Insurance is all about mitigating risks by transferring those risks to an insurer. Businesses of all sizes need to choose which risks to insure against intelligently. Some common business risks transferred to insurance companies in return for premiums are fire, theft, and employee injuries.
A new type of risk that has emerged in recent years is the threat of cybercrime. Any business with an IT system faces cybercrime risks that can result in IT failures, data loss, and business continuity problems. A massive surge in cybercrime has led many businesses to conclude that cyber insurance is a worthwhile investment.
This article explains what cyber insurance is, how insurance companies calculate the risks, and how cyber insurance policies work.
What is Cyber Insurance?
Cyber insurance is a type of insurance that protects businesses from threats to their IT infrastructures and activities. Businesses transfer the risks of a cyber attack to an insurance company in return for regular premium payments. If a covered business falls victim to a successful cyberattack, the insurer then typically covers the associated costs of that attack.
How do Insurers Calculate Cyber Insurance Risks?
Insurance companies employ underwriters to evaluate their risks and decide on an appropriate premium to cover those risks. For a cyber insurance policy, an important factor impacting the premium is the current trend of cybercrime.
Recent high-profile incidents like the Equifax data breach in 2017 and the Aadhar breach in 2018 indicate to insurers that serious cybercrime is on the rise. The insurer will also use statistics to determine the prevalence of cyber threats in specific industries.
When applying for cyber insurance, businesses will need to answer questions about their current cybersecurity infrastructure. Applications will request information about the number of network endpoints attackers can exploit and what cybersecurity defenses are currently in place to mitigate or stop cyber attacks — the more robust a company’s existing defenses, the cheaper the premium for a cyber insurance policy.
Business size is also essential in calculating cyber insurance policy premiums. The larger the business, the more lucrative a successful cyberattack is, which means higher premiums.
How a Cyber Insurance Policy Works
A cyber insurance policy is typically tailored to the business that buys it. Insurance companies underwrite these policies on a case-by-case basis by taking into account a wide variety of relevant factors.
Businesses pay cyber insurance premiums according to the schedule that they have agreed with the insurer. If a company falls victim to a cyberattack, the business makes a claim, and the insurer provides financial cover for the costs of that attack.
Many companies that provide cyber insurance will also help businesses to recover quicker from successful cyberattacks. The reason insurance companies help businesses recover their systems is that the cost of a claim increases with the amount of IT downtime.
Cyber insurance policies work on a discovery basis, which means that businesses can typically make a successful claim if they discover evidence of a successful cyberattack after the start date of the policy. Even if the actual attack took place before the policy came into effect, the discovery basis of the policy ensures that the affected business gets compensated for their loss. Some policies might include an exclusion period in the small print, so it is essential to read each policy thoroughly.
Everything You Need to Know About Cyber InsuranceCyber insurance is a relatively new type of insurance cover that is quickly becoming essential for businesses of all sizes. It is prudent for companies to perform due diligence and match their cybercrime risks with an appropriate insurance policy.