Why you need Cyber Insurance
It’s been all over the news. SolarWinds in January, 100,000 Microsoft Exchange Servers in February, CNA Insurance (a large provider of cyber insurance) in March. Cyber attacks are everywhere. A cyber attack incident will occur every 11 seconds in 2021. That’s almost double 2019’s rate, and four times the frequency in 2016.
Not only are the attacks more frequent, but the profile of the targets has broadened. It used to be that you needed to handle PII (Personally Identifiable Information) to be vulnerable. Now, if your company relies on computers in its daily operations it is vulnerable and it is being targeted.
Here are three massively important reasons to consider cyber insurance for your business:
1) Response time
The first reason has nothing to do with your financial loss and everything to do with minimizing the disruption caused by a cyber breach. After discovering a breach, every second makes a difference in reducing your disruption.
The speed of your response is critical and cyber insurance gives you the tools to mount a breach response effort in minutes instead of days, greatly minimizing the damage to your organization.
Imagine you get the call. Hackers like to strike on the weekend to minimize your ability to respond. Your computers have been breached and your systems are frozen. You’ve received a ransom demand for $1,000,000 and if you don’t pay the hackers within 24 hours they will permanently lock your system as well as publish your data to the dark web.
What do you do? Who do you call? How long will it take to interview, negotiate and hire a breach response team? How do you know you are retaining qualified vendors? Are their rates reasonable? Do you want to hire an attorney to deal with regulators, a PR firm to deal with the media and customers and a cyber response team to get you back up and running? Each one of these will have to be retained while time is of the essence and while running your business off your mobile phone because all your systems are down.
On the other hand, cyber insurers already have the team lined up, including a breach coach, ready to guide you through an efficient recovery. These coaches are often attorneys so you will have the benefit of privileged communication. The coach will have vetted vendors such as ransomware negotiators and technical teams standing by, ready to get you back up and running. And all at prearranged prices that will keep the cost of the response from spiraling out of control.
2) The cost of a breach
Even if you minimize a loss, a cyber breach and/or ransomware attack can be expensive, and the cost is only rising. Losses that in years past might have totaled tens of thousands of dollars are now topping hundreds of thousands or even millions of dollars. Here are just some of the ways the price tag for a cyber attack can be long-lasting and costly:
– Ransoms issued by the hackers (both to reopen systems and not publish data)
– Losses to recreate stolen proprietary information or intellectual property
– Damage to your IT systems
– Lost revenue due to business interruption or loss of customer trust
– A drop in share price or market value
– Fines for non-compliance with data protection/privacy laws, such as GDPR
– Costs associated with managing exposed customer data
– Legal fees resulting from lawsuits
Experts forecast global cybercrime damages reaching $6 trillion in 2021, and the demands of the hackers are becoming more and more sophisticated. Many think backup systems eliminate their chance of having a large financial loss. Think your backup is complete? Here are some issues that those who are breached discover too late:
-Backup hot sites fail to work as intended
-Backups piped offsite and are so large that a physical disk must be delivered to effectively restore systems costing days of delay
– Studies show that only 85% of data is backed up – and your critical data could be located in the missing 15%
– Hackers have been in your systems for months and infected your backups as well
3) Buying later will be harder than buying now
While waiting a year exposes you to an uncovered attack it also exposes you to the inability to get quality insurance. The rise in claims are only making coverage harder to get.
Working now to put in place a quality cyber insurance program can ensure that you have the track record and security infrastructure to get quality coverage at a reasonable premium.
Those that don’t have cyber insurance and have not enabled two factor authentication for system access are already having difficulty getting the highest quality coverage. It’s not an expensive security measure but it typically takes 45 days to implement.
You may have other vulnerabilities that underwriters will point out. Most of these vulnerabilities can be reduced with some attention and modest investment but they all take time to address.
A client that has a plan to address vulnerabilities and has had coverage in place for some time will certainly see better coverage terms and pricing over the long run.
To get the best pricing and coverage, it’s important to partner with a broker who knows your industry. Your trusted advisor from Foa & Son will identify your unique exposures, and develop a strategy before you sit down with the underwriter.
Cyber liability insurance has never been more important, and there will not be a better time than now to buy.