Page 92 - Cyber Defense eMagazine January 2024
P. 92
What is Cyber Insurance?
According to the U.S. Federal Trade Commission (FTC), cyber insurance is a particular type of insurance
that helps businesses mitigate financial losses resulting from cyberattacks. Consider it as a contract
between the insured business and the insurer company where the insured is obligated to pay a premium,
and the Insurer is obligated to provide coverage for various aspects of cyber attacks, such as data
breaches, ransomware, network interruption, cyber extortion, identity theft, and other cyber threats.
Cyber insurance covers the damage that a business suffers because of a cyberattack. The coverage
usually covers the costs for breach recovery, notification costs, business interruption costs, ransom costs,
investigative services, data recovery, and legal fees, among others. As per U.S. Government
Accountability Office (GAO) guidelines, every business that handles customer data or stores information
online should consider cyber insurance.
Scope and Coverages Offered in the Cyber Insurance Market
The cyber insurance market has experienced significant growth in recent years, with premiums reaching
$10 billion in 2021. However, the market still faces challenges in accurately assessing and pricing cyber
risk. Therefore, it’s really important to note that the scope and coverage offered in the cyber insurance
market are constantly evolving to keep up with the changing landscape of cyber threats. On a broader
level, cyber insurance can be divided into two major categories: first-party coverages and third-party
coverages.
First-party coverage protects the insured business data and resources, including employee and customer
information. This coverage primarily covers incidents that directly impact your business and underlined
operations. For example, business interruption costs, legal counsel, regulatory obligations, recovery and
replacement of lost or stolen data, customer notification, lost income, crisis management, public relations,
cyber extortion, forensic services to investigate the breach, and penalties related to the cyber incident,
among others.
On the other hand, third-party cyber coverage usually protects businesses from legal liability if a third
party brings claims. This coverage typically includes payments to consumers affected by the breach,
claims, and settlement expenses relating to disputes or lawsuits, losses related to defamation and
copyright or trademark infringement, and costs of responding to regulatory inquiries, among others.
These coverages are not universally standard or consistently adopted by all providers. Instead, these are
general categorizations that average out the offerings of major providers. The underlined breakdown
information is here to provide you with an overview and a broader level of knowledge and does not
explicitly feature any carrier or insurance provider.
Recommendations for businesses
The convergence of cyber insurance is creating opportunities for organizations to make smarter
investments. Historically, cyber insurance focused on financial protection while cybersecurity focused on
Cyber Defense eMagazine – January 2024 Edition 92
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
