Do You Need a Cyber Insurance Policy?

Background

The first Cyber Insurance (CI) policies were developed for businesses in the late 1990s because of the multitude of emerging technologies that were present at that time, most notably the Internet.  Implementation was limited as the plans offered were very specific terms of coverage and large-scale demand didnt yet exist.  Around the mid-2000s policy coverage began evolving and expanding to include privacy breaches and the investigative costs associated with cyber incidents.  In a broader sense, government regulations in response to increased levels of cyber-crime began holding organizations more accountable for information breaches and disclosures.  As a result of the increased regulations – more advanced cyber insurance policies were developed.  The evolution of CI can be directly correlated to the advancement of technology, and mankinds growing dependence on it.

What does it cover?

Coverage is currently offered for both individuals and businesses and is generally made up of two distinct levels: first-party (direct losses) and third-party (claims and legal actions taken).  Common events encompassed by policies include data breaches, data theft, identity theft, cyber extortion, and costs associated with investigations, data recovery, system repair, and the restoration of services.  Most plans are offered on an a la carte basis, allowing for customization appropriate to specific needs.

Common coverage components:

  • Liability Coverage
    • Defense and protection for alleged liability due to a cyber incident.
  • Event Response
    • Coverage for investigating and mitigating a cyber or privacy incident.
      • Includes fees, fines, and other costs associated with response to an event.
  • Business Interruption
    • Coverage for loss or disruption of services due to a cyber incident.
  • Cyber Extortion
    • Coverage for the response to threats to harm a network, or release of confidential/critical information.
      • Ransomware

Why do I need it?

There are dozens of CI policies available for consumers and businesses.  Given that its considered normal practice to pay significant sums for premiums related to health, homes, and cars, its also logical that many feel a need to insure their data and digital identities.  When considering the growing number of threats in cyberspace, as well as the prevalence of data breaches and other security incidents – it only makes sense to pay for an added layer of protection.  Whether an entity functions off the grid or on it, a CI policy is relevant because events such as massive data breaches (see Equifax Data Breach) can affect people without targeting them directly.  As cyber attacks have increased in frequency over the last decade, CI policies have materialized as an increasingly popular means of risk mitigation.  When considering a policy, its important to do your research and make sure that whatever plan you choose is suitable to your needs.  Additionally, just as information security best practices, well-trained employees, and well-designed security policies represent valuable layers of defense, CI is also best utilized as a complementary measure.

 

Estimated Costs of Cyber Insurance (2017)

 

  • Individual Insurance (likely to be blanketed with homeowners / renters insurance)
    • AIG Family CyberEdge – covering four focus areas (cyber extortion, data restoration, crisis management, cyberbullying)
      • Additional $597 for $50,000 limit (annually)
      • Additional $972 for $100,000 limit (annually)
      • Additional $1723 for $250,000 limit (annually)
        • No deductibles, $1000 flat fee for data restoration
    • Business Insurance (costs scale)
      • Varies from around $1000 – $8000 – varies with features
      • AIG covers up to $100,000,000 with CyberEdge plan

 

Top providers of Cyber Insurance (2018)

 

  • American International Group (AIG)
  • Liberty Mutual
  • Nationwide
  • The Chubb Corporation
  • Zurich Insurance
  • XL Group
  • Berkshire Hathaway
  • Allianz
  • Insureon
  • AON

 

 

SOURCES
SYMANTEC, https://www.symantec.com/content/dam/symantec/docs/white-papers/what-every-ciso-needs-to-know-cyber-insurance-en.pdf
AIG, https://www.aig.com/business/insurance/cyber-insurance/microsites/cyberedge-appetite-guide
COMPUTER WORLD, https://www.computerworld.com/article/3190209/cybercrime-hacking/how-one-personal-cyber-insurance-policy-stacks-up.html
PC MAGAZINE, MARVIN, R. (2018). What Is Cyber Insurance, and Do You Need It?. PC Magazine, 94-101.