Online hackers are everywhere. According to Facebook, its profile pages are hacked 600,000 times each day. More recently, companies like Bank of America, Twitter and The Wall Street Journal have had their systems breached. Due to the rising spate of such hack attacks, buyers are increasingly viewing cyber insurance as an essential component of their insurance portfolios. A recent report by Marsh, anINVESTMENT BROKER firm, says the number of U.S. companies buying insurance to protect against cyber attacks jumped 33% last year, making cyber risk one of the fastest growing lines of coverage.
Presently, a number of insurance companies are offering cyber protection. Broadly speaking, cyber insurance policies can provide coverage for both third-party liability, as well as first-party losses. First-party coverage ranges from notification expenses to alert stakeholders of a breach, to the expense of hiring a public relations firm to work on damages to the company image. On the other hand, third-party coverage comprises payments made to others.
However, cyber insurance policies are still evolving and can vary dramatically from one insurer to the other. Since there is no real one-size-fits-all approach, most executives tend to harbor misconceptions and are often not clear on what the policy coverage will include. Therefore, companies must assess their insurance needs before purchasing an insurance policy. This includes weighing their potential hazards, risk appetite and premium costs. Finding the right policy is crucial in an upcoming area of insurance, where many agents and brokers lack experience.
One must have a clear vision of coverage and an informed broker to start with. Secondly, improving the company's security posture can effectively lower premium payments. Organizations must ensure that they follow the best information security practices for their industries. Often, no one is better equipped to understand an organization's information security system than the IT professionals who run it. IT managers can help with an accurate cost-benefit analysis and foresee potential threats. Additionally, companies can also consider hiring a third party to perform a risk assessment, so as to identify and understand their security risks and focus areas that need attention.
Contrary to the perception that cyber insurance is meant for only large organizations, it makes sense for smaller companies as well. Businesses must work with the insurance broker to integrate cyber liability along with their general policy and employment liability policy to ensure seamless coverage. After all, it can make all the difference between keeping your business running and shutting down after a data attack.