The average cost of a cyber attack jumped to a record high of $4.52 million per incident in 2021. While security protocols and procedures remain important, a comprehensive cyber insurance policy for your business is still the safest and most reliable way to fully mitigate financial loss from a cyber attack.
Obtaining a cyber insurance policy can be complicated with a wide variety of options and considerations for both the insured and insurer. When a U.S.-based organization wants to purchase cyber insurance, they rely on an insurance broker like GetCyber.com. The broker acts on behalf of the organization and negotiates with the insurance provider, seeking the best cyber insurance policy for their client.
While the most comprehensive policy is always ideal, you should be mindful of cost and seek out the coverage that is right for your business's bottom line. We outline the most important things to consider when purchasing cyber insurance below.
- Coverage: Basic coverage typically includes reimbursement for legal fees and general expenses, costs associated with notifying customers, securing the personal identities of impacted customers, recovering compromised data, and repairing damaged computer systems. More comprehensive coverage will include reimbursements to cover revenue lost during the attack, the costs of hiring a PR firm to mitigate reputation risk, and protection against prior acts which may have occurred before the attack. While this coverage will be more expensive, it can be sensible as the incremental per dollar cost is significantly lower than the per dollar cost of the Basic coverage.
- Deductible: The deductible is the amount your business will pay “out-of-pocket” in the event of a cyber attack or data breach. This can be a major determiner of the insurance cost, or policy premium, and is impacted by both the level of coverage and your business’s existing cyber security policies and procedures. Typically, selecting a lower deductible means you will pay less out-of-pocket in a breach but more to cover the higher annual premium. When choosing your deductible, you should consider the financial health of your business and the impact that a cyber attack might have on your profitability and operations.
- Track Record: Ultimately, your cyber insurance policy will be tailored toward your business and track record. It is important to be mindful of your company size and revenue as larger, more sophisticated companies have more to lose from cyber attacks and are therefore more expensive to insure. Cyber insurers will consider your business operations and the extent to which you collect and retain different types of data. Most insurance companies segment businesses into different tiers based on the characteristics described below:
- Lowest Risk (Lowest Premium): This business does not store third-party information or business data records.
- Moderate Risk (Average Premium): This business does retain some customer data in aggregate but does not save individually identifiable information such as credit cards, addresses, or social security numbers
- Highest Risk (Highest Premium): This business stores sensitive and individually identifiable information such as social security numbers, dates of birth, or other financial and personal information. This category typically applies to most e-commerce, financial services, or social media-focused businesses.
In addition to understanding the nature of your business, the cyber insurance provider will also assess the quality of your cyber security policies and procedures. Businesses with stronger policies and procedures are typically better protected from cyber attacks and therefore less risky to insure. Some of the security measures that receive particular attention are:
- Hardware and Software Network Security Protocols
- Data-loss Prevention Procedures
- Multi-factor Authentication and Encryption Integration
- Software Patches and Updates
- Outside Security Audits from Third-Party Advisors
- Network Access Restrictions and Working Fail-safes
There are several important factors to consider when selecting cyber insurance. We recommend consulting GetCyber for high-quality and quick cyber quotes. You can use GetCyber to:
- Obtain instant quotes from the 6 Top Insurers
- Find up to $3M in Insurance coverage automatically
- Receive a plan with customizable and comprehensive coverage
- Work with our 24/7 expert support to better understand your needs
As a business owner, it is up to you to assess the amount of acceptable risk for your firm. While this is no easy task, GetCyber is here to help.