Cyber insurance for your business: do you need it?
Cyber insurance for your business
About once a month now I get asked by a client what is cyber insurance and do they need it? Sometimes I advise a client they should look into it. Why?
What is cyber insurance?
Cyberinsurance is a type of insurance to protect businesses from technology and internet risks. Examples of these risks are ransomware attacks, hacked business web sites used to infect others, or crippling malware or virus infections, exposed confidential files.
Your traditional general business liability does not cover these types of technical risks.
Before we go further, I’m not selling this insurance and I don’t have investments in it.
What kind of business needs cyber insurance?
Any business that is totally reliant and heavily invested in technology for their business should have it. Any business that is using e-commerce should have cyber insurance as well.
Here’s a scenario.
Company ABC makes it’s money manufacturing reports of personal information that is covered under PIPEDA/PIPA privacy laws. This information is stored on the premises. The company gets hacked. First the hackers get copies of all the information. Second, the hackers install ransomware and encrypt all the files. The ransomware also disrupts all the VOIP phones.
Cyber insurance could cover the costs fixing all the computers and the network, recovering the data and also dealing with the privacy breach.
Cyber insurance won’t cover your business if you don’t exercise reasonable care of your technology. That means you have to keep your systems up to date, have an IT consultant, run antivirus products, etc.
Like most other kinds of insurance, an act of war is not covered. How could getting hacked be considered an act of war? The Not-Petya ransomware was created by Russian hackers who were trying to disrupt Ukrainian computers. Any company outside of the Ukraine that was infected by this hacking act of war were not covered by their insurance.
Also cyber insurance is in its infancy. I expect we will see changes in the terms and policies as insurance companies try to keep up with hacking and technology as those two are constantly changing.
Before you talk to insurance agent about cyber insurance, you should be clear on what is the value of what you are protecting. Do you know how much a ransomware attack could cost your business? Do you have a disaster recovery plan?