For years, companies and individuals have been purchasing insurance policies to protect their valuable assets. With computers being common fixtures in our society, assets are increasingly evolving from physical items such as automobiles and jewelry to informational jewels such as corporate and customer data. While there are several ways to protect this information, cyberinsurance is one option very few organizations have considered for their data security plans. But things are changing.
A security breach can be costly to crippling degrees for health care providers, financial institutions, and other organizations that live and die by their data. Whether it’s related to credit cards or personal details, the loss of this information may result in damage of brand reputation, compliance fees, and even the loss of business. To mitigate the risks that come with being compromised, more firms are turning to cyberinsurance.
According to a report by Marsh, which works closely with insurers to develop insurance programs, the number of its own clients purchasing cyberinsurance increased by 33% from 2011 to 2012. The report showed that the average limits purchased in 2012 reached $16.8 million across industries ranging from communication to media to technology.
What’s Covered in Cyberinsuance?
Whereas traditional insurance policies cover physical property, cyberinsurance deals exclusively in technological assets. Although coverage varies from one policy to the next, the following will give you a general idea of what’s covered:
Service interruptions. Data breaches, virus attacks, and natural disasters are just some of the instances that can cause your business to suffer lengthy periods of downtime. Coverage here means you will receive reimbursement for whatever losses were incurred during service interruptions.
IT investigation. Determining exactly what caused a data breach can be a costly endeavor. Cyberinsurance covers these investigative efforts and may also provide reimbursement for the cost of fines and penalties associated with regulatory compliance.
Intellectual property. Patents, trademarks, and copyrights make up some of the most valuable assets within a given organization. Whether compromised through a breach or insider trading, this intellectual property can be protected in a cyber policy.
Third-party claims. Companies can and have been sued for losing customer data in security breaches. The right coverage can ensure your business has the money needed to pay customers for their losses.
Key Factors to Consider
Taking out a cyberinsurance policy is a huge move that requires an organization to proceed with extreme caution. There are a number of critical factors to take under consideration, some of which are related to traditional insurance matters, and others that pertain to the IT environment. Here are a few to take with you:
Know the Players
If there is any market with room for serious growth, it’s the cyberinsurance sector. A handful of firms have emerged to lead this fast growing industry, with ACE USA, AON, and Cubb being some of the standouts. This a fairly new arena so be certain to do some background checking to make sure you can select the best provider for your liability needs.
Understand the Requirements
Like in traditional scenarios, cyberinsurance providers have qualifications that must be met before granting a policy. For the most part, they want to know that you are making a dedicated effort to secure your informational assets. Perform a quick but thorough evaluation of your security infrastructure to make sure you’re a good fit. The better your existing protection, the lower your premiums, so keep this in mind.
Examine Existing Coverage
Your existing insurance policy covers your computer hardware, but it does it protect the data stored on it? Perhaps, but you can be sure by examining talking to your provider and getting an understanding of exactly what’s covered. In the process, you may learn that it’s possible to purchase an additional policy that covers those data assets. This may be actually be a cheaper route than purchasing a separate plan from a cyberinsurance agency.
Don’t Get Comfortable
You don’t go recklessly smashing things in your house or driving into poles just because you know you’re covered under an insurance policy. So don’t look at cyberinsurane as some kind of be all, end all solution to information security. Any provider is going to put you through the ringer before covering a single file, but receiving a lucrative liability limit is no excuse to lapse in your data protection initiatives once you do obtain coverage. Even when your assets are insured, the best case scenario is the one that involves not actually having to put that policy to use.
Make Sure It’s Right
If being without your data could threaten your existence or jeopardize your customers, then cyberinsurance is definitely something to consider, but does that necessarily mean you need it? This is something you must determine. It’s basically a game of weighing your risks against your current continuity plan. Even if a breach threatens to bring you down, you may feel comfortable with the disaster recovery and data protection plans you’ve already concocted. It is a difficult decision, but one that must be addressed in today’s digital era of business.
Sources
http://usa.marsh.com/NewsInsights/MarshPressReleases/ID/29878/Number-of-Companies-Buying-Cyber-Insurance-Up-by-One-Third-in-2012-Marsh.aspx
About the Author
Francis Santos is the Marketing Manager for Benchmark Email. He graduated from Cal State Long Beach and holds a degree in Journalism. In addition, he is also the executive editor for separate popular news blogs. Follow him on