These days, you can get insurance for almost anything. Dancers can insure their legs, pitchers their arms, and most of us insure our cars, our homes and our most valued possessions. Nowadays, a new form of insurance is becoming more and more popular – insurance in case of a hack attack. With an average breach costing millions of US dollars in loss of business, this form of insurance is taking off, but it is also getting quite expensive. Let’s take a closer look at what is going on in this insurance market and contemplate whether it is worth the money.
What used to be an affordable financial safeguard is quickly being pushed out of reach for many due to increasingly egregious and expensive breaches, costs are skyrocketing according to a report in Venture Beat.
Rates are in some cases tripling, deductibles are rising, and the amount of coverage for your exposure is increasingly limited – in most cases you are covered for up to (USD) $100 million or less. This sounds more than adequate for SMBs, but it is very hard to quantify how much a breach could cost an enterprise company especially when taking into consideration the loss of reputation and bad press. In a recent study by IBM and the Ponemon Institute “The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6 percent, jumping from $145 in 2014 to $154 in 2015.” This all has the cyber insurance market growing and it is expected to triple to about $7.5 billion over the next five years, according to a PwC study.
The insurance need
A hack attack isn’t just probable – they are both inevitable and near constant. As reported by SC Magazine, according to the ‘2015 Cyberthreat Defense Report’ by CyberEdge Group, 71% of shops polled were hit by cyber-attacks in 2014.
The question is: are businesses prepared to foot the bills or is it time do start thinking of a buffer?
Losses from cyberattacks are not just related to direct financial losses in cases like ransomware or event the loss of business experienced as a result of bad publicity or customers choosing to shop elsewhere because of a breach. When considering insurance, businesses also have to take into consideration the value of their data together with potential damage, and their ability to deal with the hacker consequences. So a better way to phrase the question would be: Would the money be better spent on premiums or on better staff, technical precautions, software protections, and devising a plan to mitigate damage?
The cost factor
Insurance carrier ECBM who specialize in cyber insurance argue this kind of insurance is still well worthwhile: “While there is no definitive cost, the answer is that it is very affordable. Pricing is based on revenues, and certain industries have higher premiums based on their inherent risk. Pricing can be as low as $500 in premium for $1 million in limits for businesses making less than $1 million per year in revenues. Higher limits do not double the premium, so buying more coverage is a smart financial decision,” the company explains in their website’s FAQ. The insurers say they will cover all breaches whether external (through hackers) or internal – be these accidental or malicious (done by rogue employees), and covers both electronic and paper documents. The company also offers cover for breaches that went undiscovered and happened before the policy was acquired which is a definite bonus since many breaches go undiscovered for months (this may vary according to your insurance provider, so always make sure to check the small print).
In cybersecurity, we believe the best approach is that of layered security. Cyber insurance can be seen as that extra layer of protection your business can opt for in case all other security measures fail. Having said that, it is worth repeating that the biggest investment in your security will be that of training your users. After all your employees are your business’ most important layer of security.