Table of Contents
Choosing the right cyber insurance policy is crucial yet challenging, with the landscape constantly evolving and insurers frequently updating their offerings. Remember, no single policy fits all – the best choice depends on your business’s unique needs. This blog simplifies the complexities of cyber insurance, breaking down key components to help you make an informed decision tailored to your organization.
What is Cyber Insurance?
Cyber insurance is a specialized type of policy designed to protect businesses from the financial risks associated with digital threats and cyber incidents. It typically covers expenses related to data breaches, cyberattacks, and other online security issues. This insurance not only helps in mitigating losses from network damages and data theft but also covers legal fees, customer notification costs, and recovery measures. As the digital landscape evolves, cyber insurance becomes increasingly vital for companies of all sizes to safeguard their digital assets and maintain operational resilience.
Categories of Cybersecurity Insurance Coverage
Cyber insurance policies generally fall into two primary categories: first-party coverage and third-party coverage.
1st Party Coverage
First-party cyber insurance addresses the financial losses incurred by the policyholder as a result of a cyber event. Essentially, these are the costs borne by your business following a cyberattack or breach on your network or systems. Such costs may encompass:
- Fraud/Theft: Costs stemming from the destruction or loss of data due to theft or fraud. This may involve services such as credit monitoring or anti-fraud protection to mitigate risks post-attack.
- Public Relations: Costs linked to the restoration of a business’s reputation.
- Forensic Investigation: Costs linked to the forensic investigation into the attack, encompassing technical and legal services required to meet court standards.
- Loss of Data and Restorative Work: Costs ranging from data recovery to repairing or replacing equipment (e.g., computers) damaged due to the breach.
- Business Interruption: Expenses arising when the policyholder is unable to conduct regular business due to a cyberattack. Coverage may extend to loss of income and other subsequent costs.
- Cyber-extortion Threats: Costs associated with paying a ransom to prevent further damage to the company. An example of this is ransomware attacks.
- Customer Notifications: Costs related to notifying and liaising with customers post-breach. Often, a third-party company is engaged to manage this responsibility.
First-party cyber insurance coverage is often bundled with errors and omissions insurance. Notably, the majority of cyber insurance claims arise from first-party losses.
3rd Party Coverage
Third-party cyber insurance provides coverage for any liability actions taken against the insured in the aftermath of a cyber event. This liability may be asserted by clients, vendors, regulators, or any party seeking financial redress from your business due to a cyber incident. The coverage usually includes:
- Attorney Fees
- Settlement Costs
- Payment of Court-Ordered Damages
- Costs Related to Responding to Regulatory Inquiries
- Government Fines and Penalties
Types of Cyber Insurance Policies
There are many different insurance policies, understanding the details of each type is crucial for making an informed decision about the coverage your organization requires.
Data Breach Coverage
Data breach insurance encompasses various policies designed to shield companies from financial losses resulting from a data breach. These policies, such as cyber liability insurance and technology errors and omissions insurance (tech E&O), provide crucial protection. In the event of a data breach, your policy should include coverage for legal guidance, vendor and client communications, forensic analysis, hacker damage, credit monitoring, business interruption reimbursement, regulatory fines and penalties, public relations representation or call center services, and notifications.
It’s important to involve an attorney in breach notification letters, considering the differing requirements of each state, dictated by the residency of your clients rather than your business location.
While many cyber policies cover ransom money, extortion-related expenses, and repair costs, it’s noteworthy that some insurers are increasingly excluding ransomware from their policies. According to a 2023 survey by Veeam, 21% of respondents reported specific exclusions for ransomware in their policies. It’s crucial to inform your insurer before paying a ransom to ensure coverage.
In the event of a ransomware incident, your policy should cover an attorney, forensic analysis, ransom payment, hacker damage, notifications, credit monitoring (if required), regulatory fines and penalties, public relations and call center services, and business interruption. The average duration of disruptions for a ransomware attack currently stands at 22 days.
Loss of Funds
A loss of funds scenario necessitates policy coverage for cybercrime, wire fraud, push payments, reverse social engineering, and social engineering fraud. Notably, these terms lack uniform definitions across insurers or policies, emphasizing the importance of understanding the policy’s specific definitions.
This category encompasses various incidents within your cyber insurance policy, including crypto-jacking, bricking, and systems failure.
The coverage needed for these incidents includes business interruption, utility fraud, invoice manipulation, dependent business interruption, dependent system failure, media liability, voluntary shutdown, property damage, and reputational harm. Reputational harm coverage typically spans the 180 days post-cyber event, addressing potential client losses and revenue disparities.
Common Pitfalls to Avoid When Selecting Your Cyber Insurance Policy
Understanding the exclusions in your cyber insurance policy is crucial. These exclusions, present to limit the insurer’s risk, vary and need careful review to ensure your policy aligns with your organization’s needs. Awareness of these exclusions helps you adjust your cybersecurity measures to cover potential gaps. For example, paying ransom in certain cases might be illegal, affecting your coverage.
Additionally, understanding policy regulations regarding consulting vendors and agencies post-incident is crucial for building an effective recovery and response strategy.
Material misrepresentation occurs when the insured provides an untrue statement that is crucial to the acceptance of risk in a policy. Such misrepresentation can lead to the voiding of the contract, known as rescission, resulting in no coverage for losses. Rescission also complicates the prospect of securing coverage in the future, making it crucial to provide accurate and truthful information during the application process.
