As cyberattacks become a daily threat to businesses, many companies still forgo cyber insurance due to perceived high costs. However, experts warn that this could be a dangerous oversight, especially as the demand for cyber insurance grows.
Cyber insurance offers companies financial protection in the wake of cyberattacks, such as data breaches or ransomware incidents. It helps cover the often crippling costs associated with such events. Despite this, a significant number of businesses remain uninsured, leaving them vulnerable to potentially devastating financial consequences.
The Growing Need for Cyber Insurance
Cybersecurity incidents are on the rise, and with every business relying on digital infrastructure in some form, the risks are higher than ever. Shruti Engstrom, Senior Vice President of errors and omissions/cyber at risk management firm Aon, highlights that cyber insurance has become a necessity for companies of all sizes.
“This is a risk that isn’t going away,” Engstrom explains. “All companies can benefit from cyber insurance.”
With the global average cost of a cyberattack now standing at £4 million according to IBM, businesses without insurance are leaving themselves exposed to considerable financial damage.
Financial Protection and Expertise
While the immediate financial protection offered by cyber insurance is a key benefit, experts note that insurance policies also provide businesses with access to vital incident-response expertise. Stephen Boyer, co-founder and Chief Innovation Officer at Bitsight, emphasises that insurance offers more than just a payout after an attack.
“If a company experiences a cybersecurity incident, having insurance means they can tap into a world of expertise they might not have known existed,” Boyer says. This includes everything from cybersecurity tools and legal support to assistance with ransomware negotiations.
For many businesses, this expertise can be invaluable in navigating the complexities of a cyberattack and minimising damage.
High Costs of Cyber Insurance Still a Deterrent
Despite the benefits, the cost of cyber insurance remains a barrier for many organisations. The Cyber Readiness Institute estimates that policies can range from £400 to £4,000 annually, with smaller companies often seeing this as an unnecessary expense.
However, Boyer stresses that the financial impact of not having cyber insurance could far exceed the cost of a policy, especially when factoring in the potential damage to a company’s reputation.
“Cyberattacks can be incredibly costly to an organisation’s bottom line and its standing with customers,” Boyer warns. “Not having coverage in place could be a decision companies come to regret.”
What Cyber Insurance Covers
Cyber insurance policies can offer a range of protections, typically split into two categories: first-party and third-party coverage.
First-party insurance covers the direct costs incurred from a cyberattack, such as legal fees, forensic investigations, stolen data recovery, and lost income. Some policies also cover the costs of ransomware payments, although this remains a contentious issue, with critics arguing that it incentivises hackers to continue targeting businesses.
Third-party coverage, on the other hand, deals with legal claims from customers, vendors, or partners who may have been affected by a data breach or cyberattack.
While these policies provide a safety net for many businesses, it’s important to note that they often exclude coverage for intellectual property losses, pre-existing incidents, or acts of terrorism. Additionally, structural cybersecurity improvements or the hiring of additional security staff are not typically covered under most policies.
Choosing the Right Cyber Insurance Policy
When selecting a cyber insurance policy, business leaders are urged to ask detailed questions about coverage. Policies can vary significantly depending on the provider, and it’s crucial to understand the exclusions and limitations.
“One really important thing to go through with your carrier is the specific exclusions in your policy,” advises Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University. “The more you can get into the specifics, the less likely you are to be taken by surprise when you’re trying to file a claim.”
Business owners should also enquire about how premiums are calculated, which cybersecurity measures are required, and what support is available in the event of a claim.
Understanding the claims process is key. “Leaders need to know that their insurance company will be there for them every step of the way,” Engstrom explains.
The Bottom Line
For many companies, the decision to purchase cyber insurance could make the difference between recovering from an attack and facing financial ruin. With the growing risk of cyberattacks and the financial devastation they can bring, experts agree that ignoring the need for coverage is a gamble not worth taking.
Understanding the unique risks a business faces and ensuring the right coverage is in place could be the smartest move leaders make in today’s cyber-threat landscape.
