There’s no question that data breaches can be a very costly thing, just ask Sony Pictures. Remember when the movie company was breached last November allowing hackers to scour the company’s networks and have access to pretty much every facet of Sony’s data? Well, Sony remembers, mainly because the breach had estimated losses for the company ranging from tens of millions of dollars to hundreds of millions of dollars. However, Sony isn’t the only company that has dealt with something like this. Similar data breaches occurred at TJX and Heartland, costing each company in excess of $100 million.
That’s why when CEO Michael Lynton revealed in an interview that Sony’s intrusion-related costs would be almost entirely paid for by insurers a reinvigorated discussion on cyber insurance came to the forefront. This is because this was one of the first times that a major data breach victim had talked publicly about how an insurance policy had helped offset the cost of the breach. So why is cyber insurance so important? Well, if Sony’s recent brush with a cyber attack isn’t enough to persuade you then hopefully these 5 things should open your mind.
How Exposed Are You?
The breach at Sony is a staggering look at the fact that companies are at risk of losing a lot more than financial data and personally identifiable information in a data breach. Other things, like trade secrets and intellectual properties, are also at risk of being taken and disruptions to your company’s supply chain, customer service operations, and critical functions are also possibilities. While you may not be able to put an exact dollar amount on some of these things doesn’t mean that they don’t count as vulnerabilities.
Small Deductibles = Small Premiums
Having a solid and vetted cybersecurity program is a good way to ensure that your deductibles and insurance premiums are kept at a minimum. Doing this could also result in discounts from your insurer including reduced premiums and increased limits. What’s more is that your potential for filing a claim at all is also reduced. You can help yourself by keeping your data collection minimal and making sure that all personally identifiable information that you do collect is stored and disposed of properly.
Insurance Does Not Equal Security
Companies shouldn’t even consider cyber insurance until they have implemented any and all recommended security measures for its environment. Companies should have all of their vulnerability managements, patches, intrusion-detection systems and other things in place before contacting an insurance company. If you have gaps in technology or skills then it is highly recommended that you spend money in those areas before cyber insurance. A lot of insurance companies will either refuse to cover you or will attach very expensive exclusions, caveats, and upfront deductibles to your policy.
Know What Your Insurer Wants
Cyber insurance has become a very lucrative and competitive business. As Sony has proven, breaches can be very costly so insurers are being forced to develop more sophisticated programs to assist in data gathering for making decisions. The problem is that no two businesses are the same, so developing policies and premiums is becoming difficult. Many insurers conduct evaluations in order to make sure that IT policies are in place and are relevant.
Quote Sheets Don’t Say It All
People always say to read the fine print, but this is especially true for cyber insurance. Policies that compensate you against losses from cyber threats are less standardized than policies for other types of insurance. These policies usually contain exceptions and special circumstances, making the coverage less comprehensive than it appears to be on the quote sheet. Insurance underwriters will sometimes include things like coverage sublimits or exclusions that deal specifically to the risk profile of the company that is seeking the insurance.
Due to the fact that cyber insurance costs can vary a lot, you should shop around or use a trusted broker or another resource to browse options. You want to be spending your money intelligently on a policy that won’t have a lot of exemptions and one that covers the issues you are most likely to face. Regardless of what you decide to go with, you should be ready and willing to demonstrate a solid commitment to security through yearly certifications and audits. Follow these tips and you will be well on your way to making sure what happened to Sony doesn’t happen to you!
Content originally published here