With hybrid work environments increasing digital operations and expanding the scope of technology used, cyber risk protection is more critical than ever. Yet, for many business owners, cyber insurance is still considered a discretionary purchase. Unlike property and commercial insurance policies, cyber insurance isn't standardized and is often viewed more as a luxury than a necessity.
Cyber insurance is also a new product, and many business owners do not yet understand how it works or why they would need to purchase it. The truth is, in our increasingly remote working environment, it's more important than ever to be covered in case of a cyberattack, but it can be challenging to know what you need.
Businesses using a hybrid work model must consider the risks and exposures they face without cyber insurance. If you're ready to assess your cyber threats and vulnerabilities, the following tips may help.
Get expert advice on cyber insurance
When getting the right cyber coverage, one of the most important things you need is a broker who fully understands your business and can describe your operations as an employee would. Once you have confidence in a broker, here are some questions you should consider to ensure you get the coverage you need:
- What data type do we maintain in our system (or our cloud provider)? What is my exposure if my data or systems are affected?
- If using a cloud provider for services, where is my data kept, and what contractual agreement do I have with the provider?
- How long can we continue to operate without our primary systems?
- How long do we anticipate it may take to recover from an incident like a data breach?
- What internal controls do we currently use? For example, call-back provisions for changing banking information, employee training in cyber hygiene, advanced firewalls, etc.
Get the coverage you need to secure your business.
Get the right cyber insurance coverage
The current cyber market provides various options that appear very similar at first glance, but they can differ dramatically from one another when you examine the policy wording. Even if the coverage titles are similar, the coverage may not be equal. Each policy has its unique terms, conditions, and exclusions that may modify the described coverage's intent.
At the most basic level, Cyber Expense or Privacy Breach Notification Expense coverage can be added to traditional commercial insurance packages and is intended to provide limited coverage (commonly $25,000). It is designed solely to assist with essential costs, like paying for postage when you send a privacy breach notification to affected individuals.
On the other end of the spectrum, some stand-alone cyber liability policies cover costs related to a network or security breach that results in disclosing personally identifiable information, personal health information, or third-party corporate information.
While fully customized cyber liability policies are also available, the foundation of any great program should include coverage for:
- Third-party liability: Liability arising from the unauthorized disclosure of personally identifiable information, personal health information, or third-party corporate information due to a security breach or network failure
- First-party expenses: Coverage to help your business with the financial burden of expenses such as crisis event management, security breach remediation and notification, and computer program and electronic data restoration
- Cyber extortion: System disruption due to ransom or extortion demands, including access to experienced cyber negotiators and ransomware specialists
- Cybercrime: Social engineering and unauthorized electronic funds transfers
- Business interruption: Income replacement while you attempt to recover from an incident
Develop your Cyber Incident Response Plan
While getting the right coverage is essential, any cyber policy you choose should be a part of an overall Cyber Incident Response Plan that identifies:
- The types of information you have
- Which people at your organization are working remotely
- Which people at your organization are responsible for initiating the plan
- Who to contact in specific scenarios or at specific points
- How the response plan adapts to particular situations
Cyber policies are complex coverage documents. In your Cyber Incident Response Plan, it's important to note at which point each type of coverage you purchase is available. The plan should also contain direction on utilizing the policy coverages. Certain coverages respond upon notice; others require prior written consent from the insurer.
No matter the size of your company, the dedicated team of expert advisors at Cowan Insurance Group can help you secure your business and assess any new exposures you may face due to increased technology use due to a hybrid work model.