Written by Firas Jadalla, Regional Director for the Middle East, Turkey, and Africa (META)
Cyber threats are becoming the number one business risk for organizations of all sizes. From system hacks and DDoS attacks to the increased prevalence of ransomwares, news of cyberattacks seems constant. While there have fewer reports of major attacks comparable to the Yahoo breach of 2017, where the personal information of 3 billion users was exposed, that’s no reason to be complacent. Governments are stepping in to update policies and standards, which hold more organizations accountable.
For instance, the European Union’s General Data Protection Regulation (GDPR) which came into effect in 2018 mandates that businesses adhere to specific governance and accountability standards in the processing and protection of data concerning EU citizens. This new legislation also stipulates that should a breach occur, companies must report it to the supervisory authority within 72 hours. Failure to comply with these new regulations could result in up to $20 million euros in penalties or 4% of the company’s global annual turnover.
While organizations have been busy trying to understand the impact of these new requirements and putting in place the necessary steps to comply, few have considered whether or not they are protected against loss in the event of a data breach or unintentional non-compliance.
Getting Familiar with Cyber Liability Insurance
Business insurance and other forms of insurance are nothing new to most organizations. However, as risks have evolved into the cybersphere, insurance policies and products have too. Today, there are over 100 insurance companies worldwide offering cyber liability insurance which help to absorb the risks for their customers who experience a breach. Hart Brown, a leading cybersecurity expert at Firestorm Solutions, a crisis and risk management firm, estimates the global market value for written cyber liability policies to be around $2.5 billion. Insurance providers such as Allianz predict that this figure could reach$20 billion by 2025.
There’s good reason for this growing demand. Cyber liability insurance helps mitigate risk and uncertainty. In the event of a security breach at a client site, cyber liability insurance will give businesses peace of mind and ensure they are able to access funds to manage response and keep the business running in case of a cyber-attack.
For systems integrators, there is also an opportunity to enhance their cybersecurity posture and showcase this insurance as proof to clients that they are following strict cybersecurity protocols. That’s because to become eligible for the policy, the integrator must prove that they are adhering to advanced cybersecurity standards and measures. Even when the policy is active, should the integrator make an insurance claim, they’ll need to show that all cybersecurity best practices were implemented from the project’s start, or the claim could be denied.
Taking the Onus for Risk Beyond the Insurance
Since cyber liability insurance is a new product, there are still many unknowns for insurers on how to properly assess and calculate risks. Usually, costing out coverage involves filling out a standard questionnaire on IT policies, organization hierarchy, IT infrastructure size and the nature of the business. In many cases, insurance providers will tend to overestimate liability and keep premiums high.
Even so, businesses cannot rely on this insurance to save them from unexpected cyber threats. The insurance only assists in absorbing the costs should a breach occur. It’s critical that they continue to maintain the highest standards of cybersecurity. These include implementing various levels of defense such as encryption, authentication, and authorization. It should also include employing various tools to better protect data privacy and properly installing devices using strong passwords.
Organizations should take time to properly vet suppliers and select partners who are prioritizing the cybersecurity in the development of their products. They must stay on top of updates and patches, to ensure they are working with versions that have addressed any known vulnerabilities. It’s also important they take a more active role in educating their employees, proving general guidelines which can help them avoid unnecessary risks.
With these combined strategies, organizations of all sizes can ensure that they are doing everything in their capacity to fortify their cybersecurity posture and evade a permanently damaged reputation.
Three Key Considerations When Buying Cyber Liability Insurance
Identifying the Cyber Risks – Since cybersecurity can encompass a lot of different facets, so can the liability insurance. Experts suggest that there are as many as 12 different types of coverage available for various triggers. That’s why it’s critical to have a clear understanding of the cyber risks for which the organization needs protection. These can include a range of online and offline risks, spanning everything from data breaches to theft of corporate assets. When a company can be very specific about the potential pitfalls they need to address, they are in a better position to find the insurance that will match their organization’s needs.
Understanding the Policy Coverage – Cyber liability insurance doesn’t need to stand alone. Existing insurance policies might be very complementary to these new cyber policies. Some businesses might also require a combination of products to get adequate coverage. That’s why it’s important to understand how each product could benefit an organization should they become liable for a data breach. Furthermore, the damages resulting from cyber liability can be difficult to quantify and grasp. Translating cyber risks into a financial model is a key step in ensuring adequate coverage. While cybersecurity remains a business risk, the cyber-relevant aspects should be studied and articulated by a cybersecurity professional. It’s in everyone’s best interest to seek guidance from a professional broker or field expert who understands both worlds of business and cybersecurity risks.
Knowing the Claims Process – Coverage is one aspect to consider when shopping for a cyber liability insurance. The claims process is another. Generally, businesses can expect to receive monetary compensation when a claim is approved, which is helpful. However, each insurance provider will have a process in place for vetting the claim’s authenticity, and a general timeline for which funds can be paid. If a data breach happens, organizations should know how quickly relief will become available. Also, some insurance companies provide access to other expert services such as cyber investigators or public relations firms. While a company might be busy managing response to a breach, the extra assistance during this time could be a welcomed perk.
Is Cyber Liability Insurance Right for You?
The prevalence of cybersecurity threats will only increase as the Internet of Things (IoT) gains more momentum. It’s why all organizations including security system integrators must do their due diligence and look into cyber liability insurance. The biggest benefit derived from this insurance is peace of mind should a breach occur. However, it’s also a great way for security professionals to strengthen their cybersecurity posture.
The reality is that not all companies might be able to afford this type of insurance. If that’s the case the business must assume the risk. It becomes wholly up to their team to ensure cybersecurity best practices are being considered and implemented at every point in a project, from installation through to maintenance. They must remain vigilant and partner with providers who provide tools and assistance to quickly identify and mitigate risks and keep security systems free from potential vulnerabilities.
Cyber liability insurance is not a get-out-of-jail-free card. To elaborate a successful cybersecurity strategy, it’s important to understand what you must defend against. Genetec solutions are designed with several security layers and employ advanced authentication and encryption technologies. They help businesses understand the threat actors and assess potential security risks, while assisting them in mitigating that risk and building a defense-in-depth strategy to achieve greater cyber resilience.