When it comes to cyber attacks, no company is immune to them. Luckily, you can easily mitigate your losses by getting cyber insurance. These days more and more companies buy cyber insurance, including mom and pop businesses and that’s because it offers them a great deal of protection against the massive losses associated with cyber attacks.
Many insurance companies that provide cyber insurance to businesses use security scores (which are similar to credit scores) in order to decide whether they should offer their services to those requesting them or not.
According to BitSight cofounder and CTO officer, Stephen Boyer, cyber insurance is one of the fastest growing segments of insurance.
The truth of the matter is that more and more people purchase cyber insurance and compared to ’12, the number of people who bought cyber insurance in ’13 increased by twenty percent. In total, clients purchased cyber insurance worth one hundred million dollars.
According to economist and president at the Insurance Information Institute, Robert Hartwig, cyber insurance is one of the fastest growing areas of insurance and one that’s going to continue growing in the coming years. It’s not only the large businesses that buy cyber insurance, but also small businesses and start-ups that don’t want to risk their financial well being.
When it comes to the coverage amount, each insurance company has its own insurance plans, but they usually cover the revenue a business loses during the cyber attack. This includes fixing the exploited vulnerability, the legal fees associated with the breach and the revenue lost during downtime. The cost of consumer data breaches may also be covered depending on the insurer and the insurance plan. This is possible only if the company pays for a credit monitoring service for affected clients.
These days, no matter how safe you may think your business is from cyber attacks, you can never know when you’ll become the next victim. While this is bad news for businesses, it’s also good news for insurers all across the country.
More and more companies consider cyber insurance as a sort of safety net that helps them tremendously when it comes to mitigating losses associated with cyber attacks. In terms of price, companies can choose from a wide range of insurance plans based on their needs, including the estimated amount of money they can lose during a cyber attack, the number of transactions they register a day, etc. If we are to disregard the retail sector, for the rest of the industries the cost of cyber insurance has actually gone down in the past 3 years or so and that is because there are more and more insurance companies popping up and offering cyber insurance plans. As such, the competition is greater and in order to compete, insurers need to bring costs down. However, after Target’s systems were breached, insurance companies were forced to increase the cost of cyber insurance plans for retailers. According to Boyer, in the same way a hurricane can impact the cost of property insurance in South Carolina, an event such as the Target breach can directly impact the cost of cyber insurance coverage for all retailers.
It’s important to note that while you can protect your business from a wide range of losses when getting cyber insurance, it doesn’t actually cover intellectual property. The reason? Well, according to insurers, they don’t yet have a way to determine the specific costs associated with those losses.
The cyber insurance offerings also impact the width and increasing complexity of the entire cyber ecosystem. What this means is that companies can now easily transfer the risk to an insurance companies in order to protect themselves by using an insurance model that’s been used for many, many years.
According to founding partner at ILG, David Navetta, there are only a few larger and well known insurers that have been successfully providing coverage for the past 5 years or more.
What’s your security score?
The need for cyber insurance is increasing by the day, but compared to other types of insurance, it’s still a small sector. According to Boyer, while demand is there, growth is happening at a slow pace.
Luckily, Boyer said that this type of insurance is actually here to stay and it’s going to grow as companies such as AIG, Travelers, Axis, and Liberty International keep coming up with attractive cyber insurance packages.
While in the past it was something that only large businesses bought, these days cyber insurance packages are so affordable that even mom and pops businesses get them as well.
In the beginning, coverage was offered usually for internet companies. However, over the years, more and more industries were interested in it and these days you’re not surprised anymore when you hear that even your local Laundromat has it. Even better, many small players consider it as well. Even though there is a lot of demand for cyber insurance coverage, that doesn’t mean that insurance companies will accept any business.
In fact, insurers want to know exactly what risks they’re undertaking when they offer their services to a specific business. Luckily, Boyer’s company, Bitsight, is one that’s trying to gauge the level of risk associated with businesses or their security risk score.
Currently, BitSight is used by companies for 3 main applications.
First of all, they use it in order to gauge which 3rd party businesses and vendors to interact with and use, since they can easily check their security score and know how safe their data will be.
Secondly, the security score helps companies compare themselves to other companies on the market and take the required steps in order to increase their security level.
Thirdly, companies can also manage their internal business risks by using BitSight. They can do so by deciding which clients they should do business with and which clients they should refuse.
Recently, BitSight and Liberty International have entered a partnership where the latter can now give its policyholders access to the BitSight service so they can always know what their security score is.
Boyer commented that this partnership helps companies increase their security level, while insurers can significantly reduce risk.