Worried About Cybersecurity Insurance? Ask an Expert
- Posted by Compass Computing Group, Inc.
- On April 2, 2021
- 0 Comments
- computers security, it services, IT support, managed it services, network security
When was the last time you thought about cybersecurity insurance? If it’s been a while since you last examined your policy or your options, it’s probably time to revisit this critical component of any sensible IT solution.
With so many external economic factors distracting us these days, we understand how easy it can be to let cyber insurance slip through the cracks. Many businesses erroneously believe their general liability insurance will cover a data breach or ransomware event or think their IT solutions are robust enough to prevent one from occurring in the first place.
Even the most secure businesses should have cyber insurance in place. If you’re skeptical, don’t just take our word for it.
Cybersecurity Q&A with Our Trusted Expert Joshua Keene
Recently, we were fortunate to sit down with Joshua Keene, an Accredited Advisor in Insurance from specialized business insurance agency Elliott, Powell, Baden & Baker, Inc. As one of Compass Computing Group’s trusted partners, he is uniquely placed to help our clients understand the benefits of cyber insurance and how this industry could change in 2021.
Here are some frequently asked questions on cyber insurance from our Managed IT services clients, accompanied by Joshua’s thoughtful responses.
Why is cybersecurity insurance more important than ever?
Cybersecurity attacks, like phishing, malware, and ransomware, are quickly becoming some of the primary causes of loss within the business community. Cybercrime-related damage is set to cost businesses an astonishing $6 trillion annually, dwarfing costs from traditional hazards, such as fire, floods or theft.
Besides the fact that costs related to cybercrime are rising, it’s important to note that most standard commercial insurance policies do not cover hacks, data breaches or related events as they would a traditional hazard such as a natural disaster or burglary.
No business is too small for an attack, and requested ransom payments are growing by the quarter. One 2019 study found that the average payment had risen to $84,116 per incident, a 104% increase within 3 months. This cost also doesn’t reflect potential losses of revenue due to reputational damage or loss of productivity. With these events generally excluded from commercial insurance policies, it’s essential to ensure protection through dedicated cyber insurance.
Protecting our data security with insurance seems expensive. Is it?
Small businesses exploring cyber insurance are often surprised to see that their premium is similar to that of their entire package policy, which includes coverage for property, liability, auto, etc. That’s because cybercrime is a more common cause of loss in 2021.
One benefit of this popularity is that as more businesses buy into the cyber insurance pool, it will get cheaper across the board. Rates are a fraction of what they were 5 to 10 years ago and are trending downward.
Cyber insurance premiums are also much cheaper than the cost of getting back to business after an attack, which can take months and currently costs an average of $3.86 million per breach.
Do I need cybersecurity insurance if I have an MSP or MSSP?
Absolutely, yes. If your Managed Services Provider (MSP) or Managed Security Service Provider (MSSP) is hacked or has an incident of their own, you don’t want to have to wait on their carrier to respond. If you have your own carrier, their response will be entirely focused on finding temporary solutions to get you back to business. They will also pay for any extra expenses incurred due to the interruption of your service.
Although your MSP/MSSP should have coverage as well as the appropriate risk transfer agreements in your contract, they can never guarantee that their security systems are impenetrable. Cyber insurance is a necessary secondary line of defense.
If my business doesn’t handle sensitive data, do I still need cybersecurity insurance?
Yes. Take this situation as an example:
Let’s say your company website is designed to drive leads to your business, and the contact form on your website is down for two days. Cyber insurance can help defray the cost of hiring an information technology expert to get to the bottom of the issue quickly, so you don’t lose more leads.
Even if you’re doing everything right, hacks can still occur. In some situations, hackers may try to wreak havoc on your business by replacing a key post or page with pornographic images. If someone clicks that link on your site and sees those graphic images, they could file a personal or advertising injury lawsuit against your company.
Both of these incidents could potentially be damaging and costly, and neither involves sensitive data.
If my organization has been breached, how might that affect my premium?
Prior incidents affect rates and eligibility in the same way a car accident can affect your auto insurance. Some carriers won’t cover you, while others may charge more. Either way, the carrier will want to know the full details of what occurred.
Being able to identify what happened and why is important, as is demonstrating that you’ve implemented new processes and systems to prevent and respond to future attacks. These actions may help carriers feel more comfortable insuring against these risks.
What’s in store for 2021 in terms of cyber insurance?
It’s been predicted that in 2021, a ransomware attack will happen every 11 seconds, down from 14 seconds in 2020. The global cost for ransomware events is set to top $6 trillion in 2021, with around $20 billion of that happening within the United States.
Cybersecurity has never been more critical for businesses that don’t want to lose everything due to a breach or hack.
What needs to be included in a comprehensive cybersecurity defense strategy?
The following are all questions to be answered that will help frame your advanced security defense strategy.
|Are you aware of any circumstances that could give rise to a claim?|
Do you implement encryption on laptops, computers and other connected devices, such as mobile devices?
Do you have a firewall?
Does your company collect, process, store, transmit or have access to any of the following?
– PCI/Payment card information
– Health records or anything affected by HIPPA compliance
– Personally Identifiable Information (PII) for employees and customers
– Protected Health Information (PHI) for employees and customers
Within the last 3 years, has your company been subject to any complaints concerning the content of its website, advertising materials, social media or other publications?
Do you maintain at least weekly backups of all critical or sensitive data?
Have there been any cyber claims in the last 3 years?
Do you require a secondary means of communication to validate the authenticity of funds transfer (ACH, wire, etc.) requests before processing a request in excess of $25,000?
Do you require employees to take data/cybersecurity awareness training?
Do you use multifactor authentication?
Do you have Endpoint Detection and Response (EDR) in place in place?
Fill Data Security Gaps with Help from Compass Computing Group
Joshua and his team trust Compass Computing Group to fill in the preventative gaps that keep plan costs down and companies protected. You should too.
Partner with us today to ensure there are no dangerous gaps in your cyber security plan. We work with some of the best vendors in the industry, including SentinelOne, Axcient, MS Office 365 and Proofpoint, to protect your data, enhance your productivity and keep your business thriving.
Contact us today for a complimentary security audit to see if there are any gaps within your existing IT solutions.