All You Should Know
About Сybersecurity Insurance
Cybersecurity requires more and more attention in order to reduce the risks of serious financial and information losses. Among other ways to ensure it Cybersecurity Insurance today is becoming increasingly popular.
Why the Relevance of Cybersecurity Insurance is Continually Growing?
It’s not ordinary users who suffer the most from hacker attacks, but big business, which is losing enormous money. Attacking just one pair of common viruses, such as WannaCry, inflicts losses of tens of billions of dollars annually. Therefore, companies are spending more and more on cyber defense. According to studies, the cost of a business protection from hackers annually amounts to hundreds of billions of dollars and this amount is growing every year, including cybersecurity insurance cost.
Want to have an in-depth understanding of all modern aspects of All You Should Know About Сybersecurity Insurance? Read carefully this article and bookmark it to get back later, we regularly update this page.
Сybersecurity insurance is a relatively new phenomenon for the whole world. Such protection is offered in total by less than a hundred insurance companies in different countries, while insurance covers only a small part of cyber risks, not exceeding 10%. However, the rapid growth of threats from hackers stimulates the development of this direction, and according to experts in the insurance industry, the volumes of cybersecurity insurance in 2020 will approach $ 10 billion, and the growth of this market is projected at 25-50% annually.
The active growth of the cybersecurity insurance market began recently, despite the fact that the first cyber risk insurance policies were concluded back in 2010, and this topic was actively discussed in the annual forum in Davos in 2012. After massive hacks of corporate and government resources in the United States, about 90% of the Cybersecurity Insurance market falls on this country, but gradually this type of insurance is developing in many countries.
What Cybersecurity Insurance Protects From
Cybersecurity insurance is designed to protect companies from cyber risks associated with the use of computer equipment and software both in local networks and the global Internet, in payment systems, online shopping systems and in industrial control systems. It is also a risk associated with the accumulation, storage and use of personal data.
Thus, the cybersecurity insurance policy helps protect against threats that may result in data leakage, failure of various equipment and losses incurred by the policyholder due to these events. Insurance companies have just begun to practice cyber risk insurance, so there are no standardized insurance products.
Often, the demand of companies for this coverage is met through the purchase of additional extensions to property and liability contracts. But the cyber risk coverage in such contracts is quite limited, given the specifics of these types of insurance. For example, covering financial losses due to termination of business as a result of a cyber incident.
Therefore, cybersecurity insurance is usually a comprehensive product that includes property, liability and financial risk insurance. The main insured event is losses that have occurred as a result of a disruption to the computer network or security systems of the insured due to third-party invasion.
Examples of the consequences of such an invasion include the following:
- Providing unauthorized access to the computer systems of the company;
- Modification, deletion or transfer of electronic data, software;
- Use of computing system resources.
An unauthorized intrusion usually involves the use of any means of deactivating and bypassing network protection systems, including viruses and malware, phishing, and DoS / DDoS attacks.
Loss Covered by Cybersecurity Insurance
- The losses from cyber risks directly include the losses of the insured. We are talking about losses or lost profits from the interruption of activity and the costs of restoring damaged infrastructure, for example, acquiring new equipment and filling in the gaps in the insurer's cyber security system that caused the incident.
- Losses from claims of third parties. In this case, liability is covered in the framework of material damage, moral damage, violation of intellectual property rights, etc.
- The costs of crisis management. The insurance company reimburses the costs of attracting IT security experts, advisers, lawyers to eliminate and minimize losses due to a cyber attack.
- In the additional coverage of some insurance policies there is a service that covers the costs of crisis PR and to restore the company's reputation after a cyber attack.
Most often, cybersecurity insurance policies cover the first two groups of losses. That is, the loss of the insured and the harm caused to third parties. An insured event is the fact that the insured becomes liable for damage caused to third parties as a result of such incidents:
- actual leakage, opening or transfer of confidential information, failure or failure of the security system;
- any intrusion, interference, unauthorized access or unauthorized use of the company's information system.
How to Confirm the Loss Received?
The main difficulty with Cybersecurity Insurance is fixing losses and proving a causal relationship between the insured event and the claimed damage. In addition, the amount of losses needs to be somehow calculated and documented. The hardest thing to insure is data arrays that are hard to evaluate.
To determine how much a data leak costs, you need to understand exactly how many and what information assets there are, for which it is recommended to conduct an application discovery and take an inventory of assets.
In the event that the insured company directly incurs losses, an examination is carried out, the task of which is to prove or refute the intrusion of third parties into the computer system, whose actions provoked damage to property and downtime in production. When insuring liability to third parties, the fact of an insured event is confirmed by a court decision. At the same time, the insurer is not responsible for gross violations by the employees of the insured company of the requirements for cybersecurity, for fraudulent actions of the insured, as well as the actions of its employees, which are caused by their insufficient qualifications
General Conditions for Cybersecurity Insurance
The conditions, coverage and limits of cyber insurance policy, insurers determine individually for each particular client. Cybersecurity Insurance is affected by a large number of factors. This is the scope of the company, its internal business processes, counterparties with which it contacts, the volume and nature of confidential data, for example, financial documentation, personal data of customers, the level of IT security of the company and data protection, the degree of employee qualification and their observance of elementary rules digital security.
For large companies, a technical audit can be carried out with the involvement of external IT experts. Already, there is a trend towards automation of this process, and some products are appearing that allow analyzing and determining vulnerabilities in the infrastructure with minimal involvement of specialists. With the development of the cyber insurance market, the price of such products will decrease, and, as a result, the quality of underwriting will increase significantly.
In parallel, services and consulting will be developed that are directly related to protection against cyber risks. For example, the main coverage of the insurance program includes the option of the so-called response to cyber incident. It covers the costs of the services of specialists who are involved in a quick response and stop the cyber attack.
In some cases, сybersecurity insurance may even cover cyber blackmail. In this case, the insurer reimburses the amount paid to the ransomware for decrypting the company's blocked information, for example, the database, as well as for the threat of destruction of the technical infrastructure and valuable data.