Understanding Cyber Insurance Basics

General liability insurance covers you and your property in case of damage, but what about your digital assets? They’re not property, per se, but with cyber-attacks on the rise they need protection, too.  

Cyber insurance is a growing category that aims to protect your digital assets just like auto insurance would for your car. But just what protections does it offer, and how can my business qualify for it?  

What does cyber insurance cover?  

Just like liability insurance, there’s a scope of coverage to cyber insurance policies. Typically, cyber insurance covers the following:  

1. Customer notification: In the event of a data breach, enterprises must notify their customers, especially if it involves the loss or theft of personally identifiable information (PII). Cyber insurance can help cover the cost of this process.  

2. Recovering personal identities: Following a cyberattack, organizations often provide complimentary identity protection and recovery services to affected customers. Cyber insurance can cover these costs. 

3. Data recovery: A cyber liability insurance policy usually enables businesses to pay for the recovery of any data compromised by an attack, including ransom payments to criminals or egress costs from cloud providers (but really, what’s the difference?). 

4. Repairing system damage: The cost of repairing, updating, or replacing computer systems damaged by a cyberattack is part of most cyber insurance policies. 

5. Remediation: A cyber attack might leave your business open to legal action and remediation. Cyber insurance can help cover legal expenses, including any losses incurred by customers and business partners. Your insurer may even help your business hire cybersecurity experts to run a forensic diagnosis necessary in the process of remediation and recover lost data.  

How do I qualify for cyber insurance? 

All insurers assess their prospective clients to make sure they’re a sound investment, and cyber insurance is no different. Here are four ways to make yourself an ideal candidate for cyber insurance coverage.  

Practice good access management 

The principle of least access is a cornerstone of good cybersecurity practices. In essence, making sure only a select few individuals have access to the keys to power in a system. The more access is spread, the more points of failure your system has. 

You should also employ tactics like multi-factor authentication at all times to add another layer of security should passwords be compromised.  

Off-site backups 

Backups are essential for cyber resilience whether you’re looking to get insured or not, but your backups are only as good as where you keep them. Keeping your backups in the same place as your primary data makes as much sense as leaving your car unlocked with the keys in the ignition. Should your local systems be compromised, either by natural or criminal forces, your offsite backup remains safe, far away from any carnage.  

Vulnerability assessments 

Think of this as doing an audit on yourself before an insurer can. Spotting any potential vulnerabilities before an adjuster—or worse, a hacker—finds and exploits them. Make this a regular process to keep your systems in ship-shape.  

Employee training 

This may be the most important aspect of cyber insurance preparation. Humans, not computers, are the most vulnerable element of your system. It is humans that fall for social engineering schemes, the most common method hackers use to gain access to a system. Keeping your team educated and aware will make a world of difference in the fight against cyberattacks—and demonstrate to any potential insurers that your business takes cybersecurity seriously.  

More to discover 

Of course, there’s much, much more to the world of cyber insurance than we can cover in a single blog post. In our upcoming webinar, hear from Joseph Brunsman of the Brunsman Advisory Group, a premier liability insurance provider in Annapolis, MD, on the ins and outs of cyber insurance. Brunsman is joined by Brian Helwig, CEO of MSP360 as well as Wasabi’s Senior Product Marketing Manager, Robert Callaghan to provide the backup and data storage angle.