What Businesses Should Know About Cybersecurity Insurance

As IT Service Providers, we work with clients to make it as hard as possible for threat actors to attack them. However, we are very clear that there is no 100% guarantee that a business will not be a victim of an attack. All it takes is a click on a malicious link, a missed patch, or an open port that was forgotten. Our best recommendation to our clients is to assume that there will be a breach and have a strategy that includes prevention, detection, and response.   

For this article, we will focus on one of the areas that is very important to responding to a cyber event but that many businesses may not think about or understand.  

Why do businesses need cybersecurity insurance?

We want to preface the following information by stating that we are not insurance experts, brokers or resellers. We are, as IT Providers, often asked to help our clients respond to insurance questionnaires as well as to help them improve their security postures to help them in their applications for cybersecurity insurance. In doing so, we thought we could share some things we have learned that may be of use to SMBs. The biggest reason businesses need cyber insurance is to cover the expenses of a breach. At first glance, most businesses will think of the cost of a ransomware payment for example. But there is much more to consider when it comes to responding and recovering to an attack which businesses need to be prepared for. Here is a list of some of the expenses related to a breach:  

  • Legal  
  • Public relations  
  • Forensic investigation  
  • Notification to affected clients, partners, employees etc. 
  • Identity theft restoring 
  • Reputation management 
  • Getting the business operational 
  • Credit monitoring 

Cyber insurance can include not only the breach recovery costs such as the ones mentioned above which are known as first-party coverage but also the costs of, and potential damages from lawsuits whether they are class actions or brought by organizations with which you do business known as third-party liability. 

Cyber criminals do not discriminate based on size of business. If they can find your network, they can attack. For this reason, every business, no matter what size, needs to be prepared and look at cyber insurance.  

Every business is unique and has different data which entails different risk. The number of clients a business has, the data that is collected from these clients and the sensitivity of the data collected are all factors that influence the risk levels of the business. The risk level will influence the requirements from insurers as well as the type of cyber insurance coverage and premiums businesses can apply for. 

We are all a little tired of hearing about the COVID-19 pandemic and how it has changed everything. However, the fact is that it has. The work from home movement, in particular, has increased the number of attack vectors which has led to increased ransomware incidents and an increase in the amount of ransom dollars requested. One cyber insurance provider reported that in the first half of 2021, the average ransom demand made to its clients was $1.2M. 

The types of security controls in place or that may be lacking will have a direct effect on the pricing of cyber insurance policies. Different underwriters may look for different controls, but examples are multifactor authentication (MFA), or data encryption, password management, next-generation anti-virus (EDR) to name a few. 

With the skyrocketing number of cyber claims over the last several years, insurance companies are becoming much more stringent about the security controls they require to obtain or renew cyber insurance. MFA and employee cybersecurity awareness training and testing programs are two security controls that we see often. The requirements are still a moving target as insurance companies become much more educated and as the cybercriminals become even more sophisticated so it’s important to make sure the business has the baseline controls and stays current on what the insurance companies are requiring. 

Cyber insurance and security controls are not cheap. However, when you consider the costs of a breach, which at best could leave a business inoperable for a period of time resulting in financial losses and at worst, could bankrupt a business, the investment is worth the money. Again, all businesses should assume a breach and be prepared. 

Cybersecurity insurance is evolving, almost as quickly as the cybersecurity landscape itself. It is important that businesses understand the changes and how they can impact their cyber policy. We recommend speaking with an experienced cyber insurance broker or insurance provider who can work with you to provide the right cyber policy for your business needs.  

Once again, MicroAge is not an insurance expert. We can however help you improve your security posture. Contact us today. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

3 Reasons Why You Should Be Using Managed Print Services

Poorly managing your fleet of printers can end up being a costly mistake which can eat into the overall budget of your business. Wasting ink,…

Read More
backup security routine

How to Implement a Successful Data Backup Routine

Data backups are absolutely essential for small and large businesses alike to prevent downtime, disruption, and delays. Without smart backup solutions, your company’s information becomes…

Read More

MicroAge Peterborough – Whitby is Officially One of The 50 Best Managed IT Companies in Canada!

On February 6th, 2020 at an Awards Ceremony hosted by TechnoPlanet, CEO Julian Lee in Toronto, MicroAge Peterborough – Whitby was honored by being chosen…

Read More
cyber resilient

Making Your Business Cyber Resilient

With the rising threats from malware, phishing and high-tech threat actors, cybersecurity is top of mind for businesses of all sizes. To successfully mitigate the…

Read More
cloud storage and backup

What is the Difference Between Cloud Storage and Cloud Backup?

The cloud has become more pervasive in the last few years and in particular, the last two years. It has certainly helped businesses with their…

Read More