Is cyber insurance necessary for my business?

Many businesses of all sizes and in most verticals (industries) are asking themselves if cyber insurance is something they need to get covered. Kosh Solutions, a managed service provider with cyber security expertise, breaks down a few fundamental points to keep in mind when weighing this decision. But deep down, if you're asking this question, you probably already know the answer!

Cyber insurance is as necessary as any property and liability insurance to protect the business from disaster. Fires happen far less frequently than cyber attacks and most businesses have fire insurance. Cyber insurance is a useful risk mitigation tool for any business.

There are a couple principles about cyber insurance that every business owner or decision maker should understand when considering cyber insurance:

1. Hackers aren’t targeting you, they’re targeting everybody.

2. Costs associated with a breach are difficult to predict.

Related articles:

• List of Free Cybersecurity Resources for Non-tech Experts

• What's covered by cyber insurance? And not covered?

• What are the requirements for most cyber insurance?

Hackers are not specifically targeting your business

The majority of cyber-attacks are more akin to a virus that goes out searching indiscriminately for vulnerabilities rather than a hyper-focused attack. Many business owners think, “why would hackers attack me? I don’t have a big online presence or bags of money.” The thing to understand is that hackers are not attacking you they’re attacking everybody! This is why according to Verizon’s 2021 Data Breach Investigations Report (2021 Data Breach Investigations Report | Verizon), 61% of all Small and Medium Businesses reported at least one cyber attack during the previous year!

However, there are certain geographies and business verticals that get hit more frequently. California’s healthcare industry accounted for 12% of all U.S. ransomware attacks (Title (hhs.gov)).

The fact that hackers are just spraying attacks at an ever-increasing rate means it’s not if, it’s when you get hit.

What is the cost of a cyber-attack?

According to Nickie Tran, President of IQ Risk Insurance Services, the number one concern of businesses considering cyber insurance is the cost. Since this is a major concern, it’s a good idea to explain what goes into the costs of cyber insurance.

In general, the costs of the insurance reflects the potential costs (risk exposure) to the insurer. There are two types of costs that affect your business in the event of a cyber-attack:

1. the direct cost to your business and

2. third-party costs that come back to you.

Use the cybersecurity breach calculator below to see what a breach may cost you.

Examples of direct costs:

• Cost for forensic and cyber security services: this is to clean and secure your system and determine what caused the breach.

• Legal representation: these are the lawyers that usually quarterback your response to the breach.

• Business interruption: this is the cost of downtime - lost revenue.

• Reputational damage: this can cause large customer turnover among other consequences.

• Data loss/recovery: the cost to have professional IT try to recover your files from backups or you have to try and rebuild data manually.

Examples of third-party costs:

• Legal defense for non-justified third parties filing claims against you: these are parties that are wrongfully claiming to have been injured due to your data breach.

• Reputational damage of a third-party: these parties claim they have experienced reputational damage due to your data breach.

• Data privacy fines: these are levied by government entities.

According to a 2021 study done by Hiscox Insurance (see the entire PDF report below) companies were paying a very wide range for each cyber-attack.