Why Your Organization Needs Cyber Insurance

This blog was originally published by SafeBase here.

Written by Kevin Qiu, Director of Information Security at SafeBase.

Security Incidents Are Becoming Increasingly Expensive

Cyber security products and defensive techniques have come a long way over the past few years as cloud computing has taken center stage in the technology world. Organizations are now investing billions of dollars to protect their sensitive data and assets. Yet despite these improvements, the average cost of a data breach continues to rise. In response, many forward-facing organizations have begun to purchase cyber insurance to supplement their general business liability coverage.

What Does Cyber Insurance Cover?

As with other types of corporate insurance, Cyber Insurance allows organizations to file claims for costs associated with a security incident, such as:

• Digital forensics investigations
• Public relations firms
• Credit monitoring for affected users
• Legal fees and fines for privacy violations

Many traditional errors and omissions policies do not cover loss of customer data, and thus cyber insurance is often a separate policy.

Some insurance providers go above and beyond and provide smaller policyholders who don't have internal security teams with a 24/7 incident response hotline to provide assistance in the event of an incident. In addition, they occasionally have formal partnerships with incident response firms that helps to lower the overall cost of a data breach.

Big Customers Want to See Your Policy

In addition to the benefits outlined above, Cyber Insurance is also becoming an increasingly required ask from large, and even medium-sized, enterprises. Many security teams are starting to require their third-party software vendors to have suitable coverage during the review process. Many smaller companies are often caught off guard by this requirement and are forced to scramble to buy a policy. Fortunately for them, many policies can be purchased fairly quickly online from most major insurance brokers, either standalone or bundled with other types of insurance.

Companies that store the following types of customer data are generally expected to have Cyber Insurance:

• Credit Card Data
• Social Security Numbers
• Protected Health Information

Insurance Can Help Leadership Understand Your Risk Level

As a part of the quote process, insurance brokers will typically require the purchaser to fill out an application detailing information such as company size, revenue, industry, types of data stored, etc. This information is used to determine an appropriate policy based on the overall level of risk. What's nice about this is that it provides leadership with a clear, high level view of the potential cost of a security incident from a financial perspective. In turn, this can make security less of a black box when it comes to budgeting.

Consider Obtaining Cyber Insurance Today

As you can see, Cyber Insurance is an effective way to reduce the impact of a costly security incident at your organization. Most security professionals understand that data breaches can still happen even with best-in-class security practices and tools. As with other typical components of a security program like a Security Operations Center or a Web Application Firewall, Cyber Insurance should be another critical piece of an organization's overall security strategy.