(By Rob Carter, Chief Operating Officer) Leveraging cyber insurance as part of a comprehensive cybersecurity strategy can help organizations offset losses and recoup some of the money spent after a cyberattack.
Most states require organizations to notify customers of a data breach involving personally identifiable information, which can be very expensive. In addition to legal fees and expenses, cyber insurance typically assists with:
- Notifying customers about a data breach
- Restoring personal identities of affected customers
- Recovering compromised data
- Repairing damaged computer systems
The following services are typically excluded from cyber insurance coverage:
- Property damage (such as hardware destroyed by an attack)
- Loss or theft of intellectual property
- Crimes and/or self-inflicted cyber incidents
- Costs of cybersecurity protective measures
- Future loss of profits
Example of Cyber Coverage
Like many insurance products, cyber insurance coverage varies throughout the country. Recovery Point reviewed an offering from a major national insurance company which features the following cyber services: data compromise protection, identity recovery protection, and cyber protection.
Data compromise protection covers employee and customer information in the event of hacking, physical theft of electronic data or hard copy files, procedural errors or fraud. Legal reviews and defense costs are included in addition to forensic information technology services to help determine the nature and extent of an electronic breach.
Identity recovery protection helps fraud victims restore their credit history and identity records to pre-theft status. Under the 2019 Security Breach Legislation Act, businesses are required to provide free credit freezes or identity theft protection for victims of data breaches. Although potentially complicated and expensive, this service helps restore consumer confidence.
Cyber protection protects organizations against damage to electronic data and computer systems from a virus or similar computer attack. It also protects your business’s liability to third parties that may have suffered damage due to your company’s security weaknesses. Cyber protection helps pay for restoring and recreating data, restoring a computer system to its pre-attack level, lost revenue + extra expenses, and public relations services.
Obstacles Found in an Emerging Insurance Market
Deloitte recently published a report on Demystifying Cyber Coverage Insurance. Their research revealed a number of significant obstacles carriers and consumers face with this product.
From the insurer’s perspective, there is a scarcity of historical data which makes it difficult to build the predictive probability of loss models. The nature of cyberattacks keeps evolving so underlying exposure keeps changing. Insurers also fear being overwhelmed by a sudden aggregation of losses.
From the buyer’s point of view, organizations don’t always understand the extent of their cyber risks or insurance options. Cyber policies often are capped by low limits for the coverage. It’s often difficult to assess coverage needs, match policies with exposures, and compare alternatives. Cyber risk may be included in other products including general liability, property, professional liability, business interruption, and crime policies among other standard coverages. Cyber policies also aren’t standardized which can lead to uncertainty.
The pros and cons of cyber insurance can be debated, but it’s fair to say that insurers are more reactive than proactive. It’s great to have cyber protection in a policy to restore data. But how long will it take to get your business up and running if you only rely on your insurer’s solution? How do you know it will actually work?
A solid strategy is to focus on the quality of your backups and creating a clean environment. Recovery Point helps clients develop a surefire backup approach with our 3-2-1-1-0 strategy:
3 copies of data
2 different media types
1 offsite copy
1 air-gapped copy (RPS tape vaulting)
0 No errors with Recovery Point’s managed BPR solution
You’ll get a clean backup which is instrumental in getting your business back up and running. With Recovery Point’s 3-2-1-1-0 approach, you can be certain your backups are up to the task of a quick recovery after a cyber attack.
Get started on your 3-2-1-1-0 backup strategy today. Call 877-445-4333 to speak to a Recovery Point expert.