Should my business take out cybersecurity insurance?

Prevention is everything, but what happens when your defenses get breached?
31 January 2019

It could be worth having a policy in place. Source: Shutterstock

Long gone are the days where data security for many enterprises consisted of installing a firewall with the odd virus scan. In today’s highly-connected digital world, data security is a whole new ball game.

The evolution of the internet has been the catalyst for increased connectivity and innovations that drive economic growth. Yet worryingly, these new digital innovations are rapidly outpacing the ability to keep the digital sphere secure.

Add the increased sophistication of cyber-criminals and the increasingly connected and online workplace presenting new vulnerabilities, and we can understand why it’s estimated that cyber attacks could account for a loss of US$5.2 trillion from global business in the next five years.

Concern around cybercrime is at an all-time high for businesses, with major breaches such as WannaCry and NotPetya keeping the topic front of mind for many in the c-suite.

As a result, many organizations are investing heavily in cybersecurity efforts. According to Gartner, worldwide spending on information security products and services is set to exceed US$124 billion this year.

Yet, investments in technology solutions alone are not enough to put a stop to pervasive threats. Those organizations who believe that security starts and ends with a set of purchased technology tools are still leaving themselves vulnerable to threats and attacks.

Many cybersecurity experts have long signaled that a more holistic view to cybersecurity is needed. This includes people and processes in addition to these purchases of multi-layered security products and solutions. And as cyber threats continue to grow, a promising service is being offered to businesses wanting to add an additional layer of security.

Is cybersecurity insurance worth it?

Designed to put many minds at rest, ‘cybersecurity insurance’ promises to offer protection and recovery help to companies in the wake of data disasters. But what exactly does it offer?

Cybersecurity insurance is a risk mitigation strategy that enables a business to offset the costs involved in recovering from a cybersecurity risk. It typically covers expenses related to first parties in addition to claims by third parties.

The purchase of cybersecurity insurance has become increasingly popular in recent years, with PWC forecasting that the total value of premiums that will be paid for cyber insurance will reach $7.5 billion by 2020.

Should your business choose to purchase this sort of cover, you should expect reimbursement for the following expenses:

  1. Investigation: This covers the cost of a forensic investigation which is typically needed to determine what occurred, what has been breached, how best to repair the damage, and how to prevent the same type of breach from occurring in the future.
  2. Business damage: This may include monetary losses as a result of network downtime, business interruption, the recovery of lost data, and also repairing reputational damage.
  3. Privacy and notification issues: This includes required data breach notifications to customers and other affected parties, as well as credit monitoring for customers whose information has been compromised.
  4. Lawsuits and extortion: The legal expenses associated with the loss of confidential information and intellectual property, legal settlements and regulatory fines.

So, you may now be asking yourself “Should I purchase this insurance for my business?”

Cybersecurity insurance is certainly no cure-all solution that will throw up a magical protective barrier around your data. But what this insurance can do is keep your business from flailing in the face of a damaging cybersecurity event.

Businesses must start thinking seriously about their cybersecurity protocols and all the options out there. Those who fail to be proactive may find themselves at a significant loss in today’s heightened cyber threat environment.