(Photo Source: DepositPhotos) With a growing number of small and medium-sized businesses (SMB) at the receiving end of increasingly sophisticated cyber attacks (Cisco), cyber insurance is a necessity. Cyber insurance offers a buffer to cushion against crashes and data breaches. It also offers a layer of protection from direct damage to IT assets, compliance penalties, and lawsuits/legal troubles. Cyber insurance costs will vary based on the risks you’re covering and the scope or extent of your coverage (e.g., first-party liability, third-party liability, etc.). In this blog article, we’ll take a look at how you can estimate the cost of your cyber insurance coverage.
How Much Does Cyber Insurance Cost?
Ultimately, your cyber insurance costs will depend on whether you take first-party and/or third-party liability coverage, and the specific things you’re covering.
Understanding First-Party Liability
First-party coverage can support the direct costs of dealing with or recovering from an attack, e.g., a data breach. For example, it could cover the cost of:
- a ransomware attack;
- recovering customer data (e.g., personally identifiable information);
- public relations work;
- and other tasks.
You can claim first-party liability coverage for the following cyber security events:
- a cyber security breach that results in the loss of your sensitive data;
- a denial-of-service (DoS) attack that prevents access to your apps/services;
- a malware (including ransomware, trojan, etc) attack;
It can also cover non-security-related damage — such as a flood (or other natural disasters) or power surge — against your IT assets as well. It could also potentially cover some of the costs of a cyber issue causing business interruption, such as downtime or revenue loss. It’s important to note that insurers can pay the ransom if you so choose, however, it’s not recommended except in the most dire circumstances.It is crucial to negotiate the policy to ensure that the terms meet your unique business needs, and only to consider coverage for items that your business is actually subject to. For example, if you are a company that can fix network downtime quickly, and in general, does not often experience network downtime, it would be best to not invest in that additional coverage.
Understanding Third-Party Liability
Third-party insurance covers the cost of lawsuits and other claims that clients or other affected parties can make against your business following a cyber attack. So, for example, it can cover the cost of lawsuits by end-users of your app or website following a network security crash (from a DoS attack). Basically, third-party cyber liability insurance is a go-to option for mitigating the costs after a cyber attack. Some insurance companies may even offer partial coverage for regulatory fines/penalties (e.g., from the GDPR) as well.
Cyber Insurers Are Looking For Ways to Reduce or Deny Claims.
Maximize Your Chances of a Payout by Auditing Your IT
Additional Terms to Be Aware Of
As a best practice, it is recommended to consult with an expert first or to use evaluation tools to understand what type of cyber insurance you need. However, outlined below are some items to be aware of when you start shopping around: Limits of Liability:
- Choose the correct limits of liability when exposed to a cybersecurity breach;
- Scrutinize sub-limits to ensure that they match your business activities;
Retroactive Cyber Insurance Coverage:
- Be aware of the policies that limit your coverage after a specific period, or retroactive date;
Panel and Consent Provisions:
- If you have consultants or attorneys who are called upon during an event, it’s essential to add these professionals to the pre-approved list;
- Prior consent provisions are often used as scapegoats by the insurance company to avoid payouts;
So, How Much Does Cyber Liability Insurance Cost for Me?
In most cases, small business owners are looking at a combination of first-party liability and third -party liability coverage. However, your specific price will depend on the systems and cyber risks you opt to cover with an insurance plan. Moreover, the industry you’re in could also inform the systems and risks you insure. In the health industry, you may manage a large amount of sensitive information. As a result, you may look to insuring your on-premise servers and/or cloud services. If for some reason you lose access to that data, your clinic may suffer in its ability to service patients and, potentially, receive a lawsuit.
Third-party liability coverage can also cover remediation. So, for example, some businesses will offer victims of data breaches (on their assets) free credit monitoring. The insurer may cover the cost of this service. Because SMBs are so different from one another, it’s difficult to list general price ranges — they’ll differ from business to business. However, the range could start at $1,000 per year and go up to $7,500 per year for more robust first and third-party liability coverage.
Keep Your Business Safe from Cyber Threats With These Tips:
- The Complete Guide to Cybersecurity for Small to Medium-Sized Businesses
- The 7 Most Pressing Cyber Security Threats & Vulnerabilities Facing Small Businesses
- The Top 3 Things Your Small Business Needs to Know about Cybersecurity
Next Steps
Ultimately, finding the right quote is only one part of the battle. In addition to pricing, SMBs must also deal with the reality that they might not get a full payout (or one at all) when they need it. Insurers are increasingly relying on complicated policies and exceptions to mitigate their risks, and finding an insurer that fits with your needs is a challenge. Likewise, failing to comply with your insurer’s policies across your systems and documentation can harm your claim.
So, if you do have potential insurance quotes in mind, we recommend that you get a partner with cyber security expertise to audit it and your systems to secure your business, properly. Call Power Consulting NYC managed IT services provider today to get a FREE audit of your IT systems and processes to check if you will get an insurance payout in the event of a cyber breach or disaster.