What Businesses Should Know About Cybersecurity Insurance

As IT Service Providers, we work with clients to make it as hard as possible for threat actors to attack them. However, we are very clear that there is no 100% guarantee that a business will not be a victim of an attack. All it takes is a click on a malicious link, a missed patch, or an open port that was forgotten. Our best recommendation to our clients is to assume that there will be a breach and have a strategy that includes prevention, detection, and response.   

For this article, we will focus on one of the areas that is very important to responding to a cyber event but that many businesses may not think about or understand.  

Why do businesses need cybersecurity insurance?

We want to preface the following information by stating that we are not insurance experts, brokers or resellers. We are, as IT Providers, often asked to help our clients respond to insurance questionnaires as well as to help them improve their security postures to help them in their applications for cybersecurity insurance. In doing so, we thought we could share some things we have learned that may be of use to SMBs. The biggest reason businesses need cyber insurance is to cover the expenses of a breach. At first glance, most businesses will think of the cost of a ransomware payment for example. But there is much more to consider when it comes to responding and recovering to an attack which businesses need to be prepared for. Here is a list of some of the expenses related to a breach:  

  • Legal  
  • Public relations  
  • Forensic investigation  
  • Notification to affected clients, partners, employees etc. 
  • Identity theft restoring 
  • Reputation management 
  • Getting the business operational 
  • Credit monitoring 

Cyber insurance can include not only the breach recovery costs such as the ones mentioned above which are known as first-party coverage but also the costs of, and potential damages from lawsuits whether they are class actions or brought by organizations with which you do business known as third-party liability. 

Cyber criminals do not discriminate based on size of business. If they can find your network, they can attack. For this reason, every business, no matter what size, needs to be prepared and look at cyber insurance.  

Every business is unique and has different data which entails different risk. The number of clients a business has, the data that is collected from these clients and the sensitivity of the data collected are all factors that influence the risk levels of the business. The risk level will influence the requirements from insurers as well as the type of cyber insurance coverage and premiums businesses can apply for. 

We are all a little tired of hearing about the COVID-19 pandemic and how it has changed everything. However, the fact is that it has. The work from home movement, in particular, has increased the number of attack vectors which has led to increased ransomware incidents and an increase in the amount of ransom dollars requested. One cyber insurance provider reported that in the first half of 2021, the average ransom demand made to its clients was $1.2M. 

The types of security controls in place or that may be lacking will have a direct effect on the pricing of cyber insurance policies. Different underwriters may look for different controls, but examples are multifactor authentication (MFA), or data encryption, password management, next-generation anti-virus (EDR) to name a few. 

With the skyrocketing number of cyber claims over the last several years, insurance companies are becoming much more stringent about the security controls they require to obtain or renew cyber insurance. MFA and employee cybersecurity awareness training and testing programs are two security controls that we see often. The requirements are still a moving target as insurance companies become much more educated and as the cybercriminals become even more sophisticated so it’s important to make sure the business has the baseline controls and stays current on what the insurance companies are requiring. 

Cyber insurance and security controls are not cheap. However, when you consider the costs of a breach, which at best could leave a business inoperable for a period of time resulting in financial losses and at worst, could bankrupt a business, the investment is worth the money. Again, all businesses should assume a breach and be prepared. 

Cybersecurity insurance is evolving, almost as quickly as the cybersecurity landscape itself. It is important that businesses understand the changes and how they can impact their cyber policy. We recommend speaking with an experienced cyber insurance broker or insurance provider who can work with you to provide the right cyber policy for your business needs.  

Once again, MicroAge is not an insurance expert. We can however help you improve your security posture. Contact us today. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

In 2018, studies found that close to 60% of all cyberattacks are aimed at small and medium sized businesses. As criminals get smarter and more sophisticated, it’s never been so essential to protect businesses from cyber threats. If you own a business or are a CIO, here are five cybersecurity best practices for your company

5 Cybersecurity Best Practices for Your Company

In 2018, studies found that close to 60% of all cyberattacks are aimed at small and medium sized businesses. As criminals get smarter and more…

Read More

How to Keep Your Business Compliant with GDPR and PIPEDA Regulations

Identity protection and data security are the buzzwords of the tech industry, with laws like GDPR and PIPEDA being put in place to protect an…

Read More
Industry of hacking

The Industry Of Hacking: Understanding The Business Behind Cybercrime

Cybercrime is big business with some hackers making massive annual profits. With the world being so dependent on technology, cybercriminals have loads of opportunities. There…

Read More
Create a team in Microsoft Teams

How to Build a Team in Microsoft Teams in 10 steps

Many organizations have started using Microsoft Teams for online meetings and chat. The fact is, in the past year, the usage of Microsoft Teams has…

Read More

Best Practices for Cybersecurity Awareness Training Programs

Government agencies such as the Canadian Center for Cybersecurity (CCCS) and the National Institute of Standards and Technology (NIST) in the U.S., not to mention…

Read More