Does My Organization Need Cyber Liability Insurance? (8 Myths Uncovered)
As cybersecurity issues continue to evolve and cyber incidents become increasingly common, cyber liability insurance is getting a lot of coverage. If it hasn’t already, it may soon become a prerequisite for doing business with some of your customers.
We know there is some confusion out there. If you have questions about cybersecurity liability insurance, this article is for you!
What makes us an expert? Well, we don’t sell insurance, but we do work with a variety of companies across a wide range of industries and provide technology advice.
We know the technology tools that keep organizations secure and we’ve had a lot of customers ask us about cyber liability insurance, so we wanted to address some of the most common misperceptions we’ve heard.
After you read this article, you’ll have a full understanding of the untruths that are out there and will be better prepared to decide whether cyber liability insurance is right for your organization.
My business is too small for cyber liability insurance.
According to industry experts, between 40 and 60 percent of cyber incidents target businesses with fewer than 1,000 employees.
While large, multinational companies used to be the primary focus of cyber incidents, the focus has changed to smaller organizations that often do not have strong security measures in place.
Related article: Cyber Liability Insurance: What Is It? Why Is It Important?
Cyber liability insurance is too expensive.
When compared with the cost of even a small cyber incident, cybersecurity insurance is worth the premium.
These policies can protect your company from costs associated with cyber incidents and also cover costs associated with recovery services from professionals including attorneys, IT experts, and reputational repair specialists.
In general, small businesses can expect to pay a few hundred dollars annually for a nominal amount of cyber liability coverage (both third- and first-party) with a limit of $50,000.
According to online estimates, medium- to large-sized businesses (depending on industry) can expect to pay somewhere between a couple of thousand to tens of thousands of dollars per year.
Embroker.com, a digital insurance provider, says “A recent study performed by AdvisorSmith Solution Inc. found that the average cost of a cyber liability policy in 2019 was $1,500 per year for $1 million in coverage, with a $10,000 deductible.”
As cyber incidents increase in frequency and expense, the cost of cyber liability insurance is also rising, but still pales in comparison to covering the cost of remediating a cyber incident out of pocket.
Cybersecurity insurance won’t help me recover from a cyber incident.
Not only does a cyber liability insurance policy provide funds to cover the costs to remediate the technical aspects of an incident, it also covers the costs to hire experts you’ll need amidst the crisis (and the insurance agent that writes the policy can often recommend qualified, proven experts you can lean on for support during this time).
My business is covered by my existing standard business policy.
If you have a standard business policy with $50,000 of coverage that policy may or may not include coverage for a cyber incident.
Even if it does include cyber incidents, that amount of coverage will only cover one day or maybe a week (at the most) of the strategic expertise and qualified professional guidance you will need from IT consultants, forensic experts, attorneys, and public relations strategists.
I won’t need it.
While many small businesses continue to operate under the assumption that criminals only target large, multinational organizations, the data shows that as larger companies have invested money to shore up their cyber defenses, small companies have become more attractive, easier targets for cyber incidents.
All you need to do is take a look at your favorite news source to see the proof.
Bear in mind that, as mentioned above, experts estimate 40 to 60 percent of cyber incidents target businesses with fewer than 1,000 employees.
In the same way that nobody plans to use vehicle, homeowners, or medical insurance, but things happen. We see the news stories every day. And, with data confirming that more than 40% of all cyber incidents target small businesses, it's become a question of when your business will experience an incident, not if.
My business isn’t at risk.
Every business has a level of risk. If you aren’t sure or don’t think you have risk, I suggest investing in a formal risk assessment that includes a vulnerability scan and a penetration test.
While these two tests are not a guarantee, they are useful tools to analyze the current state of your risk to give you a point-in-time snapshot of your current vulnerability.
These two tests help organizations of all sizes identify the risks in their technology environment and can form a good basis for proactive remediation of vulnerabilities. They should be repeated on a regular basis.
I don’t need cybersecurity liability insurance because my organization backs up our data.
Backing up your data is a great first step! But do you know how often your data is backed up or where it is stored? Could you access your latest data backup quickly and easily in an emergency? Keep in mind that backups are not a standalone solution.
The best way to protect your organization is to have a comprehensive security strategy. Cybersecurity liability insurance provides another level of security for the financial health of your organization and provides resources you’ll need to respond to a cyber incident.
Related article: Data backups are Key To Disaster Recovery
Every layer of cybersecurity protection you have in place makes your organization a tougher target for cyber criminals, but even all of them combined don’t provide the same kind of protection that is available via cyber liability insurance.
My IT provider has a policy, so I don’t need one.
In most cases, your provider’s policy covers their business and expenses; not yours. Make sure you aren’t assuming coverage that is nonexistent.
What’s The Bottom Line?
Here’s the truth: like most insurance policies, you hope you never need cyber liability insurance. But, when your organization falls victim to a cyber incident, your cyber insurance policy is a safety net that will lessen the impact and provide you with services from the experts you need in the middle of a crisis.
In this article, we’ve unpacked 8 myths about cybersecurity liability insurance.
You now know that businesses of every size are at risk of cyber threats, about how much it costs, the tools and specialists it provides for incident recovery, and how it differs from a standard business insurance policy.
You also have learned whether businesses need it, the importance of assessing cyber risk, whether data backups are enough to keep your information safe, and whether your IT provider’s insurance would cover your business in the event of a cyber incident.
At this point, you may be considering investigating cyber liability insurance for your organization.
One of my key pieces of advice is to prepare your organization. If you don’t know where to start, here are 5 common business IT requirements that an insurance company will want your organization to have in place before you can qualify for cyber liability insurance.
Still not sure whether cyber liability insurance is right for your organization? Learn 5 ways businesses benefit from cyber liability insurance.
If you are looking for cyber insurance guidance, we can help steer you in a positive direction. Click the button below and we’ll reach out to schedule a 15-minute telephone conversation.
To assess your organization’s current level of cybersecurity readiness, click the button below for a checklist you can use to see how your preparations stack up.