There is a large discussion, and no small amount of pressure, for businesses to obtain cyber insurance policies. Articles appear in a range business and technology publications, from the Memphis Business Journal to the Wall Street Journal, and from Inc. Magazine to Forbes. But getting the right cyber insurance policy is not easy, and can be costly. And while cyber insurance helps cover damages, many policies do not provide immediate assistance with managing your response to an attack or data breach.
For SMBs, three key cyber insurance considerations are the barriers to entry, coverage exclusions, and coverage delays.
- Barriers to Entry
- Most cyber insurance policies go through underwriting to determine coverage limits and premiums. This means the insurer will want to review and audit your security related policies, procedures, and technologies. Insurance carriers may also demand that you invest in new or additional measures in order to qualify for a policy or to ensure the premiums will be affordable. For many small and midsize businesses (SMBs), this process requires specialized skills, time, and money. Many SMBs will need to spend over $5,000, with some spending up to $20,000, in order to pass the underwriting process.
- Coverage Exclusions
- Cyber insurance claims are routinely reduced or declined due to non-compliance with policy requirements. Even after the underwriting process, most cyber insurance policies include dozens of security requirements that must be in place and properly maintained. Any gap or misstep can be costly.
- Coverage Delays
- If your business is the victim of a cyber attack, your response has legal requirements and requires specific technical expertise. Claims processing can delay your ability to secure the resources you need for hours or days.
Clearly, cyber insurance one piece of the solution, along with appropriate security measures.
Having a Breach Response plan and resources in place will save you time and money.
In any cyber attack, start by assuming the attackers have stolen information. If an attack can encrypt your files, it can steal under-protected files and data from your systems. With a data breach, federal and state laws dictate a range of reporting and communication requirements that, if missed, can trigger fines and legal action. With a data breach, you need a range of expert resources and you need them quickly.
- Legal Expertise fluent in cyber security laws and regulations helps ensure you comply with reporting and communication requirements to minimize your legal and financial exposure.
- Forensics Expertise can identify the cause, timing, and scope of the attack and any breach, and can help validate that the issues allowing the breach have been resolved.
- Public Relations Services will help you communicate with employees, vendors, customers, and as is often the case — the press. Providing accurate and appropriate information can protect your business relationships and your public reputation.
- Contact Center Services provide a place for customers, vendors, and associates to call for timely and accurate information. You are further protecting your business relationships and reputation.
- Credit Monitoring for individuals whose personal or business information may have been compromised can reduce litigation risk and may be required by law.
While cyber insurance policies generally cover these services, most do so as part of the claims approval process. As such, you may be out of pocket for thousands of dollars and fighting for reimbursement once your claim is processed.
By subscribing to a Breach Response service, the resources and expertise you need are available instantly, 7×24, without any additional cost over the monthly or annual fee. These services often include basic cyber insurance policies that do not require any underwriting. For many SMBs, the annual cost of this type of Breach Response service, with basic cyber insurance coverage, is significantly less than the cost of the underwriting process for a traditional cyber insurance policy. Additionally, you can use this policy for coverage until they completing a policy with underwriting, or to cover initial loss coverage under a higher deductible (lower premium) traditional cyber insurance policy.
For more information about Breach Response Services and affordable Cyber Insurance, please contact us for a no obligation Cloud Advisor call.