Cyber insurance, also called cyber liability insurance, is an essential resource that helps businesses manage their cybersecurity risks. The industry has experienced rapid growth in recent years as the number of cybercrimes (and associated costs) has increased, and there is a greater awareness of cyber insurance among many industries. Most companies these days manage a vast amount of digital data, and it’s often necessary to take certain measures to protect these assets.
A cyber insurance policy can be tailored to meet the needs of any business, regardless of its size and extent of operations. Before requesting a quote, there are a few important considerations to keep in mind regarding the quoting process and how these insurance premiums are calculated. A company may be able to take a number of actions to reduce its overall cybersecurity risk and related costs for insurance premiums.
The Cyber Insurance Quote Process
After a review of available cyber insurance coverage options, the easiest way to proceed is to request an online quote. An online quoting tool will ask a series of questions that usually begin with understanding the location of your business and the industry that it supports. At this point, a digital audit may be done of the corporate website to understand the underlying security practices and any potential cybersecurity vulnerabilities.
For very large and complex businesses, the insurance underwriter may perform an onsite audit to review additional details regarding risk management practices. As we’ll discuss in a later section, there are a number of steps that a company can take to reduce its cybersecurity risks. A business will often receive a detailed quote at this stage and may wish to compare service offerings and coverage details among a few select vendors. After cyber insurance coverage is started, risk assessments are often performed at regular intervals to determine if any factors have changed, increasing or decreasing the insurance premium for the next coverage period.
Cyber Insurance Coverage and Costs
Cyber insurance coverage is typically divided into two forms, first-party and third-party. First-party coverage represents direct costs that a company may incur as the result of a data breach or cybercrime event. Third-party coverage represents legal fees and other costs associated with litigation and third-party actions against the company as a result of the cyber event. In all cases, the specific quote that a company receives is unique and requires a complete assessment of business risk factors.
In general terms, a small business may be able to acquire a cyber insurance policy for around $150 per month, while large corporations could spend significantly more given the proportionally larger damages that could be incurred. An assessment of your unique business risk and potential cost liabilities can help you estimate a cyber insurance plan’s potential return on investment (ROI). In the United States, the average cost of a small business cyber insurance claim related to a system glitch is $1.9 million, while the average organizational cost associated with a data breach is $8.6 million.
Factors That May Impact a Cyber Insurance Quote
There are many potential factors that can impact the insurance premium of a cyber insurance policy. Some factors, such as industry and company size, are relatively static, while the business can directly influence other considerations related to cybersecurity practices. Here are a few of the most common factors that may be worth reviewing.
- Company Size. This includes the number of employees and their distribution among various facilities. Understanding the structure of an organization is an essential factor in understanding potential cybersecurity vulnerabilities.
- Sensitive Data. The collection of data can take a variety of forms and may include sensitive information such as personal health information and financial data. It is important to understand how this data is collected, managed, and stored.
- Claims History. Relevant insurance claim information from past events can be a factor in understanding a particular company’s potential risks.
- Security Protocols. How a company secures its physical and virtual infrastructure is vital in assessing cybersecurity risks. This can include the management of passwords, antivirus software, firewalls, VPNs, and other related security practices. Adoption of other standard security procedures such as device encryption and multi-factor authentication may also be considered when determining an appropriate quote. Lastly, underwriters may consider whether the business has a defined incident response plan and adequate resources to address a potential cyber incident.
- Industry Risks. Certain industries, such as healthcare and finance, handle large amounts of sensitive customer information due to the nature of their industries. These sectors typically require relatively higher cyber insurance premiums as a result.
- Policy Coverage Limits. As with any insurance policy, raising the coverage limits will often increase premium rates accordingly.
A cyber insurance policy can be a valuable way to protect a company’s assets and business interests. Minimizing disruptions in the event of a cybercrime or data breach is a significant priority for cybersecurity professionals, and it is important to understand your risk when requesting cyber insurance quotes. With careful planning, it is possible to research and select a cyber insurance plan that complements a business’s cybersecurity practices and helps reduce risk and liabilities.