The cost of cybercrime, and why
you need cyber liability insurance

Cyber liability insurance protects businesses from losses that result from cyber attacks and data breaches. Policies cover the costs of investigations, lawsuits, and other obligations following an attack.This insurance is essential for any business operating in today.

Cyber liability insurance should not be considered optional.

Why do we say this? Because the direct costs of a data breach will be significant, but the indirect costs can quickly become devastating. Still, many companies forego coverage due to the perceived high cost of policies, confusion about what they cover, and a belief that their organization is immune to cyber attacks.

Cyber liability insurance is specialized. We’ve put together this guide to help you understand the basics and make the wise choice for your business.

According to recent cybersecurity reports by IBM, Gartner, Verizon, and others:

More than half of businesses experience a cybersecurity attack or data breach in any 12 month period.

Cisco found that 61% of businesses admit to suffering a data breach in 2020.

The Ponemon Institute found 65% of businesses in the US suffered a cyber attack in the preceding 12 months, but only 15% of information assets were protected by insurance.

With the number and frequency of cyber attacks increasing it is vital to have proper safeguards in place. Cyber liability insurance protects your business against cybersecurity threats by helping you recover if the worst case happens.

To understand the need for cyber liability insurance, it is important to understand the evolving nature of cybercrime. As large firms invest more to protect themselves, criminals increasingly attack them through smaller businesses in their supply chains. This indirect attack method puts SMBs at disproportionately greater risk.

43%

of online attacks are now aimed at small businesses.

– Verizon Data Breach Investigations Report

There are many ways in which cyber criminals gain access to your information.

Phishing, compromised accounts, and employee errors are all risk factors. In today’s remote workforce there is more room for error than ever, with the risk of unsecured Wi-Fi, lost devices, or misconfigured systems.

img-info-01-most-common-cyber-attacks

Phishing and business email compromise attacks (BEC) are two of the most common types of cybercrime. In a BEC scam, criminals ‘spoof’ or impersonate a known source and then send an email message making seemingly legitimate requests. These requests can deliver malware, prompt employees to leak account credentials, or even transfer money.

img-info-02-volume-of-phishing-attacks
img-info-03-volume-of-business-email-compromise

Cyber attacks garner the most attention, but only 43% of cyber insurance claims are related to hacks, malware, and viruses. The remaining 57 % of claims are filed for high-liability situations such as staff mistakes, rogue employees, or stolen devices.

www.techrug.com

On its own, cyber liability insurance will not fix holes in your security processes or technology. Cyber liability insurance will not train your employees to spot a phishing email or deter criminals from attacking. What cyber liability insurance will do is help your business recover from an incident more readily and with less long-term impact.

Recovering from a cybersecurity incident is costly, and not just financially.

Cybercrime expenses are on the rise. Not only must you recover from lost IP the financial demands of attackers, there is loss of reputation, staff dissatisfaction, and other hidden costs.

McAfee estimates the global cost of cybercrime is increasing exponentially, doubling in the five years between 2013 and 2018, then doubling again by 2020.

Their estimates show the world economy lost nearly a trillion dollars in 2021 to cybercrime; this rate of growth could see losses exceed $10 trillion annually by 2025.

Cybercrime does not discriminate when it comes to company size.

More than half of all cyberattacks are committed against SMBs, and 60% of them go out of business within six months.

The average cost of a data
breach in 2020 was

$3.86m
globally

$8.64m
in the US

$200,000

average cost of a cyber
incident for a SMB

A comprehensive cyber liability policy is necessary to fully protect your business. A comprehensive policy will cover the following:

INCIDENT EXPENSES

Legal, computer forensics, and other incident response expenses that provide assistance and determine the cause of a malicious incident.

CYBER EXTORTION

Response to extortion attempts, including any forensic expenses, and the remediation of extortion including facilitation and reimbursement of payment

BUSINESS INTERRUPTION

Lost revenue reimbursement as a result of a breach or outage of systems.

DIGITAL ASSET RESTORATION

Extra expense that results from recreating or restoring data.

REPUTATIONAL LOSS

Responding to adverse media reports following a breach, indemnifying insureds for lost revenues as a result.

SOCIAL ENGINEERING

Reimbursement in the event of a transfer of funds due to deceptive communications directing them to do so.

PCI-DSS FINES AND PENALTIES

If a breach occurs and compliance is in question, the insurance policy will respond to the investigation and any fines and penalties that result.

REGULATORY PROCEEDINGS

Costs to defend against an investigation, and provide indemnification for fines and penalties, where insurable by law

Ensure that your coverage protects you against the following key threats:

Other beneficial policy coverage:

In the past, getting approved for cyber liability insurance used to be easy, as the security questions were vague or limited in scope:

img-questions-01-limited-r1

Security Applications are getting much more detailed and stringent, going as far as requiring newer technologies like EPP and EDR.

img-questions-03-EPP-EDR-r1

3rd party security assessments are now standard during the underwriting process, and the outcome will impact eligibility and/or policy rates. Most policies require proof of internal assessments and corresponding actions:

img-questions-04-security-assessment-r1

Many insurers are requiring controls in place that limit the impact of a security/breach incident.

These include having plans for incident response, disaster recovery, and business continuity. You may also be asked about specific policies, procedures, and training:

img-questions-05-policies-procedures-management-training-r1

Finally, it’s believed that soon insurers will require businesses to adhere to a recognized cybersecurity framework, such as CIS Critical Security Controls, in order to receive coverage. In other words, just having a firewall isn’t enough. These industry-standard frameworks should be formalized into your business to ensure long-term compliance with evolving policy requirements. The below is a snapshot from a recent insurance application for an Umbrella client:

img-questions-06-framework-utilization
img-questions-07-standards-frameworks

If all of this seems overwhelming, don’t worry – there are clear paths to qualifying for cyber liability insurance. It will require an investment in your security, but it may be the wisest investment you make. At Umbrella, we handle the cyber insurance eligibility for our clients, so make sure your cybersecurity provider does, too.

Let’s get started!

Scroll to Top