Although most U.S. businesses are smaller than Sony, the weeks-long attack that occurred when the company attempted to release a somewhat-controversial movie is the type of threat that can happen to any business.
As further evidence, although the official blame went to a foreign country, many computer security analysts said that the attacks were something a private group of hackers would be able to execute.
The upshot for most businesses is that in addition to stringent cybersecurity-breach reporting laws in most states and costly fixes or changes that need to be made, they now also have a “bad actor” level of threat to guard against.
Fortunately, in addition to creating an infrastructure that allows for information-sharing between companies, the insurance industry has stepped in to fill the gap with better definitions for products that provide coverage for companies that are potentially liable when things go wrong.
Types of coverage
Although it can seem confusing because there are a number of ways that your company can be exposed to different types of threats, the insurance industry has spent a lot of money to differentiate products so that they apply to specific situations and needs.
One popular type of coverage helps companies that are building software for other companies and consumers. It takes the standard errors and omissions coverage and extends it to include liability coverage for when a company inadvertently leaves a security gap in the product that they deliver.
Another type of coverage caters to companies that have shifted their applications and servers online. Whether they have front-facing web applications that their clients use regularly or they are primarily focused on serving the needs of their employees, a breach will be covered and they can use the policy to pay for forensics and other remedies in addition to addressing the potential liability that they may incur.
For companies that host customer data and applications, there is yet another class of coverage that allows for use-case scenarios that they might encounter, whether they are financial firms or hosting providers.
Insurance for cyber threats: Getting started
Because there are so many types of threats in today’s marketplace, spend some time building solid requirements that you can take out into the marketplace.
Knowing the specific threats, risks and costs associated with each will allow you to prioritize your must-have types of coverage.
Including insurance company input into your requirements-creation process will help give you a broader base of statistics to work from when calculating the expenses you can expect to encounter if you don’t have coverage.
In addition, look at what information the government offers regarding cyber c threats. Both the FBI and the White House regularly update opportunities for companies that would like more information on the current environment, or how to get involved with groups that can make your firm more secure.
One recent update from the FBI is typical of the type of executive summary that can help you get a better view of the macro environment and better gauge risk.
Looking at partners
Once you have your requirements set, it shouldn’t be hard to find policies to match your needs.
Keep in mind, however, that not all insurance companies have chosen to provide cyber-threat coverage. And among those companies that do, you will find that the categorization for cyber-threat policies is not all uniform.
Just the same, most companies that do provide cyber-threat coverage either specialize in a niche or have the same comprehensive policy types that their competitors do — even if the nomenclature is different.
Here are some things to consider when you go to vet specific policies:
- Does the company offer parallel coverage for types of cyber-threat insurance that you may want to add later?
- Do you have a list of scenarios that typify the threat you might encounter so that you can work through it with your insurance partner to determine which policy meets your real-world needs?
- How robust is the support infrastructure and how knowledgeable are the staff when it comes to being able to service claims?
Overall, in a changing environment it pays to cover potential cyber-threat liability. The smaller the risk that your company ends up having, the more likely you are to save your organization time and money.
Michael Rogers is the operations director of USInsuranceAgents.com.