More and more organizations are taking out cyber insurance policies as a hedge against the threat of a security breach. According to VMR research, the global cyber insurance market totaled almost $9 billion in 2022 and is expected to exceed $50 billion by 2030.
Generally speaking, cyber insurance covers the costs of investigating a security breach, notifying individuals whose personal information was exposed, offering credit monitoring to affected individuals and obtaining legal advice to determine your obligations. Some policies also provide coverage for public relations expenses and losses due to downtime and business disruption. In addition, cyber insurance policies will pay certain third-party costs, such as damages and judgments related to the breach and regulatory fines and penalties.
Increasingly, cyber insurance policies also include media liability and privacy liability coverage. Media liability covers claims arising from information or services provided through a company website or other electronic means. This can include claims of libel, slander, or copyright or trademark infringement. Privacy liability policies cover first- and third-party expenses that aren’t necessarily related to a data breach, such as wrongful collection of data and other human and technical errors.
What to Look For
There are a number of things to consider when buying cyber insurance. The first step is to gain an understanding of the potential cost of a security incident and what types of incidents need to be covered so you can obtain adequate coverage. It’s also important to understand the definitions, thresholds and exclusions in the policy. All policies should be read carefully with an eye toward any loopholes that might void the coverage or enable the insurer to deny a claim.
Of course, you still need to take steps to prevent a data breach, even if you take out cyber insurance. Insurance simply shifts a portion of the financial risk to the insurance company. Certain costs will be covered, but you still have to deal with the fallout of the breach, which is stressful and disruptive and can sour customer and business partner relationships.
When you fill out an application for a cyber insurance policy, the insurer is going to ask you questions about your organization’s security posture. After all, they are assuming some of your risk, so they want to ensure that you have certain bases covered.
In fact, many insurers are requiring organizations to provide more extensive documentation so that they can better evaluate the potential risk. Organizations that do not provide adequate information or lack the specified security controls may not be able to obtain a policy. If they do, they may be required to pay higher premiums or accept lower coverage limits.
In a recent survey by RSM MMBI, 70 percent of middle market executives said their cyber insurance premiums had increased. Many plans have also dropped coverage for ransomware and data theft due to extensive losses in these areas. Just 51 percent of respondents said they had coverage for extortion (including ransomware) compared to 64 percent in 2022. Fifty percent said they had coverage for data theft, compared to 62 percent the preceding year.
That’s where IronLogix can help. If you’re an IronLogix customer, we invite you to contact us to discuss your cyber insurance application and any documentation that may be required. If you’re not currently a customer, we can help you improve your security posture so you can confidently check all the boxes.
Demand for cyber insurance is rising as security incidents continue to make headlines. Cyber insurance provides valuable protection that can help defray the cost of a security breach, and IronLogix helps maximize the value of that protection by bolstering your security posture.