What Businesses Should Know About Cybersecurity Insurance

As IT Service Providers, we work with clients to make it as hard as possible for threat actors to attack them. However, we are very clear that there is no 100% guarantee that a business will not be a victim of an attack. All it takes is a click on a malicious link, a missed patch, or an open port that was forgotten. Our best recommendation to our clients is to assume that there will be a breach and have a strategy that includes prevention, detection, and response.   

For this article, we will focus on one of the areas that is very important to responding to a cyber event but that many businesses may not think about or understand.  

Why do businesses need cybersecurity insurance?

We want to preface the following information by stating that we are not insurance experts, brokers or resellers. We are, as IT Providers, often asked to help our clients respond to insurance questionnaires as well as to help them improve their security postures to help them in their applications for cybersecurity insurance. In doing so, we thought we could share some things we have learned that may be of use to SMBs. The biggest reason businesses need cyber insurance is to cover the expenses of a breach. At first glance, most businesses will think of the cost of a ransomware payment for example. But there is much more to consider when it comes to responding and recovering to an attack which businesses need to be prepared for. Here is a list of some of the expenses related to a breach:  

  • Legal  
  • Public relations  
  • Forensic investigation  
  • Notification to affected clients, partners, employees etc. 
  • Identity theft restoring 
  • Reputation management 
  • Getting the business operational 
  • Credit monitoring 

Cyber insurance can include not only the breach recovery costs such as the ones mentioned above which are known as first-party coverage but also the costs of, and potential damages from lawsuits whether they are class actions or brought by organizations with which you do business known as third-party liability. 

Cyber criminals do not discriminate based on size of business. If they can find your network, they can attack. For this reason, every business, no matter what size, needs to be prepared and look at cyber insurance.  

Every business is unique and has different data which entails different risk. The number of clients a business has, the data that is collected from these clients and the sensitivity of the data collected are all factors that influence the risk levels of the business. The risk level will influence the requirements from insurers as well as the type of cyber insurance coverage and premiums businesses can apply for. 

We are all a little tired of hearing about the COVID-19 pandemic and how it has changed everything. However, the fact is that it has. The work from home movement, in particular, has increased the number of attack vectors which has led to increased ransomware incidents and an increase in the amount of ransom dollars requested. One cyber insurance provider reported that in the first half of 2021, the average ransom demand made to its clients was $1.2M. 

The types of security controls in place or that may be lacking will have a direct effect on the pricing of cyber insurance policies. Different underwriters may look for different controls, but examples are multifactor authentication (MFA), or data encryption, password management, next-generation anti-virus (EDR) to name a few. 

With the skyrocketing number of cyber claims over the last several years, insurance companies are becoming much more stringent about the security controls they require to obtain or renew cyber insurance. MFA and employee cybersecurity awareness training and testing programs are two security controls that we see often. The requirements are still a moving target as insurance companies become much more educated and as the cybercriminals become even more sophisticated so it’s important to make sure the business has the baseline controls and stays current on what the insurance companies are requiring. 

Cyber insurance and security controls are not cheap. However, when you consider the costs of a breach, which at best could leave a business inoperable for a period of time resulting in financial losses and at worst, could bankrupt a business, the investment is worth the money. Again, all businesses should assume a breach and be prepared. 

Cybersecurity insurance is evolving, almost as quickly as the cybersecurity landscape itself. It is important that businesses understand the changes and how they can impact their cyber policy. We recommend speaking with an experienced cyber insurance broker or insurance provider who can work with you to provide the right cyber policy for your business needs.  

Once again, MicroAge is not an insurance expert. We can however help you improve your security posture. Contact us today. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

Cloud Infrastructure hébergée

3 avantages d’utiliser une infrastructure hébergée

Tout le monde sait que l’informatique en nuage (cloud computing) est une tendance en vogue et que son adoption ne devrait qu’augmenter dans les prochaines…

Read More
Infrastructure informatique, IT infrastructure

5 Benefits of an Optimized IT Infrastructure

Is your current IT infrastructure helping your business thrive in its industry or creating obstacles for growth? If you’re still not using cloud technologies to…

Read More
cloud data back up

5 Reasons Your Company Should Use the Cloud for Data Backups

From emails with malicious files to zero-day vulnerabilities, the risks to business data are everywhere. An excellent strategy to prevent information loss and protect your…

Read More
In 2018, studies found that close to 60% of all cyberattacks are aimed at small and medium sized businesses. As criminals get smarter and more sophisticated, it’s never been so essential to protect businesses from cyber threats. If you own a business or are a CIO, here are five cybersecurity best practices for your company

5 Cybersecurity Best Practices for Your Company

In 2018, studies found that close to 60% of all cyberattacks are aimed at small and medium sized businesses. As criminals get smarter and more…

Read More
Hacker data breach

Why Should My Company Worry About Data Breaches?

Data breaches are a major cybersecurity concern because they can ruin a company’s reputation, cost millions of dollars, and paralyze businesses for several days. Here’s…

Read More