Cyberattacks pose an existential risk to all types and sizes of organizations. Even with advanced cybersecurity practices in place, vulnerabilities may still be exploited to attack.
One way to mitigate those residual risks is to purchase cyber insurance policy. Actuarial science allows insurers to assess risk and create policies.
Data Breach Coverage
Data breach coverage can help offset costs associated with data loss such as legal fees, credit monitoring services, and lost business. It may even cover the expense associated with hiring a forensic firm to investigate the cause and identify vulnerabilities in an incident response plan.
Expert forensic analysis can assist companies in better identifying the nature and extent of a cyberattack and quantify its losses, helping to set appropriate policy limits. Some cyber policies offer per-occurrence or aggregate limits while others may cover business interruption or income loss coverage as well.
Many insurance providers offer cyber insurance policies as an add-on or integrate into a general liability policy, according to Palumbo. But in order for such policies to be effective, clients must first have an effective security posture, which involves implementing proper cybersecurity protocols as well as permitting their insurance provider to audit the client’s infrastructure prior to providing an estimate quote.
Business Interruption Coverage
An important step in mitigating cybersecurity risk involves creating an incident response (IR) plan. An IR plan outlines how your organization will react in case of a cyber security breach and contains measures intended to minimize damage and impact.
Insurance should be an integral component of your IR strategy, particularly business interruption coverage. This type of policy protects your company against losses that occur as a result of sudden or extended cessation of operations caused by direct physical loss, damage or destruction to property.
Risk transference is one of the four risk treatment methods, and involves shifting the burden of potential threats onto an outside party. An example is purchasing insurance policies as this helps mitigate any financial impact from cybersecurity attacks or other forms of risk events as well as providing your organization with protection for expenses associated with recovery and restoration expenses. It’s an ideal solution for organizations wanting to minimize exposure but may not be able to completely eliminate risk altogether.
Identity Theft Coverage
Identity theft occurs when someone uses your personal information without your knowledge and consent, such as credit card numbers or Social Security numbers, without your knowledge and approval. It can result in financial losses, an impaired credit rating and emotional trauma.
Identity thieves may gain access to your information through emails, texts messages, social media or digital public records and use it fraudulently – be it making purchases in your name, filing taxes or accessing medical services in your name.
Identity theft insurance reimburses the costs associated with recovering your identity, such as lost wages and notary and certified mail fees, though it typically doesn’t cover direct monetary losses such as credit card fraud. Some policies offer credit or identity monitoring capabilities that detect unauthorized activity on your report and alert you when something suspicious occurs – you can purchase this coverage independently or as an add-on policy; typically costs vary between $20-60 annually.
Ransomware Coverage
Ransomware, an increasingly prevalent cyber threat, typically blocks access to company data, websites and client services systems. Such attacks can cause serious disruption for a business by siphoning off revenue and incurring 3rd party damages. To help mitigate against such risks, many cyber insurance policies include coverage for ransomware extortion via an insuring agreement known as cyber-extortion coverage; Coalition offers its policy with a dedicated sublimit specifically for ransom payments as well as costs related to digital forensics and restoration of lost assets.
Experience of a ransomware attack can have devastating reputational repercussions, necessitating costly public relations efforts to repair. To combat this risk, many cyber policies provide coverage for crisis management services expenses.
Agents and brokers should take extra steps to ensure their clients can access this vital coverage by carefully reviewing all policy language including ransomware attack sublimits and exclusions, as well as any OFAC (Office of Foreign Assets Control) exclusions which could impede its availability.