3 common cybersecurity insurance coverage issues

When it comes to comprehensive protection for your business, cybersecurity insurance has changed from “nice to have” to “must have” for many companies, no matter the industry.

That's largely because the number of cyber attacks and the costs associated with them continue to increase as hackers develop new ways to steal from businesses and more employees work remotely from less-secure networks. IBM now pegs the average cost of a data breach at $4.24 million — the highest average total in the 17-year history of its annual report.

These are outsized risks your business simply can’t afford to ignore.

Solid cybersecurity insurance can help mitigate these dangers but building a robust virtual shield isn’t as easy as just taking out a standalone policy or adding an endorsement to your existing businessowners policy. 

What coverage issues should you be on the lookout for as you evaluate your insurance options? 

Common cybersecurity insurance coverage issues

1. Not enough/the right coverage.
   Responding to a cyber attack or data breach isn’t cheap. Your costs could include a range of direct and indirect costs, including security experts, legal bills, regulatory fines, ransoms (in the case of ransomware) and even potentially lost business.
   
   Common cybersecurity insurance policies typically include coverage of between $500,000 and $5 million per cyber event, with $1 million being a standard figure.
   
   Unfortunately, with the average cost of a cyber event now exceeding $4 million, according to IBM, that might not be enough to fully protect your business. A recent survey from the Hanover Group, for example, found that:
   
   • 42% of businesses may not have enough insurance to cover the average cost of an attack.
   • 40% have not increased their cyber policy limits in the past year. 
   
   Businesses dealing in lots of customer data, as well as those in highly regulated industries, such as health care and financial services, may face even higher costs when it comes to responding to a virtual attack.
   
   It pays to review your coverage closely with an agent you trust to ensure your business will be protected for whatever comes its way. 
   
   
2. Existing cybersecurity weaknesses.
   As businesses face more and more cyber attacks each year, experts say it’s becoming clear that certain things make a world of difference in the outcome.
   
   A speedy response is one. It now takes around 280 days to identify and contain a system breach, according to IBM; companies that can do it in less than 200 days spend an average of $1.1 million less. Speed is key.
   
   Other low-cost measures, like a trained corporate incident response team, automated security measures and employee training, can all help push down the cost of responding to a cyber event.
   
   That has cybersecurity insurers asking tough(er) questions of potential clients and requiring detailed security and breach response plans as part of the underwriting process. Some policies now exclude cyber incidents that were caused by social engineering attacks (a category that includes phishing) and/or employee errors in security.
   
   If your company doesn’t already have some of the above cybersecurity measures in place, know that implementing them now (or as soon as possible) can increase your security and reduce your cyber insurance premiums.
   
   
3. Not thinking beyond cyber.
   Responding to a cyber attack or data breach doesn’t just mean patching the holes in your defenses and investigating the incident — it also means surviving a sudden drop in business and subsequent damage to your company’s reputation.
   
   According to the Hanover Group, 60% of business owners say they would be unprofitable in just two days if they lost access to critical systems or data; that number rises to nearly 100% after just one week. Is your business covered beyond the direct costs of a cyber attack?
   
   Business interruption insurance, errors and omissions insurance and online banking theft insurance can help close any coverage gaps you have, and ensure your business survives a cyber attack or breach that keeps you offline for an extended period of time.
   
   Strong cyber insurance is an essential piece of protection for most every modern business but you also need to watch out for these common cybersecurity insurance coverage issues. Reach out to a friendly UFG Insurance agent today for help creating your well-rounded cybersecurity defense.