Many companies these days either have cyber insurance or are thinking about purchasing it. It’s a smart choice given recent ransomware attacks and the risk to a company locked out of its critical business systems or important business files for hours or days or weeks. If the risk of ransomware isn’t already on the CEO’s and CIO’s minds, a business e-mail compromise (BEC) or funds transfer fraud attack may have popped up on the risk registry in the quarterly Board meeting.
But what is cyber insurance and does your company need it? I will tackle these questions and others in a series of blog posts to help you make an informed decision.
What you get with cyber insurance—or more technically, Cyber-Liability Insurance—is a policy that helps mitigate the fallout or impact of a cyber attack, ransomware incident, or other technology event covered in the policy. Cyber insurance can help transfer the risk of a ransomware attack, BEC, or fund transfer fraud from your bottom line to the insurance company.
Read more: Getting ransomware-proof, continued: CIS controls for medium-size organizations
The answer to that question is: It depends.
The minimum questions you want to ask yourself are:
If you answered yes to any of those questions then you probably need it.
Read more: How do you ensure the security of your supply chain?
It depends on the policy of course but generally policies provide the following coverage:
Some policies can also assist in these ways:
The cost varies from insurance providers and for the coverage you choose. A number of variables will impact the cost of insurance:
If you are a small company with a limited number of customers and limited exposure, cyber insurance could be very affordable. If you are a medium size customer with hundreds or thousands of customers and more exposure, you could be looking at several thousand or tens of thousands of dollars per year.
In my next blog post I’ll talk about what you need to have on hand to prepare for answering the questions that the insurance companies will ask.
Need more help with your cyber defense? Contact the CBTS cybersecurity team today.
Cyber Insurance series from John Bruggeman:
Part 2: Cyber Insurance, part 2: Getting ready for the insurance company questionnaire!
Part 3: Cyber Insurance, part 3: Filling out the questionnaire
Part 4: What do you do if your cybersecurity insurance policy is denied?
Stocking your cybersecurity toolbox? Read more from CBTS Consulting CISO John Bruggeman:
Improve your cybersecurity defense with centralized logging
Improve your cybersecurity defense with centralized logging, continued: A deeper dive!
Zero Trust Networks (ZTN): what are they and how do I implement one?