The cost of cybercrime, and why
you need cyber liability insurance
Cyber liability insurance protects businesses from losses that result from cyber attacks and data breaches. Policies cover the costs of investigations, lawsuits, and other obligations following an attack. This insurance is essential for any business operating in today.
Cyber liability insurance should not be considered optional.
Why do we say this? Because the direct costs of a data breach will be significant, but the indirect costs can quickly become devastating. Still, many companies forego coverage due to the perceived high cost of policies, confusion about what they cover, and a belief that their organization is immune to cyber attacks.
Cyber liability insurance is specialized. We’ve put together this guide to help you understand the basics and make the wise choice for your business.
According to recent cybersecurity reports by IBM, Gartner, Verizon, and others:
More than half of businesses experience a cybersecurity attack or data breach in any 12 month period.
Cisco found that 61% of businesses admit to suffering a data breach in 2020.
The Ponemon Institute found 65% of businesses in the US suffered a cyber attack in the preceding 12 months, but only 15% of information assets were protected by insurance.
With the number and frequency of cyber attacks increasing it is vital to have proper safeguards in place. Cyber liability insurance protects your business against cybersecurity threats by helping you recover if the worst case happens.
To understand the need for cyber liability insurance, it is important to understand the evolving nature of cybercrime. As large firms invest more to protect themselves, criminals increasingly attack them through smaller businesses in their supply chains. This indirect attack method puts SMBs at disproportionately greater risk.
of online attacks are now aimed at small businesses.
– Verizon Data Breach Investigations Report
There are many ways in which cyber criminals gain access to your information.
Phishing, compromised accounts, and employee errors are all risk factors. In today’s remote workforce there is more room for error than ever, with the risk of unsecured Wi-Fi, lost devices, or misconfigured systems.
Phishing and business email compromise attacks (BEC) are two of the most common types of cybercrime. In a BEC scam, criminals ‘spoof’ or impersonate a known source and then send an email message making seemingly legitimate requests. These requests can deliver malware, prompt employees to leak account credentials, or even transfer money.
On its own, cyber liability insurance will not fix holes in your security processes or technology. Cyber liability insurance will not train your employees to spot a phishing email or deter criminals from attacking. What cyber liability insurance will do is help your business recover from an incident more readily and with less long-term impact.
McAfee estimates the global cost of cybercrime is increasing exponentially, doubling in the five years between 2013 and 2018, then doubling again by 2020.
Their estimates show the world economy lost nearly a trillion dollars in 2021 to cybercrime; this rate of growth could see losses exceed $10 trillion annually by 2025.
The average cost of a data
breach in 2020 was
in the US
average cost of a cyber
incident for a SMB
A comprehensive cyber liability policy is necessary to fully protect your business. A comprehensive policy will cover the following:
Ensure that your coverage protects you against the following key threats:
Other beneficial policy coverage:
In the past, getting approved for cyber liability insurance used to be easy, as the security questions were vague or limited in scope:
Security Applications are getting much more detailed and stringent, going as far as requiring newer technologies like EPP and EDR.
3rd party security assessments are now standard during the underwriting process, and the outcome will impact eligibility and/or policy rates. Most policies require proof of internal assessments and corresponding actions:
Many insurers are requiring controls in place that limit the impact of a security/breach incident.
These include having plans for incident response, disaster recovery, and business continuity. You may also be asked about specific policies, procedures, and training:
Finally, it’s believed that soon insurers will require businesses to adhere to a recognized cybersecurity framework, such as CIS Critical Security Controls, in order to receive coverage. In other words, just having a firewall isn’t enough. These industry-standard frameworks should be formalized into your business to ensure long-term compliance with evolving policy requirements. The below is a snapshot from a recent insurance application for an Umbrella client:
If all of this seems overwhelming, don’t worry – there are clear paths to qualifying for cyber liability insurance. It will require an investment in your security, but it may be the wisest investment you make. At Umbrella, we handle the cyber insurance eligibility for our clients, so make sure your cybersecurity provider does, too.