No business, large or small, is immune to cyber incidents. Cybercriminals deploy cyberattacks at scale, targeting thousands of small organizations with devices looking for cybersecurity weaknesses, such as lack of encryption, poor password management, or employees who click on a phishing email. Such weaknesses fall into the category of basic cybersecurity hygiene to keep organizations secure online.
“Great company! Quick and easy customer service! I would highly recommend!”
– Andrew F.
Cybersecurity insurance generally covers your company’s liability in the event of a network security failure resulting in:
First-Party Expenses: This category includes costs that organizations would ordinarily have to pay to mitigate losses related to a data breach or privacy incident. Examples of first-party expenses are:
Incident response and digital forensics services
PR services to manage reputational damage caused by a breach
Notification to affected parties
Other expenses involved with directly responding to a
Third-Party Expenses: This category covers costs associated with defending liability claims and/or fines and penalties assessed by regulating authorities. Examples include:
Legal fees to defend lawsuits against the company
Fines for violating HIPAA regulations.
Cyber Crime Costs: This category deals with financial losses resulting directly from criminal activity. An example is the theft of funds as a result of digital fraud.
A data breach involving sensitive customer information (i.e. health records, Social Security numbers, credit card numbers, etc.)
Cyber Extortion: Ransomware attacks are a prevalent form of cyber extortion.
Social Engineering: Phishing and spear phishing campaigns are types of social engineering.
Business Interruption: Losing revenue from downtime caused by a cyber incident constitutes business interruption.
Virus Transmission: End-to-end coverage applies from discovery to removal of a virus, even if the virus spreads before being removed.
Liability Implications: Legal fees and regulatory fines comprise typical liability costs.
Assess what type of sensitive information you and your company collect, such as payment information, personal identification information or protected health information. This type of data in particular is a common target of cyber incidences. Also, if your employees use their own devices at work and how much the business relies on confidentiality.
When MFA is enabled on an account, cybercriminals can’t access it even if they have stolen the account credentials because MFA requires one or several additional factors generated dynamically that only the account owner can access.
A cybersecurity risk profile show insurers exactly what your current situation is regarding cybersecurity and protection, so they have a good idea of your vulnerabilities and what you might be more likely to claim for. This also might include a list of potential expenses you would require if you were the victim of a cyberattack, and any related service costs for third parties such as outsourcing investigations and data/network services.