Even with the increase of awareness and development of sophisticated technology used to counter these attacks, hackers still manage to find their way into confidential data. This continues to be possible, as hacking techniques develop just as quickly with the innovations in IT security.
Cyber thieves get better and better at what they do, and the only way to beat them is to think one step ahead. So, it’s important to explore other options and not focus on preventing data loss and reducing risks of a data breach alone, considering that cybercriminals breach even the best security systems.
As a business owner, you should know that it is not only the breach of your confidential files that you should be concerned about. Keep in mind that your clients, and even your very own employees, can file a case against you for having failed to protect data they have entrusted to you.
Cyber Liability Insurance 101
Cyber liability insurance is already mandatory in most states in America and the United Kingdom. Every IT security analyst must understand that it is a necessary addition to the risk management toolkit, along with insurances that cover businesses for the occurrence of fire, flood, and theft.
Here are the 3 Cs that you need to know about the already existing Cyber Liability Insurance Cover (CLIC): coverage, costs, and considerations.
Coverage
The basic CLIC coverage includes data breach and privacy management, multimedia liability coverage, extortion liability coverage, and network security liability.
Data breach and privacy management includes coverage of all expenses incurred while an incident of breach is being managed. For example, investigation expenses and remediation fees.
Multimedia liability coverage refers to instances of website defacement or infringement cases on intellectual property rights.
Extortion liability coverage refers to covering the expenses on anything related to cases of extortion, such as losses caused by extortion threats and professional fees for the services you hired to deal with it.
Network security liability refers to coverage for third-party damages such as third-party supplier costs and theft of data.
Costs
The first thing companies should understand is that the implications of a breach will cost you so much more than the amount you’re going to spend in paying for a liability coverage. And the risks of investing in the wrong one may cost you double.
The best thing to do is to get an experienced broker who can help you determine the best insurer and policy for your business based on your business model, the industry that you’re in, the size of your business, and your exposures.
You must discuss with your broker your list of estimated expenses and costs, and ask him about the exclusion clauses in the policy that may limit your claims. You need to have a good grasp of how much support you will get when a breach of data happens.
Make sure that you know who the contact person is should you need to file claims.
Considerations
Aside from knowing the basics of your liability insurance, you have to go over the terms and conditions, as well as the exclusions before making your decision. Some of the things stipulated in the terms and conditions may have been overlooked during the presentation and discussion of the insurance policy.
Be sure to know what you’re getting into to avoid any confusion later on when an actual breach happens, and you have to file a claim.
Some of the questions that you may need to ask are as follows:
- What are the rules on compliance? For instance, do you need to go through a security risk review? Do you need to submit evidence that your company had been compliant with the existing data protection principles before a claim is approved?
- What happens if you fail to comply with regulations set by another country due to ignorance of their laws?
- How much support and assistance will you be able to receive from the insurer? For example, will you be provided assistance on improving information management and security? Will you be assisted in making security decisions?
- Most SME’s have lower capacity to invest in big ways in IT security. The information coming from the insurer may help prevent hackers from infiltrating your system.
- Can you reduce premiums by putting in place certain security controls?
- What are your reductions after years without claims?
- How updated is the insurance against the constant development in innovations and hacking techniques?
- How much difference does a claim make on the premise of your future claims?
- Does it cover malicious acts of an employee?
- Will you be able to file a delayed claim? There have been reports of companies finding out that they have been breached five years after it had happened.
- How soon can you file a claim? What if a breach happened on the day you paid for the policy?
- Is there a payment matrix available for SME’s?
CLIC had been around for years, and yet, not too many IT security professionals have taken advantage of it for themselves and their clients. Perhaps it’s the lack of awareness that it exists, or it could be that many IT security professionals underestimate its importance.
IT security professionals are expected to have gone through risk training sessions where the value of transfer of risk through insurance is discussed.
When it comes to data security, you need to ensure that all areas are covered. Investing in CLIC can help your company manage data breach and prevent your company from incurring more losses.
[su_box title=”About Vladimir de Ramos” style=”noise” box_color=”#336588″]
Vladimir de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security.Outside the field, he is a professional business and life coach, a teacher and a change manager.
He is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.Outside the field, he is a professional business and life coach, a teacher and a change manager.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.