What Companies Should Do When Purchasing Cyber Insurance
July 9, 2012
Juan here, AllClear ID Investigator. We’ve talked a little recently about corporate identity theft. As the cyber/digital age progresses and more companies operate online, the number of breaches and breach attempts have increased dramatically. Companies in almost every industry have to think about what risks exist for them as well as the possible costs of a data breach. Fortunately, there are cyber insurance policies available to help assess and reduce risks and costs.
To be clear, cyber insurance is specifically for assessing data breach risks and to assist in the prevention of those risks, as well as laying out a plan to action in response to a breach. It is not to be confused with what is to be offered in response to a breach. However, cyber insurance plans may include offers for consumer protection services should a breach occur. Those services are usually credit monitoring or ID protection. Most traditional liability or insurance plans for companies do not include/address cyber coverage.
Every company that maintains personal information of its consumers needs to thoroughly assess their security risks. One of the biggest factors to consider during a data breach is cost. According the a 2011 study by the Ponemon Institute, cyber-crimes cost organizations between $1.5 million and $36.5 million per data breach.
So here are a few things to keep in mind when looking for cyber insurance:
Assess risks for a breach – that is, how desirable/valuable is the information is that a company has digitally stored and who or what entities have access to it (third parties). How is this information accessible (mobile access, network)?
Understand your companies’ current liability insurance coverage. More than likely, the policy covers only physical property (laptops, hard drives, files), while it does not address hacker intrusion or security breaches. As such, a company would incur all costs of a data breach.
Prior to selecting a cyber insurance policy, have an independent third party perform a risk assessment to help identify and mitigate vulnerabilities in the security of your data. This has two potential benefits: reducing those vulnerabilities will have a direct effect on reducing the risk of a breach as well as lowering the exposure of sensitive information, should a breach occur.
Have a risk assessment on file, that’s third-party documented, can help speed up the underwriting process and may even lower insurance premiums.
Like you would do with any type of insurance policy, find a well reputed broker who can thoroughly explain policies to you as well as providing you with several options. Furthermore, discuss what vendors are to be used in a breach response scenario prior to finalizing a policy. This refers to agreeing what services are included and/or covered by the policy, such as legal counsel or identity protection services with us here at AllClear ID.