and revenue.

Businesses may be liable for damages stemming from the theft of third-party data. Cyber liability coverage is important to protect businesses against the risk of cyber events.

Cyber-risk coverage can assist in the timely remediation of cyber-attacks and incidents.

Cyber-risk coverage can assist in the timely remediation of cyber-attacks and incidents. Here’s a popular example.

How Sony’s PlayStation Network was breached by hackers
In 2011, Japan-based conglomerate Sony’s PlayStation Network was breached by hackers, exposing personally identifiable information (PII) of 77 million PlayStation user accounts.

The breach prevented users of PlayStation consoles from accessing the service, an outage that lasted for 23 days. Sony incurred over $171 million (Dh628 million) in costs related to the breach.

Some parts of this cost could have been covered by a cyber-insurance policy, but Sony did not have one in place.

A court case ruled that Sony’s insurance policy covered damage to physical property only, leaving Sony to incur the full amount of costs related to cyber damages.

How does cyber insurance work?

Cyber insurance policies are sold by many of the same suppliers that provide related business insurance, such as business liability insurance and commercial property insurance.

Most policies include first-party coverage, which applies to losses that directly impact a company, and third-party coverage, which applies to losses suffered by others from a cyber-event or incident.

Businesses that create, store, and manage electronic data online, such as customer contacts, customer sales, PII (explained above) and credit card numbers, can benefit from cyber insurance.

In addition, e-commerce businesses can benefit from cyber insurance, since interruption related to cyber incidents can cause a loss in sales and customers.

Similarly, any business that stores customer information on a website can benefit from the liability coverage that cyber insurance policies provide.

Be it ransomware, phishing emails with embedded malware, or even social engineering attacks, companies are finding themselves the target of a cyber-attack all too often.

What is not covered under this insurance?

Cyber security insurance won’t cover everything and all eventualities. Common examples include:

  • Predicted, potential or future lost profits
  • Any business devaluation due to theft of your Intellectual Property (designs, moulds, specifications, etc.)
  • Any costs you have incurred in improving your own technology and systems internally, including any software or security upgrades that you have purchased and installed following a cyber-event as insurance seeks to put you in the same position that you were prior to suffering a loss
  • Any physical damage to your hardware like accidental damage, water damage, fire, or breakdown of the equipment
  • Any money that you have transferred from your account because of or in response to any phishing attack

Key takeaways

As current research shows, if a global pandemic that ushered in a new era of working remotely has taught us anything, it’s that cyber risk is more prevalent than ever before.

Be it ransomware, phishing emails with embedded malware, or even social engineering attacks, companies are finding themselves the target of a cyber-attack all too often.

Every company faces cyber risk, no matter their size, but the bigger you are, the more areas of vulnerability you have.

Even before the pandemic, cyber insurers were tightening their underwriting guidelines and asking for more details to better understand the risk they were insuring.

Not all cyber insurance policies are created equal and having an insurance broker trained in the nuance of this line of insurance can be a valuable partnership for any business.

Businesses that rely heavily on their computer systems for operations should also purchase cybersecurity insurance since any downtime could cost them money without losing any customer data.