Cyber insurance is becoming a necessity, but many organizations are struggling to find policies that provide adequate coverage at the right price.
More and more organizations are taking out cyber insurance policies as a hedge against the threat of a security breach. According to DataM Intelligence, the global cyber insurance market is expected to see a compound annual growth rate of 26.7 percent through 2031.
Generally speaking, cyber insurance covers the costs of investigating a security breach, notifying individuals whose personal information was exposed, offering credit monitoring to affected individuals and providing advice to determine any legal obligations. Some policies also provide coverage for public relations expenses and losses due to downtime and business disruption. In addition, cyber insurance policies will pay certain third-party costs, such as damages and judgments related to the breach and regulatory fines and penalties.
Increasingly, cyber insurance policies also include media liability and privacy liability coverage. Media liability covers claims arising from information or services provided through a company website or other electronic means. This can include claims of libel, slander, or copyright or trademark infringement. Privacy liability policies cover first- and third-party expenses that aren’t necessarily related to a data breach, such as wrongful collection of data and other human and technical errors.
What to Look For
There are a number of things to consider when buying cyber insurance. As an initial step, organizations should gain an understanding of the potential cost of a security incident and what types of incidents need to be covered so they can obtain adequate coverage. It’s also important to understand the definitions, thresholds and exclusions in the policy. All policies should be read carefully with an eye toward any loopholes that might void the coverage or enable the insurer to deny a claim.
Of course, organizations still need to take steps to prevent a data breach, even if they take out cyber insurance. Insurance simply shifts a portion of the financial risk to the insurance company. Certain costs will be covered, but organizations still have to deal with the fallout of the breach, which is stressful and disruptive and can sour customer and business partner relationships.
When filling out an application for a cyber insurance policy, organizations should be prepared to answer the insurer’s questions about their security posture. After all, the insurer is assuming some of the risk, so they want to ensure that the policy holder has certain bases covered.
Documentation Required
In fact, many insurers are requiring organizations to provide more extensive documentation so that they can better evaluate the potential risk. Organizations that do not provide adequate information or lack the specified security controls may not be able to obtain a policy. If they do, they may be required to pay higher premiums or accept lower coverage limits.
In a recent survey by RSM MMBI, 70 percent of middle market executives said their cyber insurance premiums had increased. Many plans have also dropped coverage for ransomware and data theft due to extensive losses in these areas. Just 51 percent of respondents said they had coverage for extortion (including ransomware) compared to 64 percent in 2022. Fifty percent said they had coverage for data theft, compared to 62 percent the preceding year.
That’s where a managed services provider (MSP) can help. A qualified MSP can assist with filling out the cyber insurance application and providing any documentation that may be required. The MSP can help organizations improve their security posture so they can confidently check all the boxes.
Demand for cyber insurance is rising as security incidents continue to make headlines. Cyber insurance provides valuable protection that can help defray the cost of a security breach, and MSPs help maximize the value of that protection by bolstering the organization’s security posture.
