Understanding Cyber Insurance
As cybercrime becomes more sophisticated and widespread, especially with distributed teams and the growth of remote and hybrid work, cyber security is an even more pressing concern. Cyber Insurance offers companies the safety net necessary to protect themselves in the event of a data breach or cyberattack.
And it’s not just financial institutions and other highly regulated industries who need to invest in cyber insurance. In reality, many startups — from Software as a Service (SaaS) to life science companies — handle sensitive client data that requires protection.
What does cyber insurance cover?
The most common coverages a comprehensive cyber insurance policy offers are:
- Data and privacy breach coverage: To assist in managing the aftermath of data or privacy breaches, including costs for breach response, legal fees, and third-party expenses.
- System restoration costs after an incident: To cover expenses related to identifying the breach source and restoring affected systems to normal operation.
- Protection against cybercrime: To provide financial safeguards against cybercrimes such as hacking and data breaches, ransomware attacks, and social engineering. These can be extremely helpful to include in a policy in the case of a breach that leaves your company open to financial liabilities.
- Business interruption coverage: To compensate for income loss resulting from cyberattacks that disrupt or halt business operations.
- Cloud service provider disruption coverage: To offer protection against income loss due to outages or disruptions from third-party cloud service providers critical to business operations.
What isn’t covered by my cyber insurance policy?
Cyber insurance doesn’t cover every digital incident. Cyberattacks that are considered “cyber terrorism” may likely be excluded. The NotPetya ransomware attack that caused $10 billion in loss damages was considered to be state sponsored terrorism and was not covered by many insurance policies, so companies were forced to pay out-of-pocket for lost income and damages.
And while cyber insurance might cover data breaches and system recovery, it won't help if an attack causes physical damage. For instance, if servers overheat and start a fire during a cyber incident, that's likely covered by your Business Property Insurance policy, not Cyber Insurance.
How much cyber insurance coverage do I need?
There’s no universal coverage that works for everyone. Every company is going to have varying coverage needs. However, there are some specific areas you can evaluate to find out how much coverage is right for your organization.
Evaluate the following:
Volume and sensitivity of stored customer data
Conduct an internal evaluation on how much customer information your company stores and what type of information is being stored. For instance, first names and email addresses are much less sensitive information than social security numbers and bank accounts.
Potential downtime impacts & recovery time estimates
Assessing the worst-case scenarios around downtime and the recovery period is helpful when considering business interruption coverage because these factors help determine the potential financial impact of a disruption on your operations.
Think through how much revenue you might lose, what it'll cost to recover, and how long you'll need to get back to business as usual. This helps ensure you have enough protection to weather the storm if something goes wrong.
Your risk tolerance & the requirements of your partners
You should also be sure to assess your company’s risk tolerance and partnership requirements. Many financial institutions, healthcare providers, and government contractors will only work with partners who meet strict cybersecurity standards. Since they handle sensitive data and face tight regulations (like HIPAA and CMMC), they require their partners to maintain higher insurance coverage and strong security measures. If you work with these types of organizations, you'll likely need more comprehensive coverage.
When choosing coverage limits, consider both risk exposure and the “underwater costs” i.e. hidden costs. Lower coverage limits could leave you paying extra for:
- Identity restoration and credit monitoring services for affected parties
- Computer forensics fees
- Legal representation fees
The difference between first- and third-party coverage limits
First-party claims cover incidents that hit your company directly. If you experience a data breach, this coverage can help you manage the aftermath by paying for customer notifications, credit monitoring for those affected, and experts to investigate how the breach happened. It's designed to reduce your immediate financial burden and help maintain customer trust.
Third-party claims protect you when cyber incidents affect your customers or partners, leading to potential lawsuits. For example, if customer data gets exposed, this coverage can handle legal defense costs, settlements, and court judgments. This protection is particularly important if you manage lots of customer data.
When potential business partners ask for proof of cyber insurance, they're usually looking for third-party coverage. Having solid third-party protection not only safeguards your business but helps you build stronger partnerships by meeting their security requirements.
How much does cyber insurance cost?
Cyber insurance costs vary by company and depend on the specific coverage and limits, the industry a company is in, and the value of the company and its assets, among other factors.
In recent years, the cost of cyber insurance has been increasing. Premiums jumped 28% in early 2022 compared to the previous quarter. This spike happened because insurance carriers saw more risk and faced higher demand for coverage.
Remote work made companies more vulnerable. When employees use personal devices for work or access sensitive data from home networks, it's easier for attackers to find weak points. During the pandemic, INTERPOL saw a surge in attacks, with criminals even using COVID-themed phishing emails to steal login credentials.
A robust cyber security program can help keep premiums manageable.
Benefits of Cyber Insurance and Cybersecurity for Startups:
- Financial protection against cyber threats: Designed to cover losses related to hacking and data breaches, Cyber Insurance provides a safety net. For instance, if a startup falls victim to a phishing scam resulting in financial loss, a comprehensive cyber insurance policy can cover the costs associated with the incident.
- Enhanced trust and credibility: Having cyber insurance signals to potential customers, employees, partners, investors, and board members that the startup takes risk management seriously, thereby enhancing its reputation and credibility.
- Operational continuity: Robust cybersecurity measures help prevent disruptions caused by cyber incidents, ensuring that business operations remain uninterrupted. This is particularly important for startups that rely heavily on digital platforms for their operations.
- Regulatory compliance: Investing in cybersecurity and having appropriate insurance coverage ensures compliance with industry regulations and standards, avoiding potential legal penalties.
A 2020 report found a nearly 200% ROI on investments in bolstered cyber security. In short, a smart cyber insurance strategy delivers clear returns by helping you avoid major financial losses. Let's look at the real value:
Security experts measure this through Return on Security Investment (ROSI), which shows what you save by preventing breaches. The formula is simple:
(Money saved by reducing risk) — (Cost of security measures) / Cost of security measures
When you combine good cyber insurance with strong security practices, you're less likely to face successful attacks. This often leads to lower insurance premiums. Having clear security policies (like a Written Information Security Program) builds a security-minded culture that further reduces your risks and potential costs.
Do I need cyber insurance if I don’t handle sensitive customer information?
Even if your company doesn’t handle, work with, or store sensitive consumer information, there are other benefits, there are other benefits to having a cyber insurance policy
Legal fee coverage if you're named in a breach lawsuit
If a data breach leads to legal action against your company, cyber insurance can be activated to cover your defense costs. This can include attorney fees and other expenses needed to protect your business throughout the legal process.
Protection when using third-party vendors
Here's a common situation: Your startup uses cloud services or payment processors to handle sensitive customer data. If one of those providers is hacked, your company could be named in the resulting lawsuit — even though you weren't directly breached. You could end up being financially responsible for damages your customers experienced.
Coverage for service interruptions that impact customers
Additionally, if your startup depends on online systems to operate, cyber insurance with business interruption coverage is beneficial. It protects your finances if a breach forces your product or service offline.
Support during denial-of-service attacks
For SaaS startups, keeping your service online is essential. A Distributed Denial of Service (D/DoS) attack doesn't just hurt your business income — it impacts your clients who rely on your platform to do their work.
What are the risks of not having cyber insurance?
While cyber insurance policies are optional, with the threat of cybercrimes growing, the risks of not having this insurance go up as well. In fact, a cyberattack can be a business-ending event: 60% of startups and small businesses that are victims of a cyberattack go out of business within six months.
Many companies and investors also require that you have some kind of cyber insurance policy in place before they’ll partner with you. Your company could also end up with high costs to pay in the instance of a breach if you opt out of insurance. The decision whether or not to invest in this type of insurance really comes down to how at risk your company is and how high your risk tolerance is.
Understanding cyber insurance claims
You hope to never have to use your insurance, but sometimes you’ll need to file a claim. Luckily, Vouch makes it easy to file a claim so you can get back to running your business.
How do I make a cyber insurance claim?
Sign in to your Vouch account and click “file a claim.” At Vouch, we respect and appreciate that our customers are busy and so we’ve simplified the claim-filing process. After hitting the “file a claim” button, you’ll be asked for a brief description of the claim, and hit submit. After that, a member of the Vouch team will reach out to you within a business day with next steps.
Is there a deductible I have to pay when I make a claim?
Like most insurance, cyber policies come with a deductible — the amount your company pays before coverage kicks in.
The size of your deductible depends on a few key factors:
- Your coverage amount
- Your industry's risk level
- Your security measures
- Your company's overall risk profile
Since cyber insurance focuses on protecting you from major incidents rather than everyday issues, higher coverage limits and risk levels mean higher deductibles. A tech company handling sensitive data, for instance, may face higher retention fees than a retail business with limited online operations.
Talk to a Cyber Insurance expert today
Not sure what’s right for you? Let a Vouch expert walk through your cyber insurance needs and help you find the right policy at the right price. Companies save up to 24% by bundling insurance coverages through Vouch. Get started today.
