The road of life is paved with obstacles. While some are anticipated, there’s always a chance a serious, unexpected hazard could be lingering around the next corner. We’ve accepted that there are inherent risks in business and life, and even constructed an entire industry to mitigate them – insurance. Car, health and business insurance immediately jump to mind when discussing this subject, but cyber security insurance is a recent addition to this list of imperatives.
Although cybercrime is mainstream news, many people still don’t know that cyber insurance exists, much less what it is or how and why to invest in one policy vs. another. All it takes is one breach to level a business. There are no test drives when your company’s defenses are challenged by malicious hackers.
That’s why Ricardo Arroyo, Sr. Technical Product Manager and ThreatSync Guru at WatchGuard, gave Intelligent CISO readers a crash course in what cyber insurance is, why your business might need it, and which caveats to be aware of before hitting the gas. Here’s a brief excerpt from the article:
As with all other types of insurance, cyberinsurance is meant to provide policyholders with relief, mostly financial, in the event of a cyberintrusion. Some cyberinsurance is offered as an additional coverage added to an existing policy while some is offered as a stand-alone policy. Each policy is customisable to the needs of the policy holder. This of course makes the cost variable. The core tenant of cyberinsurance deals with covering the cost of dealing with a cyberattack. This typically includes, but is not limited to, the following types of coverage:
- Data privacy – Coverage to offset the cost of losing personal data
- Loss or breach of data – Coverage to offset the cost of losing confidential company data
- Remediation costs – Coverage to offset the cost of dealing with a cyberintrusion such as customer notifications and forensic investigations
- Regulatory fines and/or penalties associated with data breaches – Coverage to offset the cost of fines or penalties enforced as part of federal, state and local laws dealing with data breaches
- Cybersecurity incidents not involving data breaches – Coverage to offset the cost of non data breach-related cyber incidents
- Business and contingent business interruption – Coverage to offset the cost of any service interruption caused by the cyberintrusion (e.g. website offline)
- Cyberextortion – Coverage to offset the cost of payments made to cybercriminals for the return of stolen intellectual property or personal data
- Media liability – Coverage to offset the cost of infringement of intellectual property, copyright/trademark infringement, libel and slander
Take a deeper look at cyber insurance details by reading Ricardo’s complete article on Intelligent CISO, and find out what else cyber insurance might have in store for the security industry this year here on Secplicity.