No business is immune to cyber attack and the repercussions can be devastating, especially to SMBs. That’s why cybersecurity insurance is now a critical piece of a comprehensive cybersecurity strategy. Here’s what you need to know to choose the right policy for your risk profile and business.
CYBERSECURITY INSURANCE TRENDS
Several trends are driving the market for cybersecurity insurance. First, ransomware attacks are on the rise and projected to increase by ten times or more in 2017. As attacks proliferate, cyber criminals will learn to make better use of stolen data and start upping their ransom demands.
Ransom demands in the six figure range are not out of the question. SMBs will find these kinds of demands harder to meet; while taking the financial hits of decrypting recovered data, recovering lost revenue and coping with possible regulatory investigations.
A second trend is the growing intelligence of malware, which is always being updated and improved to outsmart the latest advances in threat monitoring and detection technology. SMBs with fewer resources than larger businesses to invest in cybersecurity upgrades will bear the brunt.
Finally, SMBs are likely to feel the sting as big companies increase their spending on cybersecurity and hackers seek easier targets. Already, small businesses are the victims of 71 percent of cyber attacks — a percentage that may rise as look for paths of least resistance. In tighter regulatory environments, SMBs will need to address the new reality of fighting hackers on one side and keeping up with security compliance mandates on the other.
CYBERSECURITY INSURANCE FACTS
Cybersecurity insurance is designed to help businesses recover financially from data loss caused by any cyber event — whether a security breach, service interruption or network outage.
Cybersecurity policies have different costs and exclusions than property or general liability policies; and it’s critical to understand what many policies don’t cover. This typically includes hard-to-quantify assets such as reputation/brand damage or intellectual property theft — like software code or product designs, for example.
What cybersecurity insurance does offer is help with returning to normal business operations more quickly; and mitigating many of the investigation and resolution costs resulting from a security incident. With regulators increasing their scrutiny of the SMB sector, experts say fines and penalties could increase for SMBs — which makes a strong case for incorporating cybersecurity insurance into an overall cybersecurity platform.
CHOOSING A CYBERSECURITY INSURANCE POLICY
With the cybersecurity insurance market relatively new, how do you decide what kind of policy you need? We recommend starting with a review of assets including financial and customer data and classifying them as high or low risk. Next, identify your company's vulnerabilities, followed by an analysis of potential fallout from a breach.
To build this knowledge base, consider performing a cyber threat assessment — like the free online cyber threat assessment program offered by our partner, Fortinet.
CYBERSECURITY INSURANCE ISN’T ENOUGH PROTECTION
The most important point to keep in mind is that cybersecurity insurance alone is not enough to protect your business from cyber harm. While it will help you recover monetarily, it can’t recover lost data or restore your systems — which is why you still need tools and processes for preventing, detecting and reporting breaches.