Cybercrime and data breaches have grown increasingly prevalent over the past two decades. Millions of personal records are exposed each year as a result of these incidents, and businesses and organizations of all kinds suffer the repercussions. Cybersecurity insurance can help mitigate cybersecurity risk, but companies should understand who needs cybersecurity insurance, and why, before investing in a policy.
Evaluate and Assess: Who Needs Cybersecurity Insurance?
In response to increasing digital threats, cybersecurity insurance has emerged and gained popularity as a tool to mitigate cybersecurity risk. Businesses, organizations, and government entities like the city of Charleston, West Virginia are turning to specialized policies for protection.
The benefits of cybersecurity insurance are certainly worth considering. However, this relatively new field of insurance is also fraught with policy exclusions, requirements, and limitations that can minimize coverage and decrease the value of the policy.
When determining who should buy cybersecurity insurance, businesses should carefully weigh the benefits of cybersecurity insurance against the cost, asset recovery, and liability indemnification provided by the insurer.
Step One: Determine Who Needs Cybersecurity Insurance and for What Purpose
Often, data breaches and the various associated costs are not covered by general liability insurance policies. The first step in evaluating who should buy cybersecurity insurance is risk assessment. This involves analyzing the potential losses to your business, including damages to any individuals or entities whose personal information you handle, process, or maintain. Potential sources of data breach costs include the following, among others:
- Investigations and computer forensics
- Interruption of work
- Website and system downtime
- Response and customer notification
- Data backup and recovery
- Regulatory fines
- Settlement of claims or defense of lawsuits
- Ransoms demanded by cyber attackers
Regardless of the size of your business or organization, if you process or store customer or client data on an onsite computer system or cloud-based service, including online payments, databases, and more, you should consider the potential benefits of cybersecurity insurance for your company.
Founders, partners, and other highly visible company leaders should also be aware of the possibility of personal cyber attacks to gain access to private company data. Individuals who believe they could be subject to this kind of attack should consider personal protection against such threats.
Step Two: Evaluate the Benefits of Cybersecurity Insurance for Your Specific Situation
Protection against losses sustained by your business and customers in the event of a cyberattack is clearly one of the greatest benefits of cybersecurity insurance. However, the process of evaluating risk and working through the insurance underwriting system offers additional advantages.
Insurance companies are increasingly likely to analyze various aspects of your cybersecurity policies, practices, and systems before assuming any risk. This might force a company to perform a long-overdue security audit, and it can also reveal weaknesses that need to be addressed to more effectively prevent an incident.
The requirements placed on businesses (or individuals) to obtain coverage, along with the financial coverage provided by the right insurance policy, can improve the ability to respond in a timely and effective manner to a cybersecurity incident. For many businesses, these benefits of cybersecurity insurance are worth the investment.
Step Three: Carefully Consider Cybersecurity Insurance Exclusions and Limitations
The cybersecurity insurance market is relatively young. Regulation, litigation, and legislation are only beginning to shape the offerings available. While insurance company requirements for compliance by the insured can be a useful tool for cybersecurity evaluation, these standards can also help insurers justify the denial of claims or refusal to defend insureds.
Notable cases filed by America Online Incorporated, Eyeblaster, Inc., and the National Bank of Blacksburg represent some of the coverage issues that have been litigated thus far with respect to this emerging insurance market.
When investigating cybersecurity insurance coverage, be sure you understand any and all cybersecurity insurance exclusions, limitations, or conditions in your potential policies. If you are unable to meet those requirements, your company might need to reassess its cybersecurity practices or reconsider the actual value of the policy in question.
So Who Needs Cybersecurity Insurance?
Who needs cybersecurity insurance? Probably everyone. However, the next question a business or individual must ask is whether the current market can offer the coverage necessary to make a cybersecurity insurance policy worth the investment. Evaluating the policies available and actively considering the coverage they would afford to hypothetical claims can serve both to instruct your cybersecurity insurance purchasing decision and evaluate the quality of your business’ cybersecurity.
If you or your business need assistance answering questions like “who needs cybersecurity insurance?” or negotiating and litigating legal issues related to cybersecurity, Shuman, McCuskey & Slicer, PLLC can help. Call us at (877) 808-1402 or complete our online contact form to schedule a consultation.