Is Your Cyber Insurance Enough? The Changes Businesses Need to Know About
Cyber threats are more than a looming danger—they’re a financial reality companies can’t afford to ignore. According to IBM’s latest report, the average cost of lost business due to cyberattacks has surged to $1.47 million this year alone. For business owners, the question isn’t if you’ll be targeted, but when. And when that time comes, the insurance policy you thought would help protect your business might fall dangerously short. Are you truly prepared for what’s next?
Why your business needs a standalone cyber insurance policy
Many companies think their general liability insurance will cover them if there’s a cyber event, but that’s not entirely true. In fact, most of these policies only provide minimal coverage for cyber events, especially for complex attacks like ransomware. It’s a good start to add cyber coverage to your existing policy, but it’s even better to get a separate cyber insurance policy.
Cyber insurance coverage protects against many threats businesses might face, such as targeted ransomware attacks, complex data breaches and more sophisticated phishing schemes. Attack tactics like “living off the land,” where hackers use existing tools in the system instead of introducing malware, are becoming more common, making detection and defense even more challenging.
Criminals are also weaponizing AI making requests more believable. Deepfake technology has been used to create incredibly realistic phishing emails or even clone voices for fraudulent calls. For instance, a company lost $243,000 in 2019 when attackers used AI-generated audio to impersonate the CEO and demand an urgent wire transfer.
A standalone cyber liability insurance policy deals with these evolving tactics and ensures your business isn’t left vulnerable.
How cyber insurers are updating policies to address new threats
As the landscape evolves, insurance carriers are also making significant policy adjustments. It’s important to know what these changes are and what they mean for your business.
- Lower ransom limits and higher premiums: To manage their risk, some cyber insurance companies are capping the amount they’ll cover for ransom payments and increasing premiums. However, Howden’s 2024 cyber insurance report shows overall premiums are dropping compared to rates seen during the pandemic.
- Introduction of coinsurance: Some insurers have added coinsurance requirements for cyber incidents. This means your business could be on the hook for a percentage—sometimes up to 20%. The specific coinsurance percentage and requirements will vary significantly depending on the insurance provider, the insured entity’s size and risk profile and the policy’s terms.
- Breach coaches and updated applications: Another addition to cyber insurance policies is data breach coaches. These experts guide you through the recovery process after an incident. This can be invaluable during a crisis when every second counts. But this also means insurers are becoming more stringent about who they cover. Expect lengthier applications that dive deep into your cybersecurity protocols, third-party vendor management and even IT department credentials.
How to demonstrate a strong cybersecurity strategy
With insurers scrutinizing security posture more closely than ever, small businesses must demonstrate they are taking proactive measures to reduce risk. Here’s how:
- Document everything: Have comprehensive documentation of your cybersecurity policies, including business continuity plans, disaster recovery strategies and regular testing of these protocols.
- Host employee training programs: Train your staff regularly on recognizing phishing attempts and following proper security protocols.
- Utilize a security operations center (SOC): Having a SOC indicates a strong security strategy. It shows that you have real-time monitoring and response capabilities to detect and mitigate threats before they escalate.
- Craft disaster recovery plans: A solid disaster recovery plan, business continuity plan and vendor management plan can all help lower your perceived risk.
Protect your business from third-party cyber risks
Third-party vendors can be a weak link in your cybersecurity chain. According to a survey by BlueVoyant, 97% of businesses have experienced a negative impact from a cybersecurity breach that originated from a third-party vendor. Insurers may require proof of effective vendor management plans, including cybersecurity standards. Contracts should explicitly state compliance requirements, and vendors should undergo regular audits to ensure they meet your standards.
Understand the cyber incident claims process
When a cyber incident hits your business, the aftermath can feel chaotic and overwhelming. Understanding what to expect from the claims process can significantly affect how quickly and effectively you recover. The process is generally broken down into several critical stages, each designed to manage the situation and minimize damage and business interruption.
- Triage and immediate response: The moment you suspect a breach or cyberattack, time is of the essence. The first step in the claims process is triage, which assesses the scope, severity and type of incident. This involves quickly determining which systems and data have been compromised, whether any sensitive information has been exposed and how extensive the damage might be. Your insurer will typically activate a breach response team, which may include a range of professionals such as IT security experts, legal counsel and public relations specialists.
- Deployment of computer forensics: Once the initial triage is complete, your insurer will often send in computer forensic experts. These are specialists trained to investigate cyber attacks thoroughly. Their role is to conduct a detailed analysis to understand how the breach occurred, what vulnerabilities were exploited and whether malicious software is still present in your network. Forensic experts will often work with your internal IT team to secure evidence, vital for remediation efforts and potential legal action. They will also help determine whether data has been exfiltrated and, if so, the extent of the data loss.
- Containment and eradication: After the breach is analyzed, the focus shifts to containment and eradication. Containment involves isolating affected systems to prevent further spread of the attack. This might mean disconnecting parts of your network, shutting down specific computer systems or applying emergency patches. The goal is to stop the damage from escalating. Eradication is the next step, which involves removing any malware or unauthorized access points. This can be a delicate process, as removing malware incorrectly can cause additional damage or even trigger further malicious actions by the attackers.
- Communication and notification: During this phase, your insurer may coordinate with your team to handle all necessary notifications. Depending on the nature of the breach, you might be required by law to notify customers, regulators or other stakeholders. Effective communication can mitigate the reputational damage and maintain trust with customers and partners.
- Legal and regulatory compliance: Cyber incidents often have legal repercussions, especially if personal identities or sensitive information is compromised. Your insurer will connect you with legal experts to guide you through any regulatory requirements. This might include reporting the breach to specific government agencies, cooperating with law enforcement or navigating potential lawsuits. The legal team will also assess if any contractual obligations, such as those with third-party vendors or clients, need to be addressed following the incident.
- Financial and reputational assessment: Alongside the technical response, your insurer will assess the financial losses and reputational impact of the breach. This involves calculating direct costs, such as data recovery expenses, legal fees and potential fines and indirect costs, like lost business due to reputational harm. This stage might involve working with external consultants or public relations firms to manage the damage to your brand. Insurers might offer coverage for these services, but it’s critical to understand what is and isn’t included in your policy.
- Restoration and recovery: With the threat contained and eradicated, the focus moves to restoring and recovering your systems. This involves rebuilding or replacing compromised systems, restoring data from backups and validating that all vulnerabilities have been addressed. Your insurer will often work with your IT team to ensure that restored systems are secure and that additional security measures are in place to prevent future breaches. This phase can be time-consuming, especially if the incident is severe, but it’s essential to do it right to avoid repeat incidents.
- Post-incident analysis and reporting: After the dust settles, the insurer will often conduct a post-incident analysis. This comprehensive review evaluates how the breach occurred, how effectively it was managed and what lessons can be learned to prevent future incidents. The insurer may provide a report outlining their findings and recommendations, which can help you improve your cybersecurity posture. Some insurers also require businesses to demonstrate that they have taken corrective actions to maintain or renew their policies.
- Long-term recovery and support: Cyber incidents can have lingering effects that extend beyond immediate financial and operational concerns. Your insurer might offer long-term support options, such as monitoring services to detect potential future breaches or guidance on enhancing cybersecurity measures. Some policies even provide access to resources for employee training or improved security technologies.
Stay ahead of cyber threats with the right insurance
The cyber threat landscape is evolving faster than ever, and businesses must stay ahead of the curve. Review your current cyber insurance policy and ensure it matches your own cyber risk profile. Does it cover ransomware adequately? Does it require coinsurance or have new compliance requirements? Are breach coaches and rapid response teams included?
Remember, it’s not just about having insurance; it’s about having the right insurance that evolves with the threats. Protect your business, your clients and your reputation by ensuring your coverage is comprehensive and up-to-date. Don’t wait until after an attack to discover what you’re missing. Work with IT professionals and invest in the right insurance coverage today to safeguard against tomorrow’s threats. If you have questions, feel free to reach out to Crane Agency.