Involve all relevant departments within your organization when completing a cybersecurity insurance application. Respond to definitive questions with accurate and clear answers. Seek clarification if any questions are unclear, as the information entered is unlikely to be negotiable or defensible after an incident. Use addendums to address areas of partial compliance, exercising caution throughout the application process.
Avoid testing your policy limits. Understand the level of risk and liability associated with your organization, as well as the potential cost of these risks. This understanding will enable you to set appropriate policy limits that align with your organization’s risk profile.
Limitations of Coverage in Cyber Insurance
Merely possessing a cyber insurance policy does not eliminate the risks outlined in your risk register. Having a policy does not guarantee immunity, as recurrent breaches and a high loss ratio could render your organization uninsurable.
It is essential to actively work towards mitigating risks specific to your organization post-contract signing and stay informed about policy changes that might impact your risk mitigation strategy. Failure to do so may transform your policy from a protective measure into a financial liability for your insurer.
Anticipating Changes in Cyber Insurance
To effectively prepare, cybersecurity professionals must understand the security changes mandated by cyber insurance companies and communicate these changes throughout the organization. This involves:
- Minimizing Application Errors: Avoid costly mistakes that could jeopardize coverage.
- Policy Deconstruction: Skillfully break down cyber policies to effectively communicate coverage details throughout the organization.
- Customizing Policies: Identify policies that align with the diverse needs of various stakeholders within the business.
- Upcoming Industry Changes: Be aware of industry shifts requiring advance planning and appropriate funding.
Key Considerations for Cybersecurity Strategies:
- Control Requirements: Develop implementation plans for strict controls.
- Industry or Revenue Threshold Insurance Cut-offs: Understand restrictions based on specific industries or revenue thresholds.
- Caps on Widespread Events: Be aware of limitations on coverage for widespread events.
- Ransomware Co-insurance Requirements: Comprehend co-insurance requirements for ransomware incidents.
- Critical Vulnerability Exposures: Address vulnerabilities promptly, as delays may result in denial of coverage.
- Old Hardware and Software Exclusions: Plan for supply chain delays by prioritizing updates for end-of-life hardware and software.
- Monitoring Remote Workers: Seek legal advice on permissible monitoring of remote workers.
- Zero-Day Exclusions: Be vigilant for exclusions related to zero-day vulnerabilities and explore alternative policies if necessary.
- Premium Increases: Leverage controls to position yourself in the optimal premium category amid rising costs.
What Falls Outside the Scope of Cyber Liability Insurance?
Cybersecurity insurance policies commonly exclude incidents attributed to human error or negligence, as well as those that could have been avoided. The following are typical exclusions:
- Inadequate security processes: Attacks resulting from ineffective security processes or subpar configuration management.
- Prior breaches: Security events or breaches predating the acquisition of a cyber insurance policy by the organization.
- Human error: Cyber attacks caused by mistakes made by the organization’s personnel.
- Insider attacks: Data theft or loss stemming from an insider attack by an employee.
- Pre-existing vulnerabilities: Breaches occurring because the organization failed to address a known vulnerability.
- Technology system improvements: Costs associated with enhancing technology, such as fortifying networks and applications.
Considerations for Choosing Your Cyber Insurance Policy
When choosing your cyber insurance policy, it’s important to contemplate your coverage needs by envisioning scenarios. Identify the events that concern you the most and understand the reimbursement rules that may apply. This insight guides the determination of which policy categories require heightened coverage.
Avoid being the sole point of failure regarding omitted coverage. Engage with all stakeholders and seek input from all relevant parties to ensure comprehensive inclusion. Different entities will offer varied perspectives on what constitutes a disaster for them, enriching the overall policy consideration process.
Common Application Questions and How Lumu Can Help
The following are questions that insurers will likely ask during the renewal or initial application phase. Lumu helps you to navigate these requirements, potentially allowing lower cyber insurance premiums.
How Lumu Can Help?
Do you have an up-to-date, active firewall technology
Lumu Defender is integrated with your firewall on a 24/7 basis to ensure it’s up to date on the threat actors attempting to affect your business.
Do you have intrusion detection software?
Lumu Defender relies on continuous compromise assessment to detect and respond on a 24/7 basis to threat actors attempting to affect your business.
Do you have a process to test or audit network security controls?
Lumu’s Continuous Compromise Assessment constantly measures the output of the cybersecurity stack and its network security controls: its compromise level. This allows you to identify elements in the stack that are underperforming or need further investment.
Do you have updated antivirus or endpoint security technology?
Lumu Defender is integrated with your AV or EDR on a 24/7 basis to ensure it’s up to date on the threat actors attempting to affect your business.
Do you have 24/7 network security monitoring?
Lumu Defender operates on a 24/7 basis to detect and respond automatically to network threats affecting your business.
Do you have multi-factor authentication deployed?
Lumu recommends enabling MFA on Microsoft 365 and/or Google Workplace. Although MFA is not a capability provided by Lumu it’s supported by Lumu and we strongly recommend that our customers enable it by following these steps.
Do you still need help with a requirement? Contact Lumu and schedule a meeting with a Customer Success Manager.