Why you should consider cyber insurance
(Last updated on October 18, 2018)
Cyber insurance, also known as cyber liability insurance, covers an organization’s liability for a data breach involving sensitive customer information. As security breaches continue to grow, businesses should operate under the assumption that they will be breached. This entails acquiring the appropriate processes and systems to offset the cost and response time of the incident.
The Ponemon Institute recently released the 2018 Cost of a Data Breach Study: Global Overview report, which estimated the average total cost of a data breach at $3.86 million. Factors that impact the cost include the amount of time before the breach is identified, time spent on containing the breach, the amount of stolen or lost data, and technology investments to speed response time. Other factors that are harder to quantify like negative impact on reputation, cost of business disruption, and customer turnover.
Today, consumers are more aware of their personal data due to the prevalence of mega breaches. Take for example the Equifax breach where the personal and financial details of over 140 million U.S. consumers were stolen. The incident is estimated to have cost Equifax over $400 million, with over $100 million being covered by cyber insurance.
The breach was a result of failing to patch a known bug, but it was the lag in response time and delay in disclosing the leak that resulted in a serious public relations nightmare. The delay in disclosure has left many consumers weary of how organizations are protecting their data.
In the case of Equifax, the numbers were exorbitant. While for the average organization the cost will be a fraction of that, it can still be crippling. This is where preventative and proactive actions can minimize impact. A cyber insurance policy can ensure that the business will not be overwhelmed with costs associated with law suits, investigations, and downtime. Premiums are based on risk factors which can vary across organizations depending on the security policies in place. Investing in technologies such as password policy solutions to block the use of weak or leaked passwords, multi-factor authentication (MFA) to move beyond single points of vulnerability, and security automation tools to speed up incident response time, can decrease premiums.
As a fairly new discipline cyber insurance underwriters use qualitative assessments of a business’ risk-management procedures and risk culture. Having both preventative and proactive security measures can protect your organization in an assume breach world.