In the galaxy of insurance products, cyber insurance is something relatively new though it has been around us for quite some time. Quite a many entrepreneurs looking forward to buy a cyber-insurance plan have a very vague idea about cyber insurance coverage and how such policies can protect in the event of a cyber-attack. Here is what you need to know about cyber insurance coverage which will let you take an informed decision when it comes to choosing the right provider, suitable cyber insurance policy and the ways to customize it for your typical needs and situation.
What can be common or unique about cyber insurance plans?
Different providers and different cyber insurance plans can aim to cover different aspects. However, the most common coverage a cyber-insurance policy offers is to compensate the organization for the immediate costs associated with an event of cyber-attack. Mark Bagley, VP at cybersecurity company AttackIQ explains, “Cyber insurance policies are designed to cover the costs of security failures, including data recovery, system forensics, as well as the costs of legal defence and making reparations to customers.”
System forensics and underwriting the data recovery can help to cover some of the expenses connected to investigations and mediations done in behalf of the business by a forensic cyber security company to assist in the finding of what has happened and in fixing the problem. In fact, this is something similar to what happens after a ransomware attack, which is one of the most damaging and disrupting type of attacks we can find risking businesses.
Quite surprisingly, some cyber insurance companies even go to the extent of covering the cost of ransom given to the attackers though this is not something that any information security entity or law enforcement agency will not approve of. Such cyber risk insurance covers are found to encourage criminals to attempt more attacks.
Cyber-attacks and risk management strategies
Businesses today want to be proactive in combating the threats of cyber security by resorting to an efficient risk management strategy. Given the wide prevalence of cybercrimes, it is necessary for any business facing the risk of cyber-attacks to evolve policies that will help protect its crucially important digital assets.
Theresa Payton, former White House CIO for the George W. Bush administration and the Founder CEO of cyber security company Fortalice Solutions says, “The insurance company looks at what the potential incident response and forensic bill might be and that’s going to be bigger in many cases as organizations aren’t prepared, so they’d actually rather pay. It’s very frustrating.”
Yet another innovative kind of cyber-attack is business email compromise (BEC) phishing scams. These scams can cost the businesses a large amount sometimes going up to a six figure sum. While launching such kinds of attacks, the criminals pose themselves as CEOs, suppliers or other trusted contacts and dupe people by making them transfer payments. Some insurance plans can cover the cost of losses incurred in a BEC fraud. However, this is purely a matter specific to a given policy connected to BEC. Know that standard cyber risk insurance plans might not cover this and hence you need to clarify this with the provider before you purchase a plan.