Do I really need cyber insurance? Is cybersecurity insurance worth it? If you’ve found yourself asking these questions recently, consider this:
There probably isn’t a person out there who hasn’t heard of the recent Marriott Hotel chain data breach in late 2018. When you consider that nearly 500 million guests were potentially affected by this breach, it’s clear why this has become a major news story around the globe since Marriott spokespeople went public about the breach. According to a recent Ponemon IBM study, the cost of 50 million records could be $350 million, so when you consider that the Marriott breach is ten times bigger, it’s possible that the Marriott could see expenses totaling $3.5 billion over the next several years.
Hotel spokespeople have stated that, while they do have cyber/privacy liability insurance that is designed to protect them against losses that are related to cyber risks, there’s a good possibility that their coverage might not be sufficient to cover all the losses or claims that could arise in connection with this attack.
The Marriott breach serves as a cautionary tale in two ways:
- Cyber insurance is worth it
- It’s vitally important to pick the right cyber insurance for your needs!
This blog will help you understand why cybersecurity insurance is so important, and what to think about when purchasing cyber insurance for your organization.
Why Do I Need Cyber Insurance?
There is no doubt that we’re living in turbulent times. According to the 2018 CyberArk Global Advanced Threat Landscape Report, 56% of the 1,300 IT Security decision-makers surveyed indicated that targeted phishing attacks were the top security threat that they faced. And long-gone are the days where you’d receive a poorly-written email from someone begging for your help in exchange for large sums of money. These new phishing attacks are state-of-the-art, more convincing, and far more devious than ever before. Whether it’s mimicking banks, utilities, or even the Canadian Revenue Agency, the threats are getting more and more sophisticated, and even the most tech-savvy can be lured into clicking on malicious links.
And when threat actors do get through, it’s not pretty. In fact, the Ponemon Institute’s 2018 Cost of a Data Breach Study estimates that the average total cost of a data breach is $3.86 million (an increase of 6.4% from last year), although that number does go up, depending on how many records are affected by the breach.
According to our experts, anybody who holds onto sensitive or personally-identifiable information needs to have cyber insurance. When you look at these statistics above, isn’t it clear why having cybersecurity insurance is a good idea?
What Should I Consider when Buying Cyber Insurance?
Like other types of insurance, there are different types of cybersecurity insurance policies, with different deductibles. So, how do you make sure that you’ve got the right cyber insurance for your organization?
In order to get the most from your cyber insurance, consider the following:
Are you currently handling or processing credit cards? If so, make sure that the policy you’re buying will cover credit card fine payments.
How much data per person are you holding on to? Pricing is typically based on how much data per person you have in your organization. Consider that, according to recent research, the average cost of each lost or stolen record is roughly $148 USD, so the more records you have, the more insurance you’ll need.
Does your cyber insurance policy cover forensic costs? After a breach happens, you’ll likely be calling in forensics experts who will go through your system and find out what happened. These forensic costs, depending on how complex the breach is, or how long it takes, can be astronomical, so be sure that your cyber insurance policy will cover these costs.
Are your personal assets safe? As an executive, director, or officer of your organization, you may have pledged personal assets at some point. Unfortunately, the aftermath of a breach is to sometimes target the executives of the company personally. You need to make sure your cyber insurance policy protects any personal assets pledged.
Does your cybersecurity insurance policy cover business interruptions and data restorations? How much will it cost you if your network goes down for several days? If you were to be the victim of a breach, how much data would you need to restore? Both of these can wind up costing your organization a significant amount of money. Make sure that the cyber insurance policy you’re purchasing will offer to cover business interruptions and data restorations costs.
Cyber Insurance is Only Half the Equation
Making sure that you have the right cybersecurity insurance isn’t the only thing you can do to protect yourself from the threat actors who are just itching to worm their way into your data. Building a strong corporate culture that includes leading security practices, you need to consider several important points:
- Where your data is being stored
- Who has access to your data
- How your data is being accessed
It’s clear that ensuring you have the right cyber insurance is only half the equation. You should also have a plan in place to monitor and respond to cybersecurity threats. For instance, are you running annual security checks on your IT environment to flag any potential risks? Do your employees know what to do in the event of a security breach? The faster you can respond to a cyber attack, the better your chances at reducing your overall costs.
ProServeIT’s Executive Cybersecurity Workshop can help you understand the top cybersecurity concerns that your organization may face, the risks you should be aware of, and how you can improve your organization’s security habits and behaviours.
Have specific questions you want to be answered about cyber insurance?
Don’t leave yourself vulnerable – learn how to protect your organization today and get your questions answered!