Cyber Insurance FAQ – Common Misconceptions

Cyber Insurance or more accurately, Cyber Liability Insurance, is a commonly used term to describe 2 very different forms of business insurance coverage.

Those types of insurance policies are:

Cyber Liability Insurance and Data Breach Insurance

Each kind of policy is not just specific in the types of coverage, but in who HOLDS the coverage as well.

The following information is offered so you can become more familiar with the correct terms and definitions – it is not a solicitation. You should consult a reputable company that offers cyber insurance for specific information about the polices and coverages they offer.

If your business stores personally identifiable information about your employees or your customers, the answer is yes.

It may seem a bit cliché, but would you drive a company car with no insurance?

Or give up your homeowner’s insurance policy?

When drive a car, operate a physical business location or just own a home you become responsible in some ways, for the people that you interact with there.

You keep car insurance because if there’s an accident you do not want to have to pay for someone else’s medical care, benefits, etc.

And a business owner with multiple employees will definitely not want to be exposed to the same kind of financial risk if an employee gets hurt on the job.

In many ways, cyber insurance offers the same kind of protections you think of in those situations, but your risk could be much higher.

Everyone today is at risk of cyber attack and can become the victim of phishing scams. When you hold customer data it’s your responsibility to protect it.

Like it’s your responsibility to drive a vehicle safely, make sure your business is free of obvious physical hazards and the people that visit your home aren’t exposed to undue danger.

There’s no law enforcing that you have cyber insurance, but if you hold PII (Personally Identifiable Information) then yes, you should have it!

Data Breach insurance helps you respond to a breach of your company network and/or the loss of data.

While it’s not completely descriptive, this kind of insurance is also commonly known as RANSOMWARE INSURANCE.

At the very least a data breach policy can help:

  • Notify customer and employees
  • Help your business by hiring a PR firm
  • Offer credit monitoring services to data breach victims

Possibly just as important, you can get data breach insurance coverage that can help you replace your income if you can’t run your business and pay a ransom if you’ve been the victim of a ransomware attack.

Data Breach Insurance is more often recommended to smaller companies, while Cyber Liability Insurance is more appropriate for larger.

Cyber Liability insurance is a more comprehensive policy that overlap some of what’s covered in a Data Breach policy.

It will cover the results of cyberattacks, including paying a ransom – but it will also help you recover lost data and income lost because of the attack.

Your Cyber Liability insurance might also cover:

  • Legal services
  • Customer Notifications
  • Lost income from a network outage
  • Lawsuits related to customer or employee privacy and security
  • Regulatory fines from state and federal agencies

Requirements for Insurance

Before a company will Insure your home, they may send out an inspector to make sure that your roof is in good shape, that it’s a safe place to live and doesn’t present a danger to you or your family. And just as important to them, the frequency and likelihood they’ll have to pay out on a claim.

And before you can get insurance on your business inventory, for example, they may require you to have certain basics, like an alarm system, door locks and well-lit exit signs.

Cyber Liability insurers require a high standard of due diligence on your part as well.

Carriers typically require that insureds follow the National Institute of Standards and Technology (NIST) security standards. This security framework consists of standards, guidelines, and best practices to manage cybersecurity risk.

That’s their version of making sure that you a digital version of the physical security we discussed earlier in place.

The NIST framework includes the follow pieces:

You can learn more about that framework here, but suffice it to say that if a carrier is going to offer you a high level of protection they’re going to require that you do certain things in advance.

Your Managed Service Provider and Cyber Liability Insurance

There’s a common misconception about contracting with a Managed IT Service Provider like Verified Technologies.

That the MSP’s cyber insurance covers you too. Or that it absolves your company of doing everything it possibly can to protect your customers’ data.

An insurance policy that an MSP takes out to protect Its own liability and potential expenses related to its company’s security being breached. It is not the same as insurance protecting YOUR customer and employee data.

The job of your MSP is to provide that framework you’ll need to get insured in the first place – along with your own internal work and policy implementation.

That means the if you decide to contract with a Cyber Insurance company to provide that safety net for your business, you will almost definitely need increased services from your Managed IT Services Partner.

Limitations in Working with Insurance

Insurance companies do not always operate on YOUR timeline, so there is a tradeoff for that additional coverage.

For example, Verified Technologies may have a complete backup ready and waiting to restore, but the insurance company may want to do a thorough investigation before allowing the data restored.

Or they may require an onsite investigation or review of policies, procedures, and employee behavior before letting you restart your company.

And unless you want to void that liability coverage, Verified’s response would be limited.

Insurance Questions

Whether or not, and how much Cyber Insurance your company should carry are complicated questions. Call us now to discuss the pros, cons, and ramifications.

 

Verified Technologies does NOT provide any cyber security services, cyber monitoring, hacking detection services in our regular managed services agreements unless it’s specifically defined in a separate statement of work. Please contact us with any questions.