When All Else Fails— Why Cyber Liability Insurance Matters
In today’s world, cyber threats are on everyone’s minds. That’s because it’s slowly becoming the number one business risk for organizations of all sizes. From system hacks and DDoS attacks to the increased prevalence of ransomwares, news of cyberattacks seems constant. While there have fewer reports of major attacks comparable to the Yahoo breach of 2017, where the personal information of 3 billion users was exposed, that’s no reason to be complacent. Governments are stepping in to update policies and standards, which hold more organizations accountable.
For instance, the new European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. The GDPR mandates that businesses adhere to specific governance and accountability standards in the processing and protection of data concerning EU citizens. This new legislation also stipulates that should a breach occur, companies must report it to the supervisory authority within 72 hours. Failure to comply with these new regulations could result in up to $20 million euros in penalties or 4 percent of the company’s global annual turnover.
While most U.S.-based organizations have been busy trying to understand the impact of these new requirements and readying themselves to comply, few have considered whether or not they are protected against loss in the event of a data breach or unintentional non-compliance.
According to a study called ‘Internet Privacy in the Digital Age’ by Champlain College, 60 percent of smaller businesses close within six months of suffering a cyber attack. When a single breach can destroy the financial standing and reputation of an organization in such a short period of time, cyber liability insurance is a must-consider in today’s digital, interconnected landscape. This article will provide systems integrators with an overview of cyber liability insurance and general considerations to make when trying to find the best insurance policy for the organization and its needs.
GETTING FAMILIAR WITH CYBER LIABILITY INSURANCE
Business insurance and other forms of insurance are nothing new to most organizations. However, as risks have evolved into the cybersphere, insurance policies and products have too. Today, there are over 100 insurance companies worldwide offering cyber liability insurance, which helps to absorb the risks for their customers who experience a breach. In fact, Hart Brown, a leading cyber security expert, estimates the global market value for written cyber liability policies to be around $2.5 billion. Yet, insurance providers such as Allianz predict that this figure could reach $20 billion by 2025.
There’s reason for this growing demand. Cyber liability insurance helps mitigate risk and uncertainty. In the event of a security breach at a client site, cyber liability insurance will give integrators peace of mind. The systems integrator company will be able to access funds to manage response and keep the business running.
There is also an opportunity for an integrator to enhance their cyber security posture and showcase this insurance as proof to clients that they are following strict cyber security protocols. That’s because to become eligible for the policy, the integrator must prove that they are adhering to advanced cyber security standards and measures. Even when the policy is active, should the integrator make an insurance claim, they’ll need to show that all best practices were implemented from the project’s start, or the claim could be denied.
TAKING THE ONUS FOR RISK BEYOND THE INSURANCE
Since cyber liability insurance is a new product, there are still many unknowns for insurers on how to properly assess and calculate risks. Usually, costing out coverage involves filling out a standard questionnaire on IT policies, organization hierarchy, IT infrastructure size and the nature of the business. In many cases, insurance providers will tend to overestimate liability and keep premiums high.
Even so, integrators cannot rely on this insurance to save them from unexpected cyber threats. The insurance only assists in absorbing the costs should a breach occur. It’s critical that they continue to maintain the highest standards of cyber security at each client site. These include implementing various levels of defense such as encryptions, authentications, and authorizations. It should also include employing various tools to better protect data privacy and properly installing devices using strong passwords.
Systems integrators should take time to properly vet suppliers and select partners who are prioritizing the cyber security in the development of their products. They must stay on top of updates and patches, ensuring their clients are working with versions that have addressed any known vulnerabilities. It’s also important they take a more active role in educating their clients’ employees, providing general guidelines that can help them avoid unnecessary risks.
With these combined strategies, systems integrators can ensure that they are doing everything in their capacity to fortify client installations and to evade a permanently damaged reputation and exclusion from future tenders.
3 KEY CONSIDERATIONS WHEN BUYING CYBER LIABILITY INSURANCE
- Identifying the cyber risks — Since cyber security can encompass a lot of different facets, so can liability insurance. Experts suggest that as many as 12 different types of coverage are available for various triggers. That’s why it’s critical to have a clear understanding of the cyber risks for which the organization needs protection. These can include a range of online and offline risks, spanning everything from data breaches to theft of corporate assets. When an integrator company can be very specific about the potential pitfalls they need to address, they are in a better position to find the insurance that will match their organization and needs.
- Understanding the policy coverage — Cyber liability insurance doesn’t need to stand alone. Existing insurance policies might be very complementary to these new cyber policies. Some businesses might also require a combination of products to get adequate coverage. That’s why it’s important to understand how each product could benefit an organization should they become liable for a data breach. Furthermore, the damages resulting from cyber liability can be difficult to quantify and grasp. Translating cyber risks into a financial model is a key step in ensuring adequate coverage. While cyber security remains a business risk, the cyber-relevant aspects should be studied and articulated by a cyber security professional. It’s in an integrator’s best interest to seek guidance from a professional broker or field expert who understands both worlds of business and cyber security risks.
- Knowing the claims process — Coverage is one aspect to consider when shopping for cyber liability insurance. The claims process is another. Generally, an integrator can expect to receive monetary compensation when a claim is approved, which is helpful. However, each insurance provider will have a process in place for vetting the claim’s authenticity, and a general timeline for which funds can be paid. If a data breach happens, an integrator should know how quickly relief will become available. Also, some insurance companies provide access to other expert services such as cyber investigators or public relations firms. While an integrator might be busy managing response to a breach, the extra assistance during this time could be a welcomed perk.
IS CYBER LIABILITY INSURANCE RIGHT FOR YOU?
The prevalence of cyber security threats will only increase as the Internet of Things (IoT) gains more momentum. It’s why all organizations including security systems integrators must do their due diligence and look into cyber liability insurance. The biggest benefit derived from this insurance is peace of mind should a breach occur. However, it’s also a great way for security professionals to strengthen their cyber security posture.
The reality is that not all integrators might be able to afford this type of insurance. If that’s the case the integrator business must assume the risk. It becomes wholly up to their team to ensure cyber security best practices are being considered and implemented at every point in a project, from installation through to maintenance. They must remain vigilant and partner with providers who provide tools and assistance to quickly identify and mitigate risks and keep security systems free from potential vulnerabilities.
As time goes on, end users will likely begin requiring this type of insurance to enforce cyber security best practices and vet partners. It can become a condition stipulated in tenders and a requirement for winning projects. Whether or not an integrator decides to invest in cyber liability insurance, one thing is clear— growth for an integrator company will depend on how well its team is able to stay on top of the evolving landscape of cyber threats. — By Mathieu Chevalier, Security Architect, Genetec Inc.