Why Cyber Insurance Is Worth It for Your Business and What to Consider
Sikich
|
Jan 11 2023
|
5 min read
The FBI found a 300% increase in cybercrime since the start of the pandemic in 2020.
How can you protect yourself against losses in the case of a breach?
In this article, we break down the what, how, and why of cyber insurance for your business. This article is for knowledge only. Always include your legal team in any discussions around cyber insurance.
What Is Cyber Insurance?
Cyber insurance is just what it sounds like: insurance to protect your business from financial losses that may be incurred during cyberattacks such as data breaches, system hacks, ransomware extortion, and other issues.
The Hiscox Cyber Readiness Report™ 2022 found that U.S. businesses are more concerned about cyberattacks than the pandemic or skills shortages. The report also noted that the median cost of an attack in 2022 was $18,000, up $10,000 from last year. Nearly half of businesses in the U.S. have experienced an attack.
The most common port of entry was a corporate server in the cloud.
Regardless of the size of your business, cyber criminals are opportunistic and will attack wherever they perceive an opening to make money. For this reason, cyber insurance may be a necessity to protect your business.
You will need to:
Understand your business level of risk.
Know your regulatory responsibilities.
Determine your budget.
The coverage you need will depend on the particulars of your business. For example, healthcare companies and others that handle sensitive information might be at higher risk for cybercrime. When considering your budget consider:
Are you prepared to meet the security standards required by the insurance contract?
How much would it cost to recover from a cyber attack? Remember to consider restoring lost data, repairing damage to business reputation (hiring a PR firm), and the length of recovery.
The cost of being sued due to a cyber attack, including the costs of hiring a lawyer, potential fines, and settlements.
Work with a broker to assess your business’s risk and recommend the right amount of coverage to fit your needs.
Cyber insurance usually excludes the following:
Property damage
Intellectual property (separate coverage)
Self-inflicted cyber incidents
Costs of cybersecurity/protective measures
Cyber Insurance Coverage Checklist
As you begin the conversation about whether cyber insurance is right for your company, ask these questions:
Where is all our sensitive data stored?
What safeguards are in place to protect the information?
Have we implemented a Risk Management Program?
How does Integration Solution impact my security posture?
If your data is lost in a cloud solution, what is your recovery plan?
How can I share the responsibility to protect my business and its data with all stakeholders?
Are your employees educated on cybercrime prevention? Reducing business risk starts with a comprehensive set of internal policies and an aligned cybersecurity education program.
As cybercrime ratchets up, securing coverage is getting more difficult. Meeting insurance carrier requirements is imperative. With cyber-related losses at an all-time high (with ransomware leading the way), cyber insurance carriers are requiring improved cyber hygiene in the form of risk controls.
The most important risk controls include:
Multifactor Authentication (MFA)
Endpoint Detection and Response (EDR)
24/7 Security Operations Center (SOC) and Monitoring
Network Backups
Network Segmentation/Update
Without securing the risk controls that carriers demand, your company will either not be able to obtain cyber insurance or may not be covered in the event of a cyberattack.
For those businesses that have cyber insurance, don’t wait to submit your renewal applications as new controls and technical components are updated daily. It no longer works to say that a company has certain controls in place; the underwriters will ask for proof of everything, such as MFA, as functioning at the time of the attack.
Compliance and Cyber Insurance
Businesses are required to follow privacy regulations set by various regulatory bodies. In addition, companies must adhere to various privacy acts. It’s up to business owners to know their obligations for protecting sensitive personal information. Keep in mind: Insurance policies may not cover businesses not compliant with local policy regulations.
A few of the most well-known privacy acts are the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). GDPR and CCPA apply to all companies who store and process data belonging to EU citizens and California residents regardless of where the company is located.
The Cybersecurity Maturity Model Certification (CMMC) is another regulation. CMMC requires formal third-party audits of defense industrial contractors to ensure DoD contractors properly protect sensitive information.
How Sikich Can Help with Cyber Insurance
Given the requirements of a good cyber insurance policy, it’s clear any business will need solid cybersecurity in place to make a successful claim if there is a breach.
Sikich can help you maintain your cyber hygiene. We offer Tech 360 Managed Security Services, 24/7 monitoring with Endpoint Detection and Response (EDR) and a Security Operations Center (SOC), multifactor authentication (MFA), network backups, professional IT services, network segmentation, security audits and assessments, security testing and consulting, and forensics and incident response.
Give us a call today to set up a consultation, and watch our recent webinar, Strategic Guidance for Everchanging Cyber Insurance, below.
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.
About the Author
Sikich
Sikich is a global company specializing in technology-enabled professional services. With more than 1,900 employees, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and is comprised of one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies, Sikich clients utilize a broad spectrum of services* and products to help them improve performance and achieve long-term, strategic goals.
*Securities offered through Sikich Corporate Finance LLC, member FINRA/SIPC. Investment advisory services offered through Sikich Financial, an SEC Registered Investment Advisor.
Sign up for Insights
Join 14,000+ Business executives and decision makers.
Latest Insights
Oracle Cloud
Redefining Internal Audit: How Oracle RMC Elevates Efficienc...
December 20, 2024
Oracle Cloud
Redefining Internal Audit: How Oracle RMC Elevates Efficienc...
December 20, 2024
Implementing Oracle Risk Management and Compliance (RMC) redefines the role of Internal Audit Managers, transforming the traditional audit process in...
From Paper to Automation: Rethinking Shop Floor Reporting
December 18, 2024
Technology
From Paper to Automation: Rethinking Shop Floor Reporting
December 18, 2024
Traditionally, manufacturers have relied heavily on manual shop floor reporting methods involving paper logs, spreadsheets, chalkboards, and color-co...
Enhancing Disaster Recovery with Microsoft Azure Site Recove...
December 17, 2024
Article
Enhancing Disaster Recovery with Microsoft Azure Site Recove...
December 17, 2024
Ensuring business continuity and minimizing downtime during unexpected disruptions is always paramount for any business. Microsoft Azure Site Recover...
The Cost of Free Custom Code in Multi-Company Organizations
December 16, 2024
Dynamics 365
The Cost of Free Custom Code in Multi-Company Organizations
December 16, 2024
If you are part of a large, multi-company organization, or if you have various "affiliated" companies, you may find yourself in a situation where cus...
Transforming the Role of Risk Managers with Oracle RMC: From...
December 13, 2024
Oracle Cloud
Transforming the Role of Risk Managers with Oracle RMC: From...
December 13, 2024
In the evolving world of risk and compliance, the role of the Risk Manager is transforming at an unprecedented pace. Traditionally, managing risk mea...
Only One Microsoft Dynamics 365 ERP System Is the Right Solu...
December 12, 2024
Technology
Only One Microsoft Dynamics 365 ERP System Is the Right Solu...
December 12, 2024
Are you looking to upgrade from an older Microsoft ERP system, like Dynamics AX, Dynamics NAV, Dynamics GP, or Dynamics SL? Or are you considering Mi...
For the second year running, I attended the Association of Equipment Manufacturers annual conference. This year it was in sunny and warm Indian Wells...
Managing user privileges is a critical part of maintaining robust security policies. Traditional methods of managing privileges, such as using local ...
Setting Up Delegate Approval Functionality in NetSuite
December 9, 2024
Technology
Setting Up Delegate Approval Functionality in NetSuite
December 9, 2024
Unexpected delays can halt critical approval processes. Even the most benign activities can slow or stop business operations. Scheduled vacations, il...
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.