Cyber liability insurance has been around for more than 10 years but most people probably have never heard of it. So what exactly is cyber insurance? It is an insurance product that is used to protect an individual user or a business from cybercrime. Coverage typically includes data breaches, hacking, theft, extortion and denial of service attacks. Policies will vary depending on the size of the company, the industry it operates in, the amount of data it has, and the preventative measures it already has in place to secure that data. By providing funding after a cyber-attack, cyber insurance helps businesses recover quickly and reduces the need for government assistance.
Cyber insurance is becoming more and more common as companies increase their business online. In 2013, the sales for cyber insurance at Marsh (a USA based insurance broker) has increased 21 percent. Their sales for the first half of 2014 doubled what they were for the same time period in 2013. This may have been influenced by the large public data breaches that occurred at companies like Facebook, P.F. Chang’s, Target, and Sony.
This number will continue to grow as we move into the future, as more than 500 million data records from US businesses have been compromised since 2008. These data records contained customers’ private information and companies’ financials. In 2010, over 350 data breaches were voluntarily reported in Canada, up 29 percent from the previous year. Without cyber insurance, your company can grind to a halt from one system hack or data breach. These incidents can have a negative impact on a company’s finance and reputation.
Cyber insurance is not just for large companies with big data. A recent study by Ponemon Institute has found that companies with less than 10,000 records are more likely to be hacked than companies with more than 100,000 records. This is in part because smaller firms tend to have less sophisticated defense systems in place against hackers.
Is cyber insurance the only precautionary measure to take? It’s definitely a step in the right direction, but there’s more you can do to protect your company. Start with creating an incident plan so that your company is ready to respond if a breach should happen. Make sure your employees are educated on the company’s data protection policies and security best practices by holding regular security training sessions. Consider investing in a document security solution that will protect the contents of your documents and give you better control of who has access to those documents.
Is your company at risk for a data breach? Find out using our free risk grader.