Insuring a risk is simply a way to transfer the risk to an insurance company in exchange for the premium payment. If a covered risk occurs, the cost would be paid by the insurance company per the terms of the insurance policy. Risks can be eliminated or they can be accepted and mitigated. As part of the mitigation a firm can insure the risk. Two factors that weigh heavily in the decision of whether or not to insure are the frequency of the risk and the severity of the risk.
Cyber-attacks are becoming more commonplace and firms are at risk. The level of risk depends on the mitigation steps taken; however, the problem with cyber-attacks is that new threats come along frequently and if a firm is not prepared, an attack can be very costly to both the firm and its clients. Below is some information on cyber insurance coverage to help firms in their consideration of whether or not to obtain cyber insurance.
Cyber Insurance – Sample of Covered Risks:
Cyber insurance is not standardized and can cover a myriad of risks including:
- Crisis management coverage – This generally includes expenses related to the investigation, remediation, client notification, communication, credit monitoring for victims, legal and court costs, and regulatory fines.
- Multimedia liability coverage – This covers infringement of intellectual property rights, disruption of e-commerce, or defacement of the victim’s web presence.
- Cyber terrorism coverage – This primarily covers losses due to extortion and the costs related to the event. One common manifestation of this risk is called “ransomware” where the victim’s data is encrypted and the perpetrator demands a ransom to unlock the data.
- Network and Data security coverage – This covers denial of service attacks as well as data breaches from third-party vendors.
- Liability for privacy breach coverage – Generally covers loss of confidential information.
- Business interruption coverage – Covers costs of restoring business and replacing certain business assets.
Considerations in Purchasing Cyber Insurance:
First, inventory your information assets. For example, databases, electronic files, and program data need to be identified. Next, assess the firm’s risks by quantifying the value of the data and anticipating potential cyber threats. This assessment will help provide the foundation for the type of coverage to consider as well as a cost-benefit analysis of the coverage. Finally, work with a knowledgeable insurance agent. A good agent will be invaluable especially since cyber insurance policies tend to be non-standard and have many different features and benefits.
While Core Compliance & Legal Services, Inc. does not specifically endorse any service providers, our clients have shared with us their positive experiences of working with certain insurance companies. For a list or to ask any questions about the information in this blog, please contact us at (619) 278-0020.