Cyber insurance is one of the most cost-effective risk management solutions for any organization but all too often, management teams never purchase coverage or fail to effectively use it when a cyber incident is suspected.

For smaller sized companies with, for example, 100 employees, cyber insurance (also known as Network Security and Privacy Liability) can be quite affordable given the appetite in the insurance market to serve smaller to mid size entities. Considering the potentially extraordinary expense associated with a cyber incident, many policies can be a relative bargain for the amount of comprehensive coverage they deliver.

Not only do cyber policies pay the legal settlements and – in some cases – the regulatory penalties associated with cyber events, they also provide services to assist in the evaluation, response and recovery from cyber incidents. In fact, most policies will cover the cost of a breach response team and recommend vendors including IT and forensic specialists, crisis communicators, and legal experts who can greatly facilitate compliance with the regulatory and notification requirements. Beyond that, insurance policies can cover ransomware/extortion, digital asset recreation, and any resultant business interruption related to the cyber incident.

Importantly, this team of cyber first responders is pre-vetted and can be activated in less than 24 hours. If an organization had to negotiate separate agreements with each one, it could take weeks. Negotiating when your business is facing a catastrophic event is never conducive to securing favorable terms.

In our work with private and publicly traded organizations, we help business leaders understand the value of cyber insurance, the many ancillary benefits, and how to overcome the institutional fear of using it in a crisis. In this perspective, we outline best practices in executing a cyber response strategy, including the essential role that cyber insurance plays in comprehensive cyber risk management.

Why You Need Cyber Insurance

Most everyone is aware of the growing risk of cyber threats, but the magnitude and frequency of the attacks are greater than many realize.

An attack can be caused by a number of different breach situations. A breach could involve the sending of confidential information to the wrong email address, or having paper files in the trunk of a car that is broken into, or towed. Malware, ransomware, phishing, financial fraud and social engineering are all increasingly common. Scams involving point-of-sale hardware and software and other credit and debit transactions have resulted in outright fraud and/or the disclosure of confidential information of hundreds of millions of consumers.


For reprint and licensing requests for this article, CLICK HERE.