Have you considered applying for cyber insurance?
Experts say it’s no longer a question of if, but when your company will be affected by a breach. Considering the high risk and potentially devastating consequences of a data breach or cyber-attack, more and more companies are turning to cyber insurance for protection. But is it something small businesses really need? Does your company meet the criteria to qualify for cyber insurance? What do cyber insurance companies want from clients?
Let’s look at what cyber insurance can offer SMBs and what insurers will want to know about your company before approving you for cyber insurance.
What does cyber insurance cover?
A cyber insurance policy can provide you with a range of coverage options to help protect you from data breaches and other cyber security issues.
Cyber insurance is also called cyber risk insurance or cyber security insurance.
It will usually cover cyberattacks and data breaches that involve sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.
Cyber liability coverage may include:
- The cost of investigating a data breach
- The cost of notifying your customers and the authorities
- Legal fees and compensation costs in case you get sued
- Legal fees if you face penalties by local or international authorities
- Some regulatory penalties and fines
- The costs of restoring lost data, systems, and your website
- Income lost and extra expenses if your business is interrupted
- PR/restoring your reputation and managing customer relationships
Make sure you read the details of your policy to see what it covers.
Who needs cyber insurance?
Any business that collects, stores and manages people’s personal data online, including contact information, sales records, credit card numbers, ID numbers and other personal information may be at risk of data breaches.
Online retailers, healthcare and financial services and any other organization that store customer information on their websites can benefit from a cyber insurance policy.
Do small businesses need cyber insurance?
Most of the high-profile breaches that make the news involve huge corporations, so it may surprise you to learn that 43% of all data breaches actually hit small and medium-sized businesses, according to Verizon’s 2022 Data Breach Investigations Report.
Small businesses are a favorite target for hackers, simply due to a lack of resources.
Most small businesses say they do not have an effective plan in place or funds set aside to protect against a cyber attack or remediate the damages of one.
The lost revenue from business disruption and downtime, plus the reputational damage associated with data breaches can be especially devastating to new companies that are struggling to establish themselves.
Cyber insurance can’t stop a cyberattack. But it can provide a safety net of coverage, plus expert help that could keep you from going out of business because of a data breach.
What do insurers want to see from your company?
Insurers will want to see what your company is doing to protect personal data and manage security risks online.
Show them that you have policies and procedures in place to protect PII, plus technology/software to support your efforts.
Insurers may want to see that you use:
Regular system updates
Regular data backups to external media or a secure cloud service
User access rights and permissions policies
An incident response plan
- Cyber awareness training for employees
Insurers can deny you coverage if you do not continue putting your security policies in practice during the entire duration of your policy.
What scenarios will not be covered by a cyber insurance?
- Current or past breaches and incidents
- Incidents caused by employees or insiders
- Problems caused by existing issues you’ve failed to correct
Get your security systems and procedures in order and keep them that way. This is a must, both to qualify for insurance and to continue to benefit from coverage.
Software as protection and as qualification
Although you are not required to use specific privacy software to qualify for insurance, using such tools is a great way to show insurers that you are doing your part. And automating your personal data management tasks reduces the risk of common human errors that could cause breaches and disqualify you from coverage.
At Safe Online, we develop tools that include log files and documentation so that you can demonstrate that you are a responsible data controller. Our tools are: