Why Your Business Needs Cybersecurity Insurance

Preventing cyber-crime is one of our top priorities – and for good reason: the threat level is higher than ever. In 2020, Data breaches exposed 36 billion records in the first half of 2020. While partnering with a Managed Services Provider can help provide cybersecurity, no network should ever be assumed 100% secure. Cybersecurity insurance is an important part of any business continuity plan. Cybersecurity insurance offers protection against potential claims resulting from a data breach. It also offers protection against financial loss, as well as business interruption coverage. Read on to learn more about cybersecurity insurance- and why your business needs to have it.

Claims resulting from a data breach

A data breach can expose sensitive information about employees, clients, and third parties (such as suppliers and vendors). Depending on the severity of the breach, you may be required to cover damages.

The global average cost of a data breach is $3.86 million (Varonis). If you have cybersecurity insurance, some of the incurred costs, including legal fees, remediation, and damages, can be covered. Insurance companies will often also include advanced cybersecurity teams to assist with the breach. Hiring a firm to perform forensic analysis and response can be very expensive without insurance.

Make sure you thoroughly understand your policy ahead of time. Coverage is often quite different from company to company.

Business interruption coverage

Certain types of incidents can also directly impact your finances. For example, your bank accounts could be compromised or access to critical systems or equipment could be shut down-halting business operations directly. You could also be afflicted by a physical disaster, such as a fire, that could halt your operations. 40% of businesses fail to reopen after a business interruption (Web.com). These types of scenarios can cripple a business and take months (or even years) to resolve, if at all. 90% of businesses fail less than two years after being struck by a disaster (Web.com).

Cybersecurity insurance can help cover some of the losses, provide funds, and get the business back online.

Policy Updates

In 2018, there was a new addendum to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). There was also an update to the European Union’s General Data Privacy Regulation (GDPR), which also impacts Canadian businesses if they store or process information for European citizens.

Essentially, these compliance updates increase the risk of punitive measures and fines. Fines can be up to $100,000 per violation- something your business may not be able to recover from on its own. Cybersecurity insurance can help with the impact.

Corporate officers may be held liable

As the number of breaches continues to increase each year, discussions around holding corporate officers responsible for cybersecurity negligence have become a serious topic. Cybersecurity should be considered essential to your corporate strategy. It’s important to have everyone in your company involved, especially the leadership team.

that executives and corporate boards can be named liable in the event of a breach- if there was a proven failure to exercise due diligence and governance with cybersecurity policies and procedures.

For example, if the IT team puts in a documented request to implement MFA (Multi-Factor Authentication) to protect the business because they know it offers 99.9% protection against identity-based attacks, and the leadership team denies the request, they may be held liable for not exercising proper care.

Oftentimes, cybersecurity insurance can assist with liability if negligence isn’t a factor.

Choose an independent broker and have them work with your MSP

Guidance from an MSP is an invaluable tool. Ensure you involve your MSP when choosing cybersecurity insurance. The best strategy is to use an independent insurance broker that can obtain quotes and policy details from numerous insurance companies. Coverage is often quite different from company to company.

Have the broker consult with your MSP to ensure that you get the coverage that you need for your business. The right broker will meet both explicit and commercial needs and source a policy that aligns with your risk tolerance.

Insurance coverage is not a suitable alternative to implementing appropriate cybersecurity. You need both. The best way to implement modern cybersecurity best practices is to partner with a Managed Services Provider.