Basic Cyber Insurance
It is next to impossible to determine when a data breach might occur, what damage would be caused or even budget adequately in the eventuality that a data breach may occur. Having cyber insurance could help counterbalance unexpected costs arising out of breaches, however, there is no way to insure against such expenses as, diminished reputation or customer disappointment. For this reason, one should never take insurance as secondary to observing decent data security and privacy practices.
Cyber insurance policies differ from conventional insurance, in that they emphasize on alleviating eventual legal liabilities that could arise from data breach. Therefore cyber insurance policies tend to be inflexible in responding to a data breach. An organization therefore ought to involve relevant managers through the policymaking process and each related department made to understand the policy options. Companies looking at cyber insurance as an option should consider the following steps:
1. Evaluate the risks of a data breach.
Before considering insurance, the first step is to assess your company’s overall risk of suffering a data breach and the sensitivity of your company’s data. Assessing the risk could be done by considering your company’s type of industry, the volume and nature of data you handle, your brand reputation, technology infrastructure and the number of third party contractors with access to delicate data.
2. Determine available financial resources for effective breach response.
Prior to investing in cyber insurance, the company ought to determine if they have adequate finances to cover services such as identity recovery and monitoring, breach notification, network downtime, legal, forensics investigation, regulatory penalties, fines and outlays arising from a class-action lawsuit. According to the Ponemon Institute, cyber-crimes in 2011 cost organizations between 1.5 and 36.5 million dollars per data breach.
3. Comprehend your current insurance coverage and carefully evaluate policy options.
Standard insurance covers that organizations take, offer cover for liability coverage for tangible property only, such as replacing stolen workstations. The liability policy however, may not cover the cost resulting from breach of customer data. Cyber insurance can be put in place to cover costs arising from gaps that could cause an organization to be held liable to cover full costs from data breach.
Each cyber insurance carrier’s coverage will vary. Typically cyber insurance coverage should cater for liability for data breaches, regulatory, legal fines and penalties and initial costs to respond to breaches.
These are the common coverage limitations:
- Breaches caused by a Third-party/contractor
- “Paper” breaches i.e. Non-technical breaches
- Data breaches arising from lost data devices such as laptops or flash drives
- Vendors (legal and data breach service providers) may choose which breaches to respond to.
4. Assess your Risk.
An organization needs to perform a thorough security and privacy risk assessment, which in turn could help the organization identify, assess and alleviate gaps in its security and privacy program. Diminishing gaps found could reduce risks in breaches and lower exposure should a breach occure. Documenting the risk assessment could lower insurance premiums and help speed up the underwriting process.
5. Find a legitimate and knowledgeable broker.
A knowledgeable insurance broker who understands cyber insurance will easily break down and compare policies different insurance providers offer. A good broker will help identify and reduce breach risks and validate the need for a policy as part of their value added services.
6. Ensure you have approved vendors.
When responding to a data breach, some cyber insurance policies may require clients to engage the services of use pre-approved vendors as a substitute of their own service providers. Such a limitation in policy could impact the quality of response.
7. Circumvent common pitfalls with insurance carriers.
Disputes on coverage most often arises when the insured has not fully understood the policy. For instance, on the issue of pre-approved vendors, a company could prefer to use its internal resources rather than engage the services of another vendor. It is wise to resolve these minor issues before making the policy binding.
Visit our website if you want to know more about Cyber Insurance or Web Developer Insurance.