In today’s world, cyber threats are on everyone’s minds. That is because it is slowly becoming the number one business risk for organisations of all sizes. From system hacks and DDoS attacks to the increased prevalence of ransomwares, news of cyberattacks seems constant. When a single breach can destroy the financial standing and reputation of an organisation in one instant, cyber liability insurance is a must-consider in today’s digital, interconnected landscape.
Getting familiar with cyber liability insurance
Business insurance and other forms of insurance are nothing new to most organisations. However, as risks have evolved into the cybersphere, insurance policies and products have too. Today, there are over 100 insurance companies worldwide offering cyber liability policies which help to absorb the risks for their customers who experience a breach or who fail to comply to evolving legislation.
In fact, experts estimate the global market value for written cyber liability policies to be around $2.5 billion. Yet, insurance providers such as Allianz predict that this figure could reach $20 billion by 2025.
On one hand, these policies help mitigate risk and uncertainty. In the event of a security breach at a client site, a cyber liability insurance policy will give integrators peace of mind. The systems integrator company will be able to access funds to manage response and keep the business running.
On the other hand, these policies are requiring companies to follow strict cybersecurity protocols. That is because to become eligible for the policy, the integrator must prove that they are adhering to advanced cybersecurity standards and measures. Even when the policy is active, should the integrator make an insurance claim, they will need to show that all cybersecurity best practices were implemented from the project’s start, or the claim could be denied.
Taking the onus for risk beyond the insurance
Since cyber liability insurance is a new product, there are still many unknowns for insurers on how to properly assess and calculate risks. Usually, costing out coverage involves filling out a standard questionnaire on IT policies, organisation hierarchy, IT infrastructure size and the nature of the business. In many cases, insurance providers will tend to overestimate liability and keep premiums high.
Even so, integrators cannot wholly rely on this insurance to save them from unexpected cyber threats. It is critical that they continue to maintain the highest standards of cybersecurity at each client site. These include implementing various levels of defense such as encryptions, authentications, and authorisations. It should also include employing various tools to better protect data privacy and properly installing devices using strong passwords.
System integrators should take time to properly vet suppliers and select partners who are prioritising the cybersecurity in the development of their products. They must stay on top of updates and patches, ensuring their clients are working with versions which have addressed any known vulnerabilities. It is also important they take a more active role in educating their clients’ employees, proving general guidelines which can help them avoid unnecessary risks.
Key considerations when buying cyber liability insurance
#1 Identifying the cyber risks
Since cybersecurity can encompass a lot of different facets, so can the liability insurance. Experts suggest that there are as many as 12 different types of coverage are available for various triggers. That is why it is critical to have a clear understanding of the cyber risks for which your organisation needs protection.
These can include a range of online and offline risks, spanning everything from data breaches to theft of corporate assets. When an integrator company can be very specific about the potential pitfalls they need to address, they are in a better position to find the policy that will match their organisation and needs.
#2 Understanding the policy coverage
Cyber liability insurance does not need to stand alone. Existing insurance policies might be very complementary to these new cyber policies. Some business might also require a combination of products to get adequate coverage. That is why it is important to understand how each product could benefit an organisation should they become liable for a data breach.
Furthermore, the damages resulting from cyber liability can be difficult to quantify and grasp. Translating cyber risks into a financial model is a key step in ensuring adequate coverage. While cybersecurity remains a business risk, the cyber-relevant aspects should be studied and articulated by a cybersecurity professional. It is in an integrators best interest to seek guidance from a professional broker or field expert who understands both worlds of business and cybersecurity risks.
#3 Knowing the claims process
Coverage is one aspect to consider when shopping for a cyber liability insurance policy. The claims process is another. Generally, an integrator can expect to receive monetary compensation when a claim is approved, which is helpful. However, each insurance provider will have a process in place for vetting the claim’s authenticity, and a general timeline for which funds can be paid.
If a data breach happens, an integrator should know how quickly relief will become available. Also, some insurance companies provide access to other expert services such as cyber investigators or public relations firms. While an integrator might be busy managing response to a breach, the extra assistance during this time could be a welcomed perk.
Is cyber liability insurance right for you?
The prevalence of cybersecurity threats will only increase as the Internet of Things gains more momentum. It is why all organisations including security system integrators must do their due diligence and look into cyber liability insurance. The biggest benefit derived from this insurance is peace of mind should a breach occur. However, it is also a great way for security professionals to strengthen their cybersecurity posture.
The reality is that not all integrators might be able to afford this type of insurance. If that is the case the integrator business must assume the risk. It becomes wholly up to their team to ensure cybersecurity best practices are being considered and implemented at every point in a project, from installation through to maintenance.
They must remain vigilant and partner with providers who provide tools and assistance to quickly identify and mitigate risks and keep security systems free from potential vulnerabilities.
Key takeaways
- Estimated global market value for written cyber liability policies to be around $2.5 billion.
- Insurance providers such as Allianz predict this figure could reach $20 billion by 2025.
- The biggest benefit derived from this insurance is peace of mind should a breach occur.
- It is also a great way for security professionals to strengthen cybersecurity posture.
- Coverage is one aspect to consider when shopping for a cyber liability insurance policy and claims process is another.
If your organisation invests rigorously in cybersecurity compliance then cyber insurance is a logical next step, says Firas Jadalla at Genetec.