Article Read Time
Many security experts recommend that organizations obtain cyber insurance. However, these same organizations often do not fully understand cyber insurance or its workings.
Just like health insurance cannot keep you from getting sick, or car insurance keeps you from having an accident, cyber insurance cannot keep you from becoming the victim of a cyber attack. However, like health insurance and car insurance, which provide financial assistance after an illness or accident, cyber insurance can also help defray the costs associated with recovering from a cybe rattack.
The most common attacks for which claims are made include ransomware, business email compromise, and fund-transfer fraud.
It is essential to understand that having cyber insurance does not mean you have transferred the risk or responsibility to your insurer, nor does it mean that you do not need cyber security. Ideally, you should have both. (At a minimum, you should have cyber security in place. Cyber insurance is optional.)
Cyber insurance will neither resolve your cyber security issues nor prevent an attack. It will, however, cover the immediate costs incurred after your organization becomes a victim of a cyber attack. These can include data recovery, forensics, legal representation, and customer compensation, among others. Some policies may cover the cost of ransom, but paying the ransom is highly discouraged.
The damages that are not – and cannot – be covered include the cost to an organization’s reputation and future loss of business as a result. As we have noted previously, 60% of small businesses that are hit by a cyber attack go out of business within six months. No policy can prevent that.
Generally, the cost of a policy depends on the size and type of organization, annual revenue, and the security of the network. That is, if your organization has ongoing threat assessments, vulnerability scans, network analyses, endpoint protection, and security awareness training, to name a few, then your policy and coverage will be significantly better than for an organization that has no firewall, no policies in place, and no security training, among other deficiencies. Just like a health insurance policy that will cost more for a stuntman who smokes, has high blood pressure, and bungee jumps as a hobby, while it will cost less for someone who has an office job, has a clean bill of health, doesn’t smoke, and reads for a hobby.
Upon application, most insurance providers will require that your organization have some level of cyber security in place. That is, ongoing cyber security, not just a firewall and anti-virus installed that is never updated.
Recently, many cyber insurance companies have required that insured organizations utilize multifactor authentication for all employees and users of their networks. As cyber attacks become more sophisticated, the level of expectation from the insurance providers increases to help keep you safe…that is, safe from cyber attacks and filing a claim.
At Commonwealth Sentinel, we can assess your existing IT security and collaborate with your team to enhance it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.