As businesses grow more reliant on technology to store and process data, cyber crime is also growing. Imperva’s 2019 Cyberthreat Defense Report says 78% of organizations were hacked in 2019. With this growth, the need for cyber insurance is recognized more than ever, but there are some myths and misconceptions about insurance. Thomas Leonardi addresses these is a recent LinkedIn Pulse.
For starters, there is often confusion around what type of insurance can cover what type of incident. Leonardi talks about “silent cyber” or more precisely “non-affirmative cyber” whereby a policy doesn’t explicitly state whether a cyber-related loss is covered or excluded. He talks about how policies that are “silent cyber” were not written with cyber incidents in mind. “Without addressing the types of losses from a cyber-attack that are covered in traditional insurance, organizations run the risk of not having a physical loss arising from a cyber security failure – such as the losses associated with repairing and/or replacing damaged equipment - trigger the policy.”
Leonardi states that an “affirmative cyber” policy can help protect an organization from the physical damage that comes from a cyber attack. “Affirmative cyber language in insurance policies provides a more accurate picture of actual cyber risk exposure. Failure to tackle this problem will undermine the health of, as well as the trust and confidence in, the cyber market.” It can be costly to replace computers, servers and networking gear after a cyber attack, and a lack of coverage in this area could put a small business out of business.
There are also risks associated with non-physical claims that come out of a cyber security incident. Loss of data, fines, and potential ransom payments are all considered non-physical claims. Leonardi talks about the disputes that have arisen between insurance companies and the insured over whether the non cyber coverage can pay out. For instance, the insured will look to more traditional lines such as General Liability, Crime, or Errors & Omissions policy to try to get help to make a ransom payment. Leonardi says, “attempts to rely on other lines of insurance that are not designed to cover these non-physical risks are at the root of these disputes and underscore the value of cyber insurance.”
Leonardi argues in his LinkedIn Pulse that having Affirmative Cyber Insurance coverage is the best way to overcome misconceptions that can lead to disputes post cyber attack. When shopping for any insurance, and particularly cyber insurance, it is best to be clear on what the policy will cover and how much it will pay out. Being clear on your cyber coverage will also assist an organization close any gaps in their cyber security posture and understand their risk exposure.
To learn more about closing your security gaps, check out Uzado's managed services.