How to Buy Cyber Insurance?
Many customers are asking, “Where can I buy cyber insurance?” or “Is there insurance for cyber attacks?” which shows there are a lot of questions about cybersecurity insurance. To provide some answers, we asked insurance brokers from New Mexico and Orange County to show us what the process for purchasing cyber insurance looks like. Though cyber insurance is not as standardized as car insurance, the process of buying is pretty familiar.
There’re 3 steps when purchasing cyber insurance: 1) work with an IT security professional and insurance broker to help determine the amount of coverage needed, 2) have your insurance broker obtain at least 3 quotes, and 3) have an IT professional determine that your technology meets the requirements of your policy.
We highlight some important things to keep in mind while you go through each step in this process below.
Nickie Tran, President of IQ Risk Insurance Services, says the very first thing a company needs to do is complete a cyber liability application. This acts as a mini risk assessment of the security you have in place and sets the groundwork for the next steps.
Step 1 - Determine How Much Coverage You Need
Some people ask if cyber liability insurance is for small businesses too, and the answer is yes! The real question is how much coverage do you need? There are two areas to consider when determining how much coverage you should get: 1) first-party (direct) costs and 2) third-party costs. Let’s start with the first-party costs.
First-party costs you could incur should you be attacked and breached:
The cost of hiring IT Security Professionals – these experts will probably need to do the following
Basic forensics to determine how your network was breached
Clean your system to make sure you are not still infected
Aid in recovering data that may have been lost or compromised
You may need to purchase new technology hardware, software, or services to prevent another attack
According to Kosh’s in-house security team, cleaning up after a cyber attack can take anywhere from 1 day to 2 weeks depending on the severity of the attack, the initial setup of the technology, and the industry. At a rate of at least $150 per hour that works out to $1,200 to $12,000 just for the IT cleanup.
The cost of downtime is typically one of the largest expenses of a breach. In the Hiscox study, they found that 19% of businesses that were breached lost customers and almost 18% said they had great difficulty attracting new customers (pg 10 Hiscox Cyber Readiness Report 2021).
How much would it cost your company to be down per day?
Fines from government agencies (usually for data leaks of personal data)
Equifax had to pay over $575 million in fines
Third-party costs you could incur might include:
Being sued for damages due to a data leak
Ex. You leaked someone’s username and password they used to log into your site. Those credentials were then used by cyber criminals to access that person’s bank account and make fraudulent purchases.
Being sued for damages because your system infected another system
Ex. Your employee clicked on a phishing email that released a virus on your network. That virus then traveled through your company’s email list and infected other companies.
Representation for these third-party claims
Representation during negotiations with the cybercriminal
It’s pretty tricky to determine how much these first-party and third-party costs might be in the event of a breach, but it’s good to know what liabilities you have out there. If you’re in a highly regulated industry like healthcare or financials, then fines and third-party costs can really add up quickly. But even if you just have an email list and a website, significant costs are floating around.
Here is a free calculator that can help you ballpark the amount of cyber liability coverage you need.
Though determining these potential costs for your specific company is important, we do have some average costs we can look at for guidance.