It is not a matter of ‘if’, but ‘when’ your company will experience a security breach. A well-prepared company is one that has thought through their security incident response and has a plan on how to recover from a successful cyber-attack. Cyber insurance is the keystone of your recovery strategy – without a good cyber policy you’re opening yourself up to unnecessarily high risk.
Not all cyber insurance policies are created equal. We’ve worked with many organizations who thought that they were covered, but when it came time to make a claim, they realized their policy was nowhere near adequate. The cyber insurance space is still new – carriers, agents, and buyers alike are still learning the basics of cybercrime and security. It is critical that you invest the time to understand your policy, and have it validated by someone that specializes in cyber insurance, to make sure that you have the coverage that you need.
Two Types of Cyber Insurance Policies
There are two types of cyber insurance, endorsements and stand-alone policies. This is where the confusion starts, an endorsement is typically attached onto a broader policy and is technically cyber insurance; however, it likely won’t provide you anywhere near the protection you need in today’s threat landscape.
- An endorsement is attached to an existing insurance policy. It is often referred to as “rider” or “add-on” insurance. A cyber endorsement likely won’t offer enough coverage and won’t include access to attack recovery services.
- A stand-alone policy is specifically designed to mitigate your cyber risk. It will provide you the right coverage and include access to crisis management services like digital forensics, legal resources, and PR firms that specialize in cyber-attack recovery.
Benefits of a Stand-Alone Cyber Insurance Policy
A stand-alone cyber policy is designed to make you whole after a successful cyber-attack. Many people greatly underestimate the true cost of a breach and so they don’t realize that their current policy isn’t going to cover their complete recovery. A good cyber policy covers all aspects of a cyberattack – downtime, loss of business, reputation damage, legal fees, credit monitoring, etc.
Many policies include access to specialized cyber-attack recovery services, or crisis management. If there is a security incident, you can call your cyber insurance and they will help you manage your response. They will engage specialists like digital forensics firms, lawyers that specialize in cyber, and PR firms. Remember, carriers are on the hook for your recovery costs – so it is in their interest to take action to minimize your damages.
Downsides of a Stand-Alone Cyber Policy
Cost – A stand-alone policy will likely be more expensive than getting a cyber endorsement, but you are receiving far more protection.
Security Requirements – You will need to fill out a questionnaire when you apply for a stand-alone cyber policy. Carriers are raising their expectations on businesses so you must be at a certain security level before your policy will be approved.
Cyber insurance is essential for managing your risk, but you must ensure that your policy is strong and offers the necessary protection. Learn more by watching the full webinar from cybersecurity experts at Aldridge and FifthWall Solutions